CN108959962B - API (application programming interface) secure calling method of dynamic library - Google Patents
API (application programming interface) secure calling method of dynamic library Download PDFInfo
- Publication number
- CN108959962B CN108959962B CN201810680181.5A CN201810680181A CN108959962B CN 108959962 B CN108959962 B CN 108959962B CN 201810680181 A CN201810680181 A CN 201810680181A CN 108959962 B CN108959962 B CN 108959962B
- Authority
- CN
- China
- Prior art keywords
- api
- key
- encryption
- parameter data
- pubkey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an API (application program interface) safe calling method of a dynamic library, which comprises the steps of respectively generating a key pair comprising a public key and a private key by a calling party and a providing party, agreeing on a verification key, exchanging the public keys by the calling party and the providing party, generating a verification code by the calling party and carrying out primary encryption by the verification key, sending obtained encrypted data and input parameter data to the providing party after secondary encryption by the public key of the providing party, carrying out primary decryption on the data by the providing party by using the private key to obtain the encrypted data and the input parameter data, carrying out secondary decryption on the encrypted data by using the verification key to restore calling information and prepare parameter data, encrypting and sending the output parameter data to the calling party according to the same method. The invention focuses on encryption and authentication of function call, effectively solves the problems in the prior art, ensures that a correct user uses the API in the software package and the user uses the API in the correct software package, has safety protection for both a provider and a user, and brings less time efficiency loss.
Description
Technical Field
The invention relates to the technical field of secret or safe communication devices, in particular to an API (application program interface) safe calling method of a dynamic library, which can prevent a software package from being tampered or illegally used and protect the benefits and safety of two parties calling the API.
Background
Modern large-scale software systems comprise various software packages, functions in the software packages are usually realized in the form of API calls, and the software packages form an organic whole through a bidirectional API call relation. However, there are at least two unsafe scenarios for such conventional calls: firstly, the software package itself can be intercepted or tampered, and the use of the tampered APIs can bring unpredictable results; secondly, the user may be an illegal user, and a user who does not pay or other illegal users may use the API in the software package to call and complete a certain function, so as to achieve a certain purpose, thereby causing economic loss or creating legal dispute for the software package provider.
In the prior art, RESTful is mostly adopted in software integration schemes, a set of design principles and constraint conditions are provided, messages are interacted, and an interaction process is protected through an https security protocol. However, the disadvantages of protecting the RESTful interface through https include:
(1) protection of API interactions through native LIB libraries cannot be supported;
(2) https can only protect the message itself, but cannot encrypt critical data twice;
(3) https consumes a lot of energy, and is poor in time performance when repeatedly called by a local interface.
The above disadvantage results in the poor applicability of https-style interface protection in the context of local API calls delivered in dynamic library form.
Disclosure of Invention
The technical problem solved by the invention is that the protection of the RESTful interface through https in the prior art has certain defects, therefore, the invention provides an optimized API safe calling method of a dynamic library, effectively solves the defects in the prior art, has safe protection for both a provider and a user of a software package, and brings small time efficiency loss.
The technical scheme adopted by the invention is that the API safe calling method of the dynamic library comprises the following steps:
step 1: API caller generation including public keyPubkey_1And a private keyPrikey_1The key pair of (1); API provider generation including public keyPubkey_2And a private keyPrikey_2The key pair of (1); API caller and API provider agree on a verification keykey;
Step 2: exchanging public keys by an API caller and an API provider; API caller getPubkey_2API provider acquisitionPubkey_1;
And step 3: API caller generates verification coderandomVerify_1To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 1 To do so byPubkey_2To pairV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 Will beV 2 Sending the data to an API provider;
and 4, step 4: API providing party withPrikey_2To pairV 2 Performing decryption once to obtainV 1 And enter the parameter datadataInTo verify the secret keykeyTo pairV 1 Carrying out secondary decryption to obtain the verification coderandomVerify_1And enter the parameter datadataIn(ii) a Prepare out the parameter datadataOut;
And 5: API provider generates verification coderandomVerify_2To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 3 To do so byPubkey_1To pairV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 Will beV 4 Sending the data to an API caller;
step 6: API caller withPrikey_1To pairV 4 Performing decryption once to obtainV 3 And give out parameter datadataOutTo verify the secret keykeyTo pairV 3 Carrying out secondary decryption to obtain the verification coderandomVerify_2And give out parameter datadataOut(ii) a The API call is completed.
Preferably, in step 1, the API caller includes a public keyPubkey_1And a private keyPrikey_1Is generated according to a standard RSA format, and the API provider contains a public keyPubkey_2And a private keyPrikey_2Is generated according to the standard RSA format.
Preferably, in step 1, the key is verifiedkeyA sequence number agreed upon for the API caller and the API provider.
Preferably, in step 2, the way for the API caller and the API provider to exchange the public key includes file exchange.
Preferably, in the step 3, the key is verifiedkeyEncrypting the verification code by 3desrandomVerify_1Performing primary encryption to obtain encrypted dataV 1 。
Preferably, in the step 3,Pubkey_2with RSA encryption pairsV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 。
Preferably, in the step 5, the key is verifiedkeyEncrypting the verification code by 3desrandomVerify_2Performing primary encryption to obtain encrypted dataV 3 。
Preferably, in the step 5,Pubkey_1with RSA encryption pairsV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 。
The invention provides an optimized dynamic library security API calling method, which comprises the steps that an API calling party and an API providing party respectively generate a key pair containing a public key and a private key and agree on a verification key, the API calling party and the API providing party exchange the public keys, the API calling party generates a verification code and carries out primary encryption by using the verification key to obtain encrypted data, the public key of the API providing party carries out secondary encryption on the encrypted data and input parameter data, the obtained data is sent to the API providing party, the API providing party carries out primary decryption on the data by using the private key to obtain the encrypted data and the input parameter data, the verification key carries out secondary decryption on the encrypted data to restore calling information and prepare parameter data, the output parameter data is encrypted and sent to the API calling party in the same mode, and the API calling party correspondingly decrypts the received data to obtain calling information. The invention focuses on encryption and authentication of function call, can effectively solve the problems in the prior art, ensures that the correct user uses the API in the software package and the user uses the API in the correct software package, has safety protection for the provider and the user of the software package, and brings less time efficiency loss.
Detailed Description
The present invention is described in further detail with reference to the following examples, but the scope of the present invention is not limited thereto.
The invention relates to an API safe calling method of a dynamic library, in the actual operation, because the calling of the API is respectively expanded among software packages, namely the software packages can provide the API for other software packages to call, and other software packages also provide the API for the former to call, the working process of calling the safe API is not changed along with the identity change of a caller or the callee.
The method comprises the following steps.
Step 1: API callerGenerating a containing public keyPubkey_1And a private keyPrikey_1The key pair of (1); API provider generation including public keyPubkey_2And a private keyPrikey_2The key pair of (1); API caller and API provider agree on a verification keykey。
In step 1, the API caller includes a public keyPubkey_1And a private keyPrikey_1Is generated according to a standard RSA format, and the API provider contains a public keyPubkey_2And a private keyPrikey_2Is generated according to the standard RSA format.
In step 1, the key is checkedkeyA sequence number agreed upon for the API caller and the API provider.
In the present invention, the public keyPubkey_1And a private keyPrikey_1In a key pair of (1), a public keyPubkey_2And a private keyPrikey_2The public key and the private key of any key pair are matched.
In the invention, the authentication of the API caller and the authentication of the API provider are realized by the encryption algorithm of the RSA.
In the invention, because 3des encryption and decryption, the same encryption and decryption are needed by both partieskeyCan perform encryption and decryption operations, so that it is necessary to have a character string which can be obtained by both encryption and decryption and needs to be kept secret as 3deskeyIn actual operation, when the serial number is generated when the software package purchase action occurs, the API caller and the API provider can agree to use a random character string as the serial number, the value of the character string is only visible to the buyer and the seller, is not disclosed to the outside, belongs to secret information, and is suitable for being designated as the verification keykey。
Step 2: exchanging public keys by an API caller and an API provider; API caller getPubkey_2API provider acquisitionPubkey_1。
In step 2, the way for exchanging the public key between the API caller and the API provider includes file exchange.
In the invention, the purpose of exchanging the public key is to encrypt the data provided by the software package by using the public key provided by the other party, and then when the data is sent to the other party, the other party is allowed to decrypt by using the private key corresponding to the other party.
And step 3: API caller generates verification coderandomVerify_1To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 1 To do so byPubkey_2To pairV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 Will beV 2 And sending the data to an API provider.
In said step 3, the key is checkedkeyEncrypting the verification code by 3desrandomVerify_1Performing primary encryption to obtain encrypted dataV 1 。
In the step 3, the step of processing the image,Pubkey_2with RSA encryption pairsV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 。
In the invention, the authentication of the API caller and the authentication of the API provider are realized by means of RSA and 3des encryption algorithms.
In the invention, the verification code is verifiedrandomVerify_1To verify the secret keykeyPerforming encryption once, namely converting a part of the whole calling information into content which can be mutually confirmed only by an API caller and an API provider, and then encrypting the dataV 1 And enter the parameter datadataInPublic key with API providerPubkey_2And the secondary encryption is carried out, so that the safety and the reliability of API calling information are ensured.
And 4, step 4: API providing party withPrikey_2To pairV 2 Performing decryption once to obtainV 1 And enter the parameter datadataInTo verify the secret keykeyTo pairV 1 Carrying out secondary decryption to obtain the verification coderandomVerify_1And enter the parameter datadataIn(ii) a Prepare out the parameter datadataOut。
In the invention, the API provider decrypts the information by using the private key of the API provider, and the decryption is RSA decryption because the decryption is carried out by using the private key of the API providerPrikey_2AndPubkey_2in pairs, thus obtainingV 1 And enter the parameter datadataInThen checking the key with both sides' approvalkeyTo pairV 1 And the secondary decryption is carried out to finish the confirmation of the API calling party, so that the safety and the reliability of the called information of the API are ensured.
And 5: API provider generates verification coderandomVerify_2To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 3 To do so byPubkey_1To pairV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 Will beV 4 And sending the data to an API caller.
In said step 5, the key is checkedkeyEncrypting the verification code by 3desrandomVerify_2Performing primary encryption to obtain encrypted dataV 3 。
In the step 5, the step of processing the image,Pubkey_1with RSA encryption pairsV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 。
Step 6: API caller withPrikey_1To pairV 4 Performing decryption once to obtainV 3 And give out parameter datadataOutTo verify the secret keykeyTo pairV 3 Carrying out secondary decryption to obtain the verification coderandomVerify_2And give out parameter datadataOut(ii) a The API call is completed.
In the invention, in step 5 and step 6, the parameter data is obtaineddataOutThe principle of encryption and decryption is identical to the parameter datadataInThe principle of encryption and decryption.
The method comprises the steps that a key pair comprising a public key and a private key is respectively generated by an API (application program interface) caller and an API provider and a verification key is agreed, the API caller and the API provider exchange the public keys, the API caller generates a verification code and encrypts the verification key for the first time to obtain encrypted data, the public key of the API provider encrypts the encrypted data and input parameter data for the second time, the obtained data is sent to the API provider, the API provider decrypts the data for the first time by the private key to obtain the encrypted data and the input parameter data, the verification key decrypts the encrypted data for the second time to restore calling information and prepares parameter data, the output parameter data is encrypted and sent to the API caller in the same mode, and the API caller decrypts the received data correspondingly to obtain the calling information. The invention focuses on encryption and authentication of function call, can effectively solve the problems in the prior art, ensures that the correct user uses the API in the software package and the user uses the API in the correct software package, has safety protection for the provider and the user of the software package, and brings less time efficiency loss.
Claims (5)
1. An API security calling method of a dynamic library is characterized in that: the method comprises the following steps:
step 1: API caller generation including public keyPubkey_1And a private keyPrikey_1The key pair of (1); API provider generation including public keyPubkey_2And a private keyPrikey_2The key pair of (1); API caller and API provider agree on a verification keykey(ii) a In step 1, the key is checkedkeyA serial number agreed for an API caller and an API provider;
step 2: exchanging public keys by an API caller and an API provider; API caller getPubkey_2API provider acquisitionPubkey_1;
And step 3: API caller generates verification coderandomVerify_1Checking the secret keykeyCarrying out primary encryption by 3des encryption to obtain encrypted dataV 1 ,Pubkey_2With RSA encryption pairsV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 Will beV 2 Sending the data to an API provider;
and 4, step 4: API providing party withPrikey_2To pairV 2 Performing decryption once to obtainV 1 And enter the parameter datadataInTo verify the secret keykeyTo pairV 1 Carrying out secondary decryption to obtain the verification coderandomVerify_1And enter the parameter datadataIn(ii) a Prepare out the parameter datadataOut;
And 5: API provider generates verification coderandomVerify_2To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 3 To do so byPubkey_1To pairV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 Will beV 4 Sending the data to an API caller;
step 6: API caller withPrikey_1To pairV 4 Performing decryption once to obtainV 3 And give out parameter datadataOutTo verify the secret keykeyTo pairV 3 Carrying out secondary decryption to obtain the verification coderandomVerify_2And give out parameter datadataOut(ii) a The API call is completed.
2. The API secure calling method of a dynamic library according to claim 1, wherein: in step 1, the API caller includes a public keyPubkey_1And a private keyPrikey_1Is generated according to a standard RSA format, and the API provider contains a public keyPubkey_2And a private keyPrikey_2Is generated according to the standard RSA format.
3. The API secure calling method of a dynamic library according to claim 1, wherein: in step 2, the way for exchanging the public key between the API caller and the API provider includes file exchange.
4. The API secure calling method of a dynamic library according to claim 1, wherein: in said step 5, the key is checkedkeyEncrypting the verification code by 3desrandomVerify_2Performing primary encryption to obtain encrypted dataV 3 。
5. The API secure calling method of a dynamic library according to claim 1, wherein: in the step 5, the step of processing the image,Pubkey_1with RSA encryption pairsV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810680181.5A CN108959962B (en) | 2018-06-27 | 2018-06-27 | API (application programming interface) secure calling method of dynamic library |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810680181.5A CN108959962B (en) | 2018-06-27 | 2018-06-27 | API (application programming interface) secure calling method of dynamic library |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108959962A CN108959962A (en) | 2018-12-07 |
CN108959962B true CN108959962B (en) | 2021-04-09 |
Family
ID=64487244
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810680181.5A Active CN108959962B (en) | 2018-06-27 | 2018-06-27 | API (application programming interface) secure calling method of dynamic library |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108959962B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111416788B (en) * | 2019-01-04 | 2023-08-08 | 北京京东尚科信息技术有限公司 | Method and device for preventing transmission data from being tampered |
CN109992934A (en) * | 2019-04-10 | 2019-07-09 | 苏州浪潮智能科技有限公司 | A kind of response method, device, equipment and medium |
CN114124557A (en) * | 2021-11-30 | 2022-03-01 | 袁林英 | Information security access control method based on big data |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8839448B2 (en) * | 2011-10-18 | 2014-09-16 | Salesforce.Com, Inc. | Generation of a human readable output message in a format that is unreadable by a computer-based device |
CN103117851A (en) * | 2011-11-17 | 2013-05-22 | 银视通信息科技有限公司 | Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI) |
CN104506486B (en) * | 2014-11-15 | 2018-04-27 | 北京锐安科技有限公司 | A kind of the software service interface call method and system of cross-platform, across language high safety rank |
CN105187372B (en) * | 2015-06-09 | 2018-05-18 | 深圳市腾讯计算机系统有限公司 | A kind of data processing method based on mobile application entrance, device and system |
CN105282239A (en) * | 2015-09-17 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Encryption method and system based on Web Service |
-
2018
- 2018-06-27 CN CN201810680181.5A patent/CN108959962B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN108959962A (en) | 2018-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10305688B2 (en) | Method, apparatus, and system for cloud-based encryption machine key injection | |
CN108513704B (en) | Remote distribution method and system of terminal master key | |
CN111464301B (en) | Key management method and system | |
CN109412812B (en) | Data security processing system, method, device and storage medium | |
CN105704690B (en) | The method and system of the hidden close communication of short message based on hand-set digit fingerprint authentication | |
CN102957708B (en) | Application encrypting and decrypting method, server and terminal | |
CN108323230B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
CN108959962B (en) | API (application programming interface) secure calling method of dynamic library | |
WO2015158172A1 (en) | User identity identification card | |
CN111625791B (en) | Key management method and system based on software cryptographic module | |
TW201201041A (en) | Data security method and system | |
CN103560892A (en) | Secret key generation method and secret key generation device | |
US20210334356A1 (en) | Authentication credential protection method and system | |
CN104268447A (en) | Encryption method of embedded software | |
WO2023240866A1 (en) | Cipher card and root key protection method therefor, and computer readable storage medium | |
CN114567470B (en) | SDK-based multi-system key splitting verification system and method | |
CN112865965B (en) | Train service data processing method and system based on quantum key | |
CN112737783B (en) | Decryption method and device based on SM2 elliptic curve | |
CN100561913C (en) | A kind of method of access code equipment | |
CN116707778A (en) | Data hybrid encryption transmission method and device and electronic equipment | |
CN111542050B (en) | TEE-based method for guaranteeing remote initialization safety of virtual SIM card | |
CN103825740B (en) | A kind of mobile terminal payment password Transmission system and method | |
CN114244501A (en) | Power data privacy protection system and implementation method thereof, and encryption attribute revocation method | |
CN108323231B (en) | Method for transmitting key, receiving terminal and distributing terminal | |
CN108184230B (en) | System and method for realizing encryption of soft SIM |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20181207 Assignee: Hangzhou Anheng Information Security Technology Co., Ltd Assignor: Hangzhou Anheng Information Technology Co.,Ltd. Contract record no.: X2021330000118 Denomination of invention: API safe calling method of dynamic library Granted publication date: 20210409 License type: Common License Record date: 20210823 |