Abstract: Disclosed herein is an apparatus for providing firmware update, which includes a state information analysis unit for analyzing device state information received from a firmware update target device and thereby acquiring information about a version of existing firmware and information about a storage unit of the firmware update target device; an image creation unit for creating a delta image in units of pages based on a flash memory page size included in the information about the storage unit and on a difference between the existing firmware and new firmware; an update information creation unit for creating update information in which an update method is specified; and a communication unit for transmitting the update information and the delta image to the firmware update target device in order to update the existing firmware of the firmware update target device based on the update method.

Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.

Abstract: The present disclosure relates to a user terminal and a method for automatically readjusting application permission. The user terminal comprises an application permission DB configured to store a permission list for applications installed in a user terminal; and an application permission dynamic regulator configured to regulate a permission list of a second application in order to prevent a first application from accessing to a component which the first application is not authorized by using the permission authorized to the second application when the first application execution is requested.

Abstract: Disclosed herein are authentication and management of an application using a mobile trusted module (MTM). According to an exemplary embodiment of the present invention, there is provided an apparatus for authenticating and managing an application, including: a mobile trusted module configured to store a hash value of an authentication data for at least one application and a secret key value of an authentication data which are installed in a mobile device, authenticate the application using the stored hash value and secret key value of the authentication data, and generate a storage root key (SRK) for the application; and a trusted software stack (TSS) middleware configured to generate a message requesting authentication for the application and generation of the storage root key (SRK) and transmit the generated message to the mobile trusted module and manage result information received from the mobile trusted module in response to the transmitted message.

Abstract: There is provided a method of fault management of a smart device including comparing a value of a fault detection indicator (hereinafter referred to as ‘FDI’) in a normal state, which detects faults generated in the smart device, with respect to at least one performance indicator, with an FDI value observed in real time and detecting the faults by calculating a relative variation level of the observed values, and creating a diagnosis object (hereinafter referred to as ‘DO’) including a cause and a countermeasure of the detected fault and analyzing the fault.

Abstract: An apparatus manages universal subscriber identity module (USIM) data in a terminal using a mobile trusted module (MTM). The apparatus includes a mobile information storage unit configured to store at least one key and the USIM data in a protection region, an information security unit configured to protect information stored in a USIM and the terminal using at least one of the USIM data and the key stored in the mobile information storage unit, and a USIM data manager configured to restore at least one of the USIM data and the key stored in the mobile information storage unit to the USIM, and store at least one of USIM data and the key provided from the USIM in the mobile information storage unit.

Abstract: Disclosed herein are authentication and management of an application using a mobile trusted module (MTM). According to an exemplary embodiment of the present invention, there is provided an apparatus for authenticating and managing an application, including: a mobile trusted module configured to store a hash value of an authentication data for at least one application and a secret key value of an authentication data which are installed in a mobile device, M authenticate the application using the stored hash value and secret key value of the authentication data, and generate a storage root key (SRK) for the application; and a trusted software stack (TSS) middleware configured to generate a message requesting authentication for the application and generation of the storage root key (SRK) and transmit the generated message to the mobile trusted module and manage result information received from the mobile trusted module in response to the transmitted message.

Abstract: A source authentication method and apparatus according to the present invention are disclosed. The source authentication method is performed with respect to a transmission packet on a message transmission side, and includes generating a first hash value to which a first hash function is applied using a message to be included in a next packet and a key value, and generating the transmission packet including the first hash value, wherein the key value is one of at least one key value generated in advance by applying a second hash function. Meanwhile, according to the present invention, effective low-cost multicast authentication may be performed by reducing a variety of loads such as buffer management, key calculation costs, and the like.

Abstract: There is provided a method of fault management of a smart device including comparing a value of a fault detection indicator (hereinafter referred to as ‘FDI’) in a normal state, which detects faults generated in the smart device, with respect to at least one performance indicator, with an FDI value observed in real time and detecting the faults by calculating a relative variation level of the observed values, and creating a diagnosis object (hereinafter referred to as ‘DO’) including a cause and a countermeasure of the detected fault and analyzing the fault.

Abstract: An apparatus manages universal subscriber identity module (USIM) data in a terminal using a mobile trusted module (MTM). The apparatus includes a mobile information storage unit configured to store at least one key and the USIM data in a protection region, an information security unit configured to protect information stored in a USIM and the terminal using at least one of the USIM data and the key stored in the mobile information storage unit, and a USIM data manager configured to restore at least one of the USIM data and the key stored in the mobile information storage unit to the USIM, and store at least one of USIM data and the key provided from the USIM in the mobile information storage unit.

Abstract: A method for authenticating a mobile device, the method comprising: detecting an external input to the mobile device; when the external input is detected, displaying a screen lock pattern having at least two or more pattern points, each pattern point having an identifier; determining whether a touch input is conducted on the at least two or more pattern points in an UI (User Interface) locked state of the mobile device; and when the touch input conducted on the at least two or more pattern points is successively made in a preset sequenced combination of identifiers, unlocking the locked state of the mobile device.

Abstract: A role-based access control apparatus for use in a distribution system including a plurality of nodes, includes a role manager configured to assign the role of a publisher, which processes a request for a data transfer, to a node, and the role of subscribers, which request the data transfer, to remaining nodes, the role relationship between the plurality of nodes being transmitted to the remaining nodes playing the roles of subscribers and the requested data from the remaining nodes being transmitted to the remaining nodes based on the role relationship; and a role monitor configured to manage the role relationship assigned to the plurality of nodes.

Abstract: A source authentication method and apparatus according to the present invention are disclosed. The source authentication method is performed with respect to a transmission packet on a message transmission side, and includes generating a first hash value to which a first hash function is applied using a message to be included in a next packet and a key value, and generating the transmission packet including the first hash value, wherein the key value is one of at least one key value generated in advance by applying a second hash function. Meanwhile, according to the present invention, effective low-cost multicast authentication may be performed by reducing a variety of loads such as buffer management, key calculation costs, and the like.

Abstract: An intrusion detection apparatus includes: a rule generator classifying intrusion detection rules into rules having content examination parts and rules without content examination parts, granting an index to each of the rules so as to output the indices to a unit for performing the matching and to simultaneously store the indices; an extractor extracting payload parts and address parts from the packets and outputting the extracted payload parts and address parts to the unit; and an examination unit examining corresponding rules based on the indices.

Abstract: A method of blocking network attacks using information included in a packet, and an apparatus thereof are provided. The method includes: receiving a packet containing information on the packet including at least information on a source from which the packet is sent, and information on a destination to which the packet is sent; and extracting the information on the packet included in the packet, comparing the information with a predetermined access control condition, and blocking or passing the packet. By doing so, a packet being transferred with a routing header capable of bypassing a security device as in an Internet Protocol version 6 (IPv6) network can be appropriately blocked or passed. Accordingly, security problems caused by the routing header can be overcome, and as a result, usage of the routing header can be promoted.

Abstract: A method for dynamically changing an intrusion detection rule in a kernel level intrusion detection system is disclosed. The method includes the steps of: a) generating a replica of the intrusion detection rule in a kernel area; b) changing the replica of the intrusion detection rule according to a request of changing the intrusion detection rule from the kernel area; and c) changing a currently applied intrusion detection rule by exchanging a value of a pointer representing the intrusion detection rule with a value of a pointer representing the changed replica of the intrusion detection rule.

Abstract: Provided is a method of generating and searching for a single ternary content addressable memory (TCAM) entry for range search and exact-match search. First, it is determined whether an entry to be added is a range search entry or an exact-match search entry. When the entry is the range search entry, a bit at a predetermined position in the upper m bits corresponding to a range represented by the entry is set to “1” and the remaining bits including lower n bits is set to a “don't care” bit x, based on a range table for representing position information of one of the upper m bits which is set to “1” in ranges. When the entry is the exact-match search entry, the upper m bits is set to “don't care” bit x and the lower n bits is set to the entry value. By generating and searching for a single TCAM entry for a range search and an exact-match search, a space for storing the TCAM entry can be optimized and efficiency thereof can be improved.

Abstract: An apparatus and method for detecting an attack packet in Internet Protocol version 6 (IPv6) are provided. The apparatus includes a control unit, a preprocessing unit, an attack determining unit, and a packet processing unit. The control unit sets a rule for attack determination and a rule for processing of an attack packet. The preprocessing unit decodes an IPv6 packet and a tunneling packet, and divides the decoded packet into each header and payload. The attack determining unit determines possibility of attack of the divided packet according to the rule for attack determination by using information of the divided packet. The packet processing unit performs at least one function of packet filtering, packet deleting, packet forwarding, and intrusion alarming according to a result of the determination of the attack determining unit, and the rule for processing of an attack packet.

Abstract: Provided is an intrusion detection apparatus and method using patterns. The intrusion detection apparatus using patterns for performing intrusion detection by receiving indices of matched intrusion detection rules which are results of matching payload parts and IP (Internet protocol) address parts of packets, includes: a rule generator classifying intrusion detection rules into rules having content examination parts and rules without content examination parts, granting an index to each of the rules so as to output the indices to a unit for performing the matching and to simultaneously store the indices; an extractor extracting payload parts and address parts from the packets and outputting the extracted payload parts and address parts to the unit; and an examination unit examining corresponding rules based on the indices. Accordingly, an overload due to examinations which are performed on all rules for malicious packets whenever packets are input, is reduced, so that processing speed can be increased.

Abstract: A packet intrusion detection rule simplification apparatus and method and an intrusion detection apparatus and method are provided. Test conditions of at least one intrusion detection rules are rearranged based on test items, and the same test conditions for the same test items are grouped. Group rules having a connection structure of the test conditions are generated so that the test items and orders of the intrusion detection rules are satisfied. A common rule consisting of test conditions existing at the test start positions in the connection structure of the group rules is generated. Next, packet intrusion detection is performed by using the common rule, and the packet intrusion detection is performed by using the group rules. According, it is possible to reduce a load involved in the intrusion detection process by using the grouped and simplified intrusion detection rules.