CN115129361A - Security reinforcement method and system for Java application program - Google Patents
Security reinforcement method and system for Java application program Download PDFInfo
- Publication number
- CN115129361A CN115129361A CN202211029615.8A CN202211029615A CN115129361A CN 115129361 A CN115129361 A CN 115129361A CN 202211029615 A CN202211029615 A CN 202211029615A CN 115129361 A CN115129361 A CN 115129361A
- Authority
- CN
- China
- Prior art keywords
- application program
- java application
- server
- hardware code
- character string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000002787 reinforcement Effects 0.000 title claims abstract description 13
- 238000004806 packaging method and process Methods 0.000 claims abstract description 48
- 230000003014 reinforcing effect Effects 0.000 claims abstract description 44
- 238000012858 packaging process Methods 0.000 claims abstract description 17
- 238000005336 cracking Methods 0.000 claims abstract description 16
- 238000012856 packing Methods 0.000 claims abstract description 13
- 238000004422 calculation algorithm Methods 0.000 claims description 9
- 230000007246 mechanism Effects 0.000 claims description 6
- 238000002789 length control Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 abstract description 12
- 238000009434 installation Methods 0.000 abstract description 4
- 230000004044 response Effects 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 241000699670 Mus sp. Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/72—Code refactoring
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of software security, and discloses a security reinforcing method and a system for Java application programs, wherein the method comprises the following steps: the client uploads the hardware code acquisition tool to an application server; the application server returns the hardware code character string to the client; the client sends the hardware code character string and the running duration parameter to a packing server; the packaging server packages the application and generates an application installation package containing the reinforcement plug-in and the duration control file; the packaging process comprises the steps of carrying out encryption operation on the class files, wherein the hardware code character string is used as an encryption key; the reinforcing plug-in is used for transparently decrypting the class file loading when the application runs and reading the duration control file of the specified path; the client side installs the application installation package to the application server; the application server runs the application after configuring the application. The invention carries out encryption operation on the class files during the packing period, dynamically decrypts the class files, monitors the cracking behaviors and supports the dynamic update of the allowable time length when the program runs.
Description
Technical Field
The invention relates to the technical field of software security, in particular to a security reinforcing method and system for a Java application program.
Background
Before the Java application program runs, codes need to be compiled into class files (for example, class files), but the compiled class files are easily decompiled to source codes by a decompilation tool, so that some core business logic implementation modes of the program are cracked, and the competitive advantage of the product is lost. In addition, hackers can read the bugs existing in the source code mining programs and upload malicious programs through the bugs, so that the application servers are controlled to bring about significant property loss.
Conventionally, a black-and-white list mode is adopted to prevent the security of a Java application program, for example, chinese patent application with publication number CN113672907A, which proposes a Java security prevention method based on a JVM sandbox and a black-and-white list.
In addition, the Java application program can be copied to any server to run at will, and no technical means can control hardware and running time, which also brings immeasurable loss to software producers or providers.
Disclosure of Invention
In view of the above-mentioned defects or shortcomings in the prior art, the present invention provides a method and a system for security reinforcement of Java application programs, which are based on a construction tool to package an encryption plug-in, perform encryption operation on class files during packaging, and generate a reinforced program installation package; the dynamic decryption can be carried out when the class file is loaded, and the mixed use of encryption and non-encryption classes is supported; and monitoring of cracking behaviors during the running of the program is realized, and dynamic updating of the allowable time length during the running of the program is supported.
In a first aspect of the present invention, a method for reinforcing security of a Java application is provided, which includes the following steps:
the client uploads the hardware code acquisition tool to an application server;
the application server receives and executes the hardware code acquisition tool, and returns the acquired hardware code character string to the client;
the client sends the hardware code character string and the running duration parameter to a packing server;
the packaging server packages the Java application program according to the hardware code character string and the running duration parameter, and generates a Java application program installation package containing a reinforcement plug-in and a duration control file; the packaging process comprises the steps of carrying out encryption operation on class files, wherein the hardware code character string is used as an encryption key; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
the client downloads the Java application program installation package on the packaging server and installs the Java application program installation package to the application server;
the application server runs the Java application after configuring the Java application.
Further, the encryption algorithm for encrypting the class file is an AES algorithm.
Further, the hardware code character string is a character string with a length of 32 bits obtained by the md5 algorithm.
Further, the configuring, by the application server, the Java application includes: the path of the ruggedized plug-in is configured and the connection to the JVM mechanism is disabled.
Furthermore, the reinforcing plug-in is also used for monitoring the cracking behavior of the forbidden connection to the JVM mechanism, and if the cracking behavior reaches or exceeds a preset threshold value, the operation of the Java application program is terminated, and the Java application program is prevented from being started again.
Further, the method also comprises the following steps:
the client uploads an updated file of the running duration of the Java application program to a specified storage path of the application server;
and the reinforcing plug-in reads the update file of the running time length under the specified storage path and controls and updates the running time length of the Java application program on the application server.
In a second aspect of the present invention, a method for security enforcement of a Java application is further provided, and the method is applied to a client, and includes the following steps:
uploading a hardware code acquisition tool to an application server, and receiving a hardware code character string returned by the application server;
sending the hardware code character string and the running duration parameter to a packing server;
sending request information for downloading the Java application program installation package to a packaging server, and sending the downloaded Java application program installation package to an application server;
the Java application program installation package is generated by a packaging server according to a hardware code character string and an operation duration parameter in a packaging mode, the packaging process comprises the step of carrying out encryption operation on class files, and the hardware code character string is used as an encryption secret key; the Java application program installation package comprises a reinforcing plug-in and a duration control file, wherein the reinforcing plug-in is used for transparently decrypting class file loading when the Java application program runs and reading the duration control file of a specified path so as to control the running duration of the Java application program on the application server.
In a third aspect of the present invention, a method for security enforcement of a Java application is further provided, where the method is used for an application server, and includes the following steps:
receiving and executing a hardware code acquisition tool uploaded by a client, and returning an acquired hardware code character string to the client;
receiving and installing a Java application program installation package sent by a client; the Java application program installation package is generated by a packaging server according to a hardware code character string and an operation duration parameter in a packaging mode, the packaging process comprises the step of carrying out encryption operation on class files, and the hardware code character string is used as an encryption secret key; the Java application program installation package comprises a reinforcing plug-in and a duration control file, wherein the reinforcing plug-in is used for transparently decrypting class file loading when a Java application program runs and reading the duration control file of a specified path so as to control the running duration of the Java application program on an application server;
and configuring the installed Java application program and running the Java application program.
In a fourth aspect of the present invention, a method for security enforcement of a Java application is further provided, where the method is used for a packaging server, and includes the following steps:
receiving a hardware code character string and an operation duration parameter sent by a client;
packing the Java application program according to the hardware code character string and the running time parameter to generate a Java application program installation package containing a reinforcement plug-in and a time control file; the packaging process comprises the steps of carrying out encryption operation on class files, and using hardware code character strings as encryption keys; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
and responding to the request of the client, and sending the generated Java application program installation package to the client.
In a fifth aspect of the present invention, a security enforcement system for Java applications is provided, including:
the client is configured to upload the hardware code acquisition tool to the application server, receive a hardware code character string returned by the application server, send the hardware code character string and the running time length parameter to the packaging server, download a Java application program installation package on the packaging server, and send the Java application program installation package to the application server;
the packaging server is configured to package the Java application program according to the hardware code character string and the running duration parameter sent by the client, and generate a Java application program installation package containing the reinforcement plug-in and the duration control file; the packaging process comprises the steps of carrying out encryption operation on class files, and using hardware code character strings as encryption keys; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
the application server is configured to receive and execute a hardware code acquisition tool sent by the client and return the acquired hardware code character string to the client; and receiving and installing a Java application program installation package sent by the client, and operating the Java application program after the Java application program is configured.
The method and the system for reinforcing the safety of the Java application program have the following beneficial effects that:
(1) the method and the device realize the encryption operation of the class files during the packaging process based on the construction tool packaging encryption plug-in, and generate the reinforced program installation package.
(2) Transparent decryption is achieved when class files are loaded, and mixed use of encrypted and non-encrypted classes is supported.
(3) The monitoring of the cracking behavior during the running of the program is realized, and after the cracking behavior reaches the preset threshold value, the program is terminated and the program is prohibited from starting, so that the cracking behavior is prevented.
(4) And dynamic updating of the time duration allowed by the program in operation is supported.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a logic diagram of a security enforcement method for Java applications according to an embodiment of the present invention;
FIG. 2 is a flowchart of a security enforcement method for Java applications according to an embodiment of the present invention;
FIG. 3 is a flowchart of a security hardening method for a Java application operating on a client side according to another embodiment of the present invention;
FIG. 4 is a flowchart of a security hardening method for a Java application operating on a packaging server side according to another embodiment of the present invention;
fig. 5 is a flowchart of a security reinforcing method for Java applications operating on the application server side according to another embodiment of the present invention;
fig. 6 is a schematic structural diagram of a security enforcement system for Java applications according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that although the terms first, second, third, etc. may be used to describe the acquisition modules in embodiments of the present invention, these acquisition modules should not be limited to these terms. These terms are only used to distinguish the acquisition modules from each other.
The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrases "if determined" or "if detected (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when detected (a stated condition or event)" or "in response to a detection (a stated condition or event)", depending on the context.
It should be noted that the terms "upper," "lower," "left," "right," and the like used in the description of the embodiments of the present invention are illustrated in the drawings, and should not be construed as limiting the embodiments of the present invention. In addition, in this context, it is also to be understood that when an element is referred to as being "on" or "under" another element, it can be directly formed on "or" under "the other element or be indirectly formed on" or "under" the other element through an intermediate element.
Before formally introducing the present invention, the technical terms related to the present invention will be clarified and explained.
The user: a developer or a client of a developer.
Application server (linux system): servers required for installing Java applications.
Packaging server (linux system): and compiling the code to a server required by packaging.
Uploading: and uploading the file by connecting the linux system through sftp.
Executing the following steps: the linux system executes commands through ssh connections.
Reinforcing: the safety is improved.
class file: the Java code is a class file generated after compiling.
Encrypting the plug-in: and constructing a plug-in of the tool extension, wherein the plug-in is used for carrying out encryption operation on the class file.
Reinforcing the plug-in: the functions of transparent decryption and monitoring of cracking behaviors during the operation of the class files are realized.
Referring to fig. 1 and 2, a first embodiment of the present invention provides a method for security enforcement of a Java application, where the method is based on a system formed by a client, a packaging server, and an application server, and includes the following steps:
and step S101, the client uploads the hardware code acquisition tool to an application server.
And step S102, the application server receives and executes the hardware code acquisition tool and returns the acquired hardware code character string to the client.
Specifically, the user uploads a hardware code acquisition tool to the application server through the client, and then the application server executes the hardware code acquisition tool to acquire the hardware code character string of the application server. Generally, the hardware code obtaining tool obtains a 32-bit length hardware code character string representing the unique application server through the md5 algorithm. And the application server returns the acquired hardware code character string to the client.
And step S103, the client sends the hardware code character string and the running duration parameter to a packing server.
Step S104, the packaging server packages the Java application program according to the hardware code character string and the running duration parameter to generate a Java application program installation package containing a reinforcement plug-in and a duration control file; the packaging process comprises the steps of carrying out encryption operation on class files, and using hardware code character strings as encryption keys; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server.
Specifically, two parameters, namely a hardware code character string and an operation duration, are needed in the process of executing the packaging script on the packaging server. Therefore, the client sends the hardware code character string and the preset running time parameter acquired from the application server to the packing server. The packaging server then executes a packaging script that builds a tool by executing code, such as: ant, maven, gradle and other construction tools encrypt class files (such as class files) in a code compiling process through the expanded packing encryption plug-in, and a final Java application program installation package is generated. In this embodiment, since the class file is encrypted, the present invention refers to the class file as a reinforced Java application installation package.
Furthermore, the encryption algorithm used by the encryption plug-in is preferably an AES algorithm, and the 32-bit hardware code character string is used as a secret key, so that it is ensured that the application program can only run on the corresponding application server, and on other application servers, the Java application program cannot run due to inconsistency of the acquired hardware codes, thereby preventing the problem that the application program can also run normally when being copied to other application servers.
Furthermore, the reinforcing plug-in can realize transparent decryption of the Java application program during loading of the class file during running and support mixed use of encrypted and non-encrypted classes. The reinforcing plug-in also controls the running time of the Java application program on the application server by reading the time length control file of the specified storage position, only allows the Java application program to be used in an allowable time range, and stops running when the time length limit is exceeded.
Step S105, the client downloads the Java application program installation package on the packaging server and installs the Java application program installation package to the application server.
And step S106, the application server operates the Java application program after configuring the Java application program.
Specifically, in order to execute the hardened plug-in when the Java application runs, the Java application needs to configure a Java gent parameter to specify a path of the hardened plug-in, so as to implement transparent decryption of the application when the application loads a class file during running. Furthermore, because the encrypted class files are generally service codes and need to be encrypted, the dependent third party class files or Jar packages do not need to be encrypted. Therefore, the present embodiment needs to configure the disableAttachMechanism parameter, thereby prohibiting the mechanism of using tools to connect to the JVM, such as: the arbiba Java diagnostic tool arthans may be connected to the JVM at runtime to prevent such tools from obtaining decrypted class file content at runtime of the application.
Furthermore, in order to support the updating of the running time length during the running of the application program, a user only needs to generate a time length permission file for updating through a tool, and then the time length permission file is uploaded to a specified path of the application server. When the ruggedized plug-in executes the duration license file for updating, the runtime duration of the application can be updated. It should be noted that the present invention does not support the update operation of the hardware code during the running of the application program, because the key for encrypting the class file uses the hardware code, if the hardware code is updated, the class file is encrypted again.
Further, since the configuration parameter disableAttachMechanism can be manually removed, a threatening application tool can be connected to the JVM at runtime, and thus the decrypted class file content is obtained, so as to achieve the purpose of cracking. In order to solve the above technical problem, the reinforcing plug-in of this embodiment is further configured to monitor a cracking behavior that is forbidden to be connected to the JVM mechanism, and if the cracking behavior reaches or exceeds a preset threshold, terminate the running of the Java application program and prevent the Java application program from being restarted, so as to prevent the cracking behavior.
Further, the reinforcing plug-in of the embodiment also makes code obfuscation further. Because the reinforcing plug-in is also developed by Java and cannot avoid the condition of decompilation, the code is obfuscated by a code obfuscating tool, so that the readability of the code is reduced, and the cracking difficulty is increased.
According to the security reinforcing method for the Java application program, the class file is encrypted during the packaging period, the class file is dynamically decrypted during the loading, the cracking behavior is monitored during the running of the program, and the dynamic updating of the permission duration during the running of the program is supported.
Referring to fig. 3, a second embodiment of the present invention further discloses a method for security enforcement of a Java application program operating on a client side, which includes the following steps:
step S201, uploading a hardware code acquisition tool to an application server, and receiving a hardware code character string returned by the application server;
step S202, sending the hardware code character string and the running duration parameter to a packing server;
step S203, sending request information for downloading the Java application program installation package to a packaging server, and sending the downloaded Java application program installation package to an application server;
the Java application program installation package is generated by a packaging server according to a hardware code character string and an operation duration parameter in a packaging mode, the packaging process comprises the step of carrying out encryption operation on class files, and the hardware code character string is used as an encryption secret key; the Java application program installation package comprises a reinforcing plug-in and a duration control file, wherein the reinforcing plug-in is used for transparently decrypting class file loading when the Java application program runs and reading the duration control file of a specified path so as to control the running duration of the Java application program on the application server.
The main body of the method of this embodiment is the client device, which is substantially the same as the principle of the method described in the first embodiment, and is not described here again.
Referring to fig. 4, a third embodiment of the present invention further provides a method for security enforcement of a Java application program operating on an application server side, including the following steps:
step S301, receiving and executing a hardware code acquisition tool uploaded by a client, and returning an acquired hardware code character string to the client;
step S302, receiving and installing a Java application program installation package sent by a client; the Java application program installation package is generated by a packaging server according to a hardware code character string and an operation duration parameter in a packaging mode, the packaging process comprises the step of carrying out encryption operation on class files, and the hardware code character string is used as an encryption key; the Java application program installation package comprises a reinforcing plug-in and a duration control file, wherein the reinforcing plug-in is used for transparently decrypting class file loading when a Java application program runs and reading the duration control file of a specified path so as to control the running duration of the Java application program on an application server;
step S303, configure the installed Java application, and run the Java application.
The main execution body of the method of this embodiment is an application server, which is substantially the same as the principle of the method described in the first embodiment, and is not described herein again.
Referring to fig. 5, a fourth embodiment of the present invention further provides a method for security enforcement of a Java application program operating on a package server side, including the following steps:
step S401, receiving a hardware code character string and an operation duration parameter sent by a client;
step S402, packing the Java application program according to the hardware code character string and the running duration parameter, and generating a Java application program installation package containing a reinforcement plug-in and a duration control file; the packaging process comprises the steps of encrypting the class files, wherein the hardware code character string is used as an encryption key; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
step S403, in response to the request of the client, sends the generated Java application installation package to the client.
The main body of the method of this embodiment is a packaging server, which is substantially the same as the principle of the method described in the first embodiment, and is not described here again.
Referring to fig. 6, the fifth embodiment of the present invention further provides a security reinforcing system 200 for Java applications, where the system 200 includes a client 201, a packaging server 202, and an application server 203. The system 200 is capable of executing the security hardening method of the Java application in the first embodiment.
Specifically, the method comprises the following steps:
the client 201 is configured to upload the hardware code acquisition tool to the application server, receive a hardware code character string returned by the application server, send the hardware code character string and the running time length parameter to the packaging server, download a Java application program installation package on the packaging server, and send the Java application program installation package to the application server;
the packaging server 202 is configured to package the Java application program according to the hardware code character string and the running duration parameter sent by the client, and generate a Java application program installation package containing the reinforcement plug-in and the duration control file; the packaging process comprises the steps of carrying out encryption operation on class files, and using hardware code character strings as encryption keys; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
the application server 203 is configured to receive and execute a hardware code acquisition tool sent by the client, and return the acquired hardware code character string to the client; and receiving and installing a Java application program installation package sent by the client, and operating the Java application program after the Java application program is configured.
It should be noted that, the system 200 provided in this embodiment is correspondingly applicable to execute the method steps of the first embodiment, and the implementation principle and technical effect thereof are similar to those of the method of the first embodiment, and are not described herein again.
The client 201, the packaging server 202 and the application server 203 in the embodiments of the present invention belong to electronic devices, which may include, but are not limited to, devices such as a notebook computer, a PDA (personal digital assistant), a PAD (tablet), a desktop computer, a PC, a server, and the like. The electronic devices such as the client 201, the packaging server 202, the application server 203, etc. may include a processing means (e.g., a central processing unit, a graphics processor, etc.) that may perform various appropriate actions and processes to implement the methods of the embodiments as described herein, according to a program stored in a Read Only Memory (ROM) or a program loaded from a storage means into a Random Access Memory (RAM). In the RAM, various programs and data necessary for the operation of the electronic apparatus are also stored. The processing device, the ROM, and the RAM are connected to each other through a bus. An input/output (I/O) interface is also connected to the bus. Generally, the following devices may be connected to the I/O interface: input devices including, for example, touch screens, touch pads, keyboards, mice, cameras, microphones, accelerometers, gyroscopes, and the like; output devices including, for example, liquid crystal displays, speakers, vibrators, and the like; storage devices including, for example, magnetic tape, hard disk, and the like; and a communication device. The communication means may allow the electronic device to communicate wirelessly or by wire with other devices to exchange data.
The above description is that of the preferred embodiment of the invention only. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents is encompassed without departing from the spirit of the disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.
Claims (10)
1. A security reinforcing method for Java application programs is characterized by comprising the following steps:
the client uploads the hardware code acquisition tool to an application server;
the application server receives and executes the hardware code acquisition tool, and returns the acquired hardware code character string to the client;
the client sends the hardware code character string and the running duration parameter to a packing server;
the packaging server packages the Java application program according to the hardware code character string and the running duration parameter, and generates a Java application program installation package containing a reinforcement plug-in and a duration control file; the packaging process comprises the steps of carrying out encryption operation on class files, wherein the hardware code character string is used as an encryption key; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
the client downloads the Java application program installation package on the packaging server and installs the Java application program installation package to the application server;
and the application server runs the Java application program after configuring the Java application program.
2. The method of claim 1, wherein the encryption algorithm for encrypting the class file is AES algorithm.
3. The method of claim 1, wherein the hardware code string is a 32-bit-length string obtained by md5 algorithm.
4. The method for security enforcement of Java applications as claimed in claim 1, wherein the configuring of Java applications by the application server comprises: the path of the ruggedized plug-in is configured and the connection to the JVM mechanism is disabled.
5. The method as claimed in claim 4, wherein the reinforcing plug-in is further configured to monitor a cracking behavior that disables connection to the JVM mechanism, and terminate execution of the Java application and prevent the Java application from being restarted if the cracking behavior reaches or exceeds a preset threshold.
6. The method for security enforcement of Java applications as recited in claim 1, further comprising:
uploading an update file of the running duration of the Java application program to a specified storage path of the application server by the client;
and the reinforcing plug-in reads the update file of the running time under the specified storage path and controls and updates the running time of the Java application program on the application server.
7. A security reinforcing method for Java application programs is used for a client and comprises the following steps:
uploading the hardware code acquisition tool to an application server, and receiving a hardware code character string returned by the application server;
sending the hardware code character string and the running duration parameter to a packing server;
sending request information for downloading the Java application program installation package to a packaging server, and sending the downloaded Java application program installation package to an application server;
the Java application program installation package is generated by a packaging server according to the hardware code character string and the running time parameter in a packaging mode, the packaging process comprises the step of carrying out encryption operation on class files, and the hardware code character string is used as an encryption secret key; the Java application program installation package comprises a reinforcing plug-in and a duration control file, wherein the reinforcing plug-in is used for transparently decrypting class file loading when the Java application program runs and reading the duration control file of a specified path so as to control the running duration of the Java application program on an application server.
8. A security reinforcing method for Java application programs is used for an application server and comprises the following steps:
receiving and executing a hardware code acquisition tool uploaded by a client, and returning an acquired hardware code character string to the client;
receiving and installing a Java application program installation package sent by the client; the Java application program installation package is generated by a packaging server according to the hardware code character string and the running time parameter in a packaging mode, the packaging process comprises the step of carrying out encryption operation on class files, and the hardware code character string is used as an encryption secret key; the Java application program installation package comprises a reinforcing plug-in and a duration control file, wherein the reinforcing plug-in is used for transparently decrypting class file loading when the Java application program runs and reading the duration control file of a specified path so as to control the running duration of the Java application program on an application server;
and configuring the installed Java application program and operating the Java application program.
9. A security reinforcing method for Java application programs is used for a packaging server and comprises the following steps:
receiving a hardware code character string and an operation duration parameter sent by a client;
packing the Java application program according to the hardware code character string and the running duration parameter to generate a Java application program installation package containing a reinforcement plug-in and a duration control file; the packaging process comprises the steps of carrying out encryption operation on class files, wherein the hardware code character string is used as an encryption key; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
and responding to the request of the client, and sending the generated Java application program installation package to the client.
10. A security enforcement system for Java applications, comprising:
the client is configured to upload the hardware code acquisition tool to the application server, receive a hardware code character string returned by the application server, send the hardware code character string and the running time length parameter to the packaging server, download a Java application program installation package on the packaging server, and send the Java application program installation package to the application server;
the packaging server is configured to package the Java application program according to the hardware code character string and the running time length parameter sent by the client, and generate a Java application program installation package containing a reinforcement plug-in and a time length control file; the packaging process comprises the steps of carrying out encryption operation on class files, wherein the hardware code character string is used as an encryption key; the reinforcing plug-in is used for transparently decrypting the class file loading when the Java application program runs and reading the duration control file of the specified path so as to control the running duration of the Java application program on the application server;
the application server is configured to receive and execute a hardware code acquisition tool sent by a client, and return the acquired hardware code character string to the client; and receiving and installing the Java application program installation package sent by the client, and operating the Java application program after the Java application program is configured.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211029615.8A CN115129361B (en) | 2022-08-26 | 2022-08-26 | Security reinforcement method and system for Java application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211029615.8A CN115129361B (en) | 2022-08-26 | 2022-08-26 | Security reinforcement method and system for Java application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115129361A true CN115129361A (en) | 2022-09-30 |
| CN115129361B CN115129361B (en) | 2022-12-30 |
Family
ID=83387459
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211029615.8A Active CN115129361B (en) | 2022-08-26 | 2022-08-26 | Security reinforcement method and system for Java application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115129361B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013148052A1 (en) * | 2012-03-26 | 2013-10-03 | Symantec Corporation | Systems and methods for secure third-party data storage |
| CN109784007A (en) * | 2018-12-04 | 2019-05-21 | 厦门中控智慧信息技术有限公司 | A kind of method of byte code encryption, the method and terminal of bytecode decryption |
| CN110866226A (en) * | 2019-11-15 | 2020-03-06 | 中博信息技术研究院有限公司 | JAVA application software copyright protection method based on encryption technology |
| CN113704706A (en) * | 2021-09-23 | 2021-11-26 | 深圳市腾讯信息技术有限公司 | Code reinforcing method and device |
| CN114329535A (en) * | 2021-12-23 | 2022-04-12 | 建信金融科技有限责任公司 | File encryption method and device, electronic equipment and computer readable medium |
-
2022
- 2022-08-26 CN CN202211029615.8A patent/CN115129361B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013148052A1 (en) * | 2012-03-26 | 2013-10-03 | Symantec Corporation | Systems and methods for secure third-party data storage |
| CN109784007A (en) * | 2018-12-04 | 2019-05-21 | 厦门中控智慧信息技术有限公司 | A kind of method of byte code encryption, the method and terminal of bytecode decryption |
| CN110866226A (en) * | 2019-11-15 | 2020-03-06 | 中博信息技术研究院有限公司 | JAVA application software copyright protection method based on encryption technology |
| CN113704706A (en) * | 2021-09-23 | 2021-11-26 | 深圳市腾讯信息技术有限公司 | Code reinforcing method and device |
| CN114329535A (en) * | 2021-12-23 | 2022-04-12 | 建信金融科技有限责任公司 | File encryption method and device, electronic equipment and computer readable medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115129361B (en) | 2022-12-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109416720B (en) | Maintaining operating system secrets across resets | |
| US8892876B1 (en) | Secured application package files for mobile computing devices | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| US9189605B2 (en) | Protected computing environment | |
| JP6227772B2 (en) | Method and apparatus for protecting a dynamic library | |
| US11263311B2 (en) | Securing virtual-machine software applications | |
| CN110333868B (en) | Method and system for generating installation packages of sub-applications | |
| CN107430650B (en) | Securing computer programs against reverse engineering | |
| EP2051181A1 (en) | Information terminal, security device, data protection method, and data protection program | |
| KR20080039046A (en) | Apparatus and method for updating firmware | |
| CN111159658B (en) | Byte code processing method, system, device, computer equipment and storage medium | |
| EP3746920A1 (en) | Enabling an encrypted software module in a container file | |
| KR20160020294A (en) | Method and system for providing application security service based on cloud | |
| Ying et al. | Truz-view: Developing trustzone user interface for mobile os using delegation integration model | |
| US9292708B2 (en) | Protection of interpreted source code in virtual appliances | |
| JP4727366B2 (en) | Information processing apparatus, information processing system, program, and recording medium | |
| JP2006514321A (en) | Architecture for installing encrypted applications | |
| US10216941B2 (en) | Method of distributing application with security features and method of operating the application | |
| CN115129361B (en) | Security reinforcement method and system for Java application program | |
| KR101604892B1 (en) | Method and devices for fraud prevention of android-based applications | |
| KR101226615B1 (en) | A Device For Software Obfuscation And A System For Software Security Treatment | |
| CN114329535A (en) | File encryption method and device, electronic equipment and computer readable medium | |
| TWI428786B (en) | Protected computing environment | |
| CN112733094A (en) | Safety protection method for Java application program | |
| JP2013046122A (en) | Terminal, application protection method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |