WO2017090996A1 - Data encoding and decoding system and method - Google Patents

Data encoding and decoding system and method

Info

Publication number
WO2017090996A1
WO2017090996A1 PCT/KR2016/013600 KR2016013600W WO2017090996A1 WO 2017090996 A1 WO2017090996 A1 WO 2017090996A1 KR 2016013600 W KR2016013600 W KR 2016013600W WO 2017090996 A1 WO2017090996 A1 WO 2017090996A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
data
key
packet
encryption
terminal
Prior art date
Application number
PCT/KR2016/013600
Other languages
French (fr)
Korean (ko)
Inventor
이광원
Original Assignee
이광원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
    • H04L29/02Communication control; Communication processing contains provisionally no documents
    • H04L29/06Communication control; Communication processing contains provisionally no documents characterised by a protocol

Abstract

Provided are data encoding and decoding system and method. According to an embodiment of the present invention, a data encoding and decoding system, in a data encoding unit for transmitting encoded data through a communication network to a second terminal connected by means of the communication network, comprises an encoding module connected between a first terminal and a communication network, receiving transmission of data from the first terminal, encoding the data, and generating a session key that is required for generation of the encoded data. The encoding module generates a first public key, transmits same to the communication network, receives from the communication network a second public key, which is a response to the first public key, and generates the session key by means of a public key algorithm which is for generating the session key by means of the received second public key.

Description

Data encryption and decryption system and method

The present invention relates to a data encryption and decryption system and method, preventing a variety of dedicated network and encrypts data to be transmitted and received between the terminals that use the shared networks, and hacking or eavesdropping and wiretapping by decoding, and to maintain a high level of security It relates to a data encryption and decryption system and method.

In general, the various devices that operate in the private network or public network, including wired or wireless, for example, PC, Laptop, VoIP telephones, fax devices, mobile phones, etc. is a huge physical or proprietary damage due to various hacking It may suffer.

Hacking as referring to unauthorized access to a vulnerable security network of the network or information system or various actions damaging harmful effects on behavior on a particular device, type the end not to arbitrarily manipulate the program code of the application intended by the developer who developed the corresponding application as it refers to the application to operate.

This hack may inactivate the security device by a hacker (Hacker) in the case of being made, the security device through the IP Address and account information of various devices to attack the IP Address and account information.

Thus, the user it is common to use such as data encryption, or encryption devices to prevent the disabling of data leakage or security device through hacking.

Security device according to the existing VPN and terminal communications are IP Address and account settings was necessary. So inevitably there is a problem that has crippled the security apparatus caused by various hacking techniques to develop (distributed denial of service) DDoS attacks and eggplants.

In addition, users will be the PC there is likely to be a zombie PC, as well as the enormous damage caused by leaking confidential and may be a threat to life, there is a problem that has crippled the case of eavesdropping or wiretapping communications device.

To solve the problems of the prior art, an embodiment of the present invention, data encryption, to be cut off in advance to hacking or eavesdropping and wiretapping and prevented by encrypting data to be communicated using a variety of private network and a public network, and to provide a system and method for decoding.

According to an aspect of the invention for solving the above problems, there is provided a data encryption and decryption system. The data encryption and decryption system, according to a data encryption unit for transmitting the encrypted data through the communication network to the second terminal connected to the communication network, connected between the first terminal and the communication network and receiving data from the first terminal and an encryption module for generating a session key required to generate the encrypted data by encryption, the encryption module is the liquid after 1 generates a public key transmitted to the communications network to the first public key from the communication network receiving a response, the second public key, and using the received second public key by using the method of public key algorithm for generating the session key to produce the session key.

The encryption module, a re-processing the response packet when receiving forward the call packets from the first terminal then transmits the re-processing the call packet including the first public key with the communication network including the second public key, can be received, and generates the session key using said re-processing a response packet.

The re-processing of the call packets, at least further comprising: one of a serial number of the encrypted ID and the encryption module, which is represented by the random-number value for a specific length in the payload, the serial number, unique to distinguish the cryptographic module value can.

The encryption module, the first, and generates a first private key with the first public key, wherein it is possible to, after receiving a second public key by using the first private key and a second public key to generate the session key .

The session key, in the case of TCP communication, constituting the TCP communication before performing the transmission of the data, may be generated.

The encryption module, wherein in order to generate encrypted data further using the packet key generated by using the data packet by the header information of the data, said packet key, and serial number of the header information, the encryption module of the data and the user is created using at least one of the groups set key set, wherein the header information comprises at least one of an IP address, IP address, and the packet by the packet ID of the second terminal of the first terminal, the serial number is a unique value that can be distinguished from the cryptographic module.

The packet key, may be the case of TCP communication, it generates further uses the value of the sequence ID, which indicates the sequence of the TCP communication.

The encryption module, the first-first input-output unit receives the data from the first terminal; Being connected to the second output unit 1-1, a first secure portion to generate said encrypted data and said session key; And the second is connected to the first secure portion, wherein the receiving the encrypted service data output unit 1-2 for transmitting to said communication network; includes, in a state in which the IP address is not set to non creating the session key, a network address device, one can.

According to an aspect of the invention, there is provided a data encryption and decryption system. The data encryption and decryption system, according to the data decoding unit for receiving the encrypted data through the communication network from a first terminal connected to the communication network, is connected between the second terminal and the network transfer the encrypted data from the communication network the received decoded includes an encryption module generating a session key required to generate the decrypted data, the encryption module, after receiving the first public key from the communication network, a response to the first public key of claim 2 generates a public key, to the second public key and transmitted to the network using the method of public key algorithm for generating the session key to produce the session key.

The encryption module, when receiving a re-processing the call packet including the first public key from the communication network, by using the material processing the call packet and generating the session key, forwarding the response packet from the second terminal receiving can be transmitted to the material processing response packet including the second public key with the communication network.

The re-processing of the response packet, and includes at least one of a serial number of the encrypted ID and the encryption module, which is represented by the random-number value for a specific length in the payload, the serial number, unique number of a value that can be distinguished from the cryptographic module have.

The encryption module, wherein the can, after receiving the second personal generate the key and the first public key with the second public key by using the second private key and a first public key to generate the session key .

The session key, in the case of TCP communication, constituting the TCP communication before performing the transmission of the data, may be generated.

The encryption module, wherein in order to generate the decoded data further using the packet key generated by using the data packet by the header information of the encrypted data, the packet key, header information, the encryption of the encrypted data a is generated by the serial number and the user of the encryption module generate the data group using at least one of a setting key set, the header information includes IP address, and packet-specific packet of the first terminal of the IP address, the second terminal includes an ID, the serial number, may be a value that can uniquely identify the encryption module.

The packet key, may be the case of TCP communication, it generates further uses the value of the sequence ID, which indicates the sequence of the TCP communication.

The encryption module, the second-first output section for receiving the encrypted data from the communication network; It is connected to the second output unit 2-1, a second secure portion for generating the decoded data and said session key; And the second is connected with the second secure portion, wherein the data obtained by decoding the second-second output section for delivering to the second terminal; wherein the, IP address is the network address non apparatus for creating the session key in a non-set state one can.

According to an aspect of the invention, there is provided a data encryption and decryption system. The data encryption and decryption system, according to the data decoding unit for receiving the encrypted data via a data encryption unit, and the communications network to send the encrypted data over a communication network, is connected between the first terminal and the communication network wherein a first encryption module generating a session key required for the encryption by receiving the data from the first device to generate the encrypted data; And a second connection between the terminal and the network and includes a second encryption module for generating the session key is required to generate the decoded data to transfer received decoding the encrypted data from the communication network, the first encryption to generate the first public key from the module transmitting to the communication network, and generate the second encryption after receiving the first public key in the module, the session key and animations the response of the second public for the first public key key using the second and sends the public key to the communications network, wherein the public key algorithm to the first encryption module generating the session key by receiving and using the second public key to generate the session key.

The first encryption module, the re-processing response when receiving forward the call packets from the first terminal then transmits the re-processing the call packet including the first public key with the communication network including the second public key, receiving a packet, generates the session key using said re-processing the response packet, the second encryption module, for receiving the re-processing of the call packet from the network, use of the material processing the call packet and generating the session key by receiving the response packet from the second terminal may send the re-processing the response packets to the network.

The re-processing of the call packets, and the payload comprises at least one of a serial number of the encrypted ID and the first encryption module, which is represented by the random-number value of a certain length further, the material processing the response packets, specified in the payload comprises at least one of an encrypted serial number of the ID and the second encryption module, which is represented by the random number of the length, the serial number, may be a value that can uniquely identify the encryption module.

The first encryption module, and generates a first private key with the first public key, and after receiving the second public key by using the first private key and a second public key to generate the session key , the second encryption module, wherein after receiving the second personal generate the key and the first public key with the second public key by using the second private key and a first public key to generate the session key can do.

The session key, in the case of TCP communication, constituting the TCP communication before performing the transmission of the data, may be generated.

The first encryption module, wherein in order to generate encrypted data further using the packet key generated by using the data packet by the header information of the data, the second encryption module is adapted to produce the decoded data, the one using a data packet by the header information of the encrypted data further using the generated said packet key, and said packet key, a serial number and a user of the header information, the first encryption module of the data group setting key one is at least produced using one, wherein the header information comprises at least one of an IP address, IP address, and the packet by the packet ID of the second terminal of the first terminal, the serial number, to identify the encryption module unique value that can be.

The packet key, may be the case of TCP communication, it generates further uses the value of the sequence ID, which indicates the sequence of the TCP communication.

The first encryption module, the first-first input-output unit receives the data from the first terminal; Being connected to the second output unit 1-1, a first secure portion to generate said encrypted data and said session key; And being connected to the first secure portion, wherein the receiving the encrypted service data output unit 1-2 for transmitting to said communication network; includes, first you address for generating the session key when the IP address is not set a network device, the second encryption module, the second-first output section for receiving the encrypted data from the communication network; It is connected to the second output unit 2-1, a second secure portion for generating the decoded data and said session key; 2 You address for generating the session key includes the, IP address is not set state; and the second is connected with the second secure portion, wherein the data obtained by decoding the second-second output section for delivering to the second terminal It may be a network device.

A data encryption and decryption system and method according to an embodiment of the present invention, there is an effect capable of preventing hacking or eavesdropping and interception, etc. via a variety of dedicated network or a public network by performing the encryption and decryption of data.

The key that can occur in the process of sharing the encryption key directly to data encryption and decryption system and method in accordance with one embodiment of the present invention, by encrypting or decrypting data using the session key for encryption by the public key exchange there is an effect that it is possible to prevent leakage.

Also, data encryption and decryption system and method in accordance with one embodiment of the present invention, a network device connected to each terminal by using an IP address or a non address network devices do not need to set up an account without hackers to access the terminal It has the effect that the same effect as a kind of virtual private network occurs.

Figure 1 is a block diagram of a data encryption and decryption system according to an embodiment of the present invention.

Figure 2 a) is another embodiment You address of the system of Figure 1 used to generate the flow chart, b) session key for generating a session key by using the system of Figure 1 according to one embodiment of the present invention block diagram of a network device and also c) non diagram showing an example of a method for generating a session key by using the network device address.

Figure 3 is a) a flow chart using the encryption key showing a method for encrypting and decrypting the data, b) detailed flow chart for the step of transmitting the encrypted data to the communication network, and c) detail of the step of outputting the decoding encoded data It is a flow chart.

It will now be described in detail so that the invention can be easily implemented by those of ordinary skill, in which with respect to the embodiment of the present invention with reference to the accompanying drawings. The invention is not be implemented in many different forms and limited to the embodiments set forth herein. In order to clearly describe the present invention in the drawings be regarded as was described in nature and not restrictive. The same reference numerals for the same or similar elements throughout the specification.

Figure 1 is a block diagram of a data encryption and decryption system according to an embodiment of the present invention. 1, a data encryption and decryption system 1 according to an embodiment of the present invention, a data encryption unit 10 are connected through a data decoding unit 20 and the communication network 30. Here, the data encryption unit 10 and the data decoding section 20 has a role to change according to the terminal to transmit the data.

That is, one example being set to the first terminal (11) in which to transfer data to the second terminal 21, first terminal 11 and the first encryption module 13, a data encryption section 10. The second terminal 21 and the second encryption module 23 if you wish the transferring data to the first terminal 11 from the data decoding unit 20 may be set to a second terminal 21, a first terminal 11 and the first encryption module 13 is set to the data decoding unit 20, a may be set to a first terminal 21 and the second encryption module 23, the data encryption unit 10.

In network 30, it includes a private network or a public network and may include a wireless network such as a wired network or a ZigBee, Bluetooth, such as Internet, PSTN.

Hereinafter, description of convenience, the first terminal 11 and the first to the encryption module data encryption section 10 for encrypting data (13), the second terminal 21 and the second encryption module 23, the data defined by the data decoding unit 20 for decoding, but such definition in accordance with the transmission direction of the data as described above, it is obvious that the same may be changed.

The first terminal 11 may transmit data to the second terminal 21 through the communication network 30. At this time, data encryption and decryption system (1) according to one embodiment of the present invention to prevent eavesdropping or hacking of the data, the first encryption module 13 that is connected to the terminal 11 and the second terminal ( a second encryption module (23 connected to 21)), and it is possible to exchange a session key used for encryption and decryption of data using a first encryption module 13 and the second encryption module (23). Also a device in one embodiment of the invention shown in Figure 1 (11, 21) and the encryption module (13, 23) is expressed as being connected from the outside, the present invention is not limited to this, the encryption module (13, 23) It may be built in each of the terminals (11, 21) by software or hardware.

Figure 2 a) is another embodiment You address of the system of Figure 1 used to generate the flow chart, b) session key for generating a session key by using the system of Figure 1 according to one embodiment of the present invention block diagram of a network device and also c) non diagram showing an example of a method for generating a session key by using the network device address.

The session key is required to transmit encrypted data from the first terminal 11 to the second terminal 21 as described above. In addition, the session key may itself when the key is shared over a network 30, a network of hacking or tapping such as the session key is to be released to the outside. Therefore, when a session key used for encryption and decryption of data is discharged to the outside through an even transmit encrypted data from the data encrypting unit 10 outlet session key to allow decryption of data from the outside, a data encryption unit (10 ) and a data decoding unit 20 may preferably be by using a public key exchange algorithm to generate a session key.

Figure 2a there is shown a method for use in generating a session key for data encryption and decryption system of Figure 1 according to one embodiment of the present invention. Referring to Figure 2a, method (S200) of generating session keys for data encryption and decryption in accordance with one embodiment of the present invention, the step (S210) the first encryption module is re-transmitting the call packets processed by network , a second encryption module, the method comprising: re-generating the session key by using the call packet processing (S220), the second encryption module is re step (S230), and a first encryption module, for transmitting the processed response packet to the network re- and a step (S240) by using the processing response packet to generate a session key.

First, The first encryption module is sent to the re-processing the call packets in networks (step S210).

A first terminal is transmitted to generate a calling packet, the first encryption module, for performing a second terminal and a TCP connection. The call packets into packets provided for full-scale before transmitting data, to generate the session key, the first terminal does not include the data to be transmitted is encrypted.

A first encryption module is received passes the call packets from the first terminal, and generates a first private key. The first private key is the value used by the first random number that is randomly generated in the encryption module, it is not transmitted to the second encryption module via a communication network of claim 1 to generate a session key in the encryption module. Then, the first encryption module generates a specific value k using the first address and the second address included in the header portion of the packet call. Wherein the first address and the second address is represented by a respective first terminal and a second terminal of the IP address is a second address of the IP address of the terminal to transmit the data with the IP address terminal to receive a first address, data It can be.

A first encryption module by creating a specific value k, group by combining the stored decimal value of y, the first private key and a specific value k to generate a first public key. A first public key generated here is included in the payload of the call packet can be transmitted to the second encryption module.

On the other hand, the payload of the call packet can be re-processed in a first encryption module to contain information for session key generation. The payload of the packet call, includes the encrypted ID, the serial number that can specify the encryption module 1, and at least one of the first public key. At this time, the encrypted ID is a random number of a certain length which means that the packet is re-processing, the serial number may be a value that is generated to identify the first encryption module.

Next, generate a session key using a second encryption module, the re-processing the call packet (step S220).

A second encryption module receives a packet from a communication network. At this time, verify that the second encryption module comprises an encryption ID in the payload of the received packet. When the payload does not contain the encrypted ID, the second encryption module is judged as not a packet is the packet transmitted from the first encryption module can drop the packet.

Also, if confirmation in a payload that contains the encrypted ID, the second encryption module may be used to determine the cost of re-processing the call packet transmitting the packet from the first encryption module, and generate a session key. A second encryption module upon receipt of the re-processing the call packet and generates a second private key, the second private key is never transmitted to the first encryption module by random number randomly generated from the second encryption module, via the communication network 2 is used to generate a session key in the encryption module.

After the second encryption module generates a specific value k using the first address and the second address included in the header portion of the packet. In this case, preferably, the second encryption module, and the port value may further be used to produce a specific value of k, the generated specific value k may be equal to the specific value k generated by the first encryption module. This is because the first and second encryption module to each of the same first address, a second address and port values ​​that are used to produce a specific value of k in.

On the other hand, the second encryption module is a combination of the first public key, the decimal value y and the second private key stored in the apparatus included in the payload may generate the session key, re-processing and then generates a session key then by removing the payload part of the call packet modified in the same packet as the call generated by the first terminal and transmits the packet to the second terminal.

Next, the first and second encryption module transmits the response packet to the network re-processed (step S230).

A second terminal a second response generates a response packet for the packet after receiving the call transfer call packet from the encryption module, the response packet is transmitted to the second encryption module. At this time, the second encryption module may generate a second public key by combining the decimal value of y, the second private key and a specific value k previously stored.

A second encryption module is encrypted ID, the second at least one of a serial number and a second public key that can specify the encryption module can be re-processed for a response packet to be included in the payload of the response packet, and re-processing the response packets It may be transmitted to the communication network.

Finally, The first encryption module generating a session key is re-machined using a response packet (step S240).

A first encryption module is receiving the packet from the communication network checks whether the payload of the packet contains the encrypted ID. When the payload does not contain the encrypted ID, a first encryption module may drop the packet and it is determined that the packet is not a packet transmitted from the second encryption module.

Also, if confirmation in a payload that contains the encrypted ID, a first encryption module may be used to determine the re-processing the packet and the response packet, and generate a session key. A first encryption module is the second public key group, and by combining the stored decimal value of y, and the first private key to generate a session key, re-processing and then generates a session key included in the payload of the material processing response packet then by removing the payload section of the response packet it was modified in the same packet as the response generated by the second terminal may transfer the packet to the first terminal.

On the other hand, a method of generating a session key for data encryption and decryption in accordance with one embodiment of the present invention described above (S200) is to generate a new session key for each communication by being carried out when the TCP communication, prior to performing the data transmission It can increase security. In the case of UDP communication, when a communication group than to disconnect a set period of time, a new case for configuring communication compared to the current communication, such as when changing the communication program, or using a new session key if the communication state change by setting to produce it may increase the security of the time of the session key and deodorant.

In addition, the session key generation algorithm using the public key to produce a session key as shown in the embodiment of the present invention, but typically, the Diffie Hellman algorithm is used, which exchanges the public keys in the present invention is merely one example of a can be said that all the algorithms that allow you to generate session keys required for encryption.

On the other hand, another embodiment of this session key generation algorithm, the system of Figure 1. You may be implemented via data encryption and decryption system using the network device address. You address or network devices such as IP address or MAC address is not required for communication to send and receive data set, which means the network devices that your account is required.

Referring to Figure 2b, the first encryption module 13 of the data encryption and decryption system (2) according to one embodiment of the present invention, the first-first input and output unit 131, a first secure portion 133 and a 1-2 the first non including the input and output unit 135 may be replaced by a network address 130, a second encryption module 23, the second-first output unit 231, a second secure portion (233 ) and the second non including a second-second input-output unit 235 may be replaced by a network address device 230. Wherein the first and second non address network devices, since each device does not have an IP address, and is not directly penetrate from the outside via a communication network or the like, this is because of the unit having a higher safety from the hack of the device.

This allows data to be sent out from a terminal (11, 21), the terminal (11, 21) than independently you using the session key generated by the public key exchange between the address network device (130,230) encryption or to be decoded may be, you may generate the same effect as the communication using the virtual private network by using the network device address (130, 230).

In the following, with reference to Figure 2b and 2c, so that you will be described in more detail a method of generating a session key as disclosed in Figure 2a, using the network device address. In addition, it defined as using the encryption and one of the decoding method to the type of the public key algorithm using the public key of the Diffie Hellman algorithm used by the convenience system of description, but the present invention is not limited to encryption by exchanging the public keys and that can perform decoding tasks may include all of the various public key algorithm. In addition, only it describes the procedure for transmitting data to the second terminal from the first mobile station to aid in the understanding of the system of the present invention, and so as to omit the description of the reverse process. However, the process of transmitting the data to the first terminal from the second terminal, it can be said that it is apparent which may have the same effect as the reverse of the process and the description set forth below.

When FIG. 2b and FIG. 2c, you data encrypted using an address network device according to an embodiment of the present invention and a decoding system (2) it has a first terminal 11, the first non addresses the network device 130, network 30, second terminal 21, and a second non comprises a network address device 230.

Here, the first terminal 11 has a first address, a second terminal (21) has a second address, the first terminal 11 and second terminal 21 may have a respectively different accounts .

You first network address device 130 and the second non network address device 230, shall have the same session key for encryption and decryption of data. However, if you share a session key directly, it can be a session key information is leaked through hacking or eavesdropping because the data was not encrypted session key, which may be due to the encrypted information attack. Thus, the first You may in each device address a network device 130 and the second non address network devices 230 before the data is shared, public key exchange performed a process of generating the same session key.

Figure 2c shows an example of the TCP communication using the Diffie Hellman algorithm of how to create the session key data encryption and decryption system using a non address network apparatus according to an embodiment of the present invention.

Referring to Figure 2c, the first terminal 11 has a first address which is represented by 192.168.123.10, first you are connected to a network address 130, the second terminal 21 is represented as 192.168.456.7 having a second address to the second address you are connected to the network device 230. the

Firstly, the first terminal 11 is transmitted to the second terminal 21 and generates a call to a packet for performing a TCP connection, the first non address network device 130. Call packet is in earnest into a packet provided to produce a full, the session key to transmit data, it is preferable that one terminal 11 is no data to be transmitted is encrypted.

You first network address unit 130 is informed of the call packet from the first terminal 11 via the first-second output unit 135, and generates a first private key in a first secure portion 133. The first private key is a session in a first secure portion 133 randomized by random numbers generated by the second non through the communication network 30 is not transmitted to the address a network device 230, the first non addresses the network device 130 in is the value required to generate a key. Since the first secure portion 133 generates a particular value k by using the first address and the second address included in the header portion of the packet call. In this case, preferably, the first secure portion 133 may further be used to produce a specific value of k the port values.

A first secure portion 133 is generated after a particular value k, group by combining the stored decimal value of y, the first private key and a specific value k to generate a first public key. A first public key generated here is included in the payload of a packet call the second You can be delivered to the network address device 230.

On the other hand, the payload of the call packet can be re-processed in a first secure portion 133 to contain the information for session key generation. The payload of the packet call, includes the encrypted ID, the first non least one of a serial key value and the first public key of the network device address (130). At this time, the encrypted ID is a random number of a certain length which means that the packet is processed material, Cereal value you are generated by the network device address. You may be a value that is generated to allow the distinction of the network device address.

The material processing call packet is transmitted to the communication network via the [0075] output unit 131, a second non is transmitted to the network device address 230. The 2 You should ensure that the second secure portion 233 of the network address unit 230 receives a packet over the second-first input and output unit 231 includes an encryption ID in the payload of the packet. In this case, if the payload does not contain the encrypted ID, the second secure portion 233 has determined that the packet first you not a packet transmitted from the network address device 130 can drop the packet.

Also, if confirmation in a payload that contains the encrypted ID, the second secure portion 233 has determined the packet to the packet sent from the first non addresses the network device 130 it can be used to generate the session key. A second secure portion 233 through upon receipt of the re-processing the call packet and generates a second private key, the second private key as a random number that is randomly generated by the second secure portion 233, a communication network 30 claim 1. you are not transmitted to the network device address 130, a second you are used to generate the session key from the network device address (230).

Then, the second secure portion 233 generates a particular value k by using the first address and the second address included in the header portion of the packet. In this case, preferably, the second secure portion 233 may further use the port value to produce a specific value of k, the generated specific value k may be the same value and the specific value k generated by the first secure portion 133. This is because the first and second secure portion (133, 233) respectively equal to the first address, second address and port values ​​that are used to produce a specific value of k in.

On the other hand, re-processing the second secure portion 233 is a combination of the first public key, a decimal value y and the second private key stored in the device included in the payload, and can generate a session key, and then generates a session key delete the payload portion of the call packet and transmits the packet to the first terminal 11, second terminal 21 is then deformed in a call packet using a second-second input and output unit 235 generated by the.

Next, the second terminal 21, thereby creating a response packet in response to the call after receiving the packet passes the call packet, the response packet is the second secure portion 233 again via the 2-2 input and output unit 235 It is transmitted to the. At this time, the second secure portion 233 generates the second public key by combining the decimal value of y, the second private key and a specific value k previously stored.

A second secure portion 233 is encrypted ID, the second you are at least one of a serial key value and the second public key of the address network device 230 can re-process the response packet to be included in the payload of the response packet, re the processing response packet is transmitted to the communication network through the second-first output unit 231, a first non is transmitted to the network device address (130).

You must first ensure that the network address unit 130 includes an encryption ID in the payload, by receiving the response packet, the re-processing through the 1-1 input and output section 131. In this case, if the payload does not contain the encrypted ID, the first secure portion 133 has determined that the packet 2 You not the packet transmitted from the network address device 230 can drop the packet.

Also, if confirmation in a payload that contains the encrypted ID, the first secure portion 133 is the packet a second non determines in a packet transmitted from address network device 230 uses the packet to generate a session key . A first secure portion 133, can be a combination of a second public key, a previously stored decimal value of y, and a first private key included in the payload to generate a session key, and then generates a session key re-processing the response packets delete the portion of the payload and transmits the packet to the first terminal 11 was modified to generate a response packet from the second terminal 21 using the first-second output unit 135. the

Fig process generates the above-described session key using 2c is, it is possible to increase security by generating for each data being performed when a TCP communication is performed prior to data transmission a new session key. In the case of UDP communication, generate communication group as compared with the current communication, such as the case, transforming the new if configured communication or using a communication program, which when exceeded, disconnects the set time a new session key if the communication state change so it can improve security by.

On the other hand, data encryption and decryption system and method in accordance with one embodiment of the present invention, in addition to the above-described session key may be performed using the packet key to encrypt and decrypt data. The above-described session key is a key used to encrypt or decrypt the data bundle, packet key is a key used for encrypting or decrypting each data packet.

Packet key has an effect which may have a packet key, even if the outlet is another key packet using the next data packet being higher than the outlet for the key security because the encryption or decryption of each data packet.

Generated in the packet key, using the data packet by the header information, the first encryption module 13 and the second encryption module 23 of Figure 1 that is generated to perform the data encryption and decryption according to an embodiment of the present invention It can be. First packet key generated by the encryption module 13 encrypts the data to be transmitted from the first terminal 11 in packets, the second encrypted from a packet key network 30, which is generated by the encryption module 23 receiving the data is used to decrypt the data.

A first encryption module 13 may use the header information and additional information of the data packet to produce a packet key. Here, the header information includes IP address is the first address (source IP address), the IP address of the second address (destination IP address) and the packet can be at least one of ID, additional information of the second terminal of the first terminal is a serial or a set number of keys may be at least one.

At this time, the serial number is a value to be generated to identify the first encryption module, set key is a specific key to change depending on the settings. In the case of TCP communication, the first encryption module may also be a sequence ID of a TCP packet further to produce a packet key.

Of the information used to generate the packet key, a first address, a second address, the first serial number and the set key of the encryption module is a fixed value that does not change for the duration of the communication session. However, the packet ID is an ID that is generated to identify the packet, in the case of TCP communication sequence ID using a different packet key for each data packet and the communication session since the change value that changes each time a communication session is re-configuration data, because to be able to encrypt can maintain high security.

On the other hand, the second encryption module 23 generates a packet key for decryption of data. At this time, the second encryption module 23 can be received, and generates a packet key for decryption of data using the specific received data packet header information and additional information, the encrypted data from the communication network 30.

Here, the header information may be the first address (source IP address), and the second address may be at least one of the (destination IP address) and the packet ID, additional information is at least one of a serial number or a key set.

At this time, the serial number may also be acquired in advance before receiving data encrypted from the second encryption module 23 0 is the communication network 30 the serial number of the first encryption module, a serial number of a first encryption module, in particular TCP for communication, it may be stored in advance obtained from the step of configuring the communication session. The key set may be the same key and the first encryption module set by the user as the specific key to change depending on the settings. For further TCP communication, the second encryption module is the sequence ID for the TCP packet may further be used to produce a packet key.

On the other hand, the first and second encryption module for generating a packet key, it is possible as in the example of the system for generating the above-described session key from Figure 2b each of the first and second non be replaced by a network address device.

You first network address is transmitted to the device 130 the first data to be encrypted using the key packet from the first terminal 11 via the first-second output unit 135, secure portion 133. A first secure portion 133 is the first address from the header information of the received data (source IP address), and the second address (destination IP address) and the packet ID of the at least one information and additional information of at least one of a serial number or a set key using one of the information and generates a packet key. In this case, the first secure portion 133 is preferably at the first address, second address, the number of packets ID, using both the serial number, and set the key to generate the packet key.

Serial number, you, you are generated to identify the network address is a device ID value of the network device address. Serial number may be changed in accordance with the first network device is an address non generated by 130 power is a combination of time and random number value of a particular digit of the incoming moment in case digits of the user's set of random numbers used. By this, the serial number generated by the first non change the serial number of the device randomly to reboot the address network device 130 as needed, because it is not a fixed value for each device is an effect that it is possible to prevent the outflow of the serial number have.

The setting keys as the key which the user can arbitrarily set, and the user to generate encrypted group by setting the same setting the key value to the device to perform cryptographic communication, the security ability can be increased through this. In the case of TCP communication first secure portion 133 to produce a packet key, the sequence ID of the TCP communication session created for the data transmission may further be used.

The first packet non-key generation apparatus in the network address 130 is first used to encrypt the packet from the first secure portion 133. That is, when A, using the header information of the data packet a packet key is generated, the first secure portion 133 through the communication network A encrypts the data packet using a packet key, and [0075] output unit 131 It may send the encrypted data packet a to 30.

The encrypted data packet, the second non through the communication network 30 is transmitted to the network device address (230). A second non conveys a network device address 230 is a second secure portion 233 receives the encrypted data packet through the second-first input and output unit 231.

A second secure portion 233 may use the header information of the encrypted data packet to generate a packet key necessary to decrypt the data. A second secure portion 233 is the first address from the header information of the encrypted data packet (source IP address), and the second address (destination IP address) and at least one of the extensions and of the packet ID information of serial number or the set key of using at least one of the information and generates a packet key. At this time, the second secure portion 133 is preferably at the first address, second address, the number of packets ID, using both the serial number, and set the key to generate the packet key.

At this time, the additional information of the serial number used to generate the packet key from the second secure portion 233 may be a serial number of the first non addresses the network device 130, a second secure portion 233 is a communication in TCP communication in the process of exchanging signals to form a communication network, which is defined as a session configuration phase a first you can be used in the process of generating a packet key by keeping to obtain a serial number of the network device address (130). In the case of TCP communication first secure portion 133 to produce a packet key, the sequence ID of the TCP communication session created for the data transmission may further be used.

Therefore, since the second packet information, and additional information used to generate the packet key in the secure portion 233 is the same as the information used to generate the packet key from the first secure portion 133 in the first secure portion 133, a If generate and transmit the encrypted a data packet to produce a packet key, and the second secure portion 233. in generating the same a packet key, that by using the header information of the encrypted a data packet created by the first secure portion 133 it is possible to it is possible to perform decoding of the encrypted data packets a.

On the other hand, data encryption and decryption according to an embodiment of the invention the system may be encrypted or decrypted to a flowchart and the data in the same way as shown in Figure 3a. Hereinafter, the first encryption module, and however to describe the encrypted data around the first terminal and a decoding method, the present invention is simply this is not limited to the second encryption module and the second terminal also encryption and decryption of data in the same manner It can be carried out. Further, the first encryption module and the second encryption module may be configured to perform only either one of encryption and decryption.

Referring to Figure 3a, data encryption and decryption method according to an embodiment of the present invention (300) includes the steps of from the step (S310), the terminal to set the data encryption level is determined whether to convey the data (S320), the data by encrypting includes the step (S330), determining whether it has received the encrypted data from the communication network (S340), and outputting decoded encrypted data step (S350) of transmitting.

First, a user sets the level of encryption data (step S310). The user can set the first case of cryptographic modules perform data encryption, the first encryption module is the data level of encryption to use at least one of a session key or a packet key to encrypt data with the setting change of the first encryption module . Set in this step S310 it may not be applicable in the process of decrypting the encrypted data, since the first module to have a decoding level according to the encryption strength of the received transmission data when performing the decryption of the data determination.

At this time, if the user sets to use the session key, the first encryption module, and can also directly create the session key as described with reference to Fig. 2, it may be delivered to the group generated session key from the outside.

Next, the first encryption module is to determine whether the data is transmitted from the first terminal (step S320). A first encryption module is an step S340 to determine if the data, when receiving transmission from the first terminal performs step S330 to encrypt the data transmitted to the communication network, and, unless it has been data from the terminal receives the encrypted data from the communication network It can be carried out.

Comprising: first encryption module, a confirmation step (S331), whether a packet key enabling to determine whether the retention session key as step (S330) to be transmitted to the communications network by encrypting the data, shown in Figure 3b (S332) , a session key, and using both the packet key, the step of encrypting the data using the step (S333), the session key to encrypt the data (S334), using the packet key step (S335) for encrypting data and encryption data a and a step (S336) to be transmitted to the communication network.

A first encryption module may determine whether the first session key held in order to transmit the encrypted data to the network (step S331). At this time, when it is determined that via step S310 holds the session key, when it is identified that using a packet key set and verify that it does not hold (step S332), the session key, using only a packet key and encrypts the data (step S335).

Next, the first encryption module may determine whether the use of the packet key set (step S332). A first encryption module if it is not enabled, a packet key in step S310, if the encryption data by using only the session key and set up to use (step S334), the packet key using both a session key and a packet key data encrypts (step S333).

At this time, the first packet key used in the encryption of data in the cryptographic module may preferably be produced using a first specific data packets to perform the encryption in the encryption module header information.

Finally, the first encryption module transmits the encrypted data via step S333 to step S335 as a network (step S336).

On the other hand, when the first encryption module is not pass data from the terminal, the first encryption module determines whether the encrypted data received from the network (step S340). At this time, in the case of determining that it does not receive encrypted data from the communication network 1, an encryption module, the first encryption module is not received because it carries data from both the terminal and the network, and repeats the step S320.

In addition, the first when it is determined that the encryption module receives the encrypted data from the communication network, a first encryption module to decrypt the encrypted data received by the output data transmitted to the first terminal to the user (step S350).

A first encryption module, as step (S350) and outputting the decoding encoded data is shown in Figure 3c, by using the step (S351), it holds the session key to determine whether the retained session key to perform decryption of data step (S352), a step (S353), step (S355) for generating a packet key, and outputs the transmission step (S354) and the decoded data to perform decoding of the data packet to the device to determine whether to encrypt data packets It includes.

A first encryption module upon receiving the encrypted data from the communication network to determine whether the first session key held (step S351). At this time, when it is determined that via step S310 holds the session key, the first encryption module by using the held session key to perform decryption of encrypted data received from the network (step S352). Further, the first encryption module is the confirmation that it does not have the session key, the first encryption module may not be determined that in the process the encrypted data received from the network is encrypted not with the session key, and the steps S352 have.

Next, a check whether the first cryptographic module received data packet is encrypted (step S353). A first encryption module when it is identified whether the encrypted data received from the step S352 or the communications network is encrypted by each packet, and determine that there is a per-packet encryption being performed, to generate the packet key to perform the decoding of the data packet ( step S354).

In addition, when the first encoding module is confirmed that there is no data packet is encrypted, the first encryption module can not perform the step S354. These data packets are preferably may be performed a step S352 the data, since it must perform at least one data decoding process by the nature of the first encryption module of the present invention receives the encrypted data via a communication network.

On the other hand, and finally the first encryption module to pass data one performs at least one of the decoding step in the step S352 or step S354 to the first terminal (step S355), the first terminal is a data decoding by outputting the data transmitted to the user you can terminate the process.

Data encryption and decryption method according to an embodiment of the invention shown in the above Figures 3a to 3c are, you're illustrated in Figure 2b may be implemented via data encryption and decryption system, including a network address device. In this case, the first encryption module can be replaced with the first address you network device, perform each step in a first secure portion.

Has been described in one embodiment of the present invention above, the concept of the present invention is not limited to the embodiments set forth in this specification, the addition of, components within the scope of one of ordinary skill in the art in the same spirit to understand the scope of the invention , would be able to readily suggest an alternative embodiment by changing, deleting, adding, etc., it will also be cared for in the spirit scope of the invention.

Claims (24)

  1. According to a second terminal connected to the communication network to the data encryption unit for transmitting the encrypted data through the communication network,
    A first connection between the terminal and the communication network and comprising: an encryption module generating a session key required to generate the encrypted data encrypted by receiving the data from the first terminal,
    The encryption module, the first, and generates a public key received and then transmitted to the communication network of the first public key, the response of the second public key to from the communication network, wherein the session using the received second public key data encryption and decryption system for generating the session key by using the method of the public key algorithm to generate a key.
  2. According to claim 1,
    The encryption module, a re-processing the response packet when receiving forward the call packets from the first terminal then transmits the re-processing the call packet including the first public key with the communication network including the second public key, and receiving, data encryption and decryption system to produce the session key using said re-processing a response packet.
  3. 3. The method of claim 2,
    The re-processing of the call packets, further comprising at least one of a serial number of the encrypted ID and the encryption module, which is represented by the random-number value for a specific length in the payload,
    The serial number is a unique value, data encryption and decryption system that can be distinguished from the cryptographic module.
  4. According to claim 1,
    The encryption module, the first, and generates a first private key with the first public key, and the second, after receiving the public key data for generating the session key by using the first private key and a second public key encryption and decoding system.
  5. According to claim 1,
    The session key, in the case of TCP communication, constituting the TCP communication before performing the transmission of the data, and data encryption and decryption system to be created.
  6. According to claim 1,
    The encryption module is further use of the key packet that is generated by using the data packet by the header information of the data to generate the encrypted data,
    The packet key, a serial number and a user of the header information, the encryption module of the data is generated using at least one of the groups set key set, the header information includes IP address, the second terminal of the first terminal of it comprises at least one of an IP address and a packet by packet ID,
    The serial number is a unique value, data encryption and decryption system that can be distinguished from the cryptographic module.
  7. 7. The method of claim 6,
    The packet key, if the TCP communication, the TCP data encryption and decryption system that is generated by further using the value of the sequence ID that shows a sequence of communication.
  8. According to claim 1 or 6,
    The encryption module,
    [0075] The output unit receives the data from the first terminal;
    A first secure portion of the claim 1-1 connected with the input-output unit, generating the encrypted data, and the session key or the key packet; And
    The first is connected to the first secure portion, providing the received encrypted data output unit 1-2 for transmitting to said communication network; includes,
    With the IP address is not set in the data encryption and decryption system you address network apparatus for creating the session key or the key packet.
  9. In from a first terminal connected to the communication network to the data decoding unit for receiving the encrypted data through the communication network,
    A second connection between the terminal and the communication network and comprising: an encryption module generating a session key that is required to produce a decoded data by decoding by receiving the encrypted data from the communication network,
    The encryption module, after receiving the first public key from the communication network, and generate the first public key, the response of the second public key for, and transmitting the second public key to the network generating the session key data encryption and decryption system using the method of the public key algorithm for generating the session key.
  10. 10. The method of claim 9,
    The encryption module, when receiving a re-processing the call packet including the first public key from the communication network, by using the material processing the call packet and generating the session key, forwarding the response packet from the second terminal receiving data encryption and decryption system for transmitting the re-processing the response packet including the second public key with the communication network.
  11. 11. The method of claim 10,
    The re-processing of the response packet, and includes at least one of a serial number of the encrypted ID and the encryption module, which is represented by the random-number value for a specific length in the payload,
    The serial number is a unique value, data encryption and decryption system that can be distinguished from the cryptographic module.
  12. 10. The method of claim 9,
    The encryption module, the second, and generates a second private key with the public key, wherein after receiving the first public key data and generating the session key by using the second private key and a first public key encryption and decoding system.
  13. 10. The method of claim 9,
    The session key, in the case of TCP communication, constituting the TCP communication before performing the transmission of the data, and data encryption and decryption system to be created.
  14. 10. The method of claim 9,
    The encryption module is further use of the key packet that is generated by using the data packet by the header information of the encrypted data to generate the decoded data,
    The packet key, the header information of the encrypted data, the serial number and the user of the generated encrypted data, the encryption module is produced using at least one of the groups set key set, wherein the header information of the first terminal of and including the IP address, IP address, and the packet ID of the packet by the second terminal,
    The serial number is a unique value, data encryption and decryption system that can be distinguished from the cryptographic module.
  15. 15. The method of claim 14,
    The packet key, if the TCP communication, the TCP data encryption and decryption system that is generated by further using the value of the sequence ID that shows a sequence of communication.
  16. 10. The method of claim 9 or 14,
    The encryption module,
    2-1 input-output unit for receiving the encrypted data from the communication network;
    A second secure portion that is connected to the second output unit 2-1 generates the decoded data, and the session key or the key packet; And
    The first is connected to the secure portion 2, the second-second output section for delivering the decoded data to the second terminal; includes,
    With the IP address is not set in the data encryption and decryption system you address network apparatus for creating the session key or the key packet.
  17. In the data decoding unit for receiving the encrypted data via a data encryption unit, and the communications network to send the encrypted data over a communication network,
    A first terminal and a first encryption module connected between the communication network and generating a session key required to generate the encrypted data encrypted by receiving the data from the first terminal; And
    And second connection between the terminal and the communications network is a second encryption module for generating the session key required to generate the decoded data to transfer received decoding the encrypted data from the communication network,
    Generating a first public key from the first cryptographic modules transmitted to the communication network and the second encryption after receiving the first public key in the module, the session key and animations The second public response to the first public key using the second method, the public key algorithm to the first encryption module receives the second public key to send a public key to the communications network, and to generate the session key used to generate keys for the session key generating data encryption and decryption system.
  18. 18. The method of claim 17,
    The first encryption module, the re-processing response when receiving forward the call packets from the first terminal then transmits the re-processing the call packet including the first public key with the communication network including the second public key, receiving a packet, generates the session key using said re-processing the response packets,
    The second encryption module, a case for receiving the material processing the call packet from the network, accepted generating the re-processing the called packet using the session key and passes a response packet from the second device processing the re data encryption and decryption system to transmit the response packet to the network.
  19. 19. The method of claim 18,
    The re-processing of the call packets, further comprising at least one of a serial number of the encrypted ID and the first encryption module, which is represented by the random-number value for a specific length in the payload,
    The re-processing of the response packet, and includes at least one of a serial number ID of the encryption and the second encryption module, which is represented by the random-number value for a specific length in the payload,
    The serial number is a unique value, data encryption and decryption system that can be distinguished from the cryptographic module.
  20. 18. The method of claim 17,
    The first encryption module, and generates a first private key with the first public key, and after receiving the second public key by using the first private key and a second public key to generate the session key ,
    The second encryption module, the second, and generates a second private key with the public key, after receiving the first public key using said second private key and a first public key to produce the session key data encryption and decryption system.
  21. 18. The method of claim 17,
    The session key, in the case of TCP communication, constituting the TCP communication before performing the transmission of the data, and data encryption and decryption system to be created.
  22. 18. The method of claim 17,
    The first encryption module is further use of the key packet that is generated by using the data packet by the header information of the data to generate the encrypted data,
    The second encryption module is further use of the key packet that is generated by using the data packet by the header information of the encrypted data to generate the decoded data,
    The packet key, a serial number and a user of the header information, the first encryption module of the data is generated using at least one of the groups set key set, the header information, wherein the IP address, of the first terminal of the IP address and the packet by the packet ID of the second terminal comprises at least one,
    The serial number is a unique value, data encryption and decryption system that can be distinguished from the cryptographic module.
  23. 23. The method of claim 22,
    The packet key, if the TCP communication, the TCP data encryption and decryption system that is generated by further using the value of the sequence ID that shows a sequence of communication.
  24. 18. The method of claim 17 or claim 22,
    The first encryption module,
    [0075] The output unit receives the data from the first terminal;
    A first secure portion of the claim 1-1 connected with the input-output unit, generating the encrypted data, and the session key or the key packet; And
    The first is connected to the first secure portion, providing the received encrypted data output unit 1-2 for transmitting to said communication network; includes,
    With the IP address is not set and the first network address non apparatus for creating the session key or the key packet,
    The second encryption module,
    2-1 input-output unit for receiving the encrypted data from the communication network;
    A second secure portion that is connected to the second output unit 2-1 generates the decoded data, and the session key or the key packet; And
    The first is connected to the secure portion 2, the second-second output section for delivering the decoded data to the second terminal; includes,
    With the IP address is not set the second non data encryption and decryption system address network device for generating the session key or the key packet.
PCT/KR2016/013600 2015-11-24 2016-11-24 Data encoding and decoding system and method WO2017090996A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
KR10-2015-0164630 2015-11-24
KR20150164630 2015-11-24

Publications (1)

Publication Number Publication Date
WO2017090996A1 true true WO2017090996A1 (en) 2017-06-01

Family

ID=58763383

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/KR2015/012715 WO2017090789A1 (en) 2015-11-24 2015-11-25 Communication security system and method using non-address network equipment
PCT/KR2016/013609 WO2017091000A1 (en) 2015-11-24 2016-11-24 Data encoding and decoding system and method
PCT/KR2016/013600 WO2017090996A1 (en) 2015-11-24 2016-11-24 Data encoding and decoding system and method
PCT/KR2016/013613 WO2017091002A1 (en) 2015-11-24 2016-11-24 Data encoding and decoding system and method

Family Applications Before (2)

Application Number Title Priority Date Filing Date
PCT/KR2015/012715 WO2017090789A1 (en) 2015-11-24 2015-11-25 Communication security system and method using non-address network equipment
PCT/KR2016/013609 WO2017091000A1 (en) 2015-11-24 2016-11-24 Data encoding and decoding system and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/013613 WO2017091002A1 (en) 2015-11-24 2016-11-24 Data encoding and decoding system and method

Country Status (1)

Country Link
WO (4) WO2017090789A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6240513B1 (en) * 1997-01-03 2001-05-29 Fortress Technologies, Inc. Network security device
US7100048B1 (en) * 2000-01-25 2006-08-29 Space Micro Inc. Encrypted internet and intranet communication device
US20140223540A1 (en) * 2002-09-20 2014-08-07 Fortinet, Inc. Firewall interface configuration to enable bi-directional voip traversal communications
US20140233734A1 (en) * 2013-02-21 2014-08-21 Meru Networks Restricting broadcast and multicast traffic in a wireless network to a vlan
US20140362988A1 (en) * 2003-09-30 2014-12-11 Cisco Technology, Inc. Method and apparatus of communicating security/encryption information to a physical layer transceiver

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6067620A (en) * 1996-07-30 2000-05-23 Holden; James M. Stand alone security device for computer networks
US6430691B1 (en) * 1999-06-21 2002-08-06 Copytele, Inc. Stand-alone telecommunications security device
US7983419B2 (en) * 2001-08-09 2011-07-19 Trimble Navigation Limited Wireless device to network server encryption
US8583929B2 (en) * 2006-05-26 2013-11-12 Alcatel Lucent Encryption method for secure packet transmission
GB201300316D0 (en) * 2013-01-09 2013-02-20 Ibm Transparent encryption/decryption gateway for cloud storage services

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6240513B1 (en) * 1997-01-03 2001-05-29 Fortress Technologies, Inc. Network security device
US7100048B1 (en) * 2000-01-25 2006-08-29 Space Micro Inc. Encrypted internet and intranet communication device
US20140223540A1 (en) * 2002-09-20 2014-08-07 Fortinet, Inc. Firewall interface configuration to enable bi-directional voip traversal communications
US20140362988A1 (en) * 2003-09-30 2014-12-11 Cisco Technology, Inc. Method and apparatus of communicating security/encryption information to a physical layer transceiver
US20140233734A1 (en) * 2013-02-21 2014-08-21 Meru Networks Restricting broadcast and multicast traffic in a wireless network to a vlan

Also Published As

Publication number Publication date Type
WO2017090789A1 (en) 2017-06-01 application
WO2017091000A1 (en) 2017-06-01 application
WO2017091002A1 (en) 2017-06-01 application

Similar Documents

Publication Publication Date Title
Stubblefield et al. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP.
Aziz et al. Privacy and authentication for wireless local area networks
US5341427A (en) Algorithm independent cryptographic key management apparatus
US5230020A (en) Algorithm independent cryptographic key management
US7233664B2 (en) Dynamic security authentication for wireless communication networks
US5081678A (en) Method for utilizing an encrypted key as a key identifier in a data packet in a computer network
US7649992B2 (en) Apparatuses for encoding, decoding, and authenticating data in cipher block chaining messaging authentication code
US7123721B2 (en) Enhanced subscriber authentication protocol
US20030210787A1 (en) Secure mobile ad-hoc network and related methods
US20070271606A1 (en) Apparatus and method for establishing a VPN tunnel between a wireless device and a LAN
US20080063204A1 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
Zorn Microsoft Vendor-specific RADIUS Attributes
Lo et al. Secure communication mechanisms for GSM networks
US20030072059A1 (en) System and method for securing a communication channel over an optical network
Gehrmann et al. Bluetooth security
US20050254656A1 (en) Efficient transmission of cryptographic information in secure real time protocol
US6192474B1 (en) Method for establishing a key using over-the-air communication and password protocol and password protocol
US20080292105A1 (en) Lightweight key distribution and management method for sensor networks
US7171552B1 (en) Encrypting information in a communications network
Hager et al. An analysis of Bluetooth security vulnerabilities
US20100077203A1 (en) Relay device
US7039190B1 (en) Wireless LAN WEP initialization vector partitioning scheme
US9215075B1 (en) System and method for secure relayed communications from an implantable medical device
WO2007121587A1 (en) Dynamic distributed key system and method for identity management, authentication servers, data security and preventing man-in-the-middle attacks
US6075859A (en) Method and apparatus for encrypting data in a wireless communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16868892

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE