[go: up one dir, main page]

WO2017090789A1 - Système et procédé de sécurité des communications utilisant un équipement de réseau non adressé - Google Patents

Système et procédé de sécurité des communications utilisant un équipement de réseau non adressé Download PDF

Info

Publication number
WO2017090789A1
WO2017090789A1 PCT/KR2015/012715 KR2015012715W WO2017090789A1 WO 2017090789 A1 WO2017090789 A1 WO 2017090789A1 KR 2015012715 W KR2015012715 W KR 2015012715W WO 2017090789 A1 WO2017090789 A1 WO 2017090789A1
Authority
WO
WIPO (PCT)
Prior art keywords
input
output unit
data
address
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2015/012715
Other languages
English (en)
Korean (ko)
Inventor
이광원
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2017090789A1 publication Critical patent/WO2017090789A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation

Definitions

  • the present invention allows the use of non-address network equipment without an IP address or account for hacking, eavesdropping, and eavesdropping of terminals transmitting and receiving data through various dedicated and public networks.
  • a communication security system and method using network equipment is a communication security system and method using network equipment.
  • various terminals operating in a private or public network including wired or wireless, for example, PCs, laptops, VoIP phones, fax terminals, mobile phones, etc. are subjected to enormous physical or property damage due to various hacking I can wear it.
  • IP address and account setting were essential. Therefore, there is a problem that the incapacitation of the security equipment occurs due to the distributed denial of service (DDoS) attack and various hacking techniques that develop day by day.
  • DDoS distributed denial of service
  • An object of the present invention for solving the above problems is to block the hacking, eavesdropping, and eavesdropping of terminals transmitting and receiving data through various private and public networks by using non-address network equipment without an IP address or account.
  • the present invention provides a communication security system and method using a non-address network device that maintains security and prevents hacking, eavesdropping, and eavesdropping.
  • the terminal for transmitting or receiving data to the communication network; And a first input / output unit connected to the communication network, a second input / output unit connected to the terminal, and when data is received from the communication network through the first input / output unit, encrypted data is encrypted to the terminal through the second input / output unit.
  • It may include a non-address network equipment to generate and output to the terminal through the second input and output unit.
  • the communication security system using a non-address network equipment for achieving the above object, and a first terminal for receiving the data including the first address or to generate and transmit the data containing the second address; And a communication security system using a non-address network device that communicates through a communication network with a second terminal that generates and transmits data including the first address or receives data including the second address.
  • -2 may include a second non-address network equipment including a second security unit for decrypting or encrypting the encrypted data or data input from the input-output unit, and encrypts the data input from the second-2 input-output unit.
  • the communication security method using a non-address network equipment for achieving the above object, is connected to the communication network via a first input and output unit and a terminal via a second input and output unit, the first input and output unit and the first 2.
  • a communication security method using a non-address network device having a security unit connected between two input / output units, wherein the security unit encrypts data when the data is input from the terminal through the second input / output unit to generate encrypted data.
  • the first non-address network equipment is connected to the communication network through the 1-1 input and output unit 1-2
  • a first address is connected to a first terminal having a first address set through an input / output unit
  • a first security unit is connected between the first-first input-output unit and the first-second input / output unit
  • the second non-address network device receives the second-first input.
  • a second terminal connected to the communication network through a second terminal and having a second address set through a second input / output unit, and a second security unit is connected between the second input / output unit and the second input / output unit.
  • a communication security method using a non-address network device of a security system comprising: (a) the first terminal generating data including the second address and generating the first non-address through the 1-2 input / output unit; The step of transmitting the-less network devices; (b) in the first non-address network device, the first security unit encrypts the data including the second address, reprocesses the data according to a specific algorithm, and generates the first encrypted data to generate the first encrypted data.
  • the first non-address network equipment is connected to the communication network through the 1-1 input and output unit 1-2
  • a first address is connected to a first terminal having a first address set through an input / output unit
  • a first security unit is connected between the first-first input-output unit and the first-second input / output unit
  • the second non-address network device receives the second-first input.
  • a second terminal connected to the communication network through a second terminal and having a second address set through a second input / output unit, and a second security unit is connected between the second input / output unit and the second input / output unit.
  • a communication security method using a non-address network device of a security system comprising: (a) the second terminal generating data including the first address and performing the second non-transmission through the second-2 input / output unit; The step of transmitting the-less network devices; (b) in the second non-address network device, the second security unit encrypts the data including the first address, reprocesses the data according to a specific algorithm, and generates second encrypted data to generate the second encrypted data.
  • the present invention it is not necessary to set an IP address or an account on the network equipment connected to each terminal, and it is possible to prevent hacking, eavesdropping, and eavesdropping of terminals communicating through various dedicated or public networks.
  • hackers cannot access terminals connected to non-addressed network equipment without IP addresses or accounts, and cannot leak eavesdropping, eavesdropping, and secrecy over private and public networks.
  • network communication between non-addressed network devices without an IP address and an account connected to a transmitting terminal or a receiving terminal has an advantage of generating a kind of virtual private network.
  • FIG. 1 is a view showing the basic concept of a communication security system using a non-address network equipment according to an embodiment of the present invention.
  • Figure 2 is a schematic diagram showing the overall configuration of a communication security system using a non-address network equipment according to an embodiment of the present invention.
  • FIG. 3 is a diagram illustrating an example of transmitting data between terminals using non-address network equipment according to an embodiment of the present invention.
  • FIG. 4 is a diagram illustrating an example of preventing hacking of a terminal using non-address network equipment according to an embodiment of the present invention.
  • FIG. 5 is a flowchart illustrating a communication security method using a non-address network device according to an embodiment of the present invention.
  • FIG. 6 is a flowchart illustrating a communication security method using a non-address network equipment of a communication security system according to an embodiment of the present invention.
  • FIG. 7 is a flowchart illustrating a communication security method using a non-address network equipment of a communication security system according to an embodiment of the present invention.
  • portion When a portion is referred to as being “above” another portion, it may be just above the other portion or may be accompanied by another portion in between. In contrast, when a part is mentioned as “directly above” another part, no other part is involved between them.
  • first, second, and third are used to describe various parts, components, regions, layers, and / or sections, but are not limited to these. These terms are only used to distinguish one part, component, region, layer or section from another part, component, region, layer or section. Accordingly, the first portion, component, region, layer or section described below may be referred to as the second portion, component, region, layer or section without departing from the scope of the invention.
  • FIG. 1 is a view showing the basic concept of a communication security system using a non-address network equipment according to an embodiment of the present invention.
  • a terminal 110 is basically connected to a communication network 130 through a non-address network equipment 120. Include the connected configuration.
  • the terminal 110 is a communication terminal for transmitting or receiving data to the communication network 130, and includes a wired or wireless communication terminal.
  • the terminal 110 may be a PC, a notebook computer, a VoIP phone, a fax, a mobile phone, or the like.
  • the non-address network device 120 refers to a network device that does not have an IP address or MAC address required for communication for transmitting and receiving data, or does not require an account.
  • the non-address network equipment 120 includes a first input / output unit (Input / Output 1) 122, a second input / output unit (Input / Output 2) 124, and a security unit 135. It is connected to the communication network 130 through the 122, and is connected to the terminal 110 through the second input and output unit 124.
  • the first input / output unit 122 and the second input / output unit 124 may be a network card, for example, a local area network (LAN) card or the like.
  • the security unit 125 When the security unit 125 receives data from the communication network 130 through the first input / output unit 122, the security unit 125 encrypts and outputs the encrypted data to the terminal 110 through the second input / output unit 124 and from the terminal 110. When data is received through the second input / output unit 124, the data is encrypted and output to the communication network 130 through the first input / output unit 122 as encrypted data.
  • the security unit 125 when the security unit 125 receives encrypted data from the communication network 130 through the first input / output unit 122, the security unit 125 generates data by decrypting and outputs the data to the terminal 110 through the second input / output unit 124.
  • the communication network 130 may include a dedicated network or a public network, and may include a wired network such as the Internet or a PSTN, and a wireless network such as Zigbee and Bluetooth.
  • Figure 2 is a schematic diagram showing the overall configuration of a communication security system using a non-address network equipment according to an embodiment of the present invention.
  • the first non-address network equipment 210 is connected to the first terminal 112, the communication network 130
  • the second non-address network equipment 220 is connected to the second terminal 114, and is connected to the communication network 130.
  • the first terminal 112 is set to the first address
  • the second terminal 114 is set to the second address
  • the first terminal 112 and the second terminal 114 are set to different accounts, respectively Can be.
  • communication between the first non-address network device 210 and the second non-address network device 220 may have an effect such as communication through a virtual private network.
  • the first terminal 112 receives data including the first address from the communication network 130 or generates data including the second address and transmits the data to the communication network 130.
  • the first terminal 112 generates data including a second address for transmission to the second terminal 114 and transmits the data to the communication network 130 or from the second terminal 114 to the first terminal 112. Receiving data from the communication network 130 including the first address sent toward the.
  • the data transmitted between the first terminal 112 and the second terminal 114 may include a header including a source address, a destination address, an identifier, and the like. It may be configured in the form of a payload (Payroad) including.
  • the second terminal 114 generates data including the first address and transmits the data to the communication network 130 or receives data including the second address from the communication network 130. That is, the second terminal 114 generates the data including the first address and transmits the data to the communication network 130 to transmit the data to the first terminal 112, or the second terminal 114 transmits the data to the second terminal ( It is to receive data from the communication network 130 including the second address sent to the 114.
  • the first non-address network device 210 and the second non-address network device 220 are respectively configured to operate the first security unit 215 without an IP address and an account set, that is, without an address and an account. And the operation of the second security unit 225.
  • first non-address network equipment 210 and the second non-address network equipment 220 operate like a dummy hub device, and security-related functions are not only hardware but also software. Can be configured.
  • the first non-address network equipment 210 includes a 1-1 input / output unit 211, a 1-2 input / output unit 212, and a first security unit 215.
  • One side of the 1-1 input / output unit 211 is connected to the 1-2 input / output unit 212 through the first security unit 215, and the other side is connected to the communication network 130.
  • One side of the second input / output unit 212 is connected to the first terminal 112, and the other side thereof is connected to the first-first input / output unit 211 through the first security unit 215.
  • the first security unit 215 encrypts the data input from the 1-1 input / output unit 211, or decrypts the encrypted data input from the 1-1 input / output unit 211 and the 1-2 input / output unit 212. Encrypts data input from
  • the second non-address network equipment 220 includes a 2-1 input / output unit 221, a 2-2 input / output unit 222, and a second security unit 225.
  • One side of the second input / output unit 221 is connected to the communication network 130, and the other side of the second input / output unit 221 is connected to the second input / output unit 222 through the second security unit 225.
  • One side of the second input / output unit 222 is connected to the second input / output unit 221 through the second security unit 225, and the other side is connected to the second terminal 114.
  • the second security unit 225 decrypts the encrypted data input from the 2-1 input / output unit 221, or encrypts the data input from the 2-1 input / output unit 221, and the 2-2 input / output unit 222. Encrypts data input from
  • connection between the 1-1 input / output unit 211 and the 1-2 input / output unit 212 and the connection between the 2-1 input / output unit 221 and the 2-2 input / output unit 222 are respectively bridged. (Bridge) can be connected.
  • the first security unit 215 is included in the 1-1 input / output unit 211 or the 1-2 input / output unit 212, as shown in FIG. 2, or as shown in FIG. 2.
  • the first non-address network equipment 210 may be included separately from the first input / output unit 211 and the second input / output unit 212.
  • the second security unit 225 is included in the 2-1 input / output unit 221 or the 2-2 input / output unit 222, or the 2-1 input / output unit 221 and
  • the second non-address network equipment 220 may be included separately from the second input / output unit 222.
  • the first security unit 215 encrypts a specific portion of the first data inputted from the first terminal 112 through the 1-2 input / output unit 212 and uses the first encrypted data reprocessed according to a specific algorithm. It generates and outputs to the communication network 130 through the first-first input-output unit 211.
  • the second security unit 225 encrypts a specific portion of the second data inputted from the second terminal 114 through the second-2 input / output unit 222 and reprocesses the second portion 114 with the second encrypted data according to a specific algorithm. It generates and outputs it to the communication network 130 through the 2-1 input and output unit 221.
  • the first-first input / output unit 211 and the second-first input / output unit 221 connected to the communication network 130 have a promiscuous mode for receiving all data transmitted through the communication network 130. mode).
  • the first-first input / output unit 211 and the second-first input / output unit 221 receive all data including data received from the communication network 130 and encrypted data, respectively. Transfers to security unit 215 and second security unit 225.
  • the first security unit 215 decrypts the input second encrypted data and reprocesses the second encrypted data according to a specific algorithm.
  • 2 data is output to the first terminal 112 through the 1-2 input / output unit 212. That is, the second data transmitted from the second terminal 114 is generated as the second encrypted data through the second non-address network device 220 to the first non-address network device 210 via the communication network 130.
  • the second non-address network device 210 decrypts the second encrypted data through the first security unit 215, generates the second data, and transmits the second data to the first terminal 112. Is transmitted to the first terminal 112 in a secure manner.
  • the second security unit 225 decrypts the input first encrypted data and reprocesses the data according to a specific algorithm. 1 data is output to the second terminal 114 through the second input / output unit 222. That is, the first data transmitted from the first terminal 112 is generated as first encrypted data through the first non-address network device 210 to the second non-address network device 220 via the communication network 130. And the first non-address network device 220 decrypts the first encrypted data through the second security unit 225, generates the first data, and transmits the first data to the second terminal 114. Is transmitted to the second terminal 114 in a secure manner.
  • the first non-address network equipment 210 when transmitting data between the first terminal 112 and the second terminal 114, the first terminal 112, as shown in Figure 3, the first non-address network equipment 210
  • the first terminal 112 and the first non-address network are connected to the communication network 130 and the second terminal 114 is connected to the communication network 130 through the second non-address network equipment 220.
  • the device 210 is transmitted as data, and the first non-address network device 210 and the second non-address network device 220 are transmitted as encrypted data through the communication network 130, the second terminal 114 And the second non-address network equipment 220 are transmitted as data.
  • FIG. 3 is a diagram illustrating an example of transmitting data between terminals using non-address network equipment according to an embodiment of the present invention.
  • the first terminal 112 and the second terminal 114 recognize only data and transmit or receive data, and do not process encrypted data because they are not recognized.
  • the first security unit 215 encrypts the data inputted from the communication network 130 through the first-first input-output unit 211 and reprocesses the second input-output unit 212 with encrypted data reprocessed according to a specific algorithm. Output to the first terminal 112 through. That is, when the data is hacked data, the first security unit 215 generates the hacked data as encrypted data and transmits the hacked data to the first terminal 112, so that the first terminal 112 does not recognize the encrypted data and processes the data. Will not execute. Therefore, the hacking operation on the first terminal 112 is not performed.
  • the second security unit 225 encrypts the input data and re-processes the encrypted data according to a specific algorithm. Output to the second terminal 114 through the input and output unit 222. That is, when the data is hacked data, the second security unit 225 generates the hacked data as encrypted data and transmits the hacked data to the second terminal 114, so that the second terminal 114 does not recognize the encrypted data and processes the data. Will not execute. Therefore, the hacking operation on the second terminal 114 is not performed.
  • the hacker terminal 116 attempts to hack the first terminal 112 and the second terminal 114
  • the first terminal 112 as shown in FIG. Is connected to the communication network 130 through the first non-address network equipment 210
  • the second terminal 114 is connected to the communication network 130 through the second non-address network equipment 220
  • hacker terminal Although the data or hacker data transmitted from 116 to the communication network 130 is transmitted between the first non-address network device 210 and the second non-address network device 220 as data or hacked data through the communication network 130, Since the first non-address network equipment 210 is transmitted as encrypted data from the second non-address network equipment 220 to the second terminal 114, the first terminal ( 112 and the second terminal 114 is encrypted data The system does not recognize.
  • FIG. 4 is a diagram illustrating an example of preventing hacking of a terminal using non-address network equipment according to an embodiment of the present invention.
  • the first terminal 112 and the second terminal 114 since the first terminal 112 and the second terminal 114 recognize and transmit only the data and do not recognize the encrypted data, the first terminal 112 and the second terminal 114 perform a hacking operation. This will not run.
  • the first terminal 112 with the first address when the first terminal 112 with the first address is set transmits data to the second terminal 114 with the second address, the first terminal 112 has a second address as a destination.
  • the included data is generated and transmitted to the first non-address network device 210.
  • the 1-2 input / output unit 212 receives data including the second address and transmits the data to the first security unit 215, and the first security unit 215 may include the first security unit 215.
  • the data including the two addresses are encrypted and reprocessed according to a specific algorithm to generate first encrypted data, and transmitted to the communication network 130 through the first-first input-output unit 211.
  • the second non-address network device 22 receives the first encrypted data from the communication network 130 and transmits the first encrypted data to the second security unit 225 through the 2-1 input / output unit 221.
  • the second security unit 225 decrypts the first encrypted data and reprocesses it according to a specific algorithm to generate data including the second address, and transmits the data to the second terminal 114 through the second-2 input / output unit 222. To pass.
  • the data including the second address from the first terminal 112 is securely transmitted to the second terminal 114.
  • the second terminal 114 when data is transmitted from the second terminal 114 with the second address set to the first terminal 112 with the first address set, the second terminal 114 is the first address as the destination address. Generates the data containing the and delivers the data to the second non-address network equipment 220.
  • the second non-address network device 220 receives the data including the first address from the second input / output unit 222 from the second terminal 114 and transmits the data to the second security unit 225.
  • the second security unit 225 encrypts the data including the first address, reprocesses the data according to a specific algorithm, generates the second encrypted data, and transmits the second encrypted data to the communication network 130 through the 2-1 input / output unit 221. .
  • the 1-1 input / output unit 211 receives the second encrypted data from the communication network 130 and transmits it to the first security unit 215. do.
  • the first security unit 215 decrypts the second encrypted data and reprocesses the data according to a specific algorithm to generate data including the first address, and transmits the data to the first terminal 112 through the 1-2 input / output unit 212. To pass.
  • the first terminal 112 safely receives data including the first address transmitted from the second terminal 114.
  • the first-first input / output unit 211 receives data or hacked data transmitted from another terminal or a hacker terminal from the communication network 130, and thus, the first non-address network equipment 210 receives the first data. Transfer to security unit 215.
  • the first security unit 215 encrypts the data or the hacked data transmitted from the 1-1 input / output unit 211 and generates the encrypted data according to a specific algorithm to generate the first data through the 1-2 input / output unit 212. Transfer to the terminal 112.
  • the first terminal 112 does not recognize the encrypted data transmitted from the 1-2 input / output unit 212 to process a data recognition error, or does not process the encrypted data so that the hacking operation is not performed.
  • the hacking data transmitted from another terminal or a hacker terminal not connected to the non-address network equipment 210 may be transmitted to the second terminal 114.
  • the 2-1 input / output unit 221 receives data or hacked data transmitted from another terminal or a hacker terminal from the communication network 130, and the second security unit ( 225).
  • the second security unit 225 encrypts the data or the hacked data received from the 2-1 input / output unit 221 and generates the encrypted data according to a specific algorithm to generate the second data through the 2-2 input / output unit 222. Transfer to terminal 114.
  • the second terminal 114 does not recognize the encrypted data transmitted from the second-2 input / output unit 222 and processes it as a data recognition error, or does not process the encrypted data so that the hacking operation is not performed.
  • FIG. 5 is a flowchart illustrating a communication security method using a non-address network device according to an embodiment of the present invention.
  • the security unit 125 receives data from the terminal 110 through the second input / output unit 124 (S510).
  • the encrypted data is generated as encrypted data and output to the communication network 130 through the first input / output unit 122.
  • the security unit 125 receives the encrypted data from the communication network 130 through the first input / output unit 122 (S530), the security unit 125 decrypts the generated data to generate the data through the second input / output unit 124. In step S540).
  • the security unit 125 receives data from the communication network 130 through the first input / output unit 122 (S550), it is encrypted to the terminal 110 through the second input / output unit 124 as encrypted data.
  • Output (S560).
  • the terminal 110 may not recognize the encrypted data input from the non-address network device 120 to process a data recognition error or may delete the encrypted data.
  • FIG. 6 is a flowchart illustrating a communication security method using a non-address network equipment of a communication security system according to an embodiment of the present invention. That is, FIG. 6 is a flowchart illustrating a process of transmitting data from the first terminal 112 to the second terminal 114.
  • the first terminal 112 in the communication security system 200 according to an exemplary embodiment of the present invention, the first terminal 112 generates data including a second address to generate the 1-2 input / output unit 212.
  • the first non-address network equipment 210 Through the first non-address network equipment 210 through (S610).
  • the first security unit 215 encrypts the data including the second address, reprocesses the data according to a specific algorithm, and generates the first encrypted data. It is transmitted to the communication network 130 through the (S620).
  • the 2-1 input / output unit 221 receives the first encrypted data from the communication network 130 and transmits the first encrypted data to the second security unit 225 (S630).
  • the second security unit 225 decrypts the first encrypted data and reprocesses it according to a specific algorithm to generate data including the second address, and transmits the data to the second terminal 114 through the second-2 input / output unit 222. Transfer (S640).
  • the data transmitted from the first terminal 112 is safely received by the second terminal 114.
  • FIG. 7 is a flowchart illustrating a communication security method using a non-address network equipment of a communication security system according to an embodiment of the present invention. That is, FIG. 7 is a flowchart illustrating a process in which the first terminal 112 receives data transmitted from the second terminal 114 as data is transmitted from the second terminal 114 to the first terminal 112.
  • the second terminal 114 in the communication security system 200 according to an exemplary embodiment of the present invention, the second terminal 114 generates data including the first address to generate the second-2 input / output unit 222. It transmits to the second non-address network equipment 220 through (S710).
  • the second security unit 225 encrypts the data including the first address, reprocesses the data according to a specific algorithm, and generates the second encrypted data to generate the second-1 input / output unit 221. It is transmitted to the communication network 130 through the (S720).
  • the 1-1 input / output unit 211 receives the second encrypted data from the communication network 130 and transmits the second encrypted data to the first security unit 215 (S730).
  • the first security unit 215 decrypts the second encrypted data and reprocesses the data according to a specific algorithm to generate data including the first address, and transmits the data to the first terminal 112 through the 1-2 input / output unit 212. Transfer (S740).
  • the first terminal 112 is to receive the data transmitted from the second terminal 114 safely.
  • the security of data transmission is maintained by blocking hacking, eavesdropping, and eavesdropping of terminals transmitting and receiving data through various dedicated and public networks by using non-addressed network equipment without an IP address or account.
  • a communication security system and method using a non-address network device can be realized to prevent hacking, eavesdropping, and eavesdropping.
  • the present invention uses a non-address network equipment, which can be blocked using a non-address network equipment without an IP address or account for hacking, eavesdropping and interception of terminals transmitting and receiving data through a communication network. Applicable to communication security systems and methods.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)

Abstract

L'invention concerne un système et procédé de sécurité des communications utilisant un équipement de réseau non adressé, le système et le procédé utilisant un équipement de réseau non adressé dépourvu d'adresse IP et de compte de façon à permettre de bloquer le piratage ou l'écoute et la surveillance de terminaux servant à émettre et à recevoir des données via divers types de réseaux privés et de réseaux publics. Le procédé de sécurité des communications décrit, utilisant un équipement de réseau non adressé, qui permet à un réseau de communications d'être connecté via une première unité d'entrée/sortie, permet à un terminal d'être connecté via une deuxième unité d'entrée/sortie, et permet à une unité de sécurité d'être connectée entre la première unité d'entrée/sortie et la deuxième unité d'entrée/sortie, comporte les étapes consistant à: (a) permettre à l'unité de sécurité de chiffrer des données, de générer des données chiffrées et d'envoyer les données chiffrées au réseau de communication, lorsque les données sont reçues en provenance du terminal; (b) permettre à l'unité de sécurité de déchiffrer des données chiffrées, de générer des données déchiffrées, et de transférer les données déchiffrées au terminal, lorsque les données chiffrées sont reçues en provenance du réseau de communication; et permettre à l'unité de sécurité de chiffrer des données et de transférer les données chiffrées au terminal, lorsque les données sont reçues en provenance du réseau de communication. Selon la présente invention, la sécurité de l'émission de données peut être maintenue, et le piratage ou l'écoute et la surveillance peuvent être empêchés.
PCT/KR2015/012715 2015-11-24 2015-11-25 Système et procédé de sécurité des communications utilisant un équipement de réseau non adressé Ceased WO2017090789A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2015-0164630 2015-11-24
KR1020150164630 2015-11-24

Publications (1)

Publication Number Publication Date
WO2017090789A1 true WO2017090789A1 (fr) 2017-06-01

Family

ID=58763383

Family Applications (4)

Application Number Title Priority Date Filing Date
PCT/KR2015/012715 Ceased WO2017090789A1 (fr) 2015-11-24 2015-11-25 Système et procédé de sécurité des communications utilisant un équipement de réseau non adressé
PCT/KR2016/013600 Ceased WO2017090996A1 (fr) 2015-11-24 2016-11-24 Système et procédé de codage et de décodage de données
PCT/KR2016/013613 Ceased WO2017091002A1 (fr) 2015-11-24 2016-11-24 Système et procédé de codage et décodage de données
PCT/KR2016/013609 Ceased WO2017091000A1 (fr) 2015-11-24 2016-11-24 Système et procédé de codage et de décodage de données

Family Applications After (3)

Application Number Title Priority Date Filing Date
PCT/KR2016/013600 Ceased WO2017090996A1 (fr) 2015-11-24 2016-11-24 Système et procédé de codage et de décodage de données
PCT/KR2016/013613 Ceased WO2017091002A1 (fr) 2015-11-24 2016-11-24 Système et procédé de codage et décodage de données
PCT/KR2016/013609 Ceased WO2017091000A1 (fr) 2015-11-24 2016-11-24 Système et procédé de codage et de décodage de données

Country Status (1)

Country Link
WO (4) WO2017090789A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20000000185A (ko) * 1999-09-29 2000-01-15 최명렬 네트워크 주소 변환(nat) 기능을 이용한 주소 절약형인터넷 접속 및 가상 사설망(vpn) 구성 방법
US6240513B1 (en) * 1997-01-03 2001-05-29 Fortress Technologies, Inc. Network security device
KR100580844B1 (ko) * 2003-12-17 2006-05-16 한국전자통신연구원 무선 랜(lan) 시스템에서의 데이터 보안 및 운용장치와 그 방법
US7100048B1 (en) * 2000-01-25 2006-08-29 Space Micro Inc. Encrypted internet and intranet communication device
US20080313255A1 (en) * 2005-02-15 2008-12-18 David Geltner Methods and apparatus for machine-to-machine communications

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6067620A (en) * 1996-07-30 2000-05-23 Holden; James M. Stand alone security device for computer networks
US6430691B1 (en) * 1999-06-21 2002-08-06 Copytele, Inc. Stand-alone telecommunications security device
US7983419B2 (en) * 2001-08-09 2011-07-19 Trimble Navigation Limited Wireless device to network server encryption
US7716725B2 (en) * 2002-09-20 2010-05-11 Fortinet, Inc. Firewall interface configuration and processes to enable bi-directional VoIP traversal communications
US7711948B2 (en) * 2003-09-30 2010-05-04 Cisco Technology, Inc. Method and apparatus of communicating security/encryption information to a physical layer transceiver
US8583929B2 (en) * 2006-05-26 2013-11-12 Alcatel Lucent Encryption method for secure packet transmission
GB2509709A (en) * 2013-01-09 2014-07-16 Ibm Transparent encryption/decryption gateway for cloud storage services
US9326144B2 (en) * 2013-02-21 2016-04-26 Fortinet, Inc. Restricting broadcast and multicast traffic in a wireless network to a VLAN

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6240513B1 (en) * 1997-01-03 2001-05-29 Fortress Technologies, Inc. Network security device
KR20000000185A (ko) * 1999-09-29 2000-01-15 최명렬 네트워크 주소 변환(nat) 기능을 이용한 주소 절약형인터넷 접속 및 가상 사설망(vpn) 구성 방법
US7100048B1 (en) * 2000-01-25 2006-08-29 Space Micro Inc. Encrypted internet and intranet communication device
KR100580844B1 (ko) * 2003-12-17 2006-05-16 한국전자통신연구원 무선 랜(lan) 시스템에서의 데이터 보안 및 운용장치와 그 방법
US20080313255A1 (en) * 2005-02-15 2008-12-18 David Geltner Methods and apparatus for machine-to-machine communications

Also Published As

Publication number Publication date
WO2017091000A1 (fr) 2017-06-01
WO2017090996A1 (fr) 2017-06-01
WO2017091002A1 (fr) 2017-06-01

Similar Documents

Publication Publication Date Title
WO2021095998A1 (fr) Procédé et système informatiques sécurisés
WO2016137304A1 (fr) Sécurité de bout en bout sur la base de zone de confiance
WO2015147547A1 (fr) Procédé et appareil permettant la prise en charge de l'ouverture de session au moyen d'un terminal d'utilisateur
WO2012093900A2 (fr) Procédé et dispositif pour authentifier une entité de réseau personnel
WO2016021981A1 (fr) Système et procédé de gestion de compteur et de mise à jour de clé de sécurité pour communication de groupe de dispositif à dispositif
WO2018151390A1 (fr) Dispositif de l'internet des objets
EP3213486A1 (fr) Procédé de réalisation de communication de dispositif à dispositif entre des équipements utilisateur
WO2014063455A1 (fr) Procédé et système de messagerie instantanée
WO2018139910A1 (fr) Procédé pour fournir une sécurité de bout en bout sur un plan de signalisation dans un système de communication de données critiques de mission
WO2020067734A1 (fr) Équipement réseau sans adresse et système de sécurité de communication l'utilisant
WO2012044072A2 (fr) Procédé d'attribution de clé utilisateur dans un réseau convergent
WO2018000674A1 (fr) Procédé de connexion réseau, dispositif de connexion réseau et terminal
WO2020027632A1 (fr) Procédé et système de protection d'intégrité de messages de signalisation de plan utilisateur dans un réseau sans fil
WO2019132270A1 (fr) Procédé de communication sécurisé dans un environnement nfv et système associé
WO2022245109A1 (fr) Procédé et dispositif pour réaliser une télémétrie de sécurité à bande ultralarge
WO2024071535A1 (fr) Système et procédé de service de passerelle de contrôle d'accès à une base de données basé sur saas
WO2023008940A1 (fr) Procédé et système de gestion sécurisée de reconnexion de dispositifs clients à un réseau sans fil
US7644289B2 (en) Modular cryptographic device providing enhanced communication control features and related methods
KR101784240B1 (ko) 넌어드레스 네트워크 장비를 이용한 통신 보안 시스템 및 방법
WO2018056582A1 (fr) Procédé d'inspection de paquet à l'aide d'une communication ssl
WO2021020918A1 (fr) Procédé de production d'un réseau interne logique, et terminal mobile et application pour la mise en œuvre d'un tel réseau
WO2017090789A1 (fr) Système et procédé de sécurité des communications utilisant un équipement de réseau non adressé
WO2015053602A1 (fr) Procédé et système pour prendre en charge des informations associées à la sécurité pour un service basé sur la proximité dans un environnement de système de communication mobile
WO2025105549A1 (fr) Procédé et appareil de gestion de sécurité utilisant un module de sécurité matériel
WO2019182219A1 (fr) Système de réseau de confiance basé sur une chaîne de blocs

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15909338

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 11/10/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 15909338

Country of ref document: EP

Kind code of ref document: A1