专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080134283A1 Security apparatus and method for supporting IPv4 and IPv6 审中-公开
标题翻译：支持IPv4和IPv6的安全设备和方法
公开(公告)号：US20080134283A1
公开(公告)日：2008-06-05
申请号：US11899236
申请日：2007-09-04
申请人： Sang Gil Park , Jintae Oh , Taek Yong Nam
发明人： Sang Gil Park , Jintae Oh , Taek Yong Nam
IPC分类号： G06F21/00
CPC分类号： H04L63/0227 , H04L69/18
摘要： Provided is a security method and apparatus for supporting IPv4 and IPv6. The security apparatus includes a packet classifier classifying an IPv4 packet and an IPv6 packet based on version information in header information of an input IP packet, a key generator generating header information corresponding to each of the classified IPv4 and IPv6 packets and generating a discrimination key corresponding to each of the classified IPv4 and IPv6 packets based on the generated header information, and a lookup engine comprising a first bank in which a security policy for IPv4 packets is established and a second bank in which a security policy for IPv6 packets is established, by which the first bank and the second bank are searched using the discrimination key corresponding to each packet.
摘要翻译：提供了用于支持IPv4和IPv6的安全方法和装置。安全装置包括基于输入IP分组的报头信息中的版本信息对IPv4分组和IPv6分组进行分类的分组分类器，产生与分类的IPv4和IPv6分组中的每一个对应的报头信息的密钥生成器，并生成对应的鉴别密钥基于所生成的报头信息对每个分类的IPv4和IPv6分组，以及查找引擎，其包括其中建立了用于IPv4分组的安全策略的第一组，以及其中建立了用于IPv6分组的安全策略的第二组，通过使用与每个分组相对应的识别密钥来搜索第一组和第二组。

2. 发明授权

US08543807B2 Method and apparatus for protecting application layer in computer network system 有权
标题翻译：在计算机网络系统中保护应用层的方法和装置
公开(公告)号：US08543807B2
公开(公告)日：2013-09-24
申请号：US12643100
申请日：2009-12-21
申请人： Jintae Oh , YouRi Lee , Yang-Seo Choi , Jong Soo Jang
发明人： Jintae Oh , YouRi Lee , Yang-Seo Choi , Jong Soo Jang
IPC分类号： H04L29/06
CPC分类号： H04L63/1458 , H04L63/168 , H04L2463/141
摘要： A method and apparatus for protecting an application layer in a computer network system. The method includes creating a session between a client and a data provider in response to a session connection request from the client, and determining the client as an application layer attacking client when the client generates a session termination request before the data provider transmits to the client a response packet to a data request from the client under the created session.
摘要翻译：一种用于保护计算机网络系统中的应用层的方法和装置。该方法包括响应于来自客户端的会话连接请求，在客户机和数据提供者之间创建会话，并且在数据提供者向客户端发送客户端之前，当客户机生成会话终止请求时，将客户端确定为攻击客户端的应用层来自客户端在创建的会话下的数据请求的响应数据包。

3. 发明授权

US07464089B2 System and method for processing a data stream to determine presence of search terms 失效
标题翻译：用于处理数据流以确定搜索项的存在的系统和方法
公开(公告)号：US07464089B2
公开(公告)日：2008-12-09
申请号：US11208222
申请日：2005-08-19
申请人： Jintae Oh , Ilsup Kim , Hojae Lee
发明人： Jintae Oh , Ilsup Kim , Hojae Lee
IPC分类号： G06F17/30 , G06F17/00
CPC分类号： G06F17/30985 , Y10S707/99936 , Y10S707/99942
摘要： A trap matrix searches the entire contents of a data stream for a pattern that matches the pattern for a search term. In those circumstances where there is a match between patterns of the data stream and the search term, the method and system can proceed to an exact match operation. In particular, a pointer matrix and a corresponding active control matrix are generated according to a set of terms in a rule table. Data is sequenced the trap matrix according to the hierarchy of its trap elements. The trap elements perform a pattern match check between the sequenced data stream and any search term in the set of terms in the rule table. Results from a positive pattern match are preferably communicated from the matching trap element to an exact match lookup.
摘要翻译：陷阱矩阵搜索与搜索项的模式匹配的模式的数据流的整个内容。在数据流的模式和搜索项之间存在匹配的情况下，该方法和系统可以进行到精确匹配操作。具体地，根据规则表中的一组术语来生成指针矩阵和对应的主动控制矩阵。数据根据其陷阱元素的层次结构对陷阱矩阵进行排序。陷阱元素在排序的数据流和规则表中的术语集中的任何搜索项之间执行模式匹配检查。来自正模式匹配的结果优选地从匹配陷阱元素传递到精确匹配查找。

4. 发明申请

US20070130188A1 Data hashing method, data processing method, and data processing system using similarity-based hashing algorithm 有权
标题翻译：数据散列方法，数据处理方法和使用基于相似度散列算法的数据处理系统
公开(公告)号：US20070130188A1
公开(公告)日：2007-06-07
申请号：US11634731
申请日：2006-12-06
申请人： Hwa Moon , Sungwon Yi , Jintae Oh , Jong Jang , Changhoon Kim
发明人： Hwa Moon , Sungwon Yi , Jintae Oh , Jong Jang , Changhoon Kim
IPC分类号： G06F7/00
CPC分类号： G06F21/64 , G06F7/02 , H04L9/3231 , H04L9/3236 , Y10S707/99942 , Y10S707/99943 , Y10S707/99944 , Y10S707/99945
摘要： Provided are a data hashing method, a data processing method, and a data processing system using a similarity-based hashing (SBH) algorithm in which the same hash value is calculated for the same data and the more similar data, the smaller difference in the generated hash values. The data hashing method includes receiving computerized data, and generating a hash value of the computerized data using the SBH algorithm in which two data are the same if calculated hash values are the same and two data are similar if the difference of calculated hash values is small. Therefore, a search, comparison, and classification of data can be quickly processed within a time complexity of O(1) or O(n) since the similarity/closeness of data content are quantified by that of the corresponding hash values.
摘要翻译：提供了一种使用基于相似度的散列（SBH）算法的数据散列方法，数据处理方法和数据处理系统，其中针对相同数据计算相同的散列值，并且提供了更相似的数据，生成的哈希值。数据散列方法包括接收计算机数据，并使用SBH算法生成计算机化数据的哈希值，其中如果计算的散列值相同，则两个数据相同，并且如果计算的散列值的差异小则两个数据相似。因此，可以在O（1）或O（n）的时间复杂度内快速地处理数据的搜索，比较和分类，因为数据内容的相似/接近由相应散列值的相似度/接近度量化。

5. 发明申请

US20050141423A1 Method of and apparatus for sorting data flows based on bandwidth and liveliness 审中-公开
标题翻译：基于带宽和活力对数据流进行排序的方法和装置
公开(公告)号：US20050141423A1
公开(公告)日：2005-06-30
申请号：US11004426
申请日：2004-12-03
申请人： Jong Lee , Jintae Oh , Jong Jang , Sung Sohn
发明人： Jong Lee , Jintae Oh , Jong Jang , Sung Sohn
IPC分类号： H04L12/28 , H04L12/24 , H04L12/26
CPC分类号： H04L41/0896 , H04L43/026
摘要： A method of and an apparatus for sorting data traffic based on a predetermined priority such as a bandwidth and a liveliness is provided. The method includes operations of: receiving the data flows; sorting the data flows based on bandwidth by defining a plurality of bandwidth ranges and classifying the sorted data flows according to the bandwidth ranges to which the bandwidth of each data flow belongs; and sorting the classified data flows based on liveliness representing frequency of occurrence of the data flows. The sorting of the classified data lows determines that the data flow which is recently received has the higher liveliness and sorts the data flows based on the determination. The method and apparatus facilitates selecting data flows which are possible hostile attack attempts from a vast amount of data traffic and allowing selective and intensive monitoring of the selected data flows.
摘要翻译：提供了一种基于诸如带宽和活力之类的预定优先级对数据业务排序的方法和装置。该方法包括：接收数据流; 通过定义多个带宽范围，根据带宽分配数据流，并根据每个数据流的带宽所属的带宽范围对排序的数据流进行分类; 并根据表示数据流出现频率的生物活动对分类数据流进行排序。分类数据低的排序确定最近接收的数据流具有更高的活力并且基于确定对数据流进行排序。所述方法和装置有助于从大量的数据业务中选择可能的敌对攻击尝试的数据流，并允许选择性和密集地监视所选数据流。

6. 发明申请

US20110016523A1 APPARATUS AND METHOD FOR DETECTING DISTRIBUTED DENIAL OF SERVICE ATTACK 审中-公开
标题翻译：用于检测分布式服务攻击的装置和方法
公开(公告)号：US20110016523A1
公开(公告)日：2011-01-20
申请号：US12633121
申请日：2009-12-08
申请人： Jintae Oh , YouRi Lee , Yang-Seo Choi , Jong Soo Jang
发明人： Jintae Oh , YouRi Lee , Yang-Seo Choi , Jong Soo Jang
IPC分类号： G06F11/30 , G06F15/16
CPC分类号： H04L63/1458
摘要： An apparatus for detecting a distributed denial of service (DDoS) attack includes: a monitoring unit for monitoring multiple GET requests and responses transmitted and received depending on a session establishment between a client and a server; and an attack detection unit for analyzing the monitored multiple GET requests and responses between the client and the server to detect a traffic of the DDoS attack against the server.
摘要翻译：一种用于检测分布式拒绝服务（DDoS）攻击的装置，包括：监视单元，用于根据客户端和服务器之间的会话建立来监视多个GET请求和响应发送和接收; 以及攻击检测单元，用于分析所监视的多个GET请求和客户端与服务器之间的响应，以检测针对服务器的DDoS攻击的流量。

7. 发明授权

US07571477B2 Real-time network attack pattern detection system for unknown network attack and method thereof 有权
标题翻译：用于未知网络攻击的实时网络攻击模式检测系统及其方法
公开(公告)号：US07571477B2
公开(公告)日：2009-08-04
申请号：US11088975
申请日：2005-03-24
申请人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： G06F21/00
CPC分类号： H04L63/1408
摘要： In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.
摘要翻译：在实时网络攻击模式检测系统和方法中，从被怀疑是网络攻击（如蠕虫）的数据包实时检测到一个共同的模式，以有效地阻止攻击。该系统包括：可疑包检测器，用于从所有输入分组中分类可疑攻击包; 第一数据延迟单元，用于从可疑分组检测器接收输入分组以输出一个时钟延迟的数据; 第二数据延迟单元，用于从第一数据延迟单元接收输出信号以输出一个时钟延迟的数据; 散列密钥发生器，用于接收可疑包检测器的输出数据，第一数据延迟单元的输出数据和第二数据延迟单元的输出数据以产生散列密钥; 哈希表，用于存储通过从所述散列密钥发生器生成的散列密钥获得的查找结果; 以及用于检查哈希表的查找结果的存在和命中检查器。

8. 发明授权

US06959297B2 System and process for searching within a data stream using a pointer matrix and a trap matrix 失效
标题翻译：使用指针矩阵和陷阱矩阵在数据流内搜索的系统和过程
公开(公告)号：US06959297B2
公开(公告)日：2005-10-25
申请号：US10132336
申请日：2002-04-25
申请人： Jintae Oh , Ilsup Kim , Hojae Lee
发明人： Jintae Oh , Ilsup Kim , Hojae Lee
IPC分类号： G06F13/00 , G06F17/30 , G06F17/00
CPC分类号： G06F17/30985 , Y10S707/99936 , Y10S707/99942
摘要： A trap matrix searches the entire contents of a data stream for a pattern that matches the pattern for a search term. In those circumstances where there is a match between patterns of the data stream and the search term, the method and system can proceed to an exact match operation. In particular, a pointer matrix and a corresponding active control matrix are generated according to a set of terms in a rule table. Data is sequenced through the trap matrix according to the hierarchy of its trap elements. The trap elements perform a pattern match check between the sequenced data stream and any search term in the set of terms in the rule table. Results from a positive pattern match are preferably communicated from the matching trap element to an exact match lookup.
摘要翻译：陷阱矩阵搜索与搜索项的模式匹配的模式的数据流的整个内容。在数据流的模式和搜索项之间存在匹配的情况下，该方法和系统可以进行到精确匹配操作。具体地，根据规则表中的一组术语来生成指针矩阵和对应的主动控制矩阵。根据其陷阱元素的层次结构，通过陷阱矩阵对数据进行排序。陷阱元素在排序的数据流和规则表中的术语集中的任何搜索项之间执行模式匹配检查。来自正模式匹配的结果优选地从匹配陷阱元素传递到精确匹配查找。

9. 发明授权

US07617231B2 Data hashing method, data processing method, and data processing system using similarity-based hashing algorithm 有权
标题翻译：数据散列方法，数据处理方法和使用基于相似度散列算法的数据处理系统
公开(公告)号：US07617231B2
公开(公告)日：2009-11-10
申请号：US11634731
申请日：2006-12-06
申请人： Hwa Shin Moon , Sungwon Yi , Jintae Oh , Jong Soo Jang , Changhoon Kim
发明人： Hwa Shin Moon , Sungwon Yi , Jintae Oh , Jong Soo Jang , Changhoon Kim
IPC分类号： G06F17/00
CPC分类号： G06F21/64 , G06F7/02 , H04L9/3231 , H04L9/3236 , Y10S707/99942 , Y10S707/99943 , Y10S707/99944 , Y10S707/99945
摘要： A data hashing method, a data processing method, and a data processing system using a similarity-based hashing (SBH) algorithm in which the same hash value is calculated for the same data and the more similar data, the smaller difference in the generated hash values. The data hashing method includes receiving computerized data, and generating a hash value of the computerized data using the SBH algorithm in which two data are the same if calculated hash values are the same and two data are similar if the difference of calculated hash values is small, wherein a search, comparison, and classification of data may be quickly processed within a time complexity of O(1) or O(n) since the similarity/closeness of data content are quantified by component values for each of the respective corresponding generated hash values.
摘要翻译：数据散列方法，数据处理方法和使用基于相似度的散列（SBH）算法的数据处理系统，其中为相同的数据计算相同的散列值，并且更相似的数据，生成的散列的较小的差异价值观。数据散列方法包括接收计算机数据，并使用SBH算法生成计算机化数据的哈希值，其中如果计算的散列值相同，则两个数据相同，并且如果计算的散列值的差异小则两个数据相似其中，可以在O（1）或O（n）的时间复杂度内快速地处理数据的搜索，比较和分类，因为数据内容的相似性/接近度由各个对应的生成散列中的每一个的分量值量化价值观。

10. 发明授权

US07433357B2 Apparatus and method for performing header lookup based on sequential lookup 有权
标题翻译：基于顺序查找执行标题查找的装置和方法
公开(公告)号：US07433357B2
公开(公告)日：2008-10-07
申请号：US10993606
申请日：2004-11-19
申请人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
发明人： Jintae Oh , Seung Won Shin , Ki Young Kim , Jong Soo Jang , Sung Won Sohn
IPC分类号： H04L12/50
CPC分类号： H04L45/00 , H04L45/54 , H04L45/62
摘要： An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.
摘要翻译：提供了一种用于基于顺序查找来执行分组报头查找的装置和方法。报头分析器将报头与经由网络接收的分组分离，并输出查找序列。单元查找单元根据从标题分析器输入的查找序列查找与标题组合规则与要分析的每个字段和从标题分析器输入的匹配，并输出匹配信号和匹配地址。规则组合存储器存储标题组合规则的标识信息。序列组合存储器存储查找序列信息和序列组合信息。规则组合单元基于从单元查找单元输入的匹配信号和从规则组合存储器和序列组合存储器读取的数据产生匹配结果。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式