Abstract: An intrusion detection system and method of a wireless network providing wireless communication to one or more wireless terminal, and an intrusion detection sensor capable of detecting attacks against wireless network are provided. The intrusion detection system of a wireless network includes: an access point providing wireless communication to a wireless terminal; and an intrusion detection sensor examining packets transmitted and received between the access point and a wireless terminal according to a predetermined detection rule. The access point transmits confirmation information on whether or not an event packet, including critical information on whether or not a wireless line connection between the access point and the wireless terminal is established, is transmitted, to the intrusion detection sensor, and the intrusion detection sensor examines an event packet by using the confirmation information.

Abstract: A device authentication method and device authentication apparatus in a multi domain home network environment are provided. The method includes registering a new device in each local domain and issuing a local domain certificate; making an agreement between local domains in order to authenticate a device registered to another local domain; when the device registered to the home local domain or another local domain requests a service, authenticating the device via communication inside the local domains, thereby minimizing a user's intervention, making it easier to use the apparatus, reducing a device operation with regard to a device having limited performance, and making it easier to extend the apparatus.

Abstract: A method and apparatus for generating a keystream are provided. The method includes: (a) receiving a bitstream comprised of at least 4 bits; (b) selecting at least two bits from the received bitstream; (c) generating an operation value by performing a predetermined bitwise operation on the bits selected in (b); and (d) determining whether to discard the received bitstream or to output the rest of the received bitstream not selected in (b) according to the operation value. The method and apparatus for generating a keystream are expected to be suitable for a ubiquitous computing and network environment and to provide high security or high efficiency.

Abstract: An access control method and system for multiple accessing entities are provided. The access control method includes generating a plurality of integrated identifiers (IDs) respectively corresponding a plurality of individual ID groups, each having the individual IDs of a number of entities; if multiple accessing entities issue a request for access to a service, extracting an integrated ID corresponding to a list of the individual IDs of the multiple accessing entities; and searching for an access control policy corresponding to the extracted integrated ID and the ID of the service and performing access control on the multiple accessing entities according to the identified access control policy. Therefore, it is possible to efficiently control the access of multiple accessing entities to a service.

Abstract: A server certificate verification method in a terminal during. Extensible Authentication Protocol authentication for Internet access is provided, the method including (a) receiving a server certificate from a wireless LAN authentication server, and transmitting a server certificate verification request message of the server certificate to a wireless LAN authentication server via a wireless LAN access server; (b) transmitting by the wireless LAN authentication server an On-line Certificate Status Protocol request message to an On-line Certificate Status Protocol server to verify the server certificate; (c) receiving a result of the server certificate verification performed by the OCSP server using an Extensible Authentication Protocol packet from the wireless LAN authentication server; and (d) determining whether the result of the server certificate verification is valid.

Abstract: Disclosed are a Radio Frequency Identification (RFID) personal privacy control system and a personal privacy protection method using the same which may dynamically process a privacy level according to peripheral circumstances of an RFID tagged object and an owner of the object, thereby securely protecting personal information associated with the RFID tag. The RFID privacy control server, the RFID privacy control server includes a context-aware information collecting unit to collect at least one context-aware information about a user; a privacy level adjusting unit to adjust a privacy level of the user based on the collected context-aware information; and a privacy control unit to determine, according to the adjusted privacy level, whether access of an RFID reader to RFID tag information is allowed, the RFID tag information corresponding to an RFID tag associated with the user.

Abstract: A user authentication method and apparatus using a face image are provided. The method includes transforming a face image in a normalized spatial domain into frequency-domain data, extracting valid transform coefficients from the frequency-domain data based on energy-concentrated region information, extracting a feature vector from the extracted valid transform coefficients, and performing user authentication by comparing the extracted feature vector with a previously registered feature vector. Accordingly, it is possible to perform user authentication using a face image while using a minimum data dimension, thereby improving the speed and precision thereof.

Abstract: Provided a secure pattern recognition method. The method includes: receiving data and generating a probe by converting the received data into a template for pattern recognition; accessing a gallery that is a template registered and stored in advance; determining a region to which the probe belongs and obtaining the center point of the region; obtaining a hash value of the center point and coordinate of the probe; and determining whether or not the hash value of the center point and a hash value stored in the gallery are equal and determining whether or not the probe and the gallery are classified into the same class by calculating whether or not the coordinate of the probe is inside a decision boundary configured with thresholds on the basis of the coordinates of the center point.

Abstract: An apparatus for dynamically managing a group transient key (GTK) and a method thereof in order to perform setting of a GTK successfully by an access point (AP). Wherein, the AP checks security state of a plurality of mobile stations (MS)s connecting to the AP, and exchanges and sets a GTK for authenticated MSs. The apparatus for managing a GTK in a wireless LAN system, the apparatus including: a GTK generation timing deciding unit for deciding timing to generate a GTK based on security state of an MS; a GTK generating unit for generating a GTK according to the GTK generation timing decided in the GTK generation timing deciding unit; a GTK exchanging unit for exchanging the GTK generated in the GTK generating unit based on the security state of the MS; and a GTK setting unit for setting the GTK based on the number of MSs exchanged the GTK.

Abstract: An electronic tag for protecting privacy in RFID and a method of protecting privacy using the same are provided. Specifically, an RFID electronic tag capable of protecting privacy by authenticating an RFID reader and controlling access of the RFID reader to the RFID tag and a method of protecting privacy using the same are provided. The RFID electronic tag is applicable to a passive type RFID tag. The RFID electronic tag is also applicable to an ISO/IEC 18000-6 Type C tag that is a typical passive type RFID tag. It is possible to protect privacy of a user by controlling access of the RFID reader to the RFID tag and authenticating the RFID reader by modifying a tag inventory protocol and a memory map of the tag.

Abstract: Provided are a transactions certification method and system to protect privacy on details of electronic transactions, the method comprising the operations of: a) receiving and registering client information which is encoded so that a client cannot be identified; b) receiving and storing transactions details of a client including a client transactions identifier encoded by the service provider server; c) after receiving client certification information for client certification, performing client certification by comparing the client information previously registered in the operation a) with the received client certification information; d) receiving a client transactions identifier for searching transactions details of a client when the client certification is performed in the operation c), and determining whether the client transactions identifier and the client transactions identifier previously stored in the operation b) are identical with each other; and c) generating a message corresponding to the transac

Abstract: Provided is a certificate transmission server transmitting a certificate stored in a fixed terminal to a mobile terminal, a system including the same, and a method using the same. The method includes forming a security channel to the mobile terminal and performing authentication of the mobile terminal, forming a security channel to the fixed terminal and performing authentication of the fixed terminal, and if the authentication of the mobile terminal and the fixed terminal is successful, receiving the certificate from the fixed terminal and transmitting the certificate to the mobile terminal. Accordingly, authentication of a mobile terminal and a fixed terminal can be performed by a certificate transmission server, and the certificate can be transmitted by establishing a safe communication channel.

Abstract: A method and apparatus for generating a certificate including a guardian's agreement for a ward are provided. The apparatus includes a verification unit verifying a certificate of the guardian, an agreement setting unit setting an agreement on conditions on which the ward is allowed to use an online environment, and a certificate issuing unit generating a certificate including the agreement for the ward when the verification of the guardian's certificate succeeds.

Abstract: Provided are a method and an apparatus for accurately detecting positions of eyes in an input face image. The method includes extracting a symmetric face region from a face image based on magnitude and phase of gradient in each pixel of the face image; detecting available eye positions based on brightness information of the extracted face region; verifying regions around each of the detected eye positions with a classifier which determines whether an input image is an eye image using information obtained by supervised learning on sample images. According to the present invention, faulty eye detection is prevented by removing obscuring elements such as illumination, glasses and hair from an input face image. Also, eye coordinates can be extracted more accurately using an eye classifier.

Abstract: An apparatus and method for computing a SHA-1 hash function value are provided. The apparatus includes a first register unit including a plurality of registers that store a first bit string of predetermined lengths for generation of a hash function value; a second register unit storing input data in units of second bit strings with predetermined lengths, and sequentially outputting the second bit strings; a third register unit performing an operation on the first bit string of the plurality of registers and the second bit strings output from the second register unit so as to generate and store a third bit string, and updating first-bit string of the plurality of registers based on the third bit string; and an adding unit combining the first bit string stored in the first register unit, the first bit string of the third bit string stored in the third register unit, and the original initial values stored in the first register unit so as to obtain a hash function value.

Abstract: Provided are a device for and a method of electronic voting (e-voting) using a wireless terminal. The e-voting device comprises: a voter identity verifying unit which verifies a voter can be allowed to vote based on a certificate of the voter received from a wireless terminal of the voter over a mobile communication network; an encryption key management unit which creates an encryption key for encrypting the content of voting and transmits the encryption key to the wireless terminal; a vote information providing unit which provides vote information containing a list of possible voting selections to the wireless terminal; and a voting selection storing unit which decrypts the encrypted content of voting that a personal identification information of the voter has been deleted and stores its result. The present invention allows a voter to cast his/her vote in a simple and convenient way without time and travel demands, thereby increasing the voting rate, and also ensuring secrecy and anonymity.

Abstract: A digital distribution management system and a contents distribution management method using the same are provided. The system is formed of a contents-user, a broker, a contents-owner, and a contents distributor. The broker receives a contents use fee from the contents-user, transmits a contract document for contents use to the contents-user, pays a loyalty to a contents-owner, pays a distribution fee to the contents distributor, and makes a contract for contents use. The contents-owner transmits use rights, i.e., Service Release (SR) information on corresponding contents of a proper contents-user making a contents use contract to the contents distributor and receives a corresponding loyalty through a broker. The contents distributor receives the SR information from the contents-owner, transmits the contents and a license on the contents information so that the proper contents-user can use the corresponding contents, and receives a corresponding distribution fee through the broker.

Abstract: An authentication method capable of securing reliability and scalability by authenticating an authentication entity using a certificate signed by a symmetric key, when a user or device accesses a domain in which an authentication process is required are provided. The method includes: (a) allowing a home domain authentication server to generate a certificate and a symmetric key and to distribute the certificate and the symmetric key to an authentication entity; (b) allowing the authentication entity to submit the certificate to the home domain authentication server or an external domain authentication server; and (c) allowing the home domain authentication server or external domain authentication server to verify the validity of the submitted certificate by using the symmetric key. Accordingly, an effective authentication method can be provided in a public key-based authentication method in consideration of data processing capability or computing power.

Abstract: A face recognition and apparatus are provided. According to the method, an SVM classifier is created through machine learning on the basis of a degree of similarity of a divided facial image, and a facial image to be authenticated is normalized to a predetermined size using a center between two eyes. The normalized image is divided into more than one image in horizontal and vertical directions, respectively. Next, predetermined characteristic vectors from the divided images are extracted and a similarity vector based on a degree of similarity with respect to a registered characteristic vector is created. The similarity vector is input to the SVM classifier, so that authentication is performed.

Abstract: Disclosed is an RSA cryptographic processing apparatus capable of performing the fast operating function. A modular multiplication operation or a modular exponentiation operation, i.e., an RSA cryptographic operation, is selectively performed according to a control signal inputted, the modular operation of the data of 512 to 1024 bits is iteratively performed by use of 32-bit operating unit, and the data of 512 to 1024 bits is operated by use of a 32-bit operating unit, thereby minimizing the size of the register storing the data and reducing the size of the cryptographic apparatus, and which the intermediate value generated at the operation process is stored in the internal register instead of the memory, thereby minimizing the times of access to the memory.