KR102604270B1 - Communication encryption plug-in method and system for applications using JAVA BCI technology - Google Patents

Abstract

The present invention relates to a method and a system for plugging-in communication encryption of an application using a JAVA BCI technology, which can add, modify, and reflect an encryption method without modifying a source code of an application communicating based on TCP or UDP, the method comprising: a first step of driving a Java program installed in a terminal; a second step of activating a JavaVirtual Machine (JVM), a Java compiler, and an insertion module (Byte Code Instrumentation (BCI)) by driving the Java program, and activating a Java module having an encryption/decryption function in a class loader of the JVM; a third step of, when the application of the terminal is driven, generating a Java class by compiling the source code of the application in a Java code format and loading the Java class into a memory of the JVM (runtime data area) by the Java compiler; a fourth step of, when the Java class of the application is loaded into the memory of the JVM, inserting an encryption/decryption code into the source code of the application loaded into the memory of the JVM by the insertion module; and a fifth step of processing the application to encrypt and decrypt data transmitted to and received from another terminal according to an algorithm of the encryption/decryption code by the Java module.

Description

Communication encryption plug-in method and system for applications using JAVA BCI technology}

The present invention relates to a communication encryption plug-in method and system for an application using JAVA BCI technology that allows adding, modifying, and reflecting an encryption method without modifying the source code of an application that communicates based on TCP or UDP.

In general, applications on a terminal communicate with applications on other terminals and share data based on TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) in a communication network. In this process, the data to be communicated is required to be encrypted for security purposes, and to meet this requirement, additional data security measures are installed in the terminal.

Conventional security measures are independent applications or modules that interoperate with the application that is the subject of security data communication, so it was inevitable to modify the source code of the existing application in order to interoperate with each other. In addition, when vulnerabilities were discovered in the encryption algorithm used after the installation of security measures linked to the application, or when changes were made to apply encryption to unencrypted parts, the application's source code had to be additionally modified.

In order to modify the source code of an application, conventionally, the application was updated using a patch file. However, for these updates, the creator had to create and distribute a patch file linked to the application's source code, and the application user had to receive the patch file, install it in the application, and update it. However, as mentioned above, the update method of directly modifying the application's source code required additional work for the creator and user, and the creator who manages the application had to bear a considerable amount of time and money to maintain the application. There was a problem. In addition, the patch file provided by the manufacturer was limited to use in specific applications, so there was a problem of low versatility.

In the end, there was an urgent need for a security technology that allows the application to encrypt and decrypt data and secure it without directly changing the application's own source code, and has versatility that can be applied to a variety of applications.

Prior Art Document 1. Patent Publication No. 10-2000-0038878 (published on July 5, 2000)

Accordingly, the present invention is intended to solve the above problems, and provides JAVA BCI technology that allows the application to encrypt and decrypt communication data and secure it without directly changing the application's own source code, and has versatility that can be applied to various applications. The task is to solve the problem of providing a plug-in method and system for encryption of communications for the used application.

In order to achieve the above task, the present invention,

A first step in which the Java program installed on the terminal is run;

A second stage in which the Java Virtual Machine (JVM), Java compiler, and insertion module (BCI; Byte Code Instrumentation) are activated by running the Java program, and the Java module with the encryption and decryption function is activated in the class loader of the JVM;

When the application of the terminal is run, the Java compiler compiles the source code of the application into Java code format, generates a Java class, and loads it into the memory (Runtime Data Area) of the JVM;

When loading the Java class of the application into the memory of the JVM, a fourth step in which the insertion module inserts the encryption and decryption code into the source code of the application loaded into the memory of the JVM; and

The Java module includes a fifth step in which the application processes data transmitted and received with another terminal to be encrypted and decrypted according to the algorithm of the encryption and decryption code;

It is a plug-in method for encrypting communication of an application using JAVA BCI technology, including .

The above present invention applies JAVA BCI technology to insert encryption and decryption source code into the application during communication, so that the application can encrypt and decrypt communication data and secure it without directly changing the application's own source code, and a defined communication process. Since the encryption and decryption source code is inserted during data communication, it is possible to insert the encryption and decryption source code and express the function regardless of the type of application.

In addition, since encryption keys and encryption algorithms can be dynamically created and changed, it is possible to easily respond if vulnerabilities are discovered in the existing encryption method.

Additionally, you can select and compare various encryption methods to find the optimal encryption method.

1 is a block diagram showing the configuration of a plug-in system according to the present invention,
Figure 2 is a flow chart sequentially showing the process of the plug-in method according to the present invention;

The terms used in the embodiments are general terms that are currently widely used as much as possible while considering the function in the present invention, but this may vary depending on the intention or precedent of a person working in the art, the emergence of new technology, etc. In addition, in certain cases, there are terms arbitrarily selected by the applicant, and in this case, the meaning will be described in detail in the description of the relevant invention. Therefore, the terms used in the present invention should be defined based on the meaning of the term and the overall content of the present invention, rather than simply the name of the term.

In this specification, 'part' includes a unit realized by hardware, a unit realized by software, and a unit realized using both. Additionally, one unit may be realized using two or more pieces of hardware, and two or more units may be realized using one piece of hardware. Meanwhile, '~ part' is not limited to software or hardware, and '~ part' may be configured to reside in an addressable storage medium or may be configured to reproduce one or more processors. Therefore, as an example, '~ part' refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables. The functions provided within the components and 'parts' may be combined into a smaller number of components and 'parts' or may be further separated into additional components and 'parts'. Additionally, components and 'parts' may be implemented to regenerate one or more CPUs within a device or a secure multimedia card.

In addition, when a part is said to "include" a certain component, this does not mean excluding other components unless specifically stated to the contrary, but may further include other components, and means that it may further include one or more other components. It should be understood that this does not exclude in advance the possibility of the presence or addition of features, numbers, steps, operations, components, parts, or combinations thereof.

A communication network refers to a connection structure that allows information exchange between nodes, such as a plurality of terminals and servers. Examples of such networks include a local area network (LAN) and a wide area network (WAN). Network), the Internet (WWW: World Wide Web), wired and wireless data communication networks, telephone networks, and wired and wireless television communication networks. Examples of wireless data communication networks include 3G, 4G, 5G, 3rd Generation Partnership Project (3GPP), 5th Generation Partnership Project (5GPP), Long Term Evolution (LTE), World Interoperability for Microwave Access (WIMAX), and Wi-Fi. , Internet, LAN (Local Area Network), Wireless LAN (Wireless Local Area Network), WAN (Wide Area Network), PAN (Personal Area Network), RF (Radio Frequency), Bluetooth network, NFC ( It includes, but is not limited to, Near-Field Communication (Near-Field Communication) network, satellite broadcasting network, analog broadcasting network, and DMB (Digital Multimedia Broadcasting) network.

Below, with reference to the attached drawings, embodiments of the present invention will be described in detail so that those skilled in the art can easily implement the present invention. However, the present invention may be implemented in many different forms and is not limited to the embodiments described herein.

Hereinafter, the present invention will be described in detail based on the accompanying drawings.

1 is a block diagram showing the configuration of a plug-in system according to the present invention.

Referring to FIG. 1, the plug-in system according to the present invention uses Java BCI (Byte Code Instrumentation) technology to perform cancer, By inserting the decryption code into the source code, the encryption function and method for communication data can be added or modified to reflect it. For this purpose, the plug-in system includes a Java part (M1) that is formed by running a Java program and interlocks with the OS (M2) of the terminals (C1, C2), and the Java part (M1) includes a JVM (JavaVirtual Machine) and a Java compiler ( 10) and an insertion module 20 and a Java module 30 with an encryption and decryption function. The JVM, Java compiler (10), insertion module (20), and Java module (30) are independent modules that perform unique functions and interoperate with each other, and data execution by the source code of the application (A1, A2) is based on the JVM. It comes true.

JVM, short for Java Virtual Machine, is an execution environment that allows Java to be platform-independent without the hassle of writing code separately for each OS (M2). As is known, the JVM is responsible for loading and executing "Java byte code (.class)" compiled with javac, or "Java compiler," into memory. The JVM largely consists of a class loader, runtime data area, and execution engine. Since the configuration and process of the JVM are already well-known technologies, detailed descriptions thereof will be omitted.

When the application (A1, A2) of the terminal (C1, C2) runs, the Java compiler (10) compiles the source code of the application (A1, A2) into Java code format to generate a Java class and compiles it into the JVM's memory (Runtime Data Area). ) to load. Since the Java compiler 10 is also a known technology that compiles the source code of the application (A1, A2) to execute the application (A1, A2), the detailed process and algorithm description thereof will be omitted.

When loading the Java class of the application (A1, A2) into the memory of the JVM, the insertion module 20 uses the JAVA BCI (Byte Code Instrumentation) function to insert the encryption and decryption code into the memory of the application (A1, A2) loaded into the memory of the JVM. ) into the source code.

The Java module 30 processes the applications A1 and A2 to encrypt and decrypt data transmitted and received with other terminals according to the algorithm of the encryption and decryption code. In the end, even without directly modifying the source code of the application (A1, A2), the encryption and decryption code inserted into the source code by the JAVA BCI function insertion module 20 processes the encryption and decryption of the transmitted and received data. For reference, the Java module 30 searches the read method and write method in the input stream and output stream of socket communication for the transmitted and received data that are subject to encryption and decryption of the application (A1, A2), checks the received data through the read method, Check the transmitted data through the write method. Ultimately, the applications (A1, A2) decrypt the received data according to the decryption code and encrypt the transmitted data according to the encryption code. According to this process, the existing source code of the application (A1, A2) is not aware of the encryption and decryption processing of the original data, thereby reducing the risk of data collision during code execution and improving security during data transmission and reception. there is.

The encryption and decryption code is stored in the terminals (C1, C2) to be linked to the Java module 30 that is activated when the Java program is run, and is called when the Java program is run. The history of encryption and decryption of transmitted and received data using encryption and decryption codes is stored as log data, and when vulnerabilities in encryption and decryption of the application (A1, A2) are identified through the log data, the encryption and decryption code or Java module (30) Update . Since the updated encryption and decryption code is inserted into the source code of the application (A1, A2) according to the following process, the encryption method applied to communication can be easily changed.

Figure 2 is a flow chart sequentially showing the process of the plug-in method according to the present invention.

Referring to Figures 1 and 2, the plug-in method according to the present invention is implemented based on a plug-in system. The plug-in method is explained in more detail.

S11; Step 1

The Java program installed on the terminals (C1, C2) runs. The Java program is a program that processes the execution of the source code of the application (A1, A2) in conjunction with the OS (M2) of the terminal (C1, C2). The Java program may be run automatically when the terminal (C1, C2) is booted or the application (A1, A2) programmed in Java code format is executed, or it may be run by direct manipulation by the user.

S12; Step 2

The Java part (M1) is formed by running the Java program. Through the formation of the Java part (M1), the Java Virtual Machine (JVM), the Java compiler 10, and the insertion module 20 are activated, and the Java module 30 with the encryption and decryption function is activated in the class loader of the JVM. The insertion module 20 is coded to encrypt and decrypt communication data with other terminals.

S13; Step 3

When the application (A1, A2) of the terminal (C1, C2) runs, the Java compiler (10) compiles the source code of the application (A1, A2) into Java code format to generate a Java class and stores it in the JVM's memory (Runtime Data Area). ) to load. The applications A1 and A2 may be driven by user manipulation or under the control of the OS (M2).

S14; Step 4

When loading the Java class of the application (A1, A2) into the memory of the JVM, the insertion module 20 inserts the encryption and decryption code into the source code of the application (A1, A2) loaded into the memory of the JVM. By inserting the encryption and decryption code into the source code of the application (A1, A2), the application (A1, A2) is given the function of processing encryption and decryption for transmitted and received data.

S15; Step 5

The Java module 30 processes the applications A1 and A2 to encrypt and decrypt data transmitted and received with other terminals according to the algorithm of the encryption and decryption code. To explain this in more detail, the Java module 30 searches for a read method and a write method in the inputstream and outputstream of socket communication, checks the received data through the read method, and checks the transmitted data through the write method, so that the application The received data is decrypted according to this decryption code, and the transmitted data is encrypted according to the encryption code.

To describe the encryption and decryption process for transmitted and received data in more detail based on the above-described process, the first application (A1) of the first terminal (C1) and the second application (A2) of the second terminal (C2) ) is running, the encryption and decryption codes are inserted into the source code of the first application (M1) and the source code of the second application (A2) according to steps 1 to 4, respectively. In this communication environment, when the first application (A1) of the first terminal (C1) generates transmission data, the Java module 30 of the first terminal (C1) searches for a write method in the outputstream and checks the transmission data. The first application (A1) encrypts the transmission data with an encryption code algorithm under the control of the Java module 30, and the Java module 30 processes the encrypted transmission data to be transmitted through the outputstream (step 6). . Network communication between designated IPs is performed by the communication unit (M3) of the first terminal (C1) according to a specified communication protocol.

Afterwards, the communication unit (M3) of the second terminal (C2) receives the transmission data as received data from the first terminal (C1), and the Java module 30 of the second terminal (C2) searches for a read method in the inputstream. to check the received data. The second application (A2) decrypts the received data with the algorithm of the decryption code under the control of the Java module 30, and the Java module 30 decrypts the data execution code among the existing source codes of the second application (A2). Process the received data for execution (step 6). Network communication between designated IPs is performed by the communication unit (M3) of the second terminal (C2) according to a specified communication protocol.

If the application (A1, A2) into which the encryption and decryption code is inserted is stopped after one selected step among the first to sixth steps, the source code of the application (A1, A2) into which the encryption and decryption code is inserted is stored in the JVM. It is removed from memory. Therefore, applications that have stopped running (A1, A2) maintain their existing source code.

Ultimately, since the application's encryption and decryption functions are implemented through a plug-in method without modifying the source code, the encryption and decryption methods for transmitted and received data can be easily changed and applied without side effects even when the application is running.

Although the detailed description of the present invention described above has been described with reference to preferred embodiments of the present invention, those skilled in the art or those skilled in the art will understand the spirit of the present invention as described in the patent claims to be described later. It will be understood that the present invention can be modified and changed in various ways without departing from the technical scope.

Claims (5)

A first step in which the Java program installed on the terminal is run;
A second stage in which the Java Virtual Machine (JVM), Java compiler, and insertion module (BCI; Byte Code Instrumentation) are activated by running the Java program, and the Java module with the encryption and decryption function is activated in the class loader of the JVM;
When the application of the terminal is run, the Java compiler compiles the source code of the application into Java code format, generates a Java class, and loads it into the memory (Runtime Data Area) of the JVM;
When loading the Java class of the application into the memory of the JVM, a fourth step in which the insertion module inserts the encryption and decryption code into the source code of the application loaded into the memory of the JVM; and
The Java module includes a fifth step in which the application processes data transmitted and received with another terminal to be encrypted and decrypted according to the algorithm of the encryption and decryption code;
A communication encryption plug-in method for an application using JAVA BCI technology, comprising: The method of claim 1, wherein the fifth step is:
The Java module searches the read method and write method in the inputstream and outputstream of socket communication, checks the received data through the read method and the transmitted data through the write method, and the application decrypts the received data according to the decryption code and encodes the encryption code. Encrypting transmitted data in accordance with;
Communication encryption plug-in method for an application using JAVA BCI technology, characterized by: The method of claim 2, wherein after step 5,
Further comprising a sixth step of processing the Java module to execute the received data decrypted by the data execution code among the existing source code of the application;
Communication encryption plug-in method for an application using JAVA BCI technology, characterized by: The method of claim 2, wherein after step 5,
Further comprising a sixth step in which the Java module processes the encrypted transmission data to be transmitted through the outputstream;
Communication encryption plug-in method for an application using JAVA BCI technology, characterized by: The method according to any one of claims 1 to 4,
When the application in which the encryption and decryption code is inserted is stopped, the source code of the application in which the encryption and decryption code is inserted is removed from the memory of the JVM;
Communication encryption plug-in method for an application using JAVA BCI technology, characterized by:

Images