Patents by Inventor Sung Won Sohn

Sung Won Sohn has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7613669
    Abstract: A method and apparatus for storing pattern matching data and a pattern matching method using the method and apparatus are provided. The method of storing original data for pattern matching in a pattern matching apparatus includes: dividing the original data into segments of a predetermined size; performing a hash operation on each of the divided segments; determining whether or not the hash operation value of each segment causes a hash collision with a hash operation value stored in a first external memory disposed outside the pattern matching apparatus; and controlling the hash operation value of each segment determined not to cause a hash collision to be stored in the first external memory. According to the method and apparatus, the original data desired to be used for pattern matching can be stored at a faster speed in a pattern matching data storing apparatus.
    Type: Grant
    Filed: June 14, 2006
    Date of Patent: November 3, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Seung Won Shin, Jin Tae Oh, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7596810
    Abstract: Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory.
    Type: Grant
    Filed: March 17, 2005
    Date of Patent: September 29, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jin Oh Kim, Seon Gyoung Sohn, Hyochan Bang, Soo Hyung Lee, Dongyoung Kim, Beom Hwan Chang, Geon Lyang Kim, Hyun Joo Kim, Jung Chan Na, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7583952
    Abstract: An access pointer for interconnecting a power line communication (PLC) network of a home network and a wireless network and a method therefor are provided. When data is received from the PLC network through media access control of a data link layer, data on upper layers above a network layer in the received data is converted into a format suitable to a wireless network layer. The converted data is transmitted to the wireless network through the media access control of the data link layer. Accordingly, the PLC network and the wireless network are easily interconnected.
    Type: Grant
    Filed: November 23, 2005
    Date of Patent: September 1, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Hyung Kyu Lee, Jong Wook Han, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7571477
    Abstract: In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.
    Type: Grant
    Filed: March 24, 2005
    Date of Patent: August 4, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jintae Oh, Seung Won Shin, Ki Young Kim, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7565693
    Abstract: The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.
    Type: Grant
    Filed: December 29, 2004
    Date of Patent: July 21, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Seung Won Shin, Jintae Oh, Ki Young Kim, Jong Soo Jang, Sung Won Sohn
  • Publication number: 20090158427
    Abstract: Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.
    Type: Application
    Filed: December 10, 2008
    Publication date: June 18, 2009
    Inventors: Byoung Koo Kim, Jin Tae Oh, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7539147
    Abstract: Provided is an apparatus for detecting and visualizing anomalies in network traffic which includes a traffic information storing portion storing information on network traffic, a traffic state display portion presenting a status of the network traffic generated for a predetermined threshold time based on the information on network traffic on an orthogonal coordinates system in a form of a graph connecting at least one point data as a coordinate value, and a traffic anomalies determination portion determining an existence of anomalies in the network traffic based on a shape of the graph.
    Type: Grant
    Filed: March 11, 2005
    Date of Patent: May 26, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Beom Hwan Chang, Soo Hyung Lee, Jin Oh Kim, Jung Chan Na, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7535872
    Abstract: A network apparatus and packet routing method for ubiquitous computing are provided. In the network apparatus, a movement detection unit detects movement from a first network to a second network, and a movement address setting unit generates care-of-address (CoA) information corresponding to prefix information of the second network. A movement registration unit registers a movement address by transmitting a binding update message containing the generated CoA and home address (HoA) mapping information, to a home agent. A resource setting unit registers information on current terminal apparatuses among network terminal apparatuses on the second network. A packet distribution unit distributes the received packet to a current terminal apparatus corresponding to the application characteristic of the packet received from the home agent based on the information on the current terminal apparatuses.
    Type: Grant
    Filed: August 19, 2004
    Date of Patent: May 19, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jung Hoon Jee, Jae Hoon Nah, Taek Yong Nam, Sung Won Sohn
  • Patent number: 7530095
    Abstract: The AAA client generates accounting data, transmits an accounting data transmission request message to the AAA server, and then receives a response message to the accounting data transmission request message from the AAA server. If receiving a transmission failure response message for the accounting data from the AAA server, the AAA client stores accounting data generated after receiving the transmission failure response message, and if an amount of the stored accounting data is increased to a certain limit, the AAA client sets an identifier for a batch accounting application in the accounting data and transmits an accounting data transmission request message, including stored batch accounting data and the session information, to the AAA server. The AAA server confirms the identifier and the transmission request message and searches the accounting record for session information mapped to the session information included in the ACR message.
    Type: Grant
    Filed: November 6, 2003
    Date of Patent: May 5, 2009
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Byung Gil Lee, Mal Hee Kim, Hyun Gon Kim, Sung Won Sohn
  • Publication number: 20090094699
    Abstract: Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory.
    Type: Application
    Filed: November 21, 2008
    Publication date: April 9, 2009
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Jin Oh KIM, Seon Gyoung Sohn, Hyochan Bang, Soo Hyung Lee, Dongyoung Kim, Beom Hwan Chang, Geon Lyang Kim, Hyun Joo Kim, Jung Chan Na, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7457949
    Abstract: A network correction security system. The network correction security system connected between a network node and a security-related external system, detects attacks on the network node, corrects weak parts of the performance of the network node, collects information for improving the security performance of the network node from a security-related external system, analyzes the information, monitors principal resources of the network node to detect a fault, and removes the fault according to a measure corresponding to a grade of the fault. The network correction security system carries out a recovery process when the fault has not been corrected, and recovers the functions of the network node according to a recovery mechanism when the fault has not been removed after the recovery process.
    Type: Grant
    Filed: June 30, 2004
    Date of Patent: November 25, 2008
    Assignee: Electronics and Telecommunications Research Instutute
    Inventors: Seung-Min Lee, Taek-Yong Nam, Sung-Won Sohn, Chee-Hang Park
  • Patent number: 7433357
    Abstract: An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.
    Type: Grant
    Filed: November 19, 2004
    Date of Patent: October 7, 2008
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jintae Oh, Seung Won Shin, Ki Young Kim, Jong Soo Jang, Sung Won Sohn
  • Publication number: 20080134346
    Abstract: Provided are a transactions certification method and system to protect privacy on details of electronic transactions, the method comprising the operations of: a) receiving and registering client information which is encoded so that a client cannot be identified; b) receiving and storing transactions details of a client including a client transactions identifier encoded by the service provider server; c) after receiving client certification information for client certification, performing client certification by comparing the client information previously registered in the operation a) with the received client certification information; d) receiving a client transactions identifier for searching transactions details of a client when the client certification is performed in the operation c), and determining whether the client transactions identifier and the client transactions identifier previously stored in the operation b) are identical with each other; and c) generating a message corresponding to the transac
    Type: Application
    Filed: December 13, 2004
    Publication date: June 5, 2008
    Inventors: Yeong-Sub Cho, Jong-Hyouk Noh, Sang-Rae Cho, Dae-Seon Choi, Taesung Kim, Seung-Hyun Kim, Seung-Hun Jin, Do-Won Hong, Kyo-Il Chung, Sung-Won Sohn
  • Publication number: 20080097921
    Abstract: A digital distribution management system and a contents distribution management method using the same are provided. The system is formed of a contents-user, a broker, a contents-owner, and a contents distributor. The broker receives a contents use fee from the contents-user, transmits a contract document for contents use to the contents-user, pays a loyalty to a contents-owner, pays a distribution fee to the contents distributor, and makes a contract for contents use. The contents-owner transmits use rights, i.e., Service Release (SR) information on corresponding contents of a proper contents-user making a contents use contract to the contents distributor and receives a corresponding loyalty through a broker. The contents distributor receives the SR information from the contents-owner, transmits the contents and a license on the contents information so that the proper contents-user can use the corresponding contents, and receives a corresponding distribution fee through the broker.
    Type: Application
    Filed: October 4, 2007
    Publication date: April 24, 2008
    Inventors: Soo Hyung Kim, Jae Seung Lee, Ki Young Moon, Kyo Il Chung, Sung Won Sohn
  • Patent number: 7327259
    Abstract: Provided are a method and an apparatus for managing online and offline documents using RFID technology. The method includes: pre-registering online and offline documents using radio frequency identification tag information stored in at least one of the online and offline documents to be output; determining whether the pre-registered online and offline documents are authorized to be output; and if it is determined that the pre-registered online and offline documents are authorized to be output, generating documents of the online and offline documents to be output and storing new radio frequency identification tag information in radio frequency identification tags attached to the documents to be output.
    Type: Grant
    Filed: March 29, 2005
    Date of Patent: February 5, 2008
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Ju Han Kim, Joo Young Lee, Ki Young Moon, Jong Soo Jang, Sung Won Sohn
  • Patent number: 7200866
    Abstract: A system for defending against a distributed denial-of-service attack includes an intrusion detection system, an active security management system and an active security node. The intrusion detection system generates alert data if a denial-of-service attack is detected. The active security management system manages a domain, analyzes the alert data, generates and transmits a backtracking sensor in a case of the distributed denial-of-service attack, transmits mobile sensors to a host backtracked by the backtracking sensor to remove a master or an agent program within the host; and generates and transmits a backtracking sensor by using an IP address of a host that has transmitted a packet to the removed master or agent program. The active security node executes the transmitted backtracking sensor to backtrack an attacking host of the distributed denial-of-service attack and, if the backtracked host is determined as a real attacker, intercepts a traffic generated from the real attacker.
    Type: Grant
    Filed: August 14, 2003
    Date of Patent: April 3, 2007
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Hyun Joo Kim, Jung-Chan Na, Sung Won Sohn
  • Patent number: 7093290
    Abstract: Disclosed are a system and method of sharing intrusion detection information detected at different networks and tracking the intrusion, to thereby defense against the intrusion on a network to which an intruder belongs, and a computer-readable medium storing a program for implementing the above method therein. The system detects an intrusion through the analysis of an input packet, adds information associated with the intrusion into the packet, creates an active packet and transmits the active packet to an address of an intruder, which transmitted the packet. Thereafter, the system tracks the intrusion, for all routes through which the intruder passed based on the active packet, and filters the packet associated with the intruder for the isolation thereof.
    Type: Grant
    Filed: November 16, 2001
    Date of Patent: August 15, 2006
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Min-Ho Han, Jung-Chan Na, Sung Won Sohn
  • Publication number: 20050144439
    Abstract: An encryption key management method for mobile terminals for providing at least one mobile terminal which is connected to a network to use services with an encryption key required for issuing a certificate which is needed for the services and managed by a certification authority by using an encryption key management server is provided. The method includes operations of: a registration requesting operation where the mobile terminal generates an encryption key registration request; an encryption key managing operation where the encryption key management server generates and manages the encryption key in response to the encryption key registration request; a transferring operation of sending the generated encryption key to the mobile terminal; and a security service providing operation of receiving the certificate managed by the certification authority and providing selective security services specific to the content of the services provided to the mobile terminal.
    Type: Application
    Filed: September 13, 2004
    Publication date: June 30, 2005
    Inventors: Nam Je Park, Ki Young Moon, Sung Won Sohn, Chee Hang Park
  • Publication number: 20050144457
    Abstract: A message security processing system and method for Web services are provided. In the message security processing system in which messages are exchanged between a client and a server with a SOAP-RPC format, each of the client and the server includes: a security interface allowing information related to digital signature, encryption, and timestamp insertion to be set in a security context object for an application program to meet security requirements of the client or the server; a security handler receiving the security context object from the security interface, and performing security processing of a request message by calling security objects stored in a request queue of the security context object one by one in order or performing security processing of a response message by calling security objects stored in a response queue of the security context object one by one in order; and an XML security unit supporting an XML security functions by called by the security handler.
    Type: Application
    Filed: September 8, 2004
    Publication date: June 30, 2005
    Inventors: Jae Seung Lee, Ki Young Moon, Jung Chan Na, Sung Won Sohn, Chee Hang Park
  • Publication number: 20050108377
    Abstract: Disclosed is a method of detecting abnormal traffic at the network level using a statistical analysis and a computer-readable recording medium for recording a program that implements the method. The method includes the steps of: a) gathering local traffic data from each network device and integrating a plurality of the local traffic data to generate traffic data in a network level; b) extracting a characteristic traffic data based on the traffic data in the network level; c) comparing the characteristic traffic data with a characteristic traffic data profile resulting from statistical computations, and determining whether there is abnormal traffic in the network; and d) updating the characteristic traffic data profile using the characteristic traffic data if there is no abnormal traffic in the network, analyzing seriousness of the abnormal traffic and monitoring the abnormal traffic if there is abnormal traffic in the network.
    Type: Application
    Filed: December 31, 2003
    Publication date: May 19, 2005
    Inventors: Soo-Hyung Lee, Beom-Hwan Chang, Jin-Oh Kim, Jung-Chan Na, Sung-Won Sohn, Chee-Hang Park