-
公开(公告)号:US09444845B2
公开(公告)日:2016-09-13
申请号:US14277360
申请日:2014-05-14
Inventor: Jeong-Han Yun , Heemin Kim , Kyoung-Ho Kim , Woonyon Kim , Byung-gil Min
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/1408
Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.
Abstract translation: 网络安全装置包括管理单元,安全策略监视单元,安全监视单元,日志安全检查单元和日志传输单元。 管理单元从外部接收网络安全设备设置信息,安全策略和日志生成策略。 安全策略监控单元检查安全策略是否符合设置的格式。 如果安全策略符合设定的格式,则安全监控单元监视通信节点是否按照安全策略进行通信。 日志安全检查单元根据日志生成策略生成监控日志,并检查监控日志是否符合日志设置格式。 如果监控日志符合日志设置格式,则日志发送单元将安全日志发送到外部,从而执行外部网络安全。
-
公开(公告)号:US09894074B2
公开(公告)日:2018-02-13
申请号:US14693782
申请日:2015-04-22
Inventor: Jeong-Han Yun , Heemin Kim , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Eung Ki Park
IPC: G06F15/173 , H04L29/06 , H04L29/12
CPC classification number: H04L63/101 , H04L61/6022 , H04L63/0236 , H04L63/162
Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.
-
公开(公告)号:US09749011B2
公开(公告)日:2017-08-29
申请号:US14790074
申请日:2015-07-02
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Eung Ki Park , Sangwoo Park
CPC classification number: H04B3/50 , H04L45/60 , H04L49/20 , H04L63/02 , H04L63/1425 , H04L63/162
Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure. The physical unidirectional communication apparatus includes a unidirectional data transmission line, a data reception status transmission line, an internal network connection system unit for performing communication with an internal network transmission host and transmitting transmission data to an external network connection system unit through the unidirectional data transmission line, and the external network connection system unit for performing communication with an external network reception host, receiving the transmission data from the internal network connection system unit, generating reception status information of the transmission data, and transmitting the reception status information to the internal network connection system unit through the data reception status transmission line.
-
公开(公告)号:US10416654B2
公开(公告)日:2019-09-17
申请号:US14741529
申请日:2015-06-17
Inventor: Sungho Jeon , Jeong-Han Yun , Woonyon Kim , Eung Ki Park , Sangwoo Park
IPC: G06F17/30 , G05B19/409 , H04L29/06 , G05B19/408
Abstract: An apparatus for identifying a web page for an industrial control system includes an information collection unit and an industrial control system identification unit. The information collection unit receives IP targets, from which web pages are to be collected, from a user, and collects web pages and information from the IP targets. The industrial control system identification unit identifies web pages for one or more industrial control systems with respect to the IP targets based on the information collected by the information collection unit.
-
公开(公告)号:US09742699B2
公开(公告)日:2017-08-22
申请号:US14289803
申请日:2014-05-29
Inventor: Heemin Kim , Jeong-Han Yun , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Eungki Park
IPC: H04L12/947 , H04L12/26 , H04L29/06
CPC classification number: H04L49/25 , H04L43/022 , H04L43/026 , H04L43/028 , H04L43/14 , H04L63/1408
Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.
-
Patent Agency Ranking
6.发明授权Method for transmitting and receiving fake communication data and terminal performing the same 有权用于发送和接收假通信数据的方法以及执行该伪通信数据的终端公开(公告)号:US09338646B2
公开(公告)日:2016-05-10
申请号:US14474250
申请日:2014-09-01
Inventor: Sungho Jeon , Jeong-Han Yun , Woonyon Kim , Jungtaek Seo , Eung Ki Park
CPC classification number: H04W12/02 , G06Q50/265 , H04K3/65 , H04K3/825 , H04K2203/16 , H04K2203/18 , H04L63/04 , H04L63/1475 , H04M1/68 , H04W4/16
Abstract: A technology for preventing leakage of personal information from traffics of terminals by transmitting and receiving fake communication data artificially generated so that an attacker does not identify normal communication between terminals is provided. A method for transmitting fake communication data includes: making a response request to whether or not a fake communication application is presented in an opponent terminal using an address book registered in a terminal; receiving a response corresponding to the response request and selecting targets to and from which the fake communication data are to be transmitted and received in a terminal list corresponding to the received response; controlling a communication amount depending on the selected targets; and transmitting the fake communication data to a corresponding receiving terminal depending on a control result.
Abstract translation: 提供一种用于通过发送和接收伪造的通信数据来防止个人信息从终端的流量泄漏的技术,从而使攻击者不识别终端之间的正常通信。 用于发送假通信数据的方法包括:使用登记在终端中的地址簿对对手终端中是否呈现假通信应用做出响应请求; 接收对应于所述响应请求的响应,并且在对应于接收到的响应的终端列表中选择要发送和接收假通信数据的目标; 根据所选择的目标控制通信量; 以及根据控制结果将假通信数据发送到对应的接收终端。
-
公开(公告)号:US09290136B2
公开(公告)日:2016-03-22
申请号:US14475631
申请日:2014-09-03
Inventor: Sungho Jeon , Jeong-Han Yun , Woonyon Kim , Jungtaek Seo , Eung Ki Park
CPC classification number: B60R16/023 , B60R25/00 , B60R25/30 , H04L9/3228 , H04L12/6418 , H04L63/04 , H04L63/067 , H04L63/0838 , H04L63/1475 , H04L63/1491 , H04L67/12 , H04L2012/40215 , H04L2012/40273 , H04L2209/84 , H04W4/046 , H04W4/48 , H04W12/02 , H04W12/12
Abstract: An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module.
Abstract translation: 一种用于通过将假通信数据插入车辆网络上的车辆通信业务来防止在正常通信环境中泄漏车辆信息的装置和方法。 在防止车辆信息泄漏的方法中,连接到车载模块的车辆信息泄漏防止装置分析模块与另一模块之间的车辆通信协议。 基于车辆通信协议的分析结果,确定是否将加密应用于车辆通信协议。 根据是否将加密应用于车辆通信协议来选择产生假通信数据的方法。 根据所选择的方法产生假通信数据,并且将生成的假通信数据传送到连接到另一个模块的车辆信息泄漏防止装置。
-
公开(公告)号:US09800546B2
公开(公告)日:2017-10-24
申请号:US14934251
申请日:2015-11-06
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Sangwoo Park
Abstract: A one-way gateway and a vehicle network system and method for protecting networks within a vehicle using the one-way gateway. The one-way gateway includes a communication control unit, a physical one-way communication unit, and a data transmission/reception unit. The communication control unit takes charge of communication with a device of the internal network or infortainment network of a vehicle. The physical one-way communication unit configures a communication section between the internal network and the infortainment network in a physically one-way form. The data transmission/reception unit transfers data, transmitted by the device of the internal network or infortainment network, to the physical one-way communication unit via the communication control unit, and transfers data, received via the physical one-way communication unit, to the device of the internal network or infortainment network.
-
公开(公告)号:US09602409B2
公开(公告)日:2017-03-21
申请号:US14561826
申请日:2014-12-05
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Woonyon Kim , Jungtaek Seo , Eung Ki Park
IPC: H04L12/915 , H04L12/801 , H04L12/54
Abstract: An apparatus and a method for multilateral one-way communication are provided. The apparatus includes a one-way input module unit, detachably mounted to a plurality of slots formed in a rail, for receiving data from an external transmission host and for transmitting the received data to an internal network through one-way communication; a one-way output module unit, mounted detachably to the plurality of slots formed in the rail, for transferring data of interest to an internal network through one-way communication, and transmitting data of interest to an external reception host, and a two-way module unit, mounted detachably to the plurality of slots formed in the rail, for performing data communication between the transmission host and the reception host in a bidirectional mode.
-
10.发明授权Out-of-vehicle device interface apparatus and method for protecting in-vehicle network 有权用于保护车载网络的车外设备接口设备和方法公开(公告)号:US09596225B2
公开(公告)日:2017-03-14
申请号:US14695100
申请日:2015-04-24
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Jungtaek Seo , Eung Ki Park
CPC classification number: H04L63/08 , H04B3/56 , H04L63/10 , H04L63/1441 , H04L67/12 , H04W4/046 , H04W12/06 , H04W12/12
Abstract: An out-of-vehicle device interface apparatus includes a request message reception unit, a response message request unit, and a response message transmission unit. The request message reception unit receives a request message from an out-of-vehicle device, generates electrical signals in electric lines, and transfers the request message. The response message request unit requests response messages for the request message from one or more devices constituting an in-vehicle network based on one or more of the electric lines in which electrical signals have been generated. The response message transmission unit receives the response messages from the one or more devices, and transfers the response messages to the out-of-vehicle device via unidirectional communication.
Abstract translation: 一种车外设备接口设备,包括请求消息接收单元,响应消息请求单元和响应消息传输单元。 请求消息接收单元从车外设备接收请求消息,生成电线中的电信号并传送请求消息。 响应消息请求单元基于已经生成电信号的一条或多条电线从构成车载网络的一个或多个设备请求针对请求消息的响应消息。 响应消息发送单元从一个或多个设备接收响应消息,并通过单向通信将响应消息传送到车外设备。
-
-
-
-
-
-
-
-
-
Search Results
12
records
(took 0.014 seconds)
