专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

61. 发明授权

KR100487741B1 공개키 기반구조에서 검증서버를 이용한 인증경로 생성방법 失效
标题翻译：公共密钥基础设施中使用验证服务器建立认证路径的方法
公开(公告)号：KR100487741B1
公开(公告)日：2005-05-06
申请号：KR1020020062659
申请日：2002-10-15
申请人： 한국전자통신연구원
发明人： 노종혁 , 조영섭 , 조상래 , 최대선 , 김태성 , 김희선 , 진승헌
IPC分类号： G06F17/00 , G06F21/20
摘要： 본 발명은 인증서를 기반으로 하는 정보 보호 분야에 관한 것으로, 특히 공개키 기반구조에서 인증서 검증의 한 과정인 인증경로 생성에 검증서버를 이용함으로써, 클라이언트가 수행해야하는 작업들을 검증서버를 통해 대행하도록 하여 보다 효율적으로 인증경로 생성을 가능하게 하는, 공개키 기반구조에서 검증서버를 이용한 인증경로 생성방법에 관한 것으로, 본 발명에 따른 인증경로 생성방법은,
공개키 기반구조에서 인증 경로를 생성하는 방법에 있어서, 클라이언트(100)에 연결된 검증서버(300)에서 상기 클라이언트의 요청에 상관없이 연동가능한 인증기관의 인증서를 수집하고, 상기 인증기관의 인증서로 이루어질 수 있는 인증경로를 생성하며, 상기 인증기관 인증서 인증경로를 저장하는 제1 단계(311, 312, 313)와, 상기 클라이언트가 상기 검증서버에 검증대상 인증서를 제공하여 상기 검증 대상 인증서의 검증을 요청 시, 상기 검증서버는 기존에 저장된 상기 검증대상 인증서의 인증경로가 존재하는지 확인하는 제2 단계(321, 322)와, 상기 제2 단계에서 확인 결과 상기 검증대상 인증서의 인증경로가 존재하는 경우, 상기 검증서버는 상기 존재하는 인증경로를 사용하여 상기 검증대상 인증서를 검증하고 검증결과를 상기 클라이언트에 전송하는 � ��3 단계(323, 327)와, 상기 제2 단계에서 확인 결과 인증경로가 존재하지 않는 경우, 상기 검증서버는, 상기 제1 단계에서 저장된 인증기관 인증서 인증경로에서 상기 검증대상 인증서의 검증에 합당한 인증기관 인증서 인증경로를 선택하고, 상기 선택된 인증기관 인증서 인증경로와 상기 검증대상 인증서를 결합하여 인증경로의 생성을 시도하는 제4 단계(323, 324) 및 상기 제4 단계에서 인증경로 생성에 성공하는 경우, 상기 검증서버는 상기 성공한 인증경로를 저장하고 상기 생성된 인증경로를 사용하여 상기 검증대상 인증서를 검증하고 검증결과를 상기 클라이언트로 전송하며, 상기 제4 단계에서 인증경로 생성에 실패하는 경우, 상기 검증서버는 실패처리를 수행하고 그 결과에 대한 로그 및 응답을 생성하여 클라이언트로 전송하는 제5 단계(325, 326, 32 7, 328)를 구비함을 요지로 한다.

62. 发明授权

KR100449484B1 공개키 기반 구조 인증시스템에서 생체정보를 이용한인증서 발급 방법 失效
标题翻译：在这个系统中使用的信息是关于使用者的信息
公开(公告)号：KR100449484B1
公开(公告)日：2004-09-21
申请号：KR1020010064187
申请日：2001-10-18
申请人： 한국전자통신연구원
发明人： 김희선 , 김태성 , 노종혁 , 최대선 , 조영섭 , 조상래 , 진승헌
IPC分类号： G06K9/00
CPC分类号： H04L9/006 , H04L9/3231 , H04L9/3263
摘要： A method for issuing a certificate using biometric information in a public key infrastructure-based authentication system is provided. In the present invention, an authentication code used to protect a certificate issuance request message is assigned to a user by a certificate authority not at a registration step but at a certificate issuance request step where a user authentication is performed with user's biometric information. Therefore, there is no need for a user to remember and enter the complex authentication code to be issued the certificate, thereby simplifying certificate issuance procedures. Further, in the present invention, the authentication code is assigned to the user at the certificate issuance step only after a real-time authentication using the user's biometric information is performed. For this reason, even though a reference code of the user is revealed to a third party before the certificate issuance step, it can be prevented that the third party tries to be issued the certificate, thereby maintaining higher reliability when the certificate is issued.
摘要翻译：提供了一种在基于公钥基础设施的认证系统中使用生物信息发布证书的方法。在本发明中，用于保护证书颁发请求消息的认证码由不是在注册步骤的认证机构分配给用户，而是在用用户生物信息执行用户认证的证书颁发请求步骤。因此，用户不需要记住并输入复杂的认证码来发布证书，从而简化了证书颁发程序。此外，在本发明中，仅在执行使用用户的生物信息的实时认证之后，才在证书发布步骤向用户分配认证码。因此，即使在证书发行步骤之前将用户的参考代码泄露给第三方，也可以防止第三方试图发布证书，从而在发布证书时保持更高的可靠性。

63. 发明公开

KR1020040013668A 공개키 기반구조에서 인증서 정책 및 인증서 정책사상을이용한 인증서 검증서버에서의 인증서 검증방법 有权
标题翻译：使用公共密钥基础设施证书政策和证书政策来证明证书服务器证书的方法
公开(公告)号：KR1020040013668A
公开(公告)日：2004-02-14
申请号：KR1020020046693
申请日：2002-08-08
申请人： 한국전자통신연구원
发明人： 노종혁 , 조영섭 , 조상래 , 최대선 , 김태성 , 김희선 , 진승헌
IPC分类号： H04L9/30
CPC分类号： H04L63/0823 , H04L9/3265 , H04L9/3268
摘要： PURPOSE: A method for verifying the certificate in a certification verification server by using a public-key infrastructure certificate policy and a certificate policy is provided to concentrically manage the certification policy in the domain by processing the verification of the certificate in the certificate verification server. CONSTITUTION: A method for verifying the certificate in a certification verification server by using a public-key infrastructure certificate policy and a certificate policy includes a first step of: receiving the verification request of the verification target by receiving the certification policy to be applied to the verification target certificate from the clients(100,200), the certificate of authenticate agency and the verification target certificate; a second step of generating the certificate path of the verification target certificate corresponding to the request by the certificate verification server(300); a third step of determining the verification status of the verification target certificate by using the certificate policy table; a fourth step of performing the certificate path verification created by using the certificate policy table in the certificate verification server(300); and a fifth step of transmitting the success message when the result of the certificate path verification is successful and transmitting the failure message when the result of the certificate path verification is fail.
摘要翻译：目的：提供一种通过使用公钥基础设施证书策略和证书策略来验证认证验证服务器中的证书的方法，以通过处理证书验证服务器中的证书的验证来同心管理域中的认证策略。构成：通过使用公共密钥基础设施证书策略和证书策略来验证认证验证服务器中的证书的方法包括：第一步：通过接收认证策略来接收验证目标的验证请求，客户验证目标证书（100,200），认证机构认证证书和验证目标证书; 第二步骤，生成与证书验证服务器（300）的请求对应的验证对象证书的证书路径; 通过使用证书策略表来确定验证目标证书的验证状态的第三步骤; 执行通过使用证书验证服务器（300）中的证书策略表创建的证书路径验证的第四步骤; 以及当证书路径验证的结果成功时发送成功消息的第五步骤，并且当证书路径验证的结果失败时发送失败消息。

64. 发明公开

KR1020030043452A 공개키로 서명된 전자 문서의 종이 문서 생성과 생성된종이문서의 전자 서명 검증 시스템 및 그 방법 无效
标题翻译：公共钥匙签名的电子文件纸张文件的制作与制作方法及电子签名认证文件
公开(公告)号：KR1020030043452A
公开(公告)日：2003-06-02
申请号：KR1020010074635
申请日：2001-11-28
申请人： 한국전자통신연구원
发明人： 조영섭 , 진승헌 , 조상래 , 최대선 , 노종혁 , 김희선 , 김태성
IPC分类号： G06F17/00 , G06F21/24
摘要： PURPOSE: A system and a method for generating a paper document of an electronic document signed by a public key, and an authenticating electronic signature on the paper document are provided to print an electronic document, signed by a public key, on a paper for a backup, a circulation and a check, and to authenticate the printed paper document. CONSTITUTION: The system comprises a paper document generator(1000), and a paper document authenticator(2000). The paper document generator(1000) includes a paper document generation module(100) and a paper printing module(200). The paper document authenticator(2000) includes a paper document input module(300) and a paper document authentication module(400). The paper document generation module(100) generates an image to be printed on a paper for the electronic document signed by the public key. The paper printing module(200) prints the generated image on the paper. The paper document input module(300) receives the paper document, output via the paper printing module(200), converts the paper document into the digital document, and transfers the digital document to the paper document authentication module(400). The paper document authentication module(400) authenticates the digital document, transferred by the paper document input module(300).
摘要翻译：目的：提供一种用于生成由公钥签名的电子文档的纸质文档的系统和方法，以及在纸质文档上的认证电子签名，以将公钥签名的电子文档打印在纸张上备份，流通和检查，以及验证打印的纸质文件。规定：系统包括纸质文件生成器（1000）和纸质文件认证器（2000）。纸质文件生成器（1000）包括纸质生成模块（100）和纸张打印模块（200）。纸质认证器（2000）包括纸质文档输入模块（300）和纸质认证模块（400）。纸质文件生成模块（100）生成用于由公开密钥签名的电子文档的纸上打印的图像。纸张打印模块（200）将生成的图像打印在纸张上。纸文件输入模块（300）通过纸张打印模块（200）接收纸质文档，将纸质文档转换为数字文档，并将数字文档传送到纸质认证模块（400）。纸质认证模块（400）认证由纸质文档输入模块（300）传送的数字文档。

65. 发明授权

KR102071402B1 사물인터넷 환경 키 관리 서비스 제공 장치 有权
公开(公告)号：KR102071402B1
公开(公告)日：2020-03-03
申请号：KR1020160144755
申请日：2016-11-01
申请人： 한국전자통신연구원 , 주식회사 한컴엠디에스
发明人： 김주한 , 강유성 , 김태성 , 이승광 , 최두호 , 김석현 , 김수형 , 조상래 , 조현숙 , 진승헌
IPC分类号： H04L9/08 , H04L29/10 , H04L29/08

66. 发明授权

KR101869064B1 프로파일 기반의 부채널 분석 장치 및 방법 有权
公开(公告)号：KR101869064B1
公开(公告)日：2018-07-19
申请号：KR1020120058684
申请日：2012-05-31
申请人： 한국전자통신연구원
发明人： 김주한 , 오경희 , 최두호 , 김태성 , 최용제 , 이승광
IPC分类号： H04L9/38
CPC分类号： G01R13/00 , G01R13/029 , G06F17/00 , H04L9/002
摘要： 본발명에서는부채널분석시스템에서파형수집, 전처리, 분석에이르는부채널분석의각 과정을프로세스로만들고, 각과정을프로세스의연결로관리하는프로파일을구성하여, 각프로세스에서사용되는파라미터와프로세스의동작결과물인각각의파형을쉽게확인할수 있도록함으로써, 프로파일의참조를통해파형수집, 전처리, 분석등의부채널분석의모든과정을쉽게이해할수 있도록한다.

67. 发明公开

KR1020140116725A 블록 암호화 처리 방법 및 장치 审中-实审
标题翻译：用于块加密算法的方法和装置
公开(公告)号：KR1020140116725A
公开(公告)日：2014-10-06
申请号：KR1020130031652
申请日：2013-03-25
申请人： 한국전자통신연구원
发明人： 이승광 , 최두호 , 김태성 , 최용제 , 오경희 , 김주한
IPC分类号： H04L9/06 , H04L9/28
CPC分类号： H04L9/003 , H04L9/0631 , H04L2209/08 , H04L2209/125
摘要： The present invention relates to a method and an apparatus to process block encryption. The disclosed method to process block encryption comprises the steps of: generating an OPc divided value, an RAND divided value, and an S divided value by dividing an OPc generated by encrypting an OP via a block algorithm, a random number RAND and a random number S by the preset byte unit; determining a sequence of a process using the RAND divided value and a process using the S divided value and the OPc divided value; sequentially performing a logic operation between the RAND divided value and the OPc divided value, and a logic operation between the S divided value and the OPc divided value in accordance to the determined sequence; sequentially performing block encryption for a value resulted from the logic operation between the RAND divided value and the OPc divided value, and a value resulted from the logic operation between the S divided value and the OPc divided value in accordance to the determined sequence; and eliminating the block encryption result of the value resulted from the logic operation between the S divided value and the OPc divided value, and outputting the block encryption result of the value resulted from the logic operation between the RAND divided value and the OPc divided value. The present invention, performs in multiple times, an exclusive logic operation between the OPc value and the random number RAND and performs the logic operation and the encryption process using the random number RAND, and the logic operation and the encryption process using the random number S in accordance to an arbitrary sequence, thereby increasing the attack complexity to calculate a correlation coefficient at some point of a power consumption waveform when a correlation power analysis is performed effectively defending against a correlation power analysis attack.
摘要翻译：本发明涉及一种处理块加密的方法和装置。所公开的处理块加密的方法包括以下步骤：通过将通过块算法加密生成的OPc，随机数RAND和随机数除以产生的OPc，生成OPc划分值，RAND分割值和S分割值 S以预设字节单位; 使用所述RAND分割值确定处理的序列，以及使用所述S分割值和所述OPc分割值的处理; 根据所确定的顺序顺序地执行RAND分割值和OPc分割值之间的逻辑运算以及S分割值与OPc分割值之间的逻辑运算; 根据所确定的顺序对由RAND分割值和OPc分割值之间的逻辑运算产生的值以及由S分割值和OPc分割值之间的逻辑运算产生的值进行顺序执行块加密; 并且消除由S分割值和OPc分割值之间的逻辑运算导致的值的块加密结果，并输出由RAND分割值和OPc分割值之间的逻辑运算产生的值的块加密结果。本发明多次执行OPc值和随机数RAND之间的异或逻辑运算，并使用随机数RAND执行逻辑运算和加密处理，并使用随机数S的逻辑运算和加密处理从而提高攻击的复杂度，以便在相对功率分析进行有效防御相关功率分析攻击时计算功耗波形的某一点的相关系数。

68. 发明公开

KR1020140077405A 사이버 공격 탐지 장치 및 방법 审中-实审
标题翻译：用于检测圆锥体目标攻击的方法和装置
公开(公告)号：KR1020140077405A
公开(公告)日：2014-06-24
申请号：KR1020120146176
申请日：2012-12-14
申请人： 한국전자통신연구원
发明人： 김태성 , 최두호
IPC分类号： G06F21/00 , G06F9/30
CPC分类号： G06F9/30 , G06F21/00
摘要： A cyber target attack is not prevented by the signature-based detection of an existing security system because an unknown weakness is attacked. Moreover, a damaged system does not recognize damage since an attack is slowly performed over a long time to incapacitate a system for sensing abnormal traffic. The present invention provides technology to detect the cyber target attack which attacks the system over a long time by using the unknown weakness. The present invention provides the technology to detect the attack by comparing the similarity of a previously stored normal operation with information by storing the information after the information is received from various sources of an information system.
摘要翻译：基于签名的现有安全系统的检测不会阻止网络目标攻击，因为未知的弱点被攻击。此外，损坏的系统不会识别损坏，因为长时间缓慢执行攻击以使系统无法识别异常流量。本发明提供了通过使用未知弱点来检测长时间攻击系统的网络目标攻击的技术。本发明提供了一种通过将从先前存储的正常操作的相似性与信息进行比较来检测攻击的技术，该信息通过从信息系统的各种来源接收信息之后存储信息。

69. 发明公开

KR1020140077404A 부채널 분석 장치 및 방법 审中-实审
标题翻译：用于提供侧面通道分析的方法和装置
公开(公告)号：KR1020140077404A
公开(公告)日：2014-06-24
申请号：KR1020120146175
申请日：2012-12-14
申请人： 한국전자통신연구원
发明人： 김태성 , 최두호
IPC分类号： H04L12/22 , H04L9/14
摘要： Verification of a side channel takes a very long time because of an amount of data and the number of analyzing candidate keys. When an equipment manufacturer verifies safety of equipment of the company or an evaluation institution receives a request of safety verification of the equipment and evaluates the equipment, since a key of the equipment is previously known, an entire verification time may be reduced by using the key. According to the present invention, the verification is divided into two steps where, in the first step, the number of candidate keys is reduced to perform the verification and, in the second step, a size of a waveform is reduced to perform the verification, so that the entire verification time can be reduced.
摘要翻译：侧面通道的验证需要很长时间，因为数据量和分析候选键的数量。当设备制造商验证公司设备的安全性或评估机构接收设备的安全验证请求并对设备进行评估时，由于设备的密钥以前是已知的，所以可以通过使用密钥来减少整个验证时间。根据本发明，验证分为两个步骤，其中在第一步骤中减少候选密钥的数量以执行验证，并且在第二步骤中减小波形的大小以执行验证，从而可以减少整个验证时间。

70. 发明公开

KR1020140068445A 피분석 장치에 대한 오류 주입 제어 장치 및 그 방법 审中-实审
标题翻译：将智能卡注入故障的设备计算及其方法
公开(公告)号：KR1020140068445A
公开(公告)日：2014-06-09
申请号：KR1020120135944
申请日：2012-11-28
申请人： 한국전자통신연구원
发明人： 오경희 , 최용제 , 김태성 , 최두호 , 김주한 , 이승광
IPC分类号： G06F21/00 , G06F11/30
摘要： An apparatus for controlling injection of an error into a controlled device and a method thereof are disclosed. An apparatus for controlling injection of an error according to an embodiment of the present invention includes: an error injecting unit which injects a predetermined error into a controlled device to cause the controlled device to generate error information; a controlled device state sensing unit which senses whether the controlled device is in an inoperable state; and a control unit which extracts secret information of the controlled device using the error information generated by the controlled device, and initializes the controlled device when it is sensed that the controlled device is in an inoperable state. The apparatus additionally includes a communication control unit which provides the control unit with the error information generated by the controlled device and initializes the controlled device using an initialization command received from the control unit. Therefore, a process of repeated error injection and information extraction can be automated to minimize user intervention, thereby improving user convenience.
摘要翻译：公开了一种用于控制将误差注入受控装置的装置及其方法。根据本发明的实施例的用于控制错误的注入的装置包括：错误注入单元，其将预定的错误注入到受控设备中，以使受控设备产生错误信息; 受控设备状态感测单元，其感测受控设备是否处于不可操作状态; 以及控制单元，其使用由受控设备生成的错误信息来提取受控设备的秘密信息，并且当感测到受控设备处于不可操作状态时初始化受控设备。该装置还包括通信控制单元，其向控制单元提供由受控设备生成的错误信息，并使用从控制单元接收的初始化命令来初始化受控设备。因此，重复错误注入和信息提取的过程可以自动化以最小化用户干预，从而提高用户便利性。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式