Abstract: The present disclosure relates to a device and method for dividing a field boundary of a CAN trace. The method for dividing a field boundary of a CAN trace according to an embodiment of the present disclosure includes: collecting a CAN trace of a CAN bus; dividing the CAN trace into multiple blocks including multiple frames of the CAN trace; performing first static field division to each of the multiple blocks; and performing second static field division based on the result of the first static field division to divide a final field boundary of the CAN trace.

Abstract: The present disclosure relates to a device and method for dividing a field boundary of a CAN trace. The method for dividing a field boundary of a CAN trace according to an embodiment of the present disclosure includes: collecting a CAN trace of a CAN bus; dividing the CAN trace into multiple blocks including multiple frames of the CAN trace; performing first static field division to each of the multiple blocks; and performing second static field division based on the result of the first static field division to divide a final field boundary of the CAN trace.

Abstract: Disclosed is a method for web service user authentication capable of increasing convenience while providing high security strength. The present invention has been made in an effort to provide a technique for conveniently performing user authentication by alleviating a user inconvenience of a memory of a password, storing a user password in a device which is carried by him/her at all times so as to use a powerful password, and using the password.

Abstract: Disclosed is a method for web service user authentication capable of increasing convenience while providing high security strength. The present invention has been made in an effort to provide a technique for conveniently performing user authentication by alleviating a user inconvenience of a memory of a password, storing a user password in a device which is carried by him/her at all times so as to use a powerful password, and using the password.

Abstract: A method of generating a dynamic group key of a group formed of a plurality of nodes, the method including: unicasting a public key that is based on respective secret keys of each of a plurality of general nodes excluding a master node, which is one of the plurality of nodes, wherein the unicasting is performed by the general nodes; broadcasting to the group an encryption value obtained by exponentially-calculating a secret key of the master node to the plurality of public keys, wherein the broadcasting is performed by the master node upon receiving the plurality of public keys; and obtaining a group key by using an inverse power-calculation of the respective secret keys of each of the general nodes based on the encryption value, wherein the obtaining is performed by the general nodes.

Abstract: A method of generating a dynamic group key of a group formed of a plurality of nodes, the method including: unicasting a public key that is based on respective secret keys of each of a plurality of general nodes excluding a master node, which is one of the plurality of nodes, wherein the unicasting is performed by the general nodes; broadcasting to the group an encryption value obtained by exponentially-calculating a secret key of the master node to the plurality of public keys, wherein the broadcasting is performed by the master node upon receiving the plurality of public keys; and obtaining a group key by using an inverse power-calculation of the respective secret keys of each of the general nodes based on the encryption value, wherein the obtaining is performed by the general nodes.

Abstract: The present invention relates to a method for detecting malicious code patterns in consideration of control and data flows. In the method of the present invention, a malicious code pattern is detected by determining whether values of tokens (variables or constants) included in two sentences to be examined will be identical to each other during execution of the sentences, and the determination on whether the values of the tokens will be identical to each other during the execution is made through classification into four cases: a case where both tokens in two sentences are constants, a case where one of tokens of two sentences is a constant and the other token is a variable, a case where both tokens of two sentences are variables and have the same name and range, and a case where both tokens of two sentences are variables but do not have the same name and range.

Abstract: Disclosed herein is a method of analyzing and decrypting encrypted malicious scripts. The method of the present invention comprises the steps of classifying a malicious script encryption method into a case where a decryption function exists in malicious scripts and is an independent function that is not dependent on external codes such as run time library, a case where a decryption function exists and is a dependent function that is dependent on external codes, and a case where a decryption function does not exist; and if the decryption function exists in malicious scripts and is the independent function that is not dependent on the external codes, extracting a call expression and a function definition for the independent function, executing or emulating the extracted call expression and function definition for the independent function, and obtaining a decrypted script by putting a result value based on the execution or emulation into an original script at which an original call expression is located.

Abstract: The present invention relates to a method of detecting malicious scripts using a code insertion technique. The method of detecting malicious scripts according to the present invention comprises the step of checking values related to each sentence belonging to call sequences by using method call sequence detection based on rules including matching rules and relation rules, wherein the checking step comprises the steps of inserting a self-detection routine (malicious behavior detection routine) call sentence before and after a method call sentence of an original script, and detecting the malicious codes during execution of the script through a self-detection routine inserted into the original script. According to the present invention, since a detection routine is configured to operate during the execution of scripts, dynamically determined parameters and return values can be checked and thus detection accuracy can be improved.

Abstract: The present invention relates to a method for detecting malicious scripts using static analysis. The method of the present invention comprises the step of checking whether a series of methods constructing a malicious code pattern exist and whether parameters and return values associated between the methods match each other.

Abstract: The present invention relates to a method for detecting malicious code patterns in consideration of control and data flows. In the method of the present invention, a malicious code pattern is detected by determining whether values of tokens (variables or constants) included in two sentences to be examined will be identical to each other during execution of the sentences, and the determination on whether the values of the tokens will be identical to each other during the execution is made through classification into four cases: a case where both tokens in two sentences are constants, a case where one of tokens of two sentences is a constant and the other token is a variable, a case where both tokens of two sentences are variables and have the same name and range, and a case where both tokens of two sentences are variables but do not have the same name and range.