-
公开(公告)号:US09444845B2
公开(公告)日:2016-09-13
申请号:US14277360
申请日:2014-05-14
Inventor: Jeong-Han Yun , Heemin Kim , Kyoung-Ho Kim , Woonyon Kim , Byung-gil Min
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/1408
Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.
Abstract translation: 网络安全装置包括管理单元,安全策略监视单元,安全监视单元,日志安全检查单元和日志传输单元。 管理单元从外部接收网络安全设备设置信息,安全策略和日志生成策略。 安全策略监控单元检查安全策略是否符合设置的格式。 如果安全策略符合设定的格式,则安全监控单元监视通信节点是否按照安全策略进行通信。 日志安全检查单元根据日志生成策略生成监控日志,并检查监控日志是否符合日志设置格式。 如果监控日志符合日志设置格式,则日志发送单元将安全日志发送到外部,从而执行外部网络安全。
-
公开(公告)号:US09742699B2
公开(公告)日:2017-08-22
申请号:US14289803
申请日:2014-05-29
Inventor: Heemin Kim , Jeong-Han Yun , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Eungki Park
IPC: H04L12/947 , H04L12/26 , H04L29/06
CPC classification number: H04L49/25 , H04L43/022 , H04L43/026 , H04L43/028 , H04L43/14 , H04L63/1408
Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.
-
公开(公告)号:US09894074B2
公开(公告)日:2018-02-13
申请号:US14693782
申请日:2015-04-22
Inventor: Jeong-Han Yun , Heemin Kim , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Eung Ki Park
IPC: G06F15/173 , H04L29/06 , H04L29/12
CPC classification number: H04L63/101 , H04L61/6022 , H04L63/0236 , H04L63/162
Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.
-
Patent Agency Ranking
公开(公告)号:US09749011B2
公开(公告)日:2017-08-29
申请号:US14790074
申请日:2015-07-02
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Eung Ki Park , Sangwoo Park
CPC classification number: H04B3/50 , H04L45/60 , H04L49/20 , H04L63/02 , H04L63/1425 , H04L63/162
Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure. The physical unidirectional communication apparatus includes a unidirectional data transmission line, a data reception status transmission line, an internal network connection system unit for performing communication with an internal network transmission host and transmitting transmission data to an external network connection system unit through the unidirectional data transmission line, and the external network connection system unit for performing communication with an external network reception host, receiving the transmission data from the internal network connection system unit, generating reception status information of the transmission data, and transmitting the reception status information to the internal network connection system unit through the data reception status transmission line.
-
公开(公告)号:US09800546B2
公开(公告)日:2017-10-24
申请号:US14934251
申请日:2015-11-06
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Sangwoo Park
Abstract: A one-way gateway and a vehicle network system and method for protecting networks within a vehicle using the one-way gateway. The one-way gateway includes a communication control unit, a physical one-way communication unit, and a data transmission/reception unit. The communication control unit takes charge of communication with a device of the internal network or infortainment network of a vehicle. The physical one-way communication unit configures a communication section between the internal network and the infortainment network in a physically one-way form. The data transmission/reception unit transfers data, transmitted by the device of the internal network or infortainment network, to the physical one-way communication unit via the communication control unit, and transfers data, received via the physical one-way communication unit, to the device of the internal network or infortainment network.
-
公开(公告)号:US09602409B2
公开(公告)日:2017-03-21
申请号:US14561826
申请日:2014-12-05
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Woonyon Kim , Jungtaek Seo , Eung Ki Park
IPC: H04L12/915 , H04L12/801 , H04L12/54
Abstract: An apparatus and a method for multilateral one-way communication are provided. The apparatus includes a one-way input module unit, detachably mounted to a plurality of slots formed in a rail, for receiving data from an external transmission host and for transmitting the received data to an internal network through one-way communication; a one-way output module unit, mounted detachably to the plurality of slots formed in the rail, for transferring data of interest to an internal network through one-way communication, and transmitting data of interest to an external reception host, and a two-way module unit, mounted detachably to the plurality of slots formed in the rail, for performing data communication between the transmission host and the reception host in a bidirectional mode.
-
7.发明授权Out-of-vehicle device interface apparatus and method for protecting in-vehicle network 有权用于保护车载网络的车外设备接口设备和方法公开(公告)号:US09596225B2
公开(公告)日:2017-03-14
申请号:US14695100
申请日:2015-04-24
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Jungtaek Seo , Eung Ki Park
CPC classification number: H04L63/08 , H04B3/56 , H04L63/10 , H04L63/1441 , H04L67/12 , H04W4/046 , H04W12/06 , H04W12/12
Abstract: An out-of-vehicle device interface apparatus includes a request message reception unit, a response message request unit, and a response message transmission unit. The request message reception unit receives a request message from an out-of-vehicle device, generates electrical signals in electric lines, and transfers the request message. The response message request unit requests response messages for the request message from one or more devices constituting an in-vehicle network based on one or more of the electric lines in which electrical signals have been generated. The response message transmission unit receives the response messages from the one or more devices, and transfers the response messages to the out-of-vehicle device via unidirectional communication.
Abstract translation: 一种车外设备接口设备,包括请求消息接收单元,响应消息请求单元和响应消息传输单元。 请求消息接收单元从车外设备接收请求消息,生成电线中的电信号并传送请求消息。 响应消息请求单元基于已经生成电信号的一条或多条电线从构成车载网络的一个或多个设备请求针对请求消息的响应消息。 响应消息发送单元从一个或多个设备接收响应消息,并通过单向通信将响应消息传送到车外设备。
-
公开(公告)号:US09369434B2
公开(公告)日:2016-06-14
申请号:US14330141
申请日:2014-07-14
Inventor: Heemin Kim , Jeong-Han Yun , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Chun soo Kim
IPC: H04L29/06
CPC classification number: H04L63/0227 , H04L63/101
Abstract: A whitelist-based network switch defines a whitelist and a handling rule based on an access control list, security policies, etc., and monitors and blocks network traffic based on the whitelist and the handling rule. The whitelist-based network switch includes a whitelist monitoring unit for storing a whitelist including permitted communication rules, monitoring one or more packets input through a plurality of switch interfaces based on the whitelist, and permitting communication of each packet conforming to the whitelist, and a whitelist management unit for updating the whitelist and transmitting an updated whitelist to the whitelist monitoring unit.
Abstract translation: 基于白名单的网络交换机基于访问控制列表,安全策略等定义白名单和处理规则,并且基于白名单和处理规则来监视和阻止网络流量。 基于白名单的网络交换机包括白名单监视单元,用于存储包括允许的通信规则的白名单,基于白名单监视通过多个交换机接口输入的一个或多个分组,并且允许符合白名单的每个分组的通信,以及 白名单管理单元,用于更新白名单并将更新的白名单发送到白名单监视单元。
-
-
-
-
-
-
-
Search Results
8
records
(took 0.015 seconds)
