Abstract: Provided is a healthcare device including a sensor unit configured to collect patient's biometric information or perform medical treatment on the patient; a communication unit configured to communicate with a healthcare gateway; a control unit configured to receive a control command from the healthcare gateway through the communication unit and control the sensor unit according to the received control command; and a device verification unit configured to receive a verification request from the healthcare gateway, verify an error of the control unit or the sensor unit in response to the received verification request, and transmit results of the verification to the healthcare gateway.

Abstract: A security control system for personal communication terminals includes: a terminal registration agent for registering information on a personal communication terminal of a worker or visitor present within a security area into a terminal security control server and a zone notification node for providing the information of the personal communication terminal that has entered a control zone covered by the zone notification node in the security area when the personal communication terminal moves to the control zone. The system further includes the terminal security control server for installing a security control software module in the personal communication terminal, configuring computing resources and components permitted within the control zone based on a security control policy and zone information, and providing the configured computing resources and components to the personal communication terminal.

Abstract: An apparatus for quantitatively evaluating security policy includes: a security policy analyzing unit for analyzing a security policy of a network; an evaluation criterion defining unit for defining an evaluation criterion for categorizing security features and evaluating each of the security features; an evaluation result calculating unit for calculating an evaluation result of each of security components based on the evaluation criterion; an indicator calculating unit for grouping the security components according to a security function and calculating an indicator by considering a security function of each group; and a quantitative evaluating unit for evaluating a security policy of the each group by using the indicator.

Abstract: A network security control system includes: a network event generator for generating network events; a security event processing apparatus for collecting the network events from the network event generator via a network and processing the collected network events as a target data for visualization; and a visualization processing apparatus for visualizing the target data to display a security status as a third-dimensional (3D) visualization information on an organization basis.

Abstract: Provided are a security information sharing apparatus capable of sharing security information among network domains and a method thereof.

Abstract: A security control system for personal communication terminals includes: a terminal registration agent for registering information on a personal communication terminal of a worker or visitor present within a security area into a terminal security control server and a zone notification node for providing the information of the personal communication terminal that has entered a control zone covered by the zone notification node in the security area when the personal communication terminal moves to the control zone. The system further includes the terminal security control server for installing a security control software module in the personal communication terminal, configuring computing resources and components permitted within the control zone based on a security control policy and zone information, and providing the configured computing resources and components to the personal communication terminal.

Abstract: An apparatus for protecting legitimate traffic from DoS and DDoS attacks has a high-priority (505) and a low-priority (506) queue. Besides, a queue information table (402) has STT (Source-based Traffic Trunk) service queue information of a specific packet. A queue coordinator (502) updates the queue information table (502) based on a load of a provided STT and a load of the high-priority queue (505). A packet classifier (504) receives a packet from the network access unit (508), investigates an STT service queue of the packet from the queue information table (502), selectively transfers the packet to the high-priority (505) or the low-priority (506) queue and provides information on the packet to the queue coordinator (503). A buffer (507) buffers outputs of the high-priority (505) and the low-priority (506) queue and provides outputs to the network (509) to be protected.

Abstract: Provided is an apparatus and a method for security managing of an information terminal. The provided classifies a plurality of information providing means into a plurality of domains including at least one information providing means and when a user process accesses any one domain and then attempts to access another domain, controls the access to said another domain by verifying whether or not the access of the user process to said another domain is allowed. According to the provided, security threats are monitored for each domain which an execution process accesses by simply constructing domain classification information of an entire system without specifically establishing a security policy of an information providing device, such that it is possible to protect a terminal from a multi-domain access process having high security risk. Accordingly, it is advantageous to increase security for the terminal from various security threats.

Abstract: Provided are an apparatus and method for limiting bandwidths of burst aggregate flows according to the present invention. The apparatus comprises: a bandwidth measuring unit measuring a bandwidth of at least one input aggregate flow; a grade determining unit determining abnormal grades according to abnormal levels of the input aggregate flows; a bandwidth limit determining unit determining a bandwidth volume and aggregate flow to be limited; a bandwidth limiting unit inputting a result determined by the bandwidth limit determining unit, limiting or releasing a bandwidth of a aggregate flow selected among the input aggregate flows and outputting the selected aggregate flow; and a status information storage unit storing status information including a usage bandwidth, an abnormal grade, and a limited bandwidth volume of the input aggregate flow.

Abstract: An apparatus for protecting legitimate traffic from DoS and DDoS attacks has a high-priority (505) and a low-priority (506) queue. Besides, a queue information table (402) has STT (Source-based Traffic Trunk) service queue information of a specific packet. A queue coordinator (502) updates the queue information table (502) based on a load of a provided STT and a load of the high-priority queue (505). A packet classifier (504) receives a packet from the network access unit (508), investigates an STT service queue of the packet from the queue information table (502), selectively transfers the packet to the high-priority (505) or the low-priority (506) queue and provides information on the packet to the queue coordinator (503). A buffer (507) buffers outputs of the high-priority (505) and the low-priority (506) queue and provides outputs to the network (509) to be protected.

Abstract: Provided are an apparatus and method for limiting bandwidths of burst aggregate flows according to the present invention. The apparatus comprises: a bandwidth measuring unit measuring a bandwidth of at least one input aggregate flow; a grade determining unit determining abnormal grades according to abnormal levels of the input aggregate flows; a bandwidth limit determining unit determining a bandwidth volume and aggregate flow to be limited; a bandwidth limiting unit inputting a result determined by the bandwidth limit determining unit, limiting or releasing a bandwidth of a aggregate flow selected among the input aggregate flows and outputting the selected aggregate flow; and a status information storage unit storing status information including a usage bandwidth, an abnormal grade, and a limited bandwidth volume of the input aggregate flow.