Abstract: A method of blocking network attacks using information included in a packet, and an apparatus thereof are provided. The method includes: receiving a packet containing information on the packet including at least information on a source from which the packet is sent, and information on a destination to which the packet is sent; and extracting the information on the packet included in the packet, comparing the information with a predetermined access control condition, and blocking or passing the packet. By doing so, a packet being transferred with a routing header capable of bypassing a security device as in an Internet Protocol version 6 (IPv6) network can be appropriately blocked or passed. Accordingly, security problems caused by the routing header can be overcome, and as a result, usage of the routing header can be promoted.

Abstract: The present invention relates to a system for automatically managing integrity reference information and a method of managing the same. The system includes one or more systems, a system management server, and an integrity management server. The systems are connected over a network and communication with each other. Each of the systems has an integrity measurement program to generate integrity information. The system management server has registration information about each of the systems connected over the network and registration information about a program distributed to each of the systems. Further, the system management server controls network access by each of the systems.

Abstract: Disclosed is a probe of an electrical measuring instrument including a handle and at least one loop antenna coupled to the handle. A plane defined by the loop antenna is oriented to face an object to be inspected, to detect electrical characteristics in the vicinity of the object. Enhanced accessibility of the probe with respect to the object to be inspected results in an improvement in the accuracy of measured electrical characteristics information and use convenience of the probe by an inspector.

Abstract: Provided are an apparatus and method for detecting illegal motion picture data. The apparatus includes a key frame extractor for extracting a plurality of key frames from motion picture data, a characteristic value file generator for detecting characteristic values of the extracted key frames and generating a characteristic value file, and an illegality determiner for measuring degree of similarity between a previously stored learning model file and the characteristic value file and determining whether or not the motion picture data is legal according to the degree of similarity.

Abstract: Provided is a method of generating and searching for a single ternary content addressable memory (TCAM) entry for range search and exact-match search. First, it is determined whether an entry to be added is a range search entry or an exact-match search entry. When the entry is the range search entry, a bit at a predetermined position in the upper m bits corresponding to a range represented by the entry is set to “1” and the remaining bits including lower n bits is set to a “don't care” bit x, based on a range table for representing position information of one of the upper m bits which is set to “1” in ranges. When the entry is the exact-match search entry, the upper m bits is set to “don't care” bit x and the lower n bits is set to the entry value. By generating and searching for a single TCAM entry for a range search and an exact-match search, a space for storing the TCAM entry can be optimized and efficiency thereof can be improved.

Abstract: A host system having a device driver development tool and a target system having a device driver agent, the tool and the target system separated from each other and interconnected with a communication network. The driver agent device communicates with the target system, receiving and processing various service requests from the device driver development tool, and transmits the processed services to the host system through the communication network. Thr driver agent determines types of the services requested from the device driver development tool and performs services based on the types of the services determined. Accordingly, the device driver can be adapted to the target system and tested without complex procedures to effectively reduce time and manpower needed for the device driver development.

Abstract: Provided is a method and system for providing an SSO service enabling the use of Web services in different trusted domains through a one-time authentication process. In the method, mutual authentication information is issued from a trusted third party to each of ID-federation service providers managing each of trusted domains, and an ID federation established between the ID-federation service provider and a user in the trusted domain of the ID-federation service provider. The first ID-federation service provider managing the first trusted domain, to which the user belongs to, is confirmed when a Web service provider in the second trusted domain receives a login request from the user in the first trusted domain. User authentication and mutual authentication arc performed between the first ID-federation service provider and a second ID-federation service provider managing the second trusted domain.

Abstract: An apparatus and method for detecting an attack packet in Internet Protocol version 6 (IPv6) are provided. The apparatus includes a control unit, a preprocessing unit, an attack determining unit, and a packet processing unit. The control unit sets a rule for attack determination and a rule for processing of an attack packet. The preprocessing unit decodes an IPv6 packet and a tunneling packet, and divides the decoded packet into each header and payload. The attack determining unit determines possibility of attack of the divided packet according to the rule for attack determination by using information of the divided packet. The packet processing unit performs at least one function of packet filtering, packet deleting, packet forwarding, and intrusion alarming according to a result of the determination of the attack determining unit, and the rule for processing of an attack packet.

Abstract: Provided is a system for executing applications stored in an application server on a mobile terminal. The mobile terminal includes: a mobile terminal input/output processing unit for processing data input via an input device of the mobile terminal and data to be output via an output device thereof; a mobile terminal information transmitting and receiving unit for transmitting and receiving data to and from the outside via an Internet network; and a data processing unit for decoding the structural data received from the mobile terminal information transmitting and receiving unit and sending the decoded data to the mobile terminal input/output processing unit, or encoding data received from the mobile terminal input/output processing unit and sending the encoded data to the mobile terminal information transmitting and receiving unit.

Abstract: Disclosed is an access control method using a token having security attributes in a computer system when a user gains access to a specific file. The computer system adopts a token having encryption, modification, execution, and provision attributes to determine access permission or access denial between a user and a file in such a way that a file access request is controlled. The access control method enciphers a file and stores the enciphered file in a storage unit, so that it can maintain security of the file even though the storage unit is stolen. The access control method enables a system manager to read only enciphered contents of the file when the system manager performs a data backup operation, thereby eliminating limitations in commonly operating a system simultaneously with maintaining file security.

Abstract: Provided are an apparatus and method for diagnosing operating system resources supporting universal serial bus (USB) device driver development for a Linux system. The apparatus and method device enable driver developers to simply perform, without professional knowledge of hardware and operating systems, operating system resource diagnosis such as detection and extraction of hardware information required for device driver development, search and change of various descriptor configurations, and process of data input/output through an endpoint. Thus, effort and cost required for a device driver development process are reduced, and it is possible to improve the efficiency of Linux USB device driver development work.

Abstract: The present invention relates to a supporting structure of a refrigerator having a main body with a storage compartment and a base provided in a lower part of the main body, the supporting structure including a support provided under the main body to support the main body, and a supporting bracket to connect the main body and the support. Thus, according to the present invention, the refrigerator is supported by the support and the supporting bracket, thereby preventing the refrigerator from being overturned during a manufacturing process or a distribution process.

Abstract: An apparatus for providing a trusted channel among secure operating systems (OSs) to which a mandatory access control (MAC) policy is applied includes on a data transmission side a trusted channel sub system, a MAC module and a kernel memory. The apparatus further includes on a data reception side a trusted channel system and a kernel memory. By using the apparatus, the contents of data can be prevented from being exposed even in case the packet is intercepted while being transmitted since the packet is encrypted. Furthermore, even though the contents of the data packet are replaced with malicious contents, such modulation of data can be detected by examining the integrity of the packet through the use of authentication data.

Abstract: Disclosed is an access control method using a token having security attributes in a computer system when a user gains access to a specific file. The computer system adopts a token having encryption, modification, execution, and provision attributes to determine access permission or access denial between a user and a file in such a way that a file access request is controlled. The access control method enciphers a file and stores the enciphered file in a storage unit, so that it can maintain security of the file even though the storage unit is stolen. The access control method enables a system manager to read only enciphered contents of the file when the system manager performs a data backup operation, thereby eliminating limitations in commonly operating a system simultaneously with maintaining file security.

Abstract: A file security system uses a security class set by an access control module. The file security system includes a disk, a kernel memory and an encryption file system. The disk includes a key file in which an encryption key corresponding to the security class is stored and a file encoded by the encryption key. The encryption key stored in the disk is loaded into the kernel memory when the file security system starts operating. The encryption file system extracts an encryption key corresponding to a security class of a file that a user intends to read or store; decodes or encodes the file by using the extracted encryption key; and then provides the decoded file to the user or stores the encoded file in the disk.

Abstract: An apparatus and method for incrementally performing a remote loading is disclosed. The incremental remote loading apparatus includes dependent reader modules for analyzing the object file according to a object type and detecting an independent linking information and independent linker module for receiving a detected liking information, downloading the object file to a target system and rearranging target modules of the target system. The present invention provides convenience to developers by linking object files to the target system without following a linking order and reduces a development time by changing a dependent environment without changing whole developing environment and reduces communication time by recognizing various object file type and partly loading/unloading related modules to target system.