-
1.发明授权One-way transmission and reception with delayed TCP ACK message and monitoring for UDP and TCP frames 有权单向传输和接收具有延迟的TCP ACK消息和监视UDP和TCP帧公开(公告)号:US09565162B2
公开(公告)日:2017-02-07
申请号:US14726496
申请日:2015-05-30
Inventor: Dongwook Kim , Byunggil Min , Yeop Jang , Woonyon Kim , Jungtaek Seo
IPC: H04L12/723 , H04L29/06 , H04L12/823 , H04L29/08 , H04L12/801 , H04L12/741 , H04L29/12
CPC classification number: H04L63/0245 , H04L47/193 , H04L47/323 , H04L61/6022 , H04L61/6063 , H04L63/0209 , H04L63/0281 , H04L63/101 , H04L63/105 , H04L63/1408 , H04L67/14 , H04L69/163
Abstract: A one-way data transmission and reception system and method, which mitigate the problem of a buffer overflow that may occur on a reception system while also mitigating the problem of data loss caused by a link error that may occur in the unidirectional line of a physical one-way data transmission system. The one-way data transmission system includes a first interface unit connected to a first network. A second interface unit is unidirectionally connected to a reception system connected to a second network. An interface integration module unit transmits a delayed Transmission Control Protocol (TCP) Acknowledgement (ACK) frame to a TCP session established with a device of the first network unit through the first interface unit, and transmits one or more identical data frames to the reception system through the second interface unit.
Abstract translation: 一种单向数据发送和接收系统和方法,其减轻可能在接收系统上发生的缓冲器溢出的问题,同时还减轻了可能在物理的单向线路中发生的链路错误引起的数据丢失的问题 单向数据传输系统。 单向数据传输系统包括连接到第一网络的第一接口单元。 第二接口单元被单向连接到连接到第二网络的接收系统。 接口集成模块单元通过第一接口单元向与第一网络单元的设备建立的TCP会话发送延迟的传输控制协议(TCP)确认(ACK)帧,并且向接收系统发送一个或多个相同的数据帧 通过第二接口单元。
-
公开(公告)号:US09444845B2
公开(公告)日:2016-09-13
申请号:US14277360
申请日:2014-05-14
Inventor: Jeong-Han Yun , Heemin Kim , Kyoung-Ho Kim , Woonyon Kim , Byung-gil Min
IPC: H04L29/06
CPC classification number: H04L63/20 , H04L63/1408
Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.
Abstract translation: 网络安全装置包括管理单元,安全策略监视单元,安全监视单元,日志安全检查单元和日志传输单元。 管理单元从外部接收网络安全设备设置信息,安全策略和日志生成策略。 安全策略监控单元检查安全策略是否符合设置的格式。 如果安全策略符合设定的格式,则安全监控单元监视通信节点是否按照安全策略进行通信。 日志安全检查单元根据日志生成策略生成监控日志,并检查监控日志是否符合日志设置格式。 如果监控日志符合日志设置格式,则日志发送单元将安全日志发送到外部,从而执行外部网络安全。
-
公开(公告)号:US09894074B2
公开(公告)日:2018-02-13
申请号:US14693782
申请日:2015-04-22
Inventor: Jeong-Han Yun , Heemin Kim , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Eung Ki Park
IPC: G06F15/173 , H04L29/06 , H04L29/12
CPC classification number: H04L63/101 , H04L61/6022 , H04L63/0236 , H04L63/162
Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.
-
公开(公告)号:US09749011B2
公开(公告)日:2017-08-29
申请号:US14790074
申请日:2015-07-02
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Eung Ki Park , Sangwoo Park
CPC classification number: H04B3/50 , H04L45/60 , H04L49/20 , H04L63/02 , H04L63/1425 , H04L63/162
Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure. The physical unidirectional communication apparatus includes a unidirectional data transmission line, a data reception status transmission line, an internal network connection system unit for performing communication with an internal network transmission host and transmitting transmission data to an external network connection system unit through the unidirectional data transmission line, and the external network connection system unit for performing communication with an external network reception host, receiving the transmission data from the internal network connection system unit, generating reception status information of the transmission data, and transmitting the reception status information to the internal network connection system unit through the data reception status transmission line.
-
公开(公告)号:US10416654B2
公开(公告)日:2019-09-17
申请号:US14741529
申请日:2015-06-17
Inventor: Sungho Jeon , Jeong-Han Yun , Woonyon Kim , Eung Ki Park , Sangwoo Park
IPC: G06F17/30 , G05B19/409 , H04L29/06 , G05B19/408
Abstract: An apparatus for identifying a web page for an industrial control system includes an information collection unit and an industrial control system identification unit. The information collection unit receives IP targets, from which web pages are to be collected, from a user, and collects web pages and information from the IP targets. The industrial control system identification unit identifies web pages for one or more industrial control systems with respect to the IP targets based on the information collected by the information collection unit.
-
Patent Agency Ranking
公开(公告)号:US09742699B2
公开(公告)日:2017-08-22
申请号:US14289803
申请日:2014-05-29
Inventor: Heemin Kim , Jeong-Han Yun , Kyoung-Ho Kim , Woonyon Kim , Jungtaek Seo , Eungki Park
IPC: H04L12/947 , H04L12/26 , H04L29/06
CPC classification number: H04L49/25 , H04L43/022 , H04L43/026 , H04L43/028 , H04L43/14 , H04L63/1408
Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.
-
7.发明授权Method for transmitting and receiving fake communication data and terminal performing the same 有权用于发送和接收假通信数据的方法以及执行该伪通信数据的终端公开(公告)号:US09338646B2
公开(公告)日:2016-05-10
申请号:US14474250
申请日:2014-09-01
Inventor: Sungho Jeon , Jeong-Han Yun , Woonyon Kim , Jungtaek Seo , Eung Ki Park
CPC classification number: H04W12/02 , G06Q50/265 , H04K3/65 , H04K3/825 , H04K2203/16 , H04K2203/18 , H04L63/04 , H04L63/1475 , H04M1/68 , H04W4/16
Abstract: A technology for preventing leakage of personal information from traffics of terminals by transmitting and receiving fake communication data artificially generated so that an attacker does not identify normal communication between terminals is provided. A method for transmitting fake communication data includes: making a response request to whether or not a fake communication application is presented in an opponent terminal using an address book registered in a terminal; receiving a response corresponding to the response request and selecting targets to and from which the fake communication data are to be transmitted and received in a terminal list corresponding to the received response; controlling a communication amount depending on the selected targets; and transmitting the fake communication data to a corresponding receiving terminal depending on a control result.
Abstract translation: 提供一种用于通过发送和接收伪造的通信数据来防止个人信息从终端的流量泄漏的技术,从而使攻击者不识别终端之间的正常通信。 用于发送假通信数据的方法包括:使用登记在终端中的地址簿对对手终端中是否呈现假通信应用做出响应请求; 接收对应于所述响应请求的响应,并且在对应于接收到的响应的终端列表中选择要发送和接收假通信数据的目标; 根据所选择的目标控制通信量; 以及根据控制结果将假通信数据发送到对应的接收终端。
-
公开(公告)号:US09290136B2
公开(公告)日:2016-03-22
申请号:US14475631
申请日:2014-09-03
Inventor: Sungho Jeon , Jeong-Han Yun , Woonyon Kim , Jungtaek Seo , Eung Ki Park
CPC classification number: B60R16/023 , B60R25/00 , B60R25/30 , H04L9/3228 , H04L12/6418 , H04L63/04 , H04L63/067 , H04L63/0838 , H04L63/1475 , H04L63/1491 , H04L67/12 , H04L2012/40215 , H04L2012/40273 , H04L2209/84 , H04W4/046 , H04W4/48 , H04W12/02 , H04W12/12
Abstract: An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module.
Abstract translation: 一种用于通过将假通信数据插入车辆网络上的车辆通信业务来防止在正常通信环境中泄漏车辆信息的装置和方法。 在防止车辆信息泄漏的方法中,连接到车载模块的车辆信息泄漏防止装置分析模块与另一模块之间的车辆通信协议。 基于车辆通信协议的分析结果,确定是否将加密应用于车辆通信协议。 根据是否将加密应用于车辆通信协议来选择产生假通信数据的方法。 根据所选择的方法产生假通信数据,并且将生成的假通信数据传送到连接到另一个模块的车辆信息泄漏防止装置。
-
公开(公告)号:US09800546B2
公开(公告)日:2017-10-24
申请号:US14934251
申请日:2015-11-06
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Manhyun Chung , Woonyon Kim , Sangwoo Park
Abstract: A one-way gateway and a vehicle network system and method for protecting networks within a vehicle using the one-way gateway. The one-way gateway includes a communication control unit, a physical one-way communication unit, and a data transmission/reception unit. The communication control unit takes charge of communication with a device of the internal network or infortainment network of a vehicle. The physical one-way communication unit configures a communication section between the internal network and the infortainment network in a physically one-way form. The data transmission/reception unit transfers data, transmitted by the device of the internal network or infortainment network, to the physical one-way communication unit via the communication control unit, and transfers data, received via the physical one-way communication unit, to the device of the internal network or infortainment network.
-
公开(公告)号:US09602409B2
公开(公告)日:2017-03-21
申请号:US14561826
申请日:2014-12-05
Inventor: Kyoung-Ho Kim , Jeong-Han Yun , Heemin Kim , Woonyon Kim , Jungtaek Seo , Eung Ki Park
IPC: H04L12/915 , H04L12/801 , H04L12/54
Abstract: An apparatus and a method for multilateral one-way communication are provided. The apparatus includes a one-way input module unit, detachably mounted to a plurality of slots formed in a rail, for receiving data from an external transmission host and for transmitting the received data to an internal network through one-way communication; a one-way output module unit, mounted detachably to the plurality of slots formed in the rail, for transferring data of interest to an internal network through one-way communication, and transmitting data of interest to an external reception host, and a two-way module unit, mounted detachably to the plurality of slots formed in the rail, for performing data communication between the transmission host and the reception host in a bidirectional mode.
-
-
-
-
-
-
-
-
-
Search Results
13
records
(took 0.02 seconds)
