Abstract: Provided is an apparatus and method for security control that is capable of preventing a security threat from spreading on the basis of a security control policy established for each device (or a device group) in a network infrastructure environment, such as IoT. In a network infrastructure including a service server, a gateway, and a device, the apparatus and method for security control, in response to detecting a security threat, such as distributed denial of service (DDoS) attacks, malicious code propagation, or the like, perform a security control and a security control release on a device in which the security threat has occurred and/or a device group having an identical or similar property to the device to prevent the security threat from spreading and block the security threat in an early stage.

Abstract: A method for security of an Internet of things (IoT) device includes transmitting, by a server, a key value determined based on a reliability level of a user device and a key identification (ID) of the key value to the user device, encrypting, by the user device, a command representing a service requested by a user by using the key value and transmitting the encrypted command and the key ID to the IoT device, and extracting, by the IoT device, the key value corresponding to the key ID received from the user device from pre-stored key list information, decrypting the encrypted command by using the extracted key value, executing the decrypted command to generate information requested by the user, encrypting the generated information by using the extracted key value, and transmitting the encrypted information to the user device.

Abstract: A communication method and an IoT device in a multi-MAC (Media Access Control)-operating environment. The communication method in the multi-MAC-operating environment, including synchronous MAC and asynchronous MAC, includes periodically transmitting, by the IoT device included in the multi-MAC-operating environment, a first message to a first device; determining, by the IoT device, whether to transmit a second message; transmitting, by the IoT device, a preamble packet to a second device, to which the second message is to be transmitted, when the second message is determined to be transmitted; and transmitting, by the IoT device, the second message to the second device.

Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.

Abstract: An apparatus and method for managing meter data. The apparatus for managing meter data includes a metering unit for acquiring meter data from a target device based on time information; a communication unit for receiving a message including the time information from a server device and transmitting the meter data to the server device; and a security unit for creating a private key using the time information and encrypting the meter data using the private key.

Abstract: Disclosed herein is an apparatus for providing firmware update, which includes a state information analysis unit for analyzing device state information received from a firmware update target device and thereby acquiring information about a version of existing firmware and information about a storage unit of the firmware update target device; an image creation unit for creating a delta image in units of pages based on a flash memory page size included in the information about the storage unit and on a difference between the existing firmware and new firmware; an update information creation unit for creating update information in which an update method is specified; and a communication unit for transmitting the update information and the delta image to the firmware update target device in order to update the existing firmware of the firmware update target device based on the update method.

Abstract: Provided are end-to-end method and system for grading foreign language fluency, in which a multi-step intermediate process of grading foreign language fluency in the related art is omitted. The method provides an end-to-end foreign language fluency grading method of grading a foreign language fluency of a non-native speaker from a non-native raw speech signal, and includes inputting the raw speech to a convolution neural network (CNN), training a filter coefficient of the CNN based on a fluency grading score calculated by a human rater for the raw signal so as to generate a foreign language fluency grading model, and grading foreign language fluency for a non-native speech signal newly input to the trained CNN by using the foreign language fluency grading model to output a grading result.

Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.

Abstract: An apparatus for providing near field communication (NFC) for a mobile device, includes a USB (universal serial bus) signal processing unit configured to convert a signal of the mobile device, which is received through a USB interface into a value to be processed in a central processing unit, and convert a value received from the central processing unit into a signal to be transmitted to the USB interface. Further, the apparatus includes an analog signal processing unit configured to convert an analog signal received from an outside device into a digital signal, and convert a digital signal of the central processing unit into an analog signal to transmit the converted analog signal to the antenna.

Abstract: A user authentication apparatus safely uses resources by forming a communication channel between a plurality of execution environments through user authentication in a portable terminal providing the plurality of execution environments based on a virtualization solution, and prevents private information from being illegally leaked by hacking by not directly exposing a PIN number or a password a user inputs using a virtual keyboard and a keyboard coordinate when authenticating the user.

Abstract: Provided are an apparatus and method for guaranteeing the safety of a computing device by separating a closed domain from an open domain in the computing device and allowing the closed domain to perform key derivation that is required for encryption/decryption of data. The computing device includes a hypervisor, the open domain and the closed domain isolated from the open domain without being open to a user, the open domain and the closed domain managed by the hypervisor, and a key derivation executable code configured to generate an encryption key needed to perform encryption in the open domain, from a seed value, the key derivation executable code being executed in the closed domain, wherein the encryption key generated by the key derivation executable code is transferred to the open domain, and is automatically discarded after being used for encryption of data in the open domain.

Abstract: A system for tracking an illegal distributor and preventing an illegal content distribution includes: a forensic mark generator for receiving content and a content identification code from a content providing apparatus to generate a forensic mark; a forensic mark database for storing the generated forensic mark; a forensic mark insertion unit for inserting the forensic mark into the content; and a content database for storing the content into which the forensic mark has been inserted. The system further includes a content transmitter for transmitting the content into which the forensic mark has been inserted to the content utilization apparatus.

Abstract: A group signature system includes: a key issuer server for generating a first parameter of a group public key, generating a corresponding master issuing key, and issuing a signature key to a user when a user device joins; an opener server for generating a second parameter of the group public key, and a corresponding master opening key and master linking key; and a linker server for checking whether two valid signatures have been linked by using the master linking key when the two signatures corresponding to a group public key are given. The group signature system further includes: a signature verifying unit for confirming a validity of the given signatures and a signer information confirming unit for confirming a validity of singer confirming information generated by the opener server.

Abstract: A user authentication apparatus safely uses resources by forming a communication channel between a plurality of execution environments through user authentication in a portable terminal providing the plurality of execution environments based on a virtualization solution, and prevents private information from being illegally leaked by hacking by not directly exposing a PIN number or a password a user inputs using a virtual keyboard and a keyboard coordinate when authenticating the user.

Abstract: A data encoding apparatus for verifying data integrity by using a white box cipher includes: an encoding unit for encoding content by using a white box cipher table; and an arithmetic logic unit for performing an arithmetic logic operation on the white box cipher table and content information to output an encoded white box cipher table. The arithmetic logic operation is an exclusive OR operation. The content information is license information of the content or hash value of the license information of the content.

Abstract: A content protection apparatus using a white-box encryption table includes: a random number generation unit for generating a random number; a white-box encryption table for encrypting the random number and user information provided from a user to generate an encrypted output value; and an operation unit for performing an operation between the encrypted output value and data inputted from an outside to encrypt or decrypt the data.

Abstract: Disclosed herein is a method of verifying key validity and a server for performing the method. The method is configured such that a service provision server verifies key validity in an anonymous service for providing local linkability. The service provision server receives a revocation list. A local revocation list is generated using the received revocation list and a secret key. A virtual index of a service user required to verify key validity is calculated. Whether a key of the service user is valid is verified, based on whether the virtual index is included in the local revocation list.

Abstract: A method and apparatus provides a concealed software execution environment based on virtualization. The method and apparatus constructs a concealed domain that is exclusively executed without being exposed to the outside using a virtualization-based domain separating technology and executes security information such as key information provided by a secure element within the concealed domain.

Abstract: The present invention relates to a content protection apparatus and method using binding of additional information to an encryption key. The content protection apparatus includes an encryption unit for creating an encryption key required to encrypt data requested by a user terminal and then generating encrypted data in which the data is encrypted. An additional information management unit manages additional information including authority information about the encrypted data. A White-Box Cryptography (WBC) processing unit generates a WBC table required to bind the encryption key corresponding to the encrypted data to the additional information. A bound data generation unit generates bound data in which the encrypted key is bound to the additional information, using a cipher included in the WBC table.

Abstract: There is provided an anonymous service method of providing local linkability. The anonymous service method providing local linkability according to exemplary embodiments of the invention, an anonymous authentication operation based on a short group signature is performed, for which the concept of a local linkability is introduced to secure linkability within the same service domain. Namely, in the interior of a service provider, a virtual index having a fixed value is calculated for each service user, and in this case, although a plurality of service providers collude with each other, they cannot calculate a virtual index having the same value, whereby the linkability can be secured within the same service domain but not within the interiors of different service domains.