CN108959962A - A kind of API secure calling method of dynamic base - Google Patents

A kind of API secure calling method of dynamic base Download PDF

Info

Publication number
CN108959962A
CN108959962A CN201810680181.5A CN201810680181A CN108959962A CN 108959962 A CN108959962 A CN 108959962A CN 201810680181 A CN201810680181 A CN 201810680181A CN 108959962 A CN108959962 A CN 108959962A
Authority
CN
China
Prior art keywords
api
key
encryption
provider
pubkey
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810680181.5A
Other languages
Chinese (zh)
Other versions
CN108959962B (en
Inventor
李华生
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201810680181.5A priority Critical patent/CN108959962B/en
Publication of CN108959962A publication Critical patent/CN108959962A/en
Application granted granted Critical
Publication of CN108959962B publication Critical patent/CN108959962B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Abstract

The present invention discloses a kind of API secure calling method of dynamic base, it generates the key pair comprising public key and private key respectively by called side and provider and arranges check key, called side and provider exchange public key, called side generates identifying code and carries out primary encryption with check key, obtained encryption data and enters parameter and be sent to provider after the secondary encryption of public key of provider accordingly, provider, which once decrypts data with private key, to be obtained encryption data and enters parameter evidence, with check key decryption reduction recalls information secondary to encryption data and prepare parameter evidence out, by parameter out, same procedure encryption is sent to called side accordingly, called side, which is accordingly decrypted, obtains recalls information.The present invention puts forth effort on encryption and certification to function call; effectively solve the problems of the prior art; ensure it is that API and user of the correct user in use software package use the API in Correct software packet; there is safeguard protection for provider and user, while lesser time efficiency being brought to be lost.

Description

A kind of API secure calling method of dynamic base
Technical field
The present invention relates to secrecy or the technical field of secure communication device, in particular to one kind can prevent software package quilt Distort or illegally use, protect the API secure calling method of the dynamic base of API Calls common interest and safety.
Background technique
Modern large software system includes various software packages, and the function in software package is often in the form of API Calls It realizes, by two-way API Calls relationship between software package, so that software systems form an organic whole.But There are at least two unsafe scenes for this conventional calling: first, software package itself can be trapped or distort, using These API being tampered with can bring unpredictable consequence;Second, user is also likely to be illegal user, unpaid expense Family or other illegal users can be used the API in software package and are called and complete certain function, reach certain mesh , economic loss or cause legal dispute are caused to software package provider.
In the prior art, Integrated Simulation scheme mostly uses greatly RESTful, provides one group of design principle and constraint condition, makes It obtains message to interact, and interactive process is protected by https-secure agreement.However, by https to RESTful The shortcomings that interface is protected include:
(1) protection to the API interaction by the primary library LIB form cannot be supported;
(2) https is only capable of protecting message itself, and cannot carry out secondary encryption to critical data;
(3) https itself is consumed larger, local interface is called repeatedly, time performance is poor.
Disadvantage mentioned above results in the interface protection mode of https form in the local API Calls delivered in the form of dynamic base Scene on applicability it is bad.
Summary of the invention
Present invention solves the technical problem that being in the prior art, to carry out protection presence to RESTful interface by https Certain defect, for this purpose, effectively solving existing skill the present invention provides a kind of API secure calling method of the dynamic base of optimization The defects of art, provider and user for software package have safeguard protection, while lesser time efficiency being brought to be lost.
The technical scheme adopted by the invention is that a kind of API secure calling method of dynamic base, the method includes following Step:
It includes public key that step 1:API called side, which generates,Pubkey_1And private keyPrikey_1Key pair;API provider generates packet Containing public keyPubkey_2And private keyPrikey_2Key pair;API Calls side and API provider arrange check keykey
Step 2:API called side and API provider exchange public key;API Calls side obtainsPubkey_2, API provider's acquisitionPubkey_1
Step 3:API called side generates identifying coderandomVerify_1, with check keykeyPrimary encryption is carried out to be encrypted DataV 1 , withPubkey_2It is rightV 1 With enter parameter evidencedataInSecondary encryption is carried out, encryption data is obtainedV 2 , willV 2 It is sent to API Provider;
Step 4:API provider withPrikey_2It is rightV 2 It is once decrypted, is obtainedV 1 With enter parameter evidencedataIn, close to verify KeykeyIt is rightV 1 Secondary decryption is carried out, code is verifiedrandomVerify_1With enter parameter evidencedataIn;Prepare parameter evidence outdataOut
Step 5:API provider generates identifying coderandomVerify_2, with check keykeyPrimary encryption is carried out to be encrypted DataV 3 , withPubkey_1It is rightV 3 Parameter evidence outdataOutSecondary encryption is carried out, encryption data is obtainedV 4 , willV 4 It is sent to API Calls side;
Step 6:API called side withPrikey_1It is rightV 4 It is once decrypted, is obtainedV 3 Parameter evidence outdataOut, with verification KeykeyIt is rightV 3 Secondary decryption is carried out, code is verifiedrandomVerify_2Parameter evidence outdataOut;Complete API tune With.
Preferably, in the step 1, API Calls side includes public keyPubkey_1And private keyPrikey_1Key pair It is generated according to the RSA format of standard, API provider's includes public keyPubkey_2And private keyPrikey_2Key pair according to mark Quasi- RSA format generates.
Preferably, in the step 1, check keykeyThe sequence number arranged for API Calls side and API provider.
Preferably, in the step 2, the approach of API Calls side and API provider's exchange public key includes exchange files.
Preferably, in the step 3, check keykeyIt is encrypted with 3des to identifying coderandomVerify_1Carry out one Secondary encryption, obtains encryption dataV 1
Preferably, in the step 3,Pubkey_2With rsa encryption pairV 1 With enter parameter evidencedataInSecondary encryption is carried out, Obtain encryption dataV 2
Preferably, in the step 5, check keykeyIt is encrypted with 3des to identifying coderandomVerify_2Carry out one Secondary encryption, obtains encryption dataV 3
Preferably, in the step 5,Pubkey_1With rsa encryption pairV 3 Parameter evidence outdataOutCarry out secondary add It is close, obtain encryption dataV 4
The present invention provides a kind of safe API Calls methods of the dynamic base of optimization, pass through API Calls side and API provider The key pair comprising public key and private key is generated respectively and arranges check key, and API Calls side and API provider exchange public key, API Called side, which generates identifying code and carries out primary encryption with check key, obtains encryption data, with the public key of API provider to encryption Data and enter parameter according to secondary encryption, obtained data is sent to API provider, API provider is primary to data with private key Decryption obtains encryption data and enters parameter evidence, with check key decryption reduction recalls information secondary to encryption data and prepares Parameter out is sent to API Calls side according to encryption in the same way by parameter evidence, and API Calls side mutually copes with the data received Decryption obtains recalls information.The present invention puts forth effort on encryption and certification to function call, can be with effective solution in the prior art The problem of, it is ensured that be correct user using in software package API and user use in correct software package API, provider and user for software package have safeguard protection, while lesser time efficiency being brought to be lost.
Specific embodiment
The present invention is described in further detail below with reference to embodiment, but protection scope of the present invention is not limited to This.
The present invention relates to a kind of API secure calling methods of dynamic base, in actual operation, due to being invoked at for API It is unfolded respectively between each software package, i.e., software package can provide API and call for other software packet, same other software packet API is provided to call for the former, call the course of work of above-mentioned safe API not with the variation of the identity of caller or callee and It changes.
It the described method comprises the following steps.
It includes public key that step 1:API called side, which generates,Pubkey_1And private keyPrikey_1Key pair;API provider is raw At including public keyPubkey_2And private keyPrikey_2Key pair;API Calls side and API provider arrange check keykey
In the step 1, API Calls side includes public keyPubkey_1And private keyPrikey_1Key pair according to standard RSA format generate, API provider include public keyPubkey_2And private keyPrikey_2Key pair according to standard RSA Format generates.
In the step 1, check keykeyThe sequence number arranged for API Calls side and API provider.
In the present invention, public keyPubkey_1And private keyPrikey_1Cipher key pair, public keyPubkey_2And private keyPrikey_2Cipher key pair, any key pair public key and private key matching.
In the present invention, the certification to API Calls side and the certification to API provider are realized by the Encryption Algorithm of RSA.
In the present invention, since in 3des encryption and decryption, both sides need using identicalkeyEncryption and decryption operation can be carried out, Therefore it must have that an encryption and decryption both sides can obtain and the character string of need for confidentiality is as 3des'skey, in reality Operation in, when sequence number generally results from software package buying behavior and occurs, what API Calls side and API provider can arrange One random string belongs to secret letter only to both parties as it can be seen that not to outside disclosure as sequence number, the value of the character string Breath, suitable for being designated as check keykey
Step 2:API called side and API provider exchange public key;API Calls side obtainsPubkey_2, API provider obtains ?Pubkey_1
In the step 2, the approach of API Calls side and API provider's exchange public key includes exchange files.
In the present invention, the purpose for exchanging public key be the data that provide for the public key for using other side to provide to this software package into Row encryption allows other side to be decrypted using the corresponding private key of one's own side then when data are sent to other side.
Step 3:API called side generates identifying coderandomVerify_1, with check keykeyPrimary encryption is carried out to obtain Encryption dataV 1 , withPubkey_2It is rightV 1 With enter parameter evidencedataInSecondary encryption is carried out, encryption data is obtainedV 2 , willV 2 It sends To API provider.
In the step 3, check keykeyIt is encrypted with 3des to identifying coderandomVerify_1Primary encryption is carried out, Obtain encryption dataV 1
In the step 3,Pubkey_2With rsa encryption pairV 1 With enter parameter evidencedataInSecondary encryption is carried out, is added Ciphertext dataV 2
In the present invention, realize by RSA and 3des Encryption Algorithm to the certification of API Calls side and to API provider's Certification.
In the present invention, to identifying coderandomVerify_1With check keykeyPrimary encryption is carried out, i.e., will entirely be called A part in information switchs to the content that only API Calls side and API provider can just be confirmed each other, then by encryption dataV 1 With enter parameter evidencedataInWith the public key of API providerPubkey_2Secondary encryption is carried out, ensure that the safety of API Calls information Reliably.
Step 4:API provider withPrikey_2It is rightV 2 It is once decrypted, is obtainedV 1 With enter parameter evidencedataIn, with school Test keykeyIt is rightV 1 Secondary decryption is carried out, code is verifiedrandomVerify_1With enter parameter evidencedataIn;Prepare parameter out According todataOut
In the present invention, API provider is decrypted information with the private key of itself, this decryption is that RSA is decrypted, due toPrikey_2WithPubkey_2In pairs, it therefore obtainsV 1 With enter parameter evidencedataIn, then again with the check key of mutual concessionkey It is rightV 1 Secondary decryption is carried out, the confirmation to API Calls side is completed, ensure that the safe and reliable of the called information of API.
Step 5:API provider generates identifying coderandomVerify_2, with check keykeyPrimary encryption is carried out to obtain Encryption dataV 3 , withPubkey_1It is rightV 3 Parameter evidence outdataOutSecondary encryption is carried out, encryption data is obtainedV 4 , willV 4 It sends To API Calls side.
In the step 5, check keykeyIt is encrypted with 3des to identifying coderandomVerify_2Primary encryption is carried out, Obtain encryption dataV 3
In the step 5,Pubkey_1With rsa encryption pairV 3 Parameter evidence outdataOutSecondary encryption is carried out, is added Ciphertext dataV 4
Step 6:API called side withPrikey_1It is rightV 4 It is once decrypted, is obtainedV 3 Parameter evidence outdataOut, with school Test keykeyIt is rightV 3 Secondary decryption is carried out, code is verifiedrandomVerify_2Parameter evidence outdataOut;Complete API tune With.
In the present invention, in step 5 and step 6, parameter evidence outdataOutEncryption and decryption principle with enter parameter evidencedataInEncryption and decryption principle.
The present invention generates the key pair comprising public key and private key by API Calls side and API provider respectively and arranges school Key is tested, API Calls side and API provider exchange public key, and API Calls side generates identifying code and once add with check key It is close to obtain encryption data, parameter to encryption data and is entered according to secondary encryption with the public key of API provider, obtained data are sent To API provider, API provider once decrypts data with private key, obtains encryption data and enters parameter evidence, with check key pair The secondary decryption reduction recalls information of encryption data simultaneously prepares parameter evidence out, and parameter out is sent to according to encryption in the same way API Calls side, API Calls side mutually cope with the data deciphering received, obtain recalls information.The present invention is put forth effort on to function call Encryption and certification, can be with effective solution the problems of the prior art, it is ensured that are correct users using the API in software package And user uses the API in correct software package, the provider and user for software package have safeguard protection, together When bring lesser time efficiency to be lost.

Claims (8)

1. a kind of API secure calling method of dynamic base, it is characterised in that: the described method comprises the following steps:
It includes public key that step 1:API called side, which generates,Pubkey_1And private keyPrikey_1Key pair;API provider generates packet Containing public keyPubkey_2And private keyPrikey_2Key pair;API Calls side and API provider arrange check keykey
Step 2:API called side and API provider exchange public key;API Calls side obtainsPubkey_2, API provider's acquisitionPubkey_1
Step 3:API called side generates identifying coderandomVerify_1, with check keykeyPrimary encryption is carried out to be encrypted DataV 1 , withPubkey_2It is rightV 1 With enter parameter evidencedataInSecondary encryption is carried out, encryption data is obtainedV 2 , willV 2 It is sent to API Provider;
Step 4:API provider withPrikey_2It is rightV 2 It is once decrypted, is obtainedV 1 With enter parameter evidencedataIn, close to verify KeykeyIt is rightV 1 Secondary decryption is carried out, code is verifiedrandomVerify_1With enter parameter evidencedataIn;Prepare parameter evidence outdataOut
Step 5:API provider generates identifying coderandomVerify_2, with check keykeyPrimary encryption is carried out to be encrypted DataV 3 , withPubkey_1It is rightV 3 Parameter evidence outdataOutSecondary encryption is carried out, encryption data is obtainedV 4 , willV 4 It is sent to API Calls side;
Step 6:API called side withPrikey_1It is rightV 4 It is once decrypted, is obtainedV 3 Parameter evidence outdataOut, close to verify KeykeyIt is rightV 3 Secondary decryption is carried out, code is verifiedrandomVerify_2Parameter evidence outdataOut;Complete API Calls.
2. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 1, API Calls side includes public keyPubkey_1And private keyPrikey_1Key pair generated according to the RSA format of standard, API mentions Supplier's includes public keyPubkey_2And private keyPrikey_2Key pair according to standard RSA format generate.
3. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 1, Check keykeyThe sequence number arranged for API Calls side and API provider.
4. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 2, It includes exchange files that API Calls side and API provider, which exchange the approach of public key,.
5. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 3, Check keykeyIt is encrypted with 3des to identifying coderandomVerify_1Primary encryption is carried out, encryption data is obtainedV 1
6. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 3,Pubkey_2With rsa encryption pairV 1 With enter parameter evidencedataInSecondary encryption is carried out, encryption data is obtainedV 2
7. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 5, Check keykeyIt is encrypted with 3des to identifying coderandomVerify_2Primary encryption is carried out, encryption data is obtainedV 3
8. a kind of API secure calling method of dynamic base according to claim 1, it is characterised in that: in the step 5,Pubkey_1With rsa encryption pairV 3 Parameter evidence outdataOutSecondary encryption is carried out, encryption data is obtainedV 4
CN201810680181.5A 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library Active CN108959962B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810680181.5A CN108959962B (en) 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810680181.5A CN108959962B (en) 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library

Publications (2)

Publication Number Publication Date
CN108959962A true CN108959962A (en) 2018-12-07
CN108959962B CN108959962B (en) 2021-04-09

Family

ID=64487244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810680181.5A Active CN108959962B (en) 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library

Country Status (1)

Country Link
CN (1) CN108959962B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992934A (en) * 2019-04-10 2019-07-09 苏州浪潮智能科技有限公司 A kind of response method, device, equipment and medium
CN111416788A (en) * 2019-01-04 2020-07-14 北京京东尚科信息技术有限公司 Method and device for preventing transmitted data from being tampered
CN114124557A (en) * 2021-11-30 2022-03-01 袁林英 Information security access control method based on big data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130097713A1 (en) * 2011-10-18 2013-04-18 Salesforce.Com, Inc. Generation of a human readable output message in a format that is unreadable by a computer-based device
CN103117851A (en) * 2011-11-17 2013-05-22 银视通信息科技有限公司 Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI)
CN104506486A (en) * 2014-11-15 2015-04-08 北京锐安科技有限公司 Software service interface calling method and system with high security levels
CN105187372A (en) * 2015-06-09 2015-12-23 深圳市腾讯计算机系统有限公司 Method for data processing based on mobile application entrance, device and system
CN105282239A (en) * 2015-09-17 2016-01-27 浪潮(北京)电子信息产业有限公司 Encryption method and system based on Web Service

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130097713A1 (en) * 2011-10-18 2013-04-18 Salesforce.Com, Inc. Generation of a human readable output message in a format that is unreadable by a computer-based device
CN103117851A (en) * 2011-11-17 2013-05-22 银视通信息科技有限公司 Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI)
CN104506486A (en) * 2014-11-15 2015-04-08 北京锐安科技有限公司 Software service interface calling method and system with high security levels
CN105187372A (en) * 2015-06-09 2015-12-23 深圳市腾讯计算机系统有限公司 Method for data processing based on mobile application entrance, device and system
CN105282239A (en) * 2015-09-17 2016-01-27 浪潮(北京)电子信息产业有限公司 Encryption method and system based on Web Service

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111416788A (en) * 2019-01-04 2020-07-14 北京京东尚科信息技术有限公司 Method and device for preventing transmitted data from being tampered
CN111416788B (en) * 2019-01-04 2023-08-08 北京京东尚科信息技术有限公司 Method and device for preventing transmission data from being tampered
CN109992934A (en) * 2019-04-10 2019-07-09 苏州浪潮智能科技有限公司 A kind of response method, device, equipment and medium
CN114124557A (en) * 2021-11-30 2022-03-01 袁林英 Information security access control method based on big data

Also Published As

Publication number Publication date
CN108959962B (en) 2021-04-09

Similar Documents

Publication Publication Date Title
CN103812871B (en) Development method and system based on mobile terminal application program security application
CN103679062B (en) Intelligent electric meter main control chip and security encryption method
CN107046531B (en) Data processing method and system for accessing data of monitoring terminal to power information network
CN106656503B (en) Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device
CN107766724A (en) A kind of construction method of trusted computer platform software stack function structure
CN106304074B (en) Auth method and system towards mobile subscriber
CN101344906B (en) Sectional type remote updating method
CN105162797B (en) A kind of mutual authentication method based on video monitoring system
CN105072125B (en) A kind of http communication system and method
CN108418691A (en) Dynamic network identity identifying method based on SGX
CN101897211A (en) Migration of computer secrets
CN109960903A (en) A kind of method, apparatus, electronic equipment and storage medium that application is reinforced
CN109194625A (en) A kind of client application guard method, device and storage medium based on cloud server
CN104579680B (en) A kind of method of secure distribution seed
CN102647279B (en) Encryption method, encrypted card, terminal equipment and interlocking of phone and card device
CN104322003A (en) Cryptographic authentication and identification method using real-time encryption
CN106603487A (en) Method for safe improvement of TLS protocol processing based on CPU space-time isolation mechanism
CN106452764A (en) Method for automatically updating identification private key and password system
CN108959962A (en) A kind of API secure calling method of dynamic base
CN111859446A (en) Agricultural product traceability information sharing-privacy protection method and system
CN106850517A (en) A kind of method, apparatus and system for solving intranet and extranet repeat logon
CN111435390A (en) Safety protection method for operation and maintenance tool of power distribution terminal
CN112653719A (en) Automobile information safety storage method and device, electronic equipment and storage medium
CN104506480A (en) Cross-domain access control method and system based on marking and auditing combination
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20181207

Assignee: Hangzhou Anheng Information Security Technology Co., Ltd

Assignor: Hangzhou Anheng Information Technology Co.,Ltd.

Contract record no.: X2021330000118

Denomination of invention: API safe calling method of dynamic library

Granted publication date: 20210409

License type: Common License

Record date: 20210823