Abstract: A verification apparatus for a mobile platform for remotely verifying the integrity of a device that is connected to a network and has a shared private key includes a verifying unit that determines whether the device shares a private key with the verification apparatus by checking whether the authentication code generated by the verification apparatus matches the authentication code generated by the device; a calculating unit that generates a local check code that verifies the integrity of the memory; an interface unit that transmits, to the device, the information that the verification apparatus uses to generate an authentication code and the integrity check parameter used to generate a remote check code, and receives the authentication code and the remote check code from the device; and a determining unit that verifies the integrity of the memory if the local check code matches the remote check code.

Abstract: A data verification method and system is provided. The data verification method includes the steps of transmitting data from a sender to a receiver over a signaling channel, transmitting a first set of bits to the receiver over a voice channel, wherein the first set of bits is generated using the data in the sender, and verifying the data through comparison between the first set of bits and a second set of bits that is generated based on the data in the receiver. The first and the second sets of bits may be a group of bits that are selected from a hash value using a selection mask in the sender and the receiver respectively, wherein the section mask has the same length as the hash value and the hash value is calculated based on the data, and the selection mask may be pre-defined between the sender and the receiver.

Abstract: A method for curing a virus of data used in a mobile terminal communicating with a server through a mobile communication network is provided. The method includes forming an antivirus program database on the server and continuously updating the database with antivirus programs; comparing state information of object data requiring virus checking by the updated antivirus programs among existing data stored in the mobile terminal with state information of the updated antivirus programs; and checking and curing the virus of the object data selectively.

Abstract: A device and a method for establishing a trusted path between a user interface and a software application to securely execute the software stored in a memory along the trusted path and offer the user's desired service are provided. Accordingly, the trusted path is established so that attackers can not invade a normal path between the user interface and software. Additionally, the device securely executes the original software which is not fabricated so that the user can receive desired services from the device.

Abstract: A method and system for verifying integrity of a software package in a mobile terminal is provided. The method includes receiving a catalog of available software packages from a distributor and displaying the catalog, if a desired software package to be installed is selected from the displayed catalog, acquiring a software package IDentifier (ID) corresponding to the selected software package from the catalog, transmitting the software package ID to the distributor to receive the selected software package corresponding to the software package ID and to transmit the software package ID to a verification authority, receiving, from the verification authority, integrity evidence information corresponding to the software package ID and verifying the integrity of the selected software package, and outputting a notification for notifying a user of a result of the verification and managing the selected software package according to a received user selection.

Abstract: A system for providing security policy for a Linux-based security operating system, which includes a template policy module configured to set an authority using policy information of a downloaded application so that the template policy module can set an access control rule for accessing a system resource of the application, a base policy module executing the access control rule for the system resource in accordance with the access control rule set by the template policy module, and a template policy module editor generating a custom application for the corresponding application using information output from the template policy module.

Abstract: A method and device for local domain management are provided and include a local domain authority device. The local domain authority (LDA) device includes a location limited channel (LLC) interface for transmitting and receiving information of devices which are positioned within a limited location and a (LDA) module for authenticating a device which is selected as a member of a domain from the devices, transmitting device authentication information corresponding to the domain, to the authenticated device via the LLC interface, and registering the authenticated device as a member of the domain. The method and device provide an easy and secure means for domain management.

Abstract: An encryption and decryption apparatus includes a round key generator generating at least one round key for iterative operations in each of a plurality of rounds using an input key for one of the encryption and decryption; an initial round key adder receiving a plurality of divided parts of an input data, consecutively receiving a plurality of parts of an initial round key which is output from the round key generator for an initial round and corresponds to each of the divided input data, and adding the input data and the corresponding part of the initial round key; a first operator receiving a first data which is output from the initial round key adder and a part of the round key which is output from the round key generator and performing operations for one of the encryption and decryption; a second operator receiving a second data which is output from the initial round key adder and another part of the round key which is output from the round key generator, and performing operations for one of the encryption

Abstract: A data verification method and system is provided. The data verification method includes the steps of transmitting data from a sender to a receiver over a signaling channel, transmitting a first set of bits to the receiver over a voice channel, wherein the first set of bits is generated using the data in the sender, and verifying the data through comparison between the first set of bits and a second set of bits that is generated based on the data in the receiver. The first and the second sets of bits may be a group of bits that are selected from a hash value using a selection mask in the sender and the receiver respectively, wherein the section mask has the same length as the hash value and the hash value is calculated based on the data, and the selection mask may be pre-defined between the sender and the receiver.

Abstract: A verifier for remotely checking integrity of a device connected via a network, includes a calculator which fills free areas in a memory of the device with random numbers and generates a local check code; an interface which transmits integrity check parameters that are used by the device to generate a remote check code, to the device, and receiving the remote check code from the device; a determiner which detects a remote check code generation time and compares the detected remote check code generation time with a presorted remote check code generation expectation time; and a controller which confirms the integrity of the memory of the device when the remote check code generation time does not exceed the remote check code generation expectation time according to a result of the determination and the local check code matches the remote check code.

Abstract: A domain management method and substitutable system is provided. When a domain manager, which manages digital rights in a local area, permanently or temporarily becomes unavailable, the domain management method and system may protect the digital rights of the area by using another domain manager.

Abstract: A method and device for local domain management are provided and include a local domain authority device. The local domain authority (LDA) device includes a location limited channel (LLC) interface for transmitting and receiving information of devices which are positioned within a limited location and a (LDA) module for authenticating a device which is selected as a member of a domain from the devices, transmitting device authentication information corresponding to the domain, to the authenticated device via the LLC interface, and registering the authenticated device as a member of the domain. The method and device provide an easy and secure means for domain management.

Abstract: A device and a method for establishing a trusted path between a user interface and a software application to securely execute the software stored in a memory along the trusted path and offer the user's desired service are provided. Accordingly, the trusted path is established so that attackers can not invade a normal path between the user interface and software. Additionally, the device securely executes the original software which is not fabricated so that the user can receive desired services from the device.

Abstract: A device and method for verifying the integrity of a memory in a remote device are provided. An exemplary memory integrity verification method compares, based on a verification parameter received from a verifier, the time for retrieving data block of a memory of a remote device with a maximum threshold time allowed to read the memory, and transmits to the verifier a remote verification code and a data status according to the result of comparison so that the verifier can verify the integrity of the memory. Instead of relying on the verifier, the remote device provides data status information for integrity verification by using the memory retrieval time. As a result, accurate integrity verification is provided, and no independent hardware is required to verify integrity.

Abstract: An apparatus and method for restricting the functions of a device are provided. A restriction monitoring system includes a communication system that provides a location-limited communication channel that detects whether a device entering a perimeter is in an area for device inspection, a server that provides a credential and a security policy to the device and receives a report on whether the device violates the security policy through the location-limited communication channel, and an alarm system which triggers a security alarm when the device violates the security policy.

Abstract: A verification apparatus for a mobile platform for remotely verifying the integrity of a device that is connected to a network and has a shared private key includes a verifying unit that determines whether the device shares a private key with the verification apparatus by checking whether the authentication code generated by the verification apparatus matches the authentication code generated by the device; a calculating unit that generates a local check code that verifies the integrity of the memory; an interface unit that transmits, to the device, the information that the verification apparatus uses to generate an authentication code and the integrity check parameter used to generate a remote check code, and receives the authentication code and the remote check code from the device; and a determining unit that verifies the integrity of the memory if the local check code matches the remote check code.

Abstract: A method for curing a virus of data used in a mobile terminal communicating with a server through a mobile communication network is provided. The method includes forming an antivirus program database on the server and continuously updating the database with antivirus programs; comparing state information of object data requiring virus checking by the updated antivirus programs among existing data stored in the mobile terminal with state information of the updated antivirus programs; and checking and curing the virus of the object data selectively.

Abstract: A verifier for remotely checking integrity of a device connected via a network, includes a calculator which fills free areas in a memory of the device with random numbers and generates a local check code; an interface which transmits integrity check parameters that are used by the device to generate a remote check code, to the device, and receiving the remote check code from the device; a determiner which detects a remote check code generation time and compares the detected remote check code generation time with a prestored remote check code generation expectation time; and a controller which confirms the integrity of the memory of the device when the remote check code generation time does not exceed the remote check code generation expectation time according to a result of the determination and the local check code matches the remote check code.

Abstract: A method and apparatus for multiplication in a Galois field. The method of multiplication in a Galois field (GF) for preventing an information leakage attack by performing a transformation of masked data and masks in GF(2n) includes: receiving a plurality of first and second masked input data, a plurality of first and second input masks and an output mask; calculating a plurality of intermediate values by performing a multiplication of the plurality of masked input data and the plurality of input masks in GF(2n); and calculating a final masked output value by performing an XOR operation of the intermediate values and the output masks.

Abstract: An encryption and decryption apparatus includes a round key generator generating at least one round key for iterative operations in each of a plurality of rounds using an input key for one of the encryption and decryption; an initial round key adder receiving a plurality of divided parts of an input data, consecutively receiving a plurality of parts of an initial round key which is output from the round key generator for an initial round and corresponds to each of the divided input data, and adding the input data and the corresponding part of the initial round key; a first operator receiving a first data which is output from the initial round key adder and a part of the round key which is output from the round key generator and performing operations for one of the encryption and decryption; a second operator receiving a second data which is output from the initial round key adder and another part of the round key which is output from the round key generator, and performing operations for one of the encryption