Abstract: A message security processing system and method for Web services are provided. In the message security processing system in which messages are exchanged between a client and a server with a SOAP-RPC format, each of the client and the server includes: a security interface allowing information related to digital signature, encryption, and timestamp insertion to be set in a security context object for an application program to meet security requirements of the client or the server; a security handler receiving the security context object from the security interface, and performing security processing of a request message by calling security objects stored in a request queue of the security context object one by one in order or performing security processing of a response message by calling security objects stored in a response queue of the security context object one by one in order; and an XML security unit supporting an XML security functions by called by the security handler.

Abstract: A method for dynamically changing an intrusion detection rule in a kernel level intrusion detection system is disclosed. The method includes the steps of: a) generating a replica of the intrusion detection rule in a kernel area; b) changing the replica of the intrusion detection rule according to a request of changing the intrusion detection rule from the kernel area; and c) changing a currently applied intrusion detection rule by exchanging a value of a pointer representing the intrusion detection rule with a value of a pointer representing the changed replica of the intrusion detection rule.

Abstract: A network correction security system. The network correction security system connected between a network node and a security-related external system, detects attacks on the network node, corrects weak parts of the performance of the network node, collects information for improving the security performance of the network node from a security-related external system, analyzes the information, monitors principal resources of the network node to detect a fault, and removes the fault according to a measure corresponding to a grade of the fault. The network correction security system carries out a recovery process when the fault has not been corrected, and recovers the functions of the network node according to a recovery mechanism when the fault has not been removed after the recovery process.

Abstract: The invention relates to an apparatus and method for detecting an illegitimate change of web resources, which is capable of detecting whether or not HTML, XHTML and XML documents, general text documents, binary data of graphic files linked to HTML document and the like are illegitimately changed using XML digital signature and XML encryption when inquiring corresponding web page. It is characteristic of the present invention to confirm in real time whether or not the web page is illegitimately changed by inserting an illegitimate change detecting information into the web page by a web server administrator and executing corresponding web page through a web browser by a user.

Abstract: In the inter-working method of wireless Internet (gateways) according to the present invention described above, DIAMETER which is the first version of the IETF-RFC standard of mobile IP application is applied to the application scenario based on wireless Internet gateway of a home network, not on FA or HA of Mobile IP. After all mobile communication providers connect to wireless Internet, subscribers are not bounded to the network of their mobile communication provider and have the freedom to select any external wireless Internet portal site and use the service of it. Such a wireless Internet connection method will make wireless Internet contents popular in the open wireless network epoch and provide wireless Internet contents providers with an excellent chance.

Abstract: A system for performing face registration and authentication using face information, and a method thereof. A set of readily distinguishable features for each user is selected at a registration step and only the set of features selected at the registration step is used at a face authentication step, whereby memory use according to unnecessary information and amount of data calculation for face authentication can be reduced. Thus, the present system has an advantage in that identity authentication through face authentication can be performed even under restricted environments of a USB token or smart card with limited resources. The present system further has advantages in that authentication performance is improved, as readily distinguishable feature information is used, and the time for face authentication is reduced, as face authentication is performed using the SVM built by using the optimal set of readily distinguishable features at a training step.

Abstract: In an apparatus for authenticating a user by employing feature points of a fingerprint image of the user, a fingerprint image input circuit scans a fingerprint of a user to be registered to provide a first fingerprint image and a fingerprint of a user to be authenticated to provide a second fingerprint image. A host provides registered feature points data corresponding to the first fingerprint image and target feature points data corresponding to the second fingerprint image. A security token circuit estimates a position difference and a direction difference between pairs of a registered feature point and a target feature point and corrects the two feature points based on the position difference and the direction difference to provide authentication result data.

Abstract: A 4-state bar code printing and reading system for use in physical distribution-related services such as mail pieces, receptacles, reception and management forms or the like, and a method for controlling the system are disclosed.

Abstract: A message security processing system and method for Web services are provided. In the message security processing system in which messages are exchanged between a client and a server with a SOAP-RPC format, each of the client and the server includes: a security interface allowing information related to digital signature, encryption, and timestamp insertion to be set in a security context object for an application program to meet security requirements of the client or the server; a security handler receiving the security context object from the security interface, and performing security processing of a request message by calling security objects stored in a request queue of the security context object one by one in order or performing security processing of a response message by calling security objects stored in a response queue of the security context object one by one in order; and an XML security unit supporting an XML security functions by called by the security handler.

Abstract: An encryption key management method for mobile terminals for providing at least one mobile terminal which is connected to a network to use services with an encryption key required for issuing a certificate which is needed for the services and managed by a certification authority by using an encryption key management server is provided. The method includes operations of: a registration requesting operation where the mobile terminal generates an encryption key registration request; an encryption key managing operation where the encryption key management server generates and manages the encryption key in response to the encryption key registration request; a transferring operation of sending the generated encryption key to the mobile terminal; and a security service providing operation of receiving the certificate managed by the certification authority and providing selective security services specific to the content of the services provided to the mobile terminal.

Abstract: Disclosed is a method of detecting abnormal traffic at the network level using a statistical analysis and a computer-readable recording medium for recording a program that implements the method. The method includes the steps of: a) gathering local traffic data from each network device and integrating a plurality of the local traffic data to generate traffic data in a network level; b) extracting a characteristic traffic data based on the traffic data in the network level; c) comparing the characteristic traffic data with a characteristic traffic data profile resulting from statistical computations, and determining whether there is abnormal traffic in the network; and d) updating the characteristic traffic data profile using the characteristic traffic data if there is no abnormal traffic in the network, analyzing seriousness of the abnormal traffic and monitoring the abnormal traffic if there is abnormal traffic in the network.

Abstract: A method for dynamically changing an intrusion detection rule in a kernel level intrusion detection system is disclosed. The method includes the steps of: a) generating a replica of the intrusion detection rule in a kernel area; b) changing the replica of the intrusion detection rule according to a request of changing the intrusion detection rule from the kernel area; and c) changing a currently applied intrusion detection rule by exchanging a value of a pointer representing the intrusion detection rule with a value of a pointer representing the changed replica of the intrusion detection rule.

Abstract: A network correction security system. The network correction security system connected between a network node and a security-related external system, detects attacks on the network node, corrects weak parts of the performance of the network node, collects information for improving the security performance of the network node from a security-related external system, analyzes the information, monitors principal resources of the network node to detect a fault, and removes the fault according to a measure corresponding to a grade of the fault. The network correction security system carries out a recovery process when the fault has not been corrected, and recovers the functions of the network node according to a recovery mechanism when the fault has not been removed after the recovery process.

Abstract: Disclosed is an integrated security information management system and method.

Abstract: Provided are an apparatus and method for cryptographing and/or deciphering an image. The apparatus includes an image segmenting unit, a random image generating unit, a cryptographing unit, and a phase card generating unit. The image segmenting unit segments an input binary image into images. The random image generating unit generates as many random images as the segmented images. The cryptographing unit performs XOR operations on the segmented images and the random images on a one-to-one basis to produce as many cryptographed images as the segmented images. The phase card generating unit assigns phase values of &pgr; and 0 to black and white pixels of the cryptographed images to generate phase cards corresponding to the cryptographed images.

Abstract: Disclosed is a network-based attack tracing system and method using a distributed attack detection agent and manager system that can detect and trace an attack path of a hacker in real time on the whole network using distributed network-based attack detection agent, request manager, and reply manager. The agent detects an attack using a network-based intrusion detection system (NIDS), analyzes an alarm log that is judged to be the attack, changes the analyzed alarm log into attack information, and transmits the attack information to the request manager. The request manager performs a search of an attack IP based on the attack information received from the agent, stores a result of search in a tree structure, and if a final search is completed, extracts a hacking path using a binary search tree (BST) algorithm.

Abstract: The invention relates to an apparatus and method for detecting an illegitimate change of web resources, and more particularly, to an apparatus and method for detecting an illegitimate change of web resources, which is capable of detecting whether or not HTML, XHTML and XML documents, general text documents, binary data of graphic files linked to HTML document and the like are illegitimately changed using XML digital signature and XML encryption when inquiring corresponding web page. It is characteristic of the present invention to confirm in real time whether or not the web page is illegitimately changed by inserting an illegitimate change detecting information into the web page by a web server administrator and executing corresponding web page through a web browser by a user.

Abstract: A method for controlling an Internet information security system of a sender, for packet security in an IP level, is provided. It is determined whether to select security services of packets by referring to security policy database and security association database. Security association is negotiated with a key exchange server of a receiver. The negotiated security association is stored in a key management server. A security policy related with the security association is linked. A packet is sent by using the linked security policy and the security association.

Abstract: An intrusion detection method by adaptive rule estimation in a network-based intrusion detection system (NDS) is disclosed. The method includes collecting a packet on a network and searching for an original rule most similar to the collected packet from a rule database in which a rule for intrusion detection is stored, and judging whether a hacker intrudes by estimating a changed position of the collected packet from the original rule. Accordingly, it is possible to prevent an indirect attack of a hacker using a packet whose number of bits is changed due to deletion/insertion of characters from/into the packet.

Abstract: In an apparatus for authenticating a user by employing feature points of a fingerprint image of the user, a fingerprint image input circuit scans a fingerprint of a user to be registered to provide a first fingerprint image and a fingerprint of a user to be authenticated to provide a second fingerprint image. A host provides registered feature points data corresponding to the first fingerprint image and target feature points data corresponding to the second fingerprint image. A security token circuit estimates a position difference and a direction difference between pairs of a registered feature point and a target feature point and corrects the two feature points based on the position difference and the direction difference to provide authentication result data.