-
公开(公告)号:US20160006740A1
公开(公告)日:2016-01-07
申请号:US14693782
申请日:2015-04-22
Inventor: Jeong-Han YUN , Heemin KIM , Kyoung-Ho KIM , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
CPC classification number: H04L63/101 , H04L61/6022 , H04L63/0236 , H04L63/162
Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.
Abstract translation: 一种用于从预定时间段内收集的分组提取具有预定格式的访问控制列表的方法和系统,而不需要TCP标志信息。 通过信息采集单元收集网络报文和网络流量日志。 通过信息收集单元,从每个网络包中提取包括媒体访问控制(MAC),因特网协议(IP)和端口信息的网络流量日志。 通过信息分析单元,基于网络流量日志生成访问控制列表。
-
公开(公告)号:US20140344888A1
公开(公告)日:2014-11-20
申请号:US14277360
申请日:2014-05-14
Inventor: Jeong-Han YUN , Heemin KIM , Kyoung-Ho KIM , Woonyon KIM , Byung-gil MIN
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/1408
Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.
Abstract translation: 网络安全装置包括管理单元,安全策略监视单元,安全监视单元,日志安全检查单元和日志传输单元。 管理单元从外部接收网络安全设备设置信息,安全策略和日志生成策略。 安全策略监控单元检查安全策略是否符合设置的格式。 如果安全策略符合设定的格式,则安全监控单元监视通信节点是否按照安全策略进行通信。 日志安全检查单元根据日志生成策略生成监控日志,并检查监控日志是否符合日志设置格式。 如果监控日志符合日志设置格式,则日志发送单元将安全日志发送到外部,从而执行外部网络安全。
-
公开(公告)号:US20150261810A1
公开(公告)日:2015-09-17
申请号:US14561783
申请日:2014-12-05
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
CPC classification number: G06F21/6218 , H04L63/10 , H04L63/12
Abstract: A data transfer apparatus and method, which fundamentally prevent the possibility of intrusion from an external network into an internal network that provides files, thus enabling data to be reliability transferred in a situation in which information cannot be exchanged. The data transfer apparatus includes an internal network connection unit for receiving data from a host of an internal network. An internal network control unit for performing control such that the data is unidirectionally transmitted. A write control unit checks integrity of the data received from the internal network control unit and detects status of the storage unit. An external network connection unit receives a request from a host of an external network. A read/write control unit searches for, reads, and deletes data stored in the storage unit at a request of the external network host.
Abstract translation: 一种从根本上防止从外部网络入侵提供文件的内部网络的可能性的数据传送装置和方法,从而使得在不能交换信息的情况下使数据可靠地传送。 数据传送装置包括用于从内部网络的主机接收数据的内部网络连接单元。 一个内部网络控制单元,用于执行控制使得数据被单向发送。 写入控制单元检查从内部网络控制单元接收到的数据的完整性并检测存储单元的状态。 外部网络连接单元从外部网络的主机接收请求。 读/写控制单元根据外部网络主机的请求搜索,读取和删除存储在存储单元中的数据。
-
公开(公告)号:US20150067764A1
公开(公告)日:2015-03-05
申请号:US14330141
申请日:2014-07-14
Inventor: Heemin KIM , Jeong-Han YUN , Kyoung-Ho KIM , Woonyon KIM , Jungtaek SEO , Chun soo KIM
IPC: H04L29/06
CPC classification number: H04L63/0227 , H04L63/101
Abstract: A whitelist-based network switch defines a whitelist and a handling rule based on an access control list, security policies, etc., and monitors and blocks network traffic based on the whitelist and the handling rule. The whitelist-based network switch includes a whitelist monitoring unit for storing a whitelist including permitted communication rules, monitoring one or more packets input through a plurality of switch interfaces based on the whitelist, and permitting communication of each packet conforming to the whitelist, and a whitelist management unit for updating the whitelist and transmitting an updated whitelist to the whitelist monitoring unit.
Abstract translation: 基于白名单的网络交换机基于访问控制列表,安全策略等定义白名单和处理规则,并且基于白名单和处理规则来监视和阻止网络流量。 基于白名单的网络交换机包括白名单监视单元,用于存储包括允许的通信规则的白名单,基于白名单监视通过多个交换机接口输入的一个或多个分组,并且允许符合白名单的每个分组的通信,以及 白名单管理单元,用于更新白名单并将更新的白名单发送到白名单监视单元。
-
Patent Agency Ranking
5.发明申请公开(公告)号:US20150109936A1
公开(公告)日:2015-04-23
申请号:US14289803
申请日:2014-05-29
Inventor: Heemin KIM , Jeong-Han YUN , Kyoung-Ho KIM , Woonyon KIM , Jungtaek SEO , Eungki PARK
IPC: H04L12/26 , H04L12/947
CPC classification number: H04L49/25 , H04L43/022 , H04L43/026 , H04L43/028 , H04L43/14 , H04L63/1408
Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.
Abstract translation: 本发明提出一种使用该网络装置的网络装置和选择性信息监视方法,其允许用户仅从所有接收到的分组监视所需信息(分组的字段信息)。 所述网络装置与监控对象主机连接并被配置为从所述监视目标主机接收网络分组的一个或多个物理接口,以及包括配置为执行过滤的可配置监视模块的交换结构模块,从而从所述网络分组中提取出选择性信息 通过一个或多个物理接口收集。
-
6.发明申请ONE-WAY GATEWAY, AND VEHICLE NETWORK SYSTEM AND METHOD FOR PROTECTING NETWORK WITHIN VEHICLE USING ONE-WAY GATEWAY 有权单向网关和车辆网络系统以及使用单向网关保护车辆网络的方法公开(公告)号:US20160261561A1
公开(公告)日:2016-09-08
申请号:US14934251
申请日:2015-11-06
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Manhyun CHUNG , Woonyon KIM , Sangwoo PARK
Abstract: A one-way gateway and a vehicle network system and method for protecting networks within a vehicle using the one-way gateway. The one-way gateway includes a communication control unit, a physical one-way communication unit, and a data transmission/reception unit. The communication control unit takes charge of communication with a device of the internal network or infortainment network of a vehicle. The physical one-way communication unit configures a communication section between the internal network and the infortainment network in a physically one-way form. The data transmission/reception unit transfers data, transmitted by the device of the internal network or infortainment network, to the physical one-way communication unit via the communication control unit, and transfers data, received via the physical one-way communication unit, to the device of the internal network or infortainment network.
Abstract translation: 单向网关和车辆网络系统和方法,用于使用单向网关来保护车辆内的网络。 单向网关包括通信控制单元,物理单向通信单元和数据发送/接收单元。 通信控制单元负责与车辆的内部网络或infortainment网络的设备的通信。 物理单向通信单元以物理单向形式在内部网络和infortainment网络之间配置通信部分。 数据发送/接收单元经由通信控制单元将由内部网络或infortainment网络的设备发送的数据传送到物理单向通信单元,并将经由物理单向通信单元接收的数据传送到 内部网络或infortainment网络的设备。
-
7.发明申请OUT-OF-VEHICLE DEVICE INTERFACE APPARATUS AND METHOD FOR PROTECTING IN-VEHICLE NETWORK 有权车外装置接口装置和保护车内网络的方法公开(公告)号:US20160014105A1
公开(公告)日:2016-01-14
申请号:US14695100
申请日:2015-04-24
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Manhyun CHUNG , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
CPC classification number: H04L63/08 , H04B3/56 , H04L63/10 , H04L63/1441 , H04L67/12 , H04W4/046 , H04W12/06 , H04W12/12
Abstract: An out-of-vehicle device interface apparatus includes a request message reception unit, a response message request unit, and a response message transmission unit. The request message reception unit receives a request message from an out-of-vehicle device, generates electrical signals in electric lines, and transfers the request message. The response message request unit requests response messages for the request message from one or more devices constituting an in-vehicle network based on one or more of the electric lines in which electrical signals have been generated. The response message transmission unit receives the response messages from the one or more devices, and transfers the response messages to the out-of-vehicle device via unidirectional communication.
Abstract translation: 一种车外设备接口设备,包括请求消息接收单元,响应消息请求单元和响应消息传输单元。 请求消息接收单元从车外设备接收请求消息,生成电线中的电信号并传送请求消息。 响应消息请求单元基于已经生成电信号的一条或多条电线从构成车载网络的一个或多个设备请求针对请求消息的响应消息。 响应消息发送单元从一个或多个设备接收响应消息,并通过单向通信将响应消息传送到车外设备。
-
公开(公告)号:US20150365346A1
公开(公告)日:2015-12-17
申请号:US14561826
申请日:2014-12-05
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Woonyon KIM , Jungtaek SEO , Eung Ki PARK
IPC: H04L12/915 , H04L12/825 , H04L12/801
Abstract: An apparatus and a method for multilateral one-way communication are provided. The apparatus includes a one-way input module unit, detachably mounted to a plurality of slots formed in a rail, for receiving data from an external transmission host and for transmitting the received data to an internal network through one-way communication; a one-way output module unit, mounted detachably to the plurality of slots formed in the rail, for transferring data of interest to an internal network through one-way communication, and transmitting data of interest to an external reception host, and a two-way module unit, mounted detachably to the plurality of slots formed in the rail, for performing data communication between the transmission host and the reception host in a bidirectional mode.
Abstract translation: 提供了一种用于多边单向通信的装置和方法。 该装置包括单向输入模块单元,可拆卸地安装到形成在轨道中的多个槽,用于从外部传输主机接收数据,并通过单向通信将接收到的数据发送到内部网络; 单向输出模块单元,其可拆卸地安装到形成在轨道中的多个槽,用于通过单向通信将感兴趣的数据传送到内部网络,并将感兴趣的数据发送到外部接收主机; 单向模块单元,可拆卸地安装到形成在轨道中的多个槽,用于以双向模式执行发送主机和接收主机之间的数据通信。
-
公开(公告)号:US20160080033A1
公开(公告)日:2016-03-17
申请号:US14790074
申请日:2015-07-02
Inventor: Kyoung-Ho KIM , Jeong-Han YUN , Heemin KIM , Manhyun CHUNG , Woonyon KIM , Eung Ki PARK , Sangwoo PARK
CPC classification number: H04B3/50 , H04L45/60 , H04L49/20 , H04L63/02 , H04L63/1425 , H04L63/162
Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure. The physical unidirectional communication apparatus includes a unidirectional data transmission line, a data reception status transmission line, an internal network connection system unit for performing communication with an internal network transmission host and transmitting transmission data to an external network connection system unit through the unidirectional data transmission line, and the external network connection system unit for performing communication with an external network reception host, receiving the transmission data from the internal network connection system unit, generating reception status information of the transmission data, and transmitting the reception status information to the internal network connection system unit through the data reception status transmission line.
Abstract translation: 一种物理单向通信装置和方法,其目的是利用利用不能发送数据的电信号的结构,并且通过使用该结构的传输方法来保证数据传输的可靠性。 物理单向通信装置包括单向数据传输线,数据接收状态传输线,用于与内部网络传输主机进行通信的内部网络连接系统单元,并通过单向数据传输向外部网络连接系统单元发送传输数据 线路和用于与外部网络接收主机进行通信的外部网络连接系统单元,从内部网络连接系统单元接收发送数据,生成发送数据的接收状态信息,以及将接收状态信息发送到内部网络 连接系统单元通过数据接收状态传输线。
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.016 seconds)
