Dynamic security module server device and method of operating same

US 10,867,048 B2
Filed: 09/12/2017
Issued: 12/15/2020
Est. Priority Date: 03/13/2015
Status: Active Grant

First Claim

Patent Images

1. A dynamic security module server device comprising:

a transmitter to transmit a dynamic security module to a user terminal over a network;

a receiver to receive a security management event from the user terminal over the network; and

a processor configured to;

create a security session with a security client of the user terminal;

designate a first set of parameters for the dynamic security module to be used during the security session;

change a code of the dynamic security module based on the first set of parameters;

transmit, to the security client of the user terminal, the dynamic security module to be used during the security session;

store the first set of parameters for the dynamic security module transmitted to the security client while the security session is being maintained;

receive the security management event from the user terminal, wherein the security management event includes a second set of parameters of the dynamic security module that is running on the security client of the user terminal;

verify whether the second set of parameters of the dynamic security module that is running on the security client of the user terminal match with the first set of parameters that are stored for the security session; and

in response to detecting that the second set of parameters is different from the first set of parameters, cause the user terminal to stop running of an application program,wherein the first and second sets of parameters include at least one of a function name, a variable that designates an algorithm to be executed, a protocol field, a variable that designates a protocol sequence, a variable that designates a compile level, or a variable that designates an executable code obfuscation method, andwherein the security session has a predetermined valid period after which part or all of the code of the dynamic security module is changed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are a dynamic security module server device for transmitting a dynamic security module to a user terminal and receiving a security management event from the user terminal, and a method of operating the dynamic security module server device. The dynamic security module server device includes a communication unit configured to transmit and receive a security management event over a network, and a processor configured to control the communication unit. The processor is configured to create a security session with the security client of a user terminal, and to transmit a dynamic security module to the security client of the user terminal so that part or all of code performing security management in the security client of the user terminal in which the security session has been created has a predetermined valid period.

Citations

17 Claims

1. A dynamic security module server device comprising:
- a transmitter to transmit a dynamic security module to a user terminal over a network;
  
  a receiver to receive a security management event from the user terminal over the network; and
  
  a processor configured to;
  
  create a security session with a security client of the user terminal;
  
  designate a first set of parameters for the dynamic security module to be used during the security session;
  
  change a code of the dynamic security module based on the first set of parameters;
  
  transmit, to the security client of the user terminal, the dynamic security module to be used during the security session;
  
  store the first set of parameters for the dynamic security module transmitted to the security client while the security session is being maintained;
  
  receive the security management event from the user terminal, wherein the security management event includes a second set of parameters of the dynamic security module that is running on the security client of the user terminal;
  
  verify whether the second set of parameters of the dynamic security module that is running on the security client of the user terminal match with the first set of parameters that are stored for the security session; and
  
  in response to detecting that the second set of parameters is different from the first set of parameters, cause the user terminal to stop running of an application program,wherein the first and second sets of parameters include at least one of a function name, a variable that designates an algorithm to be executed, a protocol field, a variable that designates a protocol sequence, a variable that designates a compile level, or a variable that designates an executable code obfuscation method, andwherein the security session has a predetermined valid period after which part or all of the code of the dynamic security module is changed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The dynamic security module server device of claim 1, wherein the processor is further configured to:
    - receive security management results from the dynamic security module transmitted to the security client;
      
      examine the received security management results; and
      
      transmit a security management examination result to the dynamic security module of the security client.
  - 3. The dynamic security module server device of claim 2, wherein the security management examination result comprises details of the security management that has been performed by the dynamic security module in the user terminal.
  - 4. The dynamic security module server device of claim 1, wherein the processor is further configured to transmit a stop command to stop running of the application program of the user terminal to the dynamic security module of the security client when a security problem has occurred in the user terminal other than expiration of the predetermined valid period.
  - 5. The dynamic security module server device of claim 1, wherein the processor is configured to create the security session by generating and storing a session ID as a security session ID and then transmitting the session ID to the security client so that the security client stores the session ID.
  - 6. The dynamic security module server device of claim 5, further comprising a storage configured to store the dynamic security module to be transmitted to the security client of the user terminal, the session ID to be used as the security session ID, and the first set of parameters of the dynamic security module.
  - 7. The dynamic security module server device of claim 1, wherein the security session is created with the security client of the user terminal which has been authenticated.
  - 8. The dynamic security module server device of claim 1, wherein use of the part or all of the code is blocked when the predetermined valid period expires.
  - 9. The dynamic security module server device of claim 1, wherein the processor is further configured to transmit a verification token proving that the dynamic security module has normally operated to an application program management server of the user terminal.
  - 10. The dynamic security module server device of claim 1, wherein the part or all of the code is deleted when the predetermined valid period expires.

11. A method of operating a dynamic security module server device, the method comprising:
- creating, with a processor, a security session with a security client of a user terminal;
  
  designating, by the processor, a first set of parameters for a dynamic security module to be used during the security session;
  
  changing, by the processor, a code of the dynamic security module based on the first set of parameters;
  
  transmitting, to the security client of the user terminal, the dynamic security module to be used during the security session;
  
  storing, by the processor, the first set of parameters for the dynamic security module transmitted to the security client while the security session is being maintained;
  
  receiving, from the user terminal, a security management event, wherein the security management event includes a second set of parameters of the dynamic security module that is running on the security client of the user terminal;
  
  verifying, by the processor, whether the second set of parameters of the dynamic security module that is running on the security client of the user terminal match with the first set of parameters that are stored for the security session; and
  
  in response to detecting that the second set of parameters is different from the first set of parameters, causing the user terminal to stop running of an application program,wherein the first and second sets of parameters include at least one of a function name, a variable that designates an algorithm to be executed, a protocol field, a variable that designates a protocol sequence, a variable that designates a compile level, or a variable that designates an executable code obfuscation method, andwherein the security session has a predetermined valid period after which part or all of the code of the dynamic security module is changed.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, further comprising:
    - receiving by the processor security management results from the dynamic security module transmitted to the security client;
      
      examining by the processor the received security management results; and
      
      transmitting by the processor a security management examination result to the dynamic security module of the security client.
  - 13. The method of claim 12, wherein the security management examination result value comprises details of the security management that has been performed by the dynamic security module in the terminal device.
  - 14. The method of claim 11, further comprising transmitting by the processor a stop command to stop running of the application program of the user terminal to the dynamic security module of the security client when a security problem has occurred in the user terminal other than expiration of the predetermined valid period.
  - 15. The method of claim 11, wherein the security session is created by generating and storing a session ID as a security session ID and then transmitting the session ID to the security client so that the security client stores the session ID.
  - 16. The method of claim 11, further comprising deleting by the processor the part or all of the code when the predetermined valid period expires.
  - 17. The method of claim 11, further comprising blocking by the processor use of the part or all of the code when the predetermined valid period expires.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EverSpin Corp.
Original Assignee
EverSpin Corp.
Inventors
Ha, Young Bin
Primary Examiner(s)
Li, Meng

Application Number

US15/701,726
Publication Number

US 20180007082A1
Time in Patent Office

1,190 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/50   Monitoring users, programs ...

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/14   Session management for real...

H04L 67/141   Setup of application sessio...

H04L 67/146   Markers for unambiguous ide...

Dynamic security module server device and method of operating same

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic security module server device and method of operating same

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links