CN108959962B - API (application programming interface) secure calling method of dynamic library - Google Patents

API (application programming interface) secure calling method of dynamic library Download PDF

Info

Publication number
CN108959962B
CN108959962B CN201810680181.5A CN201810680181A CN108959962B CN 108959962 B CN108959962 B CN 108959962B CN 201810680181 A CN201810680181 A CN 201810680181A CN 108959962 B CN108959962 B CN 108959962B
Authority
CN
China
Prior art keywords
api
key
encryption
parameter data
pubkey
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810680181.5A
Other languages
Chinese (zh)
Other versions
CN108959962A (en
Inventor
李华生
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201810680181.5A priority Critical patent/CN108959962B/en
Publication of CN108959962A publication Critical patent/CN108959962A/en
Application granted granted Critical
Publication of CN108959962B publication Critical patent/CN108959962B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an API (application program interface) safe calling method of a dynamic library, which comprises the steps of respectively generating a key pair comprising a public key and a private key by a calling party and a providing party, agreeing on a verification key, exchanging the public keys by the calling party and the providing party, generating a verification code by the calling party and carrying out primary encryption by the verification key, sending obtained encrypted data and input parameter data to the providing party after secondary encryption by the public key of the providing party, carrying out primary decryption on the data by the providing party by using the private key to obtain the encrypted data and the input parameter data, carrying out secondary decryption on the encrypted data by using the verification key to restore calling information and prepare parameter data, encrypting and sending the output parameter data to the calling party according to the same method. The invention focuses on encryption and authentication of function call, effectively solves the problems in the prior art, ensures that a correct user uses the API in the software package and the user uses the API in the correct software package, has safety protection for both a provider and a user, and brings less time efficiency loss.

Description

API (application programming interface) secure calling method of dynamic library
Technical Field
The invention relates to the technical field of secret or safe communication devices, in particular to an API (application program interface) safe calling method of a dynamic library, which can prevent a software package from being tampered or illegally used and protect the benefits and safety of two parties calling the API.
Background
Modern large-scale software systems comprise various software packages, functions in the software packages are usually realized in the form of API calls, and the software packages form an organic whole through a bidirectional API call relation. However, there are at least two unsafe scenarios for such conventional calls: firstly, the software package itself can be intercepted or tampered, and the use of the tampered APIs can bring unpredictable results; secondly, the user may be an illegal user, and a user who does not pay or other illegal users may use the API in the software package to call and complete a certain function, so as to achieve a certain purpose, thereby causing economic loss or creating legal dispute for the software package provider.
In the prior art, RESTful is mostly adopted in software integration schemes, a set of design principles and constraint conditions are provided, messages are interacted, and an interaction process is protected through an https security protocol. However, the disadvantages of protecting the RESTful interface through https include:
(1) protection of API interactions through native LIB libraries cannot be supported;
(2) https can only protect the message itself, but cannot encrypt critical data twice;
(3) https consumes a lot of energy, and is poor in time performance when repeatedly called by a local interface.
The above disadvantage results in the poor applicability of https-style interface protection in the context of local API calls delivered in dynamic library form.
Disclosure of Invention
The technical problem solved by the invention is that the protection of the RESTful interface through https in the prior art has certain defects, therefore, the invention provides an optimized API safe calling method of a dynamic library, effectively solves the defects in the prior art, has safe protection for both a provider and a user of a software package, and brings small time efficiency loss.
The technical scheme adopted by the invention is that the API safe calling method of the dynamic library comprises the following steps:
step 1: API caller generation including public keyPubkey_1And a private keyPrikey_1The key pair of (1); API provider generation including public keyPubkey_2And a private keyPrikey_2The key pair of (1); API caller and API provider agree on a verification keykey
Step 2: exchanging public keys by an API caller and an API provider; API caller getPubkey_2API provider acquisitionPubkey_1
And step 3: API caller generates verification coderandomVerify_1To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 1 To do so byPubkey_2To pairV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 Will beV 2 Sending the data to an API provider;
and 4, step 4: API providing party withPrikey_2To pairV 2 Performing decryption once to obtainV 1 And enter the parameter datadataInTo verify the secret keykeyTo pairV 1 Carrying out secondary decryption to obtain the verification coderandomVerify_1And enter the parameter datadataIn(ii) a Prepare out the parameter datadataOut
And 5: API provider generates verification coderandomVerify_2To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 3 To do so byPubkey_1To pairV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 Will beV 4 Sending the data to an API caller;
step 6: API caller withPrikey_1To pairV 4 Performing decryption once to obtainV 3 And give out parameter datadataOutTo verify the secret keykeyTo pairV 3 Carrying out secondary decryption to obtain the verification coderandomVerify_2And give out parameter datadataOut(ii) a The API call is completed.
Preferably, in step 1, the API caller includes a public keyPubkey_1And a private keyPrikey_1Is generated according to a standard RSA format, and the API provider contains a public keyPubkey_2And a private keyPrikey_2Is generated according to the standard RSA format.
Preferably, in step 1, the key is verifiedkeyA sequence number agreed upon for the API caller and the API provider.
Preferably, in step 2, the way for the API caller and the API provider to exchange the public key includes file exchange.
Preferably, in the step 3, the key is verifiedkeyEncrypting the verification code by 3desrandomVerify_1Performing primary encryption to obtain encrypted dataV 1
Preferably, in the step 3,Pubkey_2with RSA encryption pairsV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2
Preferably, in the step 5, the key is verifiedkeyEncrypting the verification code by 3desrandomVerify_2Performing primary encryption to obtain encrypted dataV 3
Preferably, in the step 5,Pubkey_1with RSA encryption pairsV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4
The invention provides an optimized dynamic library security API calling method, which comprises the steps that an API calling party and an API providing party respectively generate a key pair containing a public key and a private key and agree on a verification key, the API calling party and the API providing party exchange the public keys, the API calling party generates a verification code and carries out primary encryption by using the verification key to obtain encrypted data, the public key of the API providing party carries out secondary encryption on the encrypted data and input parameter data, the obtained data is sent to the API providing party, the API providing party carries out primary decryption on the data by using the private key to obtain the encrypted data and the input parameter data, the verification key carries out secondary decryption on the encrypted data to restore calling information and prepare parameter data, the output parameter data is encrypted and sent to the API calling party in the same mode, and the API calling party correspondingly decrypts the received data to obtain calling information. The invention focuses on encryption and authentication of function call, can effectively solve the problems in the prior art, ensures that the correct user uses the API in the software package and the user uses the API in the correct software package, has safety protection for the provider and the user of the software package, and brings less time efficiency loss.
Detailed Description
The present invention is described in further detail with reference to the following examples, but the scope of the present invention is not limited thereto.
The invention relates to an API safe calling method of a dynamic library, in the actual operation, because the calling of the API is respectively expanded among software packages, namely the software packages can provide the API for other software packages to call, and other software packages also provide the API for the former to call, the working process of calling the safe API is not changed along with the identity change of a caller or the callee.
The method comprises the following steps.
Step 1: API callerGenerating a containing public keyPubkey_1And a private keyPrikey_1The key pair of (1); API provider generation including public keyPubkey_2And a private keyPrikey_2The key pair of (1); API caller and API provider agree on a verification keykey
In step 1, the API caller includes a public keyPubkey_1And a private keyPrikey_1Is generated according to a standard RSA format, and the API provider contains a public keyPubkey_2And a private keyPrikey_2Is generated according to the standard RSA format.
In step 1, the key is checkedkeyA sequence number agreed upon for the API caller and the API provider.
In the present invention, the public keyPubkey_1And a private keyPrikey_1In a key pair of (1), a public keyPubkey_2And a private keyPrikey_2The public key and the private key of any key pair are matched.
In the invention, the authentication of the API caller and the authentication of the API provider are realized by the encryption algorithm of the RSA.
In the invention, because 3des encryption and decryption, the same encryption and decryption are needed by both partieskeyCan perform encryption and decryption operations, so that it is necessary to have a character string which can be obtained by both encryption and decryption and needs to be kept secret as 3deskeyIn actual operation, when the serial number is generated when the software package purchase action occurs, the API caller and the API provider can agree to use a random character string as the serial number, the value of the character string is only visible to the buyer and the seller, is not disclosed to the outside, belongs to secret information, and is suitable for being designated as the verification keykey
Step 2: exchanging public keys by an API caller and an API provider; API caller getPubkey_2API provider acquisitionPubkey_1
In step 2, the way for exchanging the public key between the API caller and the API provider includes file exchange.
In the invention, the purpose of exchanging the public key is to encrypt the data provided by the software package by using the public key provided by the other party, and then when the data is sent to the other party, the other party is allowed to decrypt by using the private key corresponding to the other party.
And step 3: API caller generates verification coderandomVerify_1To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 1 To do so byPubkey_2To pairV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 Will beV 2 And sending the data to an API provider.
In said step 3, the key is checkedkeyEncrypting the verification code by 3desrandomVerify_1Performing primary encryption to obtain encrypted dataV 1
In the step 3, the step of processing the image,Pubkey_2with RSA encryption pairsV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2
In the invention, the authentication of the API caller and the authentication of the API provider are realized by means of RSA and 3des encryption algorithms.
In the invention, the verification code is verifiedrandomVerify_1To verify the secret keykeyPerforming encryption once, namely converting a part of the whole calling information into content which can be mutually confirmed only by an API caller and an API provider, and then encrypting the dataV 1 And enter the parameter datadataInPublic key with API providerPubkey_2And the secondary encryption is carried out, so that the safety and the reliability of API calling information are ensured.
And 4, step 4: API providing party withPrikey_2To pairV 2 Performing decryption once to obtainV 1 And enter the parameter datadataInTo verify the secret keykeyTo pairV 1 Carrying out secondary decryption to obtain the verification coderandomVerify_1And enter the parameter datadataIn(ii) a Prepare out the parameter datadataOut
In the invention, the API provider decrypts the information by using the private key of the API provider, and the decryption is RSA decryption because the decryption is carried out by using the private key of the API providerPrikey_2AndPubkey_2in pairs, thus obtainingV 1 And enter the parameter datadataInThen checking the key with both sides' approvalkeyTo pairV 1 And the secondary decryption is carried out to finish the confirmation of the API calling party, so that the safety and the reliability of the called information of the API are ensured.
And 5: API provider generates verification coderandomVerify_2To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 3 To do so byPubkey_1To pairV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 Will beV 4 And sending the data to an API caller.
In said step 5, the key is checkedkeyEncrypting the verification code by 3desrandomVerify_2Performing primary encryption to obtain encrypted dataV 3
In the step 5, the step of processing the image,Pubkey_1with RSA encryption pairsV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4
Step 6: API caller withPrikey_1To pairV 4 Performing decryption once to obtainV 3 And give out parameter datadataOutTo verify the secret keykeyTo pairV 3 Carrying out secondary decryption to obtain the verification coderandomVerify_2And give out parameter datadataOut(ii) a The API call is completed.
In the invention, in step 5 and step 6, the parameter data is obtaineddataOutThe principle of encryption and decryption is identical to the parameter datadataInThe principle of encryption and decryption.
The method comprises the steps that a key pair comprising a public key and a private key is respectively generated by an API (application program interface) caller and an API provider and a verification key is agreed, the API caller and the API provider exchange the public keys, the API caller generates a verification code and encrypts the verification key for the first time to obtain encrypted data, the public key of the API provider encrypts the encrypted data and input parameter data for the second time, the obtained data is sent to the API provider, the API provider decrypts the data for the first time by the private key to obtain the encrypted data and the input parameter data, the verification key decrypts the encrypted data for the second time to restore calling information and prepares parameter data, the output parameter data is encrypted and sent to the API caller in the same mode, and the API caller decrypts the received data correspondingly to obtain the calling information. The invention focuses on encryption and authentication of function call, can effectively solve the problems in the prior art, ensures that the correct user uses the API in the software package and the user uses the API in the correct software package, has safety protection for the provider and the user of the software package, and brings less time efficiency loss.

Claims (5)

1. An API security calling method of a dynamic library is characterized in that: the method comprises the following steps:
step 1: API caller generation including public keyPubkey_1And a private keyPrikey_1The key pair of (1); API provider generation including public keyPubkey_2And a private keyPrikey_2The key pair of (1); API caller and API provider agree on a verification keykey(ii) a In step 1, the key is checkedkeyA serial number agreed for an API caller and an API provider;
step 2: exchanging public keys by an API caller and an API provider; API caller getPubkey_2API provider acquisitionPubkey_1
And step 3: API caller generates verification coderandomVerify_1Checking the secret keykeyCarrying out primary encryption by 3des encryption to obtain encrypted dataV 1 Pubkey_2With RSA encryption pairsV 1 And enter the parameter datadataInPerforming secondary encryption to obtain encrypted dataV 2 Will beV 2 Sending the data to an API provider;
and 4, step 4: API providing party withPrikey_2To pairV 2 Performing decryption once to obtainV 1 And enter the parameter datadataInTo verify the secret keykeyTo pairV 1 Carrying out secondary decryption to obtain the verification coderandomVerify_1And enter the parameter datadataIn(ii) a Prepare out the parameter datadataOut
And 5: API provider generates verification coderandomVerify_2To verify the secret keykeyCarrying out primary encryption to obtain encrypted dataV 3 To do so byPubkey_1To pairV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4 Will beV 4 Sending the data to an API caller;
step 6: API caller withPrikey_1To pairV 4 Performing decryption once to obtainV 3 And give out parameter datadataOutTo verify the secret keykeyTo pairV 3 Carrying out secondary decryption to obtain the verification coderandomVerify_2And give out parameter datadataOut(ii) a The API call is completed.
2. The API secure calling method of a dynamic library according to claim 1, wherein: in step 1, the API caller includes a public keyPubkey_1And a private keyPrikey_1Is generated according to a standard RSA format, and the API provider contains a public keyPubkey_2And a private keyPrikey_2Is generated according to the standard RSA format.
3. The API secure calling method of a dynamic library according to claim 1, wherein: in step 2, the way for exchanging the public key between the API caller and the API provider includes file exchange.
4. The API secure calling method of a dynamic library according to claim 1, wherein: in said step 5, the key is checkedkeyEncrypting the verification code by 3desrandomVerify_2Performing primary encryption to obtain encrypted dataV 3
5. The API secure calling method of a dynamic library according to claim 1, wherein: in the step 5, the step of processing the image,Pubkey_1with RSA encryption pairsV 3 And give out parameter datadataOutPerforming secondary encryption to obtain encrypted dataV 4
CN201810680181.5A 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library Active CN108959962B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810680181.5A CN108959962B (en) 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810680181.5A CN108959962B (en) 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library

Publications (2)

Publication Number Publication Date
CN108959962A CN108959962A (en) 2018-12-07
CN108959962B true CN108959962B (en) 2021-04-09

Family

ID=64487244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810680181.5A Active CN108959962B (en) 2018-06-27 2018-06-27 API (application programming interface) secure calling method of dynamic library

Country Status (1)

Country Link
CN (1) CN108959962B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111416788B (en) * 2019-01-04 2023-08-08 北京京东尚科信息技术有限公司 Method and device for preventing transmission data from being tampered
CN109992934A (en) * 2019-04-10 2019-07-09 苏州浪潮智能科技有限公司 A kind of response method, device, equipment and medium
CN114124557A (en) * 2021-11-30 2022-03-01 袁林英 Information security access control method based on big data

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8839448B2 (en) * 2011-10-18 2014-09-16 Salesforce.Com, Inc. Generation of a human readable output message in a format that is unreadable by a computer-based device
CN103117851A (en) * 2011-11-17 2013-05-22 银视通信息科技有限公司 Encryption control method and device capable of achieving tamper-proofing and repudiation-proofing by means of public key infrastructure (PKI)
CN104506486B (en) * 2014-11-15 2018-04-27 北京锐安科技有限公司 A kind of the software service interface call method and system of cross-platform, across language high safety rank
CN105187372B (en) * 2015-06-09 2018-05-18 深圳市腾讯计算机系统有限公司 A kind of data processing method based on mobile application entrance, device and system
CN105282239A (en) * 2015-09-17 2016-01-27 浪潮(北京)电子信息产业有限公司 Encryption method and system based on Web Service

Also Published As

Publication number Publication date
CN108959962A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
US10305688B2 (en) Method, apparatus, and system for cloud-based encryption machine key injection
CN108513704B (en) Remote distribution method and system of terminal master key
CN111464301B (en) Key management method and system
CN109412812B (en) Data security processing system, method, device and storage medium
CN105704690B (en) The method and system of the hidden close communication of short message based on hand-set digit fingerprint authentication
CN102957708B (en) Application encrypting and decrypting method, server and terminal
CN108323230B (en) Method for transmitting key, receiving terminal and distributing terminal
CN108959962B (en) API (application programming interface) secure calling method of dynamic library
WO2015158172A1 (en) User identity identification card
CN111625791B (en) Key management method and system based on software cryptographic module
TW201201041A (en) Data security method and system
CN103560892A (en) Secret key generation method and secret key generation device
US20210334356A1 (en) Authentication credential protection method and system
CN104268447A (en) Encryption method of embedded software
WO2023240866A1 (en) Cipher card and root key protection method therefor, and computer readable storage medium
CN114567470B (en) SDK-based multi-system key splitting verification system and method
CN112865965B (en) Train service data processing method and system based on quantum key
CN112737783B (en) Decryption method and device based on SM2 elliptic curve
CN100561913C (en) A kind of method of access code equipment
CN116707778A (en) Data hybrid encryption transmission method and device and electronic equipment
CN111542050B (en) TEE-based method for guaranteeing remote initialization safety of virtual SIM card
CN103825740B (en) A kind of mobile terminal payment password Transmission system and method
CN114244501A (en) Power data privacy protection system and implementation method thereof, and encryption attribute revocation method
CN108323231B (en) Method for transmitting key, receiving terminal and distributing terminal
CN108184230B (en) System and method for realizing encryption of soft SIM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20181207

Assignee: Hangzhou Anheng Information Security Technology Co., Ltd

Assignor: Hangzhou Anheng Information Technology Co.,Ltd.

Contract record no.: X2021330000118

Denomination of invention: API safe calling method of dynamic library

Granted publication date: 20210409

License type: Common License

Record date: 20210823