Abstract: A context aware apparatus is provided. The context aware apparatus includes an extracting unit configured to extract a terminological-box (T-box) from a semantic model, a first generating unit configured to generate a reasoning rule based on the extracted T-box, a second generating unit configured to generate a first assertion-box (A-box) based on sensing information, and a reasoning unit configured to infer a user context based on the reasoning rule and the first A-box.

Abstract: In one aspect, there is provided a method and apparatus for security association (SA) upon communication between devices. When a mobile device is connected to another mobile device without subscribing to a specific service or a private network, SA may be established. For example, the SA may be used for resource saving and secure connections of resource poor devices (for example, a medical patch) having a relatively poor resource, such as insufficient battery power or computing power.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.

Abstract: An apparatus and method for generating a key for a broadcast encryption. The apparatus includes a node secret generator for managing a user that receives broadcast data in a tree structure and for generating a unique node secret for each node in the tree structure. The apparatus also includes an instant key generator for temporarily generating an instant key used at all nodes in common in the tree structure, and a node key generator for generating a node key for each node by operating the node secret generated at the node secret generator and the instant key generated at the instant key generator. Thus, key update can be efficiently achieved.

Abstract: A combination-based broadcast encryption method includes: assigning by a server a base group of different combinations to each user; producing and sending secret information for each user by using as a base the base group allocated to each user; producing and sending an inverse-base parameter value through calculations with integers used to produce the base group and key value information of one or more privileged users; and deriving a group key by using the key value information of the privileged users, encrypting a session key by using the derived group key, and sending the encrypted session key to each user. Accordingly, each user is assigned a different base through a combination, thereby having security against collusion attacks.

Abstract: Provided is an apparatus and method that may generate and verify an originality verification (OV). An OV generating apparatus may generate primary information that is based on generator information and a pseudorandom number, may generate at least one secondary information based on the pseudorandom number, may obtain parameters used when the pseudorandom number is generated, may generate the OV including the primary information, the at least one secondary information, and the parameters, and may distribute the OV to an OV request device. When the OV distributed from the OV request device is received, the OV generating apparatus may regenerate the pseudorandom number based on the parameters included in an OV request message, and may verify the OV included in the verification request message as the OV that is generated by the OV generating apparatus.

Abstract: An apparatus and method for generating a key for a broadcast encryption. The apparatus includes a node secret generator for managing a user that receives broadcast data in a tree structure and for generating a unique node secret for each node in the tree structure. The apparatus also includes an instant key generator for temporarily generating an instant key used at all nodes in common in the tree structure, and a node key generator for generating a node key for each node by operating the node secret generated at the node secret generator and the instant key generated at the instant key generator. Thus, key update can be efficiently achieved.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A tag generation method for generating tags used in data packets in a broadcast encryption system is provided. The method includes detecting at least one revoked leaf node; setting a node identification (node ID) assigned to at least one node among nodes assigned node IDs at a layer 0 and to which the at least one revoked leaf node is subordinate, to a node path identification (NPID) of the at least one revoked leaf node at the layer 0; generating a tag list in the layer 0 by combining the NPID of each of the at least one revoked leaf nodes at the layer 0 in order of increment of node IDs of the corresponding at least one revoked leaf nodes; and generating a tag list in a lowest layer by repeatedly performing the setting and generation operation down to the lowest layer.

Abstract: A method and a system for managing a key of a home device in a broadcast encryption system are provided. A hierarchical structure of a group set comprising a plurality of nodes corresponding to the home server and a plurality of nodes corresponding to the home device is formed. A key set to be allotted to the node set is generated. The node group is allowed to correspond to the key set to generate key-node corresponding information according to a request of the home server.

Abstract: Disclosed are an apparatus for downloading a firmware and an apparatus for installing the firmware. The apparatus for downloading the firmware may download an encrypted firmware in the apparatus for installing the firmware. The apparatus for installing apparatus may receive and install the encrypted firmware. The apparatus for downloading the firmware may encrypt the firmware using a user group key, and transmit the encrypted firmware to the apparatus for installing the firmware. The apparatus for installing the firmware may decrypt the encrypted firmware using the user group key, and install the decrypted firmware.

Abstract: A hierarchical threshold tree-based broadcast encryption method includes a first step for a server initialization and a user subscription, a second step of distributing a message to enable a privileged user (authorized user) to decrypt a group key, and a third step of the privileged user (authorized user) decrypting the message using the group key. According to the method, it is possible to prevent any group of revocators from obtaining the group key using their secret information and information being broadcast by the server.

Abstract: A code injection attack detecting apparatus and method are provided. The code injection attack may be detected based on characteristics occurring when a malicious code injected by the code injection attack is executed. For example, the code injection attack detecting apparatus and method may detect that a code injection attack occurs when a buffer miss is detected, a page corresponding to an address is updated, a mode of the page corresponding to the address is in user mode, and/or the page corresponding to the page is inserted by an external input.

Abstract: A computer system and method for preventing a Dynamic-Link Library (DLL) injection attack are provided. The computer system monitors an operation where a process attempts to dynamically link an executable code library to another process, and intercepts the dynamic link of the executable code library.

Abstract: A radio frequency system and a password management method applied to a storage device of the radio frequency system are provided, in which a first access password is stored for deciding whether to permit access to information and a first changed password. The first changed password, a second access password, and a second changed password are received, and the first access password is changed to the second access password, and the first changed password is changed to the second changed password. Accordingly, information access authority in the storage device and a password change authority can be exclusively transferred according to the transfer of management of the storage device, and information leakage caused by a previous manager's password leakage or a third person's password leakage can be prevented.

Abstract: Provided is a communication device. The communication device may transmit information to an external device using a terminal that makes a physical contact with the external device, and may sense the physical contact. In response to the sensed physical contact, the communication device may generate a link key.

Abstract: A user key management method for a broadcast encryption includes assigning node path identifiers (IDs) to nodes arranged in sequence; assigning random seed value keys to the nodes according to the node path IDs; generating key values by repeatedly applying a hash function to the assigned random seed value keys; and assigning the generated key values to the nodes in sequence. Accordingly, it is possible to reduce the transmission overhead that is most important matter in the broadcast encryption to less than the number of the revoked users. Further, there is an advantage that the transmission overhead of the exemplary embodiments of the present invention is remarkably reduced compared with the Subset Difference method.

Abstract: A hybrid broadcast encryption method is provided. The hybrid broadcast encryption method includes setting initialization values, generating a node secret using the initialization values; generating a private secret using the node secret; sending the node secret and the private secret; generating a broadcast message based on a revoked group; encrypting a session key using a key encryption key (KEK) which is allocated to every user group and the broadcast message; and broadcasting to every user the encrypted session key and the broadcast message.

Abstract: A security device and a head end of a conditional access system (CAS), and a method for controlling illegal use of the conditional access system, capable of minimizing the number of entitlement management messages (EMMs) to be distributed from a head end to a user are provided. Update keys encrypted with user keys and channel management keys encrypted with the update keys are utilized.