Abstract: Decoding includes sensing a packet related to SSL handshake for connecting a SSL between a client and a server after a TCP session has been established between the client and the server in an SSL decoding device. If the packet for an SSL handshake is transmitted in a preset operating system, an SSL between the client and the SSL decoding device and an SSL between the SSL decoding device and the server is established. A TCP session between a virtual client corresponding to the client and a virtual server corresponding to the server is also established. A packet transmitted/received between the virtual client and the virtual server is transmitted when the TCP session is established. If a first SSL packet transferred from the client to the SSL decoding device is received, the SSL packet is decoded and transmitted to the security device and to the server.

Abstract: The present disclosure relates to a digital re-signing method for supporting various digital algorithms in a secure sockets layer (SSL) decryption device, and the method, if an SSL communication connection request between a client terminal and a server in the SSL decryption device is detected, requests an SSL session to the server to establish the SSL session between the SSL decryption device and the server, and obtains related information of the server, identifies a type of a digital signature algorithm designated when establishing the SSL session, creates a private certificate regarding the server using the related information of the server with the designated digital signature algorithm, and if the designated digital signature algorithm is not identical to a digital signature algorithm of a root certificate of the SSL decryption device, creates an intermediate certificate of the SSL decryption device with the designated digital signature algorithm, digitally signs the private certificate with the intermedi

Abstract: If a request to execute an executable file of a guest operating system or an executable file being executed in the guest operating system is detected, the present disclosure calculates a hash value before the executable file is executed and compares the calculated hash value with a pre-stored hash value, thereby securing security of the executable file; parses a file system of the guest operating system prior to starting the guest operating system and verifies integrity of a virtualization driver, and if the virtualization driver has integrity according to a result of the verification, blocks modulation of a memory area where the virtualization driver is allocated, a memory area corresponding to a master boot record (MBR) of the guest operating system, and a memory area corresponding to a volume boot record (VBR) of the guest operating system, and if an access to a file occurs in the virtualization driver, determines authority to access the file to which the access was requested, and processes the access acco

Abstract: Provided are a sharing terminal management method and a sharing terminal management apparatus. In response to an Internet access request packet, a sharing terminal management server collects terminal environment information and stores as many pieces of terminal environment information as the number of terminals permitted for each line in a permitted list via a process of transmitting a response packet for the Internet access request packet, and determines whether to transmit an Internet blocking notification, based on whether newly collected terminal environment information exists in the permitted list.

Abstract: Provided are a terminal identification method and an apparatus therefore. A terminal identification apparatus obtains pixel data for a certain region of a screen displayed on the terminal, generates mapping codes for the pixel data, and then identifies the number of mapping codes for each public IP address or for each user identification information that is different from one another.

Abstract: The present invention relates to a security method for a smart phone, in which method a security keyboard app is installed in a smart phone of a staff member so as to make it possible to monitor information leakage. The security method for a smart phone comprises the steps of: running a first app on a smart phone and, when the first app is subject to key input, determining, by means of a security keyboard app installed in the smart phone, whether the first app is a predetermined app which is to be subject to security; monitoring the key input which is inputted to the first app, if the first app is a predetermined app that is to be subject to security; transmitting the monitored key input to a security server; and blocking the key input if the monitored key input includes a predetermined security key word.

Abstract: The present invention relates to a device and a method for monitoring resources in a full virtualization system, the device and method generating a file table by parsing file information, generating a memory table when a memory is allocated, and then determining whether to execute a command by a process unit with reference to the file table and the memory table when the command is generated from a guest operating system or an application such that a virtual machine monitor is requested to execute the command.

Abstract: The present invention relates to a technology that performs: checking an integrity of a paravirtualization agent before executing the paravirtualization agent; protecting the paravirtualization agent by obstructing the modulation of a memory region to which the paravirtualization agent is allocated; when file input-output is generated in the paravirtualization agent, transmitting information associated with the generated file input-output to a host-based file system protection service to inquire about accessibility; determining an authority for access to the generated file input-output through a reasoning engine in the host-based file system protection service; and transmitting a result of the determination to the paravirtualization agent, and processing the generated file input-output, thereby protecting a file in a file system.

Abstract: The present invention relates to a method for inducing the installation of a private certificate, the method setting an installation confirmation parameter as “false”, executing a parameter change file stored in a security network server, and connecting a page for installing a private certificate if the installation confirmation parameter is not changed after the execution of the parameter change file fails.

Abstract: A network security system according to an embodiment may include: a DNS blocking server that is connected to network equipment to which a client terminal is connected and mirrors a DNS query packet going through the network equipment, and that generates and transmits a fake DNS response packet to the client terminal if a DNS query domain address of the DNS query packet is a domain address to be managed; and a proxy server that monitors a request packet from the client terminal generated using the fake DNS response packet.

Abstract: The present invention provides a network security method, which comprises the steps of: maintaining information on blocked countries, to be blocked from data communication, in a blocked country database; identifying an external IP address by extracting at least one of a source IP address and a destination IP address of a communication packet transmitted on a network; identifying a country to which the identified external IP address belongs; and blocking the communication packet when the country to which the identified external IP address belongs is included in the blocked countries.

Abstract: Provided are a sharing terminal management method and a sharing terminal management apparatus. In response to an Internet access request packet, a sharing terminal management server collects terminal environment information and stores as many pieces of terminal environment information as the number of terminals permitted for each line in a permitted list via a process of transmitting a response packet for the Internet access request packet, and determines whether to transmit an Internet blocking notification, based on whether newly collected terminal environment information exists in the permitted list.

Abstract: A smart phone according to an embodiment of the present invention suggests a method for accessing dual environments in a lock screen. The method may comprise: a step for receiving an inputted password or release pattern in a lock screen of a smart phone; and a step for providing smart phone environments different from each other according to the inputted password.

Abstract: The present invention relates to a technology that performs: checking an integrity of a paravirtualization agent before executing the paravirtualization agent; protecting the paravirtualization agent by obstructing the modulation of a memory region to which the paravirtualization agent is allocated; when file input-output is generated in the paravirtualization agent, transmitting information associated with the generated file input-output to a host-based file system protection service to inquire about accessibility; determining an authority for access to the generated file input-output through a reasoning engine in the host-based file system protection service; and transmitting a result of the determination to the paravirtualization agent, and processing the generated file input-output, thereby protecting a file in a file system.