公开(公告)号：US08266428B2

公开(公告)日：2012-09-11

申请号：US11640924

申请日：2006-12-19

申请人： Taek-Jung Kwon ,  Kang-Young Moon ,  Sou-Hwan Jung

发明人： Taek-Jung Kwon ,  Kang-Young Moon ,  Sou-Hwan Jung

IPC分类号： G06F21/06

CPC分类号： H04L29/12358 ,  H04L29/125 ,  H04L61/251 ,  H04L61/2564 ,  H04L63/06 ,  H04L63/164

摘要： An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system includes at least one first node for creating identification information capable of identifying each secret key shared with at least one second node, and for exchanging the created identification information with each second node in a secure negotiating process. Each second node creates identification information capable of identifying each secret key shared with each first node, and performs the secure negotiating process based on the secret keys corresponding to the identification information exchanged through the secure negotiating process. Thereby, secure communication complying with Security Architecture for the Internet Protocol (IPSec) can be implemented based on the secret keys in the IPv4/IPv6 integrated network system of a Network Address Translation-Protocol Translation (NAT-PT) environment.

摘要翻译： 互联网协议版本4 /互联网协议版本6（IPv4 / IPv6）集成网络系统包括至少一个第一节点，用于创建能够识别与至少一个第二节点共享的每个秘密密钥的标识信息，并且用于将所创建的标识信息与 每个第二节点处于安全协商过程。 每个第二节点创建能够识别与每个第一节点共享的每个秘密密钥的识别信息，并且基于与通过安全协商过程交换的识别信息相对应的秘密密钥执行安全协商过程。 因此，可以基于网络地址转换协议转换（NAT-PT）环境的IPv4 / IPv6综合网络系统中的秘密密钥来实现符合因特网协议（IPSec）安全体系结构的安全通信。

公开(公告)号：US20070162746A1

公开(公告)日：2007-07-12

申请号：US11640924

申请日：2006-12-19

申请人： Taek-Jung Kwon ,  Kang-Young Moon ,  Sou-Hwan Jung

发明人： Taek-Jung Kwon ,  Kang-Young Moon ,  Sou-Hwan Jung

IPC分类号： G06F21/06

CPC分类号： H04L29/12358 ,  H04L29/125 ,  H04L61/251 ,  H04L61/2564 ,  H04L63/06 ,  H04L63/164

摘要： An Internet Protocol version 4/Internet Protocol version 6 (IPv4/IPv6) integrated network system includes at least one first node for creating identification information capable of identifying each secret key shared with at least one second node, and for exchanging the created identification information with each second node in a secure negotiating process. Each second node creates identification information capable of identifying each secret key shared with each first node, and performs the secure negotiating process based on the secret keys corresponding to the identification information exchanged through the secure negotiating process. Thereby, secure communication complying with Security Architecture for the Internet Protocol (IPSec) can be implemented based on the secret keys in the IPv4/IPv6 integrated network system of a Network Address Translation-Protocol Translation (NAT-PT) environment.

摘要翻译： 互联网协议版本4 /互联网协议版本6（IPv4 / IPv6）集成网络系统包括至少一个第一节点，用于创建能够识别与至少一个第二节点共享的每个秘密密钥的标识信息，并且用于将所创建的标识信息与 每个第二节点处于安全协商过程。 每个第二节点创建能够识别与每个第一节点共享的每个秘密密钥的识别信息，并且基于与通过安全协商过程交换的识别信息相对应的秘密密钥执行安全协商过程。 因此，可以基于网络地址转换协议转换（NAT-PT）环境的IPv4 / IPv6综合网络系统中的秘密密钥来实现符合因特网协议（IPSec）安全体系结构的安全通信。

公开(公告)号：US20060253701A1

公开(公告)日：2006-11-09

申请号：US11119727

申请日：2005-05-03

申请人： Sun-Gi Kim ,  Young-Han Kim ,  Sou-Hwan Jung ,  In-Seok Choi ,  Byung-Chang Kang ,  Yong-Seok Park ,  Du-Young Oh

发明人： Sun-Gi Kim ,  Young-Han Kim ,  Sou-Hwan Jung ,  In-Seok Choi ,  Byung-Chang Kang ,  Yong-Seok Park ,  Du-Young Oh

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  H04L29/12358 ,  H04L29/125 ,  H04L61/251 ,  H04L61/2564 ,  H04L63/164

摘要： A method for providing end-to-end security service in a communication network having an NAT-PT function comprises: performing security negotiation between a first node included in a first communication network having the network address translation-protocol translation function and a second node included in a second communication network operating with a protocol different from the first communication network; storing protocol translation information generated when the security negotiation is performed in the first node; and performing security transmission between the first and second nodes using the stored protocol translation information. The method transmits the address translation information to the ends in advance, thereby being capable of applying the security service using the address information on transmitting the data between hosts in the communication network using the address translation method.

摘要翻译： 一种用于在具有NAT-PT功能的通信网络中提供端到端安全服务的方法包括：在包括在具有网络地址转换协议转换功能的第一通信网络中的第一节点和包括第二节点之间执行安全协商 在与第一通信网络不同的协议操作的第二通信网络中; 存储在所述第一节点中执行所述安全协商时生成的协议转换信息; 以及使用所存储的协议翻译信息在所述第一和第二节点之间执行安全传输。 该方法提前发送地址转换信息，从而能够使用地址信息来应用安全服务，该地址信息用于使用地址转换方法在通信网络中的主机之间传送数据。

公开(公告)号：US08380992B2

公开(公告)日：2013-02-19

申请号：US13128106

申请日：2009-11-06

申请人： Jae-Sung Park ,  Tae-Sung Park ,  Jae-Hoon Kwon ,  Sou-Hwan Jung ,  Jae-Duck Choi

发明人： Jae-Sung Park ,  Tae-Sung Park ,  Jae-Hoon Kwon ,  Sou-Hwan Jung ,  Jae-Duck Choi

IPC分类号： H04L9/12

CPC分类号： H04L63/061 ,  H04L9/083 ,  H04L9/0841 ,  H04L63/0823 ,  H04L63/0884

摘要： The present invention relates to a device and method that enable a security key to be shared using security key exchange between two terminals, and a system that supports the same. To achieve the above, an in-house generated public key is divided into two, said two public keys that have been divided are delivered to counterpart devices via different pathways, and the two public keys delivered from counterpart devices are used to predict the public key of the counterpart device. In addition, said predicted public key is verified, and said verified public key is used to form a master key. Subsequently, said generated master key is verified, and said master key that has been verified is used to exchange data with the counterpart device.

摘要翻译： 本发明涉及能够使用两个终端之间的安全密钥交换来共享安全密钥的装置和方法，以及支持安全密钥的系统。 为了实现上述目的，内部生成的公开密钥被分成两部分，所述被分割的所述两个公共密钥通过不同的路径被传送到对方设备，并且从对等设备传递的两个公共密钥用于预测公开密钥 的对应设备。 此外，验证所述预测的公开密钥，并且使用所述验证的公钥来形成主密钥。 随后，验证所述生成的主密钥，并且已经验证的所述主密钥用于与对方设备交换数据。

公开(公告)号：US20110211700A1

公开(公告)日：2011-09-01

申请号：US13128106

申请日：2009-11-06

申请人： Jae-Sung Park ,  Tae-Sung Park ,  Jae-Hoon Kwon ,  Sou-Hwan Jung ,  Jae-Duck Choi

发明人： Jae-Sung Park ,  Tae-Sung Park ,  Jae-Hoon Kwon ,  Sou-Hwan Jung ,  Jae-Duck Choi

IPC分类号： H04L9/08

CPC分类号： H04L63/061 ,  H04L9/083 ,  H04L9/0841 ,  H04L63/0823 ,  H04L63/0884

摘要： The present invention relates to a device and method that enable a security key to be shared using security key exchange between two terminals, and a system that supports the same. To achieve the above, an in-house generated public key is divided into two, said two public keys that have been divided are delivered to counterpart devices via different pathways, and the two public keys delivered from counterpart devices are used to predict the public key of the counterpart device. In addition, said predicted public key is verified, and said verified public key is used to form a master key. Subsequently, said generated master key is verified, and said master key that has been verified is used to exchange data with the counterpart device.

摘要翻译： 本发明涉及能够使用两个终端之间的安全密钥交换来共享安全密钥的装置和方法，以及支持安全密钥的系统。 为了实现上述目的，内部生成的公开密钥被分成两部分，所述被分割的所述两个公共密钥通过不同的路径被传送到对方设备，并且从对等设备传递的两个公共密钥用于预测公开密钥 的对应设备。 此外，验证所述预测的公开密钥，并且使用所述验证的公钥来形成主密钥。 随后，验证所述生成的主密钥，并且已经验证的所述主密钥用于与对方设备交换数据。

公开(公告)号：US20070136601A1

公开(公告)日：2007-06-14

申请号：US11598139

申请日：2006-11-13

申请人： Take-Jung Kwon ,  Young-Han Kim ,  Sou-Hwan Jung ,  Jae-Duck Choi ,  Sun-Gi Kim

发明人： Take-Jung Kwon ,  Young-Han Kim ,  Sou-Hwan Jung ,  Jae-Duck Choi ,  Sun-Gi Kim

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  H04L63/1441

摘要： Provided are a system and method for allocating an Internet protocol version 4 (IPv4) address through authentication of a dual stack transition mechanism (DSTM) node in a DSTM communication network, DSTM being an IPv4/IPv6 address translation mechanism. The system and method perform authentication when an IPv4 address is allocated between a DSTM node and the DSTM server in the DSTM communication network. According to the system and method, when the DSTM node requests IPv4 address allocation, the DSTM server authenticates the DSTM node, and then allocates an IPv4 address. Therefore, it is possible to solve a problem of exhaustion of an IPv4 address pool of the DSTM server by a denial of service (DoS) attack, as well as potentially solve a security problem of an IPv4/IPv6 translation process.

摘要翻译： 提供了一种通过DSTM通信网络中的双栈转换机制（DSTM）节点的认证来分配因特网协议版本4（IPv4）地址的系统和方法，DSTM是IPv4 / IPv6地址转换机制。 当在DSTM通信网络中的DSTM节点和DSTM服务器之间分配IPv4地址时，系统和方法执行认证。 根据系统和方法，当DSTM节点请求IPv4地址分配时，DSTM服务器对DSTM节点进行认证，然后分配IPv4地址。 因此，可以通过拒绝服务（DoS）攻击来解决DSTM服务器的IPv4地址池耗尽的问题，并且可能解决IPv4 / IPv6转换过程的安全问题。