Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A context aware apparatus is provided. The context aware apparatus includes an extracting unit configured to extract a terminological-box (T-box) from a semantic model, a first generating unit configured to generate a reasoning rule based on the extracted T-box, a second generating unit configured to generate a first assertion-box (A-box) based on sensing information, and a reasoning unit configured to infer a user context based on the reasoning rule and the first A-box.

Abstract: An assertion management method includes collecting a SameAs assertion from a plurality of assertions; searching the plurality of assertions for any assertion having a first individual of the SameAs assertion as an instance; and creating a new assertion having a second individual of the SameAs assertion as an instance from each found assertion.

Abstract: A computer system and method for preventing a Dynamic-Link Library (DLL) injection attack are provided. The computer system monitors an operation where a process attempts to dynamically link an executable code library to another process, and intercepts the dynamic link of the executable code library.

Abstract: A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.

Abstract: An apparatus and method for generating a key for a broadcast encryption. The apparatus includes a node secret generator for managing a user that receives broadcast data in a tree structure and for generating a unique node secret for each node in the tree structure. The apparatus also includes an instant key generator for temporarily generating an instant key used at all nodes in common in the tree structure, and a node key generator for generating a node key for each node by operating the node secret generated at the node secret generator and the instant key generated at the instant key generator. Thus, key update can be efficiently achieved.

Abstract: A broadcast encryption method and a broadcast decryption method. The broadcast encryption method includes generating a message encryption key using a public key and a secret key generated by using a Strong Diffie-Hellman tuple; encrypting a message by the message encryption key; and generating a message header using a sum of a plurality of Strong Diffie-Hellman tuples corresponding to an authorized user group. Accordingly, a transmission amount and a storage amount can be reduced when a broadcast encryption message is transmitted.

Abstract: A code injection attack detecting apparatus and method are provided. The code injection attack may be detected based on characteristics occurring when a malicious code injected by the code injection attack is executed. For example, the code injection attack detecting apparatus and method may detect that a code injection attack occurs when a buffer miss is detected, a page corresponding to an address is updated, a mode of the page corresponding to the address is in user mode, and/or the page corresponding to the page is inserted by an external input.

Abstract: Provided is an apparatus and method that may generate and verify an originality verification (OV). An OV generating apparatus may generate primary information that is based on generator information and a pseudorandom number, may generate at least one secondary information based on the pseudorandom number, may obtain parameters used when the pseudorandom number is generated, may generate the OV including the primary information, the at least one secondary information, and the parameters, and may distribute the OV to an OV request device. When the OV distributed from the OV request device is received, the OV generating apparatus may regenerate the pseudorandom number based on the parameters included in an OV request message, and may verify the OV included in the verification request message as the OV that is generated by the OV generating apparatus.

Abstract: A method and system for updating time information of a digital rights management (DRM) includes a time server transmitting a time information message to a consumer electronics (CE) device, the CE device transmitting the time information message to a digital rights management DRM device when the CE device receives the time information message from the time server, and the DRM device updating a present time of the DRM device based on the time information message when the DRM device successfully performs authentication with respect to the time information message which has been transmitted from the CE device.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A method for authorizing an off-line image device to play contents in use of a recording medium, including recording an encrypted key on a recording medium; recording contents on the recording medium using the encrypted key; and recording information as to a play right to play the contents recorded on the recording medium. Thus, the off-line image device can be authorized to play contents in use of the recording medium. As a result, the off-line image device can play contents that are recorded on the recording medium and must be authorized to play the contents.

Abstract: A user key allocation method for broadcast encryption is provided. The user key allocation method includes generating a plurality of subsets by dividing one group including a plurality of nodes to sub-groups and allocating key sets with respect to the subsets, respectively. The nodes included in the subset may be odd nodes and even nodes of the nodes of the group. The nodes are arranged so that privileged nodes are consecutive or there is only one privileged node. Accordingly, it is possible to reduce the data size transmitted from the server to the nodes by constituting one or more subsets from the nodes consecutively arranged and providing key sets with respect to the subsets.

Abstract: A user terminal apparatus with a security function and a security-control method are provided, which may prevent unauthorized use of the user terminal apparatus without requiring a user to lock up the user terminal apparatus. The user terminal apparatus includes an input sensing unit which senses a user's input to the user terminal apparatus, an information collecting unit which collects information regarding an input state, which is determined based on the user's input, and a transition of the determined state, and a security-control unit which determines whether the user is valid based on the collected information and controls a security function.

Abstract: A method and an apparatus are provided for generating an encryption key for broadcast encryption. The method of generating the encryption key for the broadcast encryption includes generating a first encryption key with respect to all nodes, configured in a plurality of depths, from a root node to a plurality of leaf nodes, and generating a second encryption key with respect to each intermediate node between the root node and the plurality of leaf nodes, wherein the generation of the second encryption key comprises generating any one of first and second keys using the first encryption key depending on whether a first child node, connected to a sibling node of the intermediate node, is on a left path or a right path of the intermediate node.

Abstract: A method of managing an axiom includes determining if an H in an A?H axiom in existing axioms is a predetermined expression; and if the H is the predetermined expression, collecting, from the existing axioms, a B?I axiom in which the B includes the H, deleting the A?H axiom from the existing axioms, and generating a new B?I axiom from the collected B?I axiom by replacing the H in the B with the A.

Abstract: An assertion management method includes collecting a SameAs assertion from a plurality of assertions; searching the plurality of assertions for any assertion having a first individual of the SameAs assertion as an instance; and creating a new assertion having a second individual of the SameAs assertion as an instance from each found assertion.

Abstract: A method of generating prevention and control data to verify validity of data to be transmitted, and an apparatus to perform the method, the method including generating the prevention and control data according to composing information of the data to be transmitted, and transmitting the prevention and control data along with the data to be transmitted to verify the validity of the data to be transmitted.

Abstract: A user key management method for a broadcast encryption includes assigning node path identifiers (IDs) to nodes arranged in sequence; assigning random seed value keys to the nodes according to the node path IDs; generating key values by repeatedly applying a hash function to the assigned random seed value keys; and assigning the generated key values to the nodes in sequence. Accordingly, it is possible to reduce the transmission overhead that is most important matter in the broadcast encryption to less than the number of the revoked users. Further, there is an advantage that the transmission overhead of the exemplary embodiments of the present invention is remarkably reduced compared with the Subset Difference method.

Abstract: A user key management method for a broadcast encryption includes assigning node path identifiers (IDs) to nodes arranged in sequence; assigning random seed value keys to the nodes according to the node path IDs; generating key values by repeatedly applying a hash function to the assigned random seed value keys; and assigning the generated key values to the nodes in sequence. Accordingly, it is possible to reduce the transmission overhead that is most important matter in the broadcast encryption to less than the number of the revoked users. Further, there is an advantage that the transmission overhead of the exemplary embodiments of the present invention is remarkably reduced compared with the Subset Difference method.