ARIA encryption/decryption apparatus and method, and method of generating initialization key for the same
    1.
    发明授权
    ARIA encryption/decryption apparatus and method, and method of generating initialization key for the same 有权
    ARIA加密/解密装置和方法,以及为其生成初始化密钥的方法

    公开(公告)号:US07933403B2

    公开(公告)日:2011-04-26

    申请号:US11634480

    申请日:2006-12-06

    IPC分类号: H04L9/06

    CPC分类号: H04L9/0631 H04L2209/122

    摘要: Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds. The ARIA encryption/decryption apparatus includes a first register storing input data or an intermediate calculation value according to a first control signal; a second register storing a input round key for every round; an exclusive OR operation unit performing an exclusive OR operation on values stored in the first and second registers; a substitution unit substituting a result of the exclusive OR operation on a basis of an ARIA substitution algorithm; a diffusion unit diffusing a result of the substitution in the substitution unit on a basis of an ARIA diffusion algorithm if a current round is not a final round; and a control unit outputting the first control signal so that an output of the diffusion unit is used as the intermediate calculation value if the current round is the final round or an output of the substitution unit is used as the intermediate calculation value if the current round is the final round, and outputting an output of the exclusive OR operation unit as a result of the ARIA encryption/decryption.

    摘要翻译: 公开了一种用于通过重复多次轮加密和解密输入数据的Academy,Research Institute和Agency(ARIA)加密/解密装置。 ARIA加密/解密装置包括根据第一控制信号存储输入数据或中间计算值的第一寄存器; 存储每轮的输入循环密钥的第二寄存器; 异或运算单元对存储在第一和第二寄存器中的值执行异或运算; 替代单元基于ARIA替换算法代替异或运算的结果; 如果当前轮次不是最后一轮,则扩散单元基于ARIA扩散算法在取代单元中扩散取代的结果; 以及控制单元,如果当前轮次是最后一轮,则使用扩散单元的输出作为中间计算值,或者如果当前轮次使用替代单位的输出作为中间计算值,则输出第一控制信号 是最后一轮,并且作为ARIA加密/解密的结果输出异或运算单元的输出。

    ARIA encryption/decryption apparatus and method, and method of generating initialization key for the same
    2.
    发明申请
    ARIA encryption/decryption apparatus and method, and method of generating initialization key for the same 有权
    ARIA加密/解密装置和方法,以及为其生成初始化密钥的方法

    公开(公告)号:US20070177728A1

    公开(公告)日:2007-08-02

    申请号:US11634480

    申请日:2006-12-06

    IPC分类号: H04K1/06

    CPC分类号: H04L9/0631 H04L2209/122

    摘要: Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds. The ARIA encryption/decryption apparatus includes a first register storing input data or an intermediate calculation value according to a first control signal; a second register storing a input round key for every round; an exclusive OR operation unit performing an exclusive OR operation on values stored in the first and second registers; a substitution unit substituting a result of the exclusive OR operation on a basis of an ARIA substitution algorithm; a diffusion unit diffusing a result of the substitution in the substitution unit on a basis of an ARIA diffusion algorithm if a current round is not a final round; and a control unit outputting the first control signal so that an output of the diffusion unit is used as the intermediate calculation value if the current round is the final round or an output of the substitution unit is used as the intermediate calculation value if the current round is the final round, and outputting an output of the exclusive OR operation unit as a result of the ARIA encryption/decryption.

    摘要翻译: 公开了一种用于通过重复多次轮加密和解密输入数据的Academy,Research Institute和Agency(ARIA)加密/解密装置。 ARIA加密/解密装置包括根据第一控制信号存储输入数据或中间计算值的第一寄存器; 存储每轮的输入循环密钥的第二寄存器; 异或运算单元对存储在第一和第二寄存器中的值执行异或运算; 替代单元基于ARIA替换算法代替异或运算的结果; 如果当前轮次不是最后一轮,则扩散单元基于ARIA扩散算法在取代单元中扩散取代的结果; 以及控制单元,如果当前轮次是最后一轮,则使用扩散单元的输出作为中间计算值,或者如果当前轮次使用替代单位的输出作为中间计算值,则输出第一控制信号 是最后一轮,并且作为ARIA加密/解密的结果输出异或运算单元的输出。

    Method of generating TCAM entry and method and apparatus for searching for TCAM entry
    3.
    发明授权
    Method of generating TCAM entry and method and apparatus for searching for TCAM entry 失效
    生成TCAM条目的方法和用于搜索TCAM条目的方法和装置

    公开(公告)号:US07584323B2

    公开(公告)日:2009-09-01

    申请号:US11583189

    申请日:2006-10-18

    IPC分类号: G06F12/00

    CPC分类号: G11C15/00

    摘要: Provided is a method of generating and searching for a single ternary content addressable memory (TCAM) entry for range search and exact-match search. First, it is determined whether an entry to be added is a range search entry or an exact-match search entry. When the entry is the range search entry, a bit at a predetermined position in the upper m bits corresponding to a range represented by the entry is set to “1” and the remaining bits including lower n bits is set to a “don't care” bit x, based on a range table for representing position information of one of the upper m bits which is set to “1” in ranges. When the entry is the exact-match search entry, the upper m bits is set to “don't care” bit x and the lower n bits is set to the entry value. By generating and searching for a single TCAM entry for a range search and an exact-match search, a space for storing the TCAM entry can be optimized and efficiency thereof can be improved.

    摘要翻译: 提供了一种生成和搜索用于范围搜索和精确匹配搜索的单个三进制内容可寻址存储器(TCAM)条目的方法。 首先,确定要添加的条目是范围搜索条目还是精确匹配搜索条目。 当条目是范围搜索条目时,与由条目表示的范围相对应的上位m位中的预定位置处的位被设置为“1”,并且包括较低n位的其余位被设置为“不” 基于用于表示在范围中被设置为“1”的上位m位之一的位置信息的范围表。 当条目是精确匹配搜索条目时,高位m被设置为“无关紧要”位x,低n位被设置为条目值。 通过生成和搜索用于范围搜索和精确匹配搜索的单个TCAM条目,可以优化用于存储TCAM条目的空间,并且可以提高其效率。

    Real-time network attack pattern detection system for unknown network attack and method thereof
    4.
    发明授权
    Real-time network attack pattern detection system for unknown network attack and method thereof 有权
    用于未知网络攻击的实时网络攻击模式检测系统及其方法

    公开(公告)号:US07571477B2

    公开(公告)日:2009-08-04

    申请号:US11088975

    申请日:2005-03-24

    IPC分类号: G06F21/00

    CPC分类号: H04L63/1408

    摘要: In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.

    摘要翻译: 在实时网络攻击模式检测系统和方法中,从被怀疑是网络攻击(如蠕虫)的数据包实时检测到一个共同的模式,以有效地阻止攻击。 该系统包括:可疑包检测器,用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元,用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元,用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器,用于接收可疑包检测器的输出数据,第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表,用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

    Apparatus and method for limiting bandwidths of burst aggregate flows
    5.
    发明授权
    Apparatus and method for limiting bandwidths of burst aggregate flows 失效
    用于限制突发聚合流的带宽的装置和方法

    公开(公告)号:US07417951B2

    公开(公告)日:2008-08-26

    申请号:US10934545

    申请日:2004-09-03

    IPC分类号: H04L12/28

    摘要: Provided are an apparatus and method for limiting bandwidths of burst aggregate flows according to the present invention. The apparatus comprises: a bandwidth measuring unit measuring a bandwidth of at least one input aggregate flow; a grade determining unit determining abnormal grades according to abnormal levels of the input aggregate flows; a bandwidth limit determining unit determining a bandwidth volume and aggregate flow to be limited; a bandwidth limiting unit inputting a result determined by the bandwidth limit determining unit, limiting or releasing a bandwidth of a aggregate flow selected among the input aggregate flows and outputting the selected aggregate flow; and a status information storage unit storing status information including a usage bandwidth, an abnormal grade, and a limited bandwidth volume of the input aggregate flow. Accordingly, the apparatus and method provide an effect of dropping attack aggregate flows corresponding to excessive traffic while not influencing normal aggregate flows.

    摘要翻译: 提供了根据本发明的用于限制突发集束流的带宽的装置和方法。 该装置包括:带宽测量单元,测量至少一个输入聚合流的带宽; 等级确定单元根据输入的总流的异常水平确定异常等级; 带宽限制确定单元,确定要限制的带宽量和聚合流; 带宽限制单元,输入由所述带宽限制确定单元确定的结果,限制或释放在所述输入聚合流中选择的聚合流的带宽并输出所选择的聚合流; 以及状态信息存储单元,其存储包括输入聚合流的使用带宽,异常等级和有限带宽量的状态信息。 因此,该装置和方法提供了在不影响正常聚合流的情况下,减少对应于过多流量的攻击聚合流的效果。

    Apparatus and method for performing header lookup based on sequential lookup
    6.
    发明授权
    Apparatus and method for performing header lookup based on sequential lookup 有权
    基于顺序查找执行标题查找的装置和方法

    公开(公告)号:US07433357B2

    公开(公告)日:2008-10-07

    申请号:US10993606

    申请日:2004-11-19

    IPC分类号: H04L12/50

    CPC分类号: H04L45/00 H04L45/54 H04L45/62

    摘要: An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.

    摘要翻译: 提供了一种用于基于顺序查找来执行分组报头查找的装置和方法。 报头分析器将报头与经由网络接收的分组分离,并输出查找序列。 单元查找单元根据从标题分析器输入的查找序列查找与标题组合规则与要分析的每个字段和从标题分析器输入的匹配,并输出匹配信号和匹配地址。 规则组合存储器存储标题组合规则的标识信息。 序列组合存储器存储查找序列信息和序列组合信息。 规则组合单元基于从单元查找单元输入的匹配信号和从规则组合存储器和序列组合存储器读取的数据产生匹配结果。

    Alert transmission apparatus and method for policy-based intrusion detection and response
    7.
    发明授权
    Alert transmission apparatus and method for policy-based intrusion detection and response 失效
    用于基于策略的入侵检测和响应的警报传输设备和方法

    公开(公告)号:US07386733B2

    公开(公告)日:2008-06-10

    申请号:US10448414

    申请日:2003-05-30

    CPC分类号: H04L63/1408

    摘要: An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.

    摘要翻译: 用于基于策略的入侵检测和响应的警报传输装置具有中央策略服务器(CPS)和入侵检测和响应系统(IDRS)。 在CPS中,策略管理工具生成安全策略信息,然后将生成的安全策略信息存储在策略存储库中。 COPS-IDR服务器将信息发送到IDRS和IDMEF-XML型警报传输消息到高级模块。 IDMEF-XML消息解析和翻译模块将解析和翻译的IDMEF-XML类型警报传输消息存储在警报DB中,或者将消息提供给警报查看器。 在IDRS中,COPS-IDR客户端生成IDMEF-XML类型的警报传输消息,并将消息提供给CPS。 入侵检测模块检测入侵。 入侵响应模块响应入侵。 IDMEF-XML消息构建模块生成IDMEF-XML警报消息,并将消息提供给COPS-IDR客户端。

    Network intrusion detection and prevention system and method thereof
    8.
    发明授权
    Network intrusion detection and prevention system and method thereof 有权
    网络入侵检测和预防系统及其方法

    公开(公告)号:US07565693B2

    公开(公告)日:2009-07-21

    申请号:US11023384

    申请日:2004-12-29

    IPC分类号: G06F11/00

    摘要: The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.

    摘要翻译: 本发明涉及网络入侵检测和预防系统。 该系统包括:基于签名的检测装置; 基于异常行为的检测装置; 以及设置在基于签名的检测装置和基于异常行为的检测装置之间的新的签名创建和验证装置,其中如果基于异常行为的检测装置检测到网络攻击可疑包,则新的签名创建和验证装置收集并搜索 检测出公用信息的可疑包,然后根据搜索到的公共信息创建新的签名,同时验证创建的新签名是否适用于基于签名的检测装置,然后注册创建的新的 如果确定所创建的新签名是可应用的,则签名到基于签名的检测设备。