KR101429877B1 - L2/L3 switch system having a function of security module updating - Google Patents

L2/L3 switch system having a function of security module updating Download PDF

Info

Publication number
KR101429877B1
KR101429877B1 KR1020130126746A KR20130126746A KR101429877B1 KR 101429877 B1 KR101429877 B1 KR 101429877B1 KR 1020130126746 A KR1020130126746 A KR 1020130126746A KR 20130126746 A KR20130126746 A KR 20130126746A KR 101429877 B1 KR101429877 B1 KR 101429877B1
Authority
KR
South Korea
Prior art keywords
security module
update
security
module
switch system
Prior art date
Application number
KR1020130126746A
Other languages
Korean (ko)
Inventor
최보경
Original Assignee
주식회사 다산네트웍스
(주) 파이어넷
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 다산네트웍스, (주) 파이어넷 filed Critical 주식회사 다산네트웍스
Priority to KR1020130126746A priority Critical patent/KR101429877B1/en
Application granted granted Critical
Publication of KR101429877B1 publication Critical patent/KR101429877B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Abstract

The present invention relates to a L2/L3 switch system having a security module updating function. The present invention can improve convenience for a user by automatically updating a security module if a security server detects update information without inconvenience of manually updating the security module of the L2 / L3 switch system.

Description

An L2 / L3 switch system having a security module update function has a function of updating a security module,

The present invention relates to an L2 / L3 switch, and more particularly to an L2 / L3 switch system having a security module update function.

Korean Patent Laid-Open No. 10-2011-0117947 (Oct. 28, 2011) discloses that the conventional L2 / L3 switch system does not have an update function for the security module, so that the user must manually update the security module manually There was.

 Accordingly, the present inventors have developed a security module update function that can improve user convenience by automatically updating a security module when update information is detected from a security server without the inconvenience of a user manually updating the security module, L3 switch system.

Korean Patent Publication No. 10-2011-0117947 (October 28, 2011)

It is an object of the present invention to provide a security module update function which is implemented to automatically update a security module when update information is detected from a security server without the inconvenience of a user manually updating the security module, / L3 switch system.

According to an aspect of the present invention, there is provided an L2 / L3 switch system having a security module update function, including: a security module for detecting an abnormality of traffic data transmitted and received using sampling data; A traffic sampling engine for extracting sampling data for detecting an anomaly from traffic data to be transmitted and received, and a system on a chip (SoC) module including a packet forwarding engine for relaying traffic data transmitted and received and; Controlling the operation of the security module and the traffic sampling engine to be off when update information is detected from the security server, controlling the packet forwarding engine operation to keep on, An O / S kernel module for controlling the update of the security module using updated update data; And the like.

According to a further aspect of the present invention, there is provided an update engine, wherein the switch SoC module receives update data from a security server and updates the security module by reflecting the update data to the security module under the control of the O / S kernel module; And further comprising:

According to a further aspect of the present invention, when the O / S kernel module detects update information from the security server, it releases the memory allocation of the security module and reassigns the security module to the memory after the security module update is completed .

According to a further aspect of the present invention, after the security module update of the O / S kernel module is completed, the security module operation and the traffic sampling engine operation are controlled to be on.

According to a further aspect of the present invention, the update engine detects update information by monitoring an update notification from a security server or a security module version of a security server, and reports the update information to the O / S kernel module.

The present invention has the effect of improving user convenience by automatically updating the security module when update information is detected from the security server without the inconvenience of the user manually updating the security module of the L2 / L3 switch system.

1 is a block diagram illustrating a configuration of an L2 / L3 switch system having a security module update function according to an embodiment of the present invention.
2 is a flowchart illustrating an example of a security module update operation of an L2 / L3 switch system having a security module update function according to the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

The terms used throughout the specification of the present invention have been defined in consideration of the functions of the embodiments of the present invention and can be sufficiently modified according to the intentions and customs of the user or operator. It should be based on the contents of.

1 is a block diagram illustrating a configuration of an L2 / L3 switch system having a security module update function according to an embodiment of the present invention. 1, an L2 / L3 switch system 100 having a security module update function according to this embodiment includes a security module 110, a switch on system (SoC) module 120, And an O / S kernel module 130.

The security module 110 detects abnormalities of traffic data transmitted and received using the sampling data. For example, the security module 110 includes a black list 111 such as an abnormal data pattern, and a security application 112 for comparing the sampled data and the abnormal data pattern to determine whether the traffic data is abnormal .

The switch SoC module 120 extracts sampling data for detecting abnormality of traffic data, performs packet forwarding for relaying traffic data transmitted and received, and includes a traffic sampling engine 121, a packet forwarding And a packet forwarding engine 122.

The traffic sampling engine 121 extracts sampling data for detecting abnormality from traffic data transmitted and received. For example, the traffic sampling engine 121 may be configured to extract sampling data of a specific data size from the traffic data transmitted and received at specific time intervals.

The packet forwarding engine 122 relays traffic data to be transmitted and received. The function of the L2 / L3 switch is to relay the transmission / reception data between communication nodes (not shown) connected to the L2 / L3 switches, and this function is performed by the packet forwarding engine 122.

The O / S kernel module 130 controls the entire L2 / L3 switch system 100. When the update information is detected from the security server 200, the O / S kernel module 130 controls the operations of the security module 110 and the traffic sampling engine 121 And the operation of the packet forwarding engine 122 is kept to be on and the security module 110 is controlled to use the update data received from the security server 200 .

When the O / S kernel module 130 detects update information from the security server 200, the O / S kernel module 130 releases the memory (not shown) of the security module 110 and updates the security module 110 And reassign the security module 110 to memory after completion.

The O / S kernel module 130 may be configured to control the operation of the security module 110 and the operation of the traffic sampling engine 121 to be on after the security module 110 is updated .

Therefore, according to the present invention, when the update information is detected from the security server, the security module is updated automatically. However, according to the present invention, a sampling data extraction function for detecting abnormalities of traffic data during updating of the security module, And the packet forwarding function for relaying the transmission / reception traffic data is maintained, so that the security module can be automatically updated without any problem.

According to a further aspect of the invention, the switch SoC module 120 may further include an update engine 123. The update engine 123 receives the update data from the security server 200 and updates the security module by reflecting the update data to the security module 110 under the control of the O / S kernel module 130. At this time, the update data may be a newly added black list 111 or a new version of the security application 112 code.

Meanwhile, the update engine 123 detects update information through the update notification from the security server 200 or the security module version of the security server 200 and reports the updated information to the O / S kernel module 130, The S kernel module 130 may be configured to detect update information.

Therefore, according to the present invention, when the update information is detected from the security server without the inconvenience of the user manually updating the security module of the L2 / L3 switch system, the security module is automatically updated through the update engine 123, .

The security module update operation of the L2 / L3 switch system having the security module update function according to the present invention as described above will be described with reference to FIG. 2 is a flowchart illustrating an example of a security module update operation of an L2 / L3 switch system having a security module update function according to the present invention.

First, in step 310, the L2 / L3 switch system detects security module update information. At this time, the L2 / L3 switch system can detect the update information through the update notification from the security server or the security module version monitoring of the security server.

If the security module update information is detected by the step 310, the L2 / L3 switch system receives update data for updating the security module from the security server in step 320. At this time, the update data may be a newly added black list or a new version of the secure application code.

Then, in step 330, the L2 / L3 switch system controls the security module operation and the traffic sampling engine operation to be off and the packet forwarding engine operation to continue to be on.

Then, in step 340, the L2 / L3 switch system updates the security module of the L2 / L3 switch system using the update data received from the security server by step 320 above.

When the security module update is completed, in step 350, the L2 / L3 switch system turns on the security module operation and the traffic sampling engine operation turned off by the step 330 on.

Therefore, according to the present invention, when the update information is detected from the security server without the inconvenience of the user manually updating the security module of the L2 / L3 switch system, the security module is automatically updated to improve user convenience Therefore, the object of the present invention can be achieved.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it will be understood by those of ordinary skill in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. .

The present invention is industrially applicable in the L2 / L3 switch technology field and its application field.

100: L2 / L3 switch system
110: Security module
111: Blacklist
112: Security Application
120: Switch SoC module
121: Traffic sampling engine
122: Packet Forwarding Engine
123: Update Engine
130: O / S kernel module
200: Security server

Claims (5)

A security module for detecting abnormalities of traffic data transmitted and received using the sampling data;
A traffic sampling engine for extracting sampling data for detecting abnormality from traffic data to be transmitted and received, and a system on a chip (SoC) module including a packet forwarding engine for relaying traffic data transmitted and received and;
Controlling the operation of the security module and the traffic sampling engine to be off when update information is detected from the security server, controlling the packet forwarding engine operation to keep on, An O / S kernel module for controlling the update of the security module using updated update data;
L3 switch system having a security module update function. The method according to claim 1,
The switch SoC module comprises:
An update engine for receiving update data from the security server and updating the security module by reflecting the update data to the security module under the control of the O / S kernel module;
L2 / L3 switch system having a security module update function. 3. The method according to claim 1 or 2,
The O / S kernel module comprises:
And when the security information is detected from the security server, releasing the memory allocation of the security module, and reassigning the security module to the memory after the security module update is completed, the L2 / L3 switch system having the security module update function. 3. The method according to claim 1 or 2,
The O / S kernel module comprises:
L3 switch system having a security module update function, after the security module update is completed, the security module operation and the traffic sampling engine operation are turned on. 3. The method of claim 2,
The update engine comprising:
And reports the update information to the O / S kernel module by notifying the update information from the security server or monitoring the security module version of the security server.
KR1020130126746A 2013-10-23 2013-10-23 L2/L3 switch system having a function of security module updating KR101429877B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130126746A KR101429877B1 (en) 2013-10-23 2013-10-23 L2/L3 switch system having a function of security module updating

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130126746A KR101429877B1 (en) 2013-10-23 2013-10-23 L2/L3 switch system having a function of security module updating

Publications (1)

Publication Number Publication Date
KR101429877B1 true KR101429877B1 (en) 2014-08-13

Family

ID=51750360

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130126746A KR101429877B1 (en) 2013-10-23 2013-10-23 L2/L3 switch system having a function of security module updating

Country Status (1)

Country Link
KR (1) KR101429877B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102370848B1 (en) * 2020-11-17 2022-03-07 주식회사 시큐브 Computer device including divided security module and method for updating security module

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100604604B1 (en) * 2004-06-21 2006-07-24 엘지엔시스(주) Method for securing system using server security solution and network security solution, and security system implementing the same
KR100750377B1 (en) * 2006-05-09 2007-08-17 한정보통신 주식회사 Network security system based system on chip and method thereof
KR100998284B1 (en) * 2009-12-31 2010-12-03 신영전자통신 주식회사 Protection switch system integrated network and security and the method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100604604B1 (en) * 2004-06-21 2006-07-24 엘지엔시스(주) Method for securing system using server security solution and network security solution, and security system implementing the same
KR100750377B1 (en) * 2006-05-09 2007-08-17 한정보통신 주식회사 Network security system based system on chip and method thereof
KR100998284B1 (en) * 2009-12-31 2010-12-03 신영전자통신 주식회사 Protection switch system integrated network and security and the method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102370848B1 (en) * 2020-11-17 2022-03-07 주식회사 시큐브 Computer device including divided security module and method for updating security module
WO2022107991A1 (en) * 2020-11-17 2022-05-27 주식회사 시큐브 Computer device including separated security module, and method for updating security module

Similar Documents

Publication Publication Date Title
US10001763B2 (en) Control device and method for controlling intelligent device
US9338862B2 (en) Techniques for remote communication with a photocontrol device
US10360362B2 (en) Apparatuses and methods for fast onboarding an internet-enabled device
EP3301856A1 (en) Router management method, router and mobile terminal
EP3200074A1 (en) Switching method, switching system and terminal for system and/or application program
CN104881306A (en) Method and apparatus for realizing automatic upgrading of wearable smart device
US10575177B2 (en) Wireless network system, terminal management device, wireless relay device, and communications method
CN105392187A (en) Instant messaging application program management method, device and mobile terminal
US20180027463A1 (en) Communication Connection Control Method, and Device
CN105471648A (en) Zigbee network system and standby assistance method therefor
US20180098286A1 (en) Power consumption control method for wearable device, and wearable device
KR101429877B1 (en) L2/L3 switch system having a function of security module updating
CN111344755A (en) Radio control of sensors
US20160274955A1 (en) Method and Device for Activating and Controlling Application in Multi-Screen System, and Mobile Terminal
WO2017051312A1 (en) A method of enabling a lock button of a mobile device with an ios operating system to be used by a user to effect an action
CN105992188A (en) Application updating method and device
JP2009267851A5 (en)
JP6100517B2 (en) Wireless telemeter system
US20170150472A1 (en) Control method and electronic device
EP3147787A1 (en) Method, device and terminal for setting system data
CN105703965A (en) Detection method and detection device for access network, and terminal
CN109495119B (en) Radio frequency switch control method, device, mobile terminal and storage medium
CN109996100B (en) Control method of intelligent remote controller, storage medium and remote controller
US20170150297A1 (en) Display device, which is equipped with a wireless interface, for the operating state of a switch device
EP3198985B1 (en) Extending coverage in an outdoor lighting system by using a mobile device and short-range wireless communications

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20170727

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20180731

Year of fee payment: 5

FPAY Annual fee payment

Payment date: 20190715

Year of fee payment: 6