CN114745119A - API (application program interface) message protection method and system, electronic equipment and storage medium - Google Patents

API (application program interface) message protection method and system, electronic equipment and storage medium Download PDF

Info

Publication number
CN114745119A
CN114745119A CN202210650062.1A CN202210650062A CN114745119A CN 114745119 A CN114745119 A CN 114745119A CN 202210650062 A CN202210650062 A CN 202210650062A CN 114745119 A CN114745119 A CN 114745119A
Authority
CN
China
Prior art keywords
key
terminal
information
matching
information interaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210650062.1A
Other languages
Chinese (zh)
Other versions
CN114745119B (en
Inventor
王柳一
赵磊
董玮
张锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ningxia Yuxing Aerospace Technology Co ltd
Original Assignee
Emposat Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Emposat Co Ltd filed Critical Emposat Co Ltd
Priority to CN202210650062.1A priority Critical patent/CN114745119B/en
Publication of CN114745119A publication Critical patent/CN114745119A/en
Application granted granted Critical
Publication of CN114745119B publication Critical patent/CN114745119B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention discloses an API interface message protection method, a system, electronic equipment and a storage medium, which relate to the technical field of information security interaction, and the method comprises the following steps: forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal; acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal; acquiring a corresponding key from a key table according to the key information; calculating the obtained key, and matching according to the calculation result; if the key matching is successful, the information interaction is carried out between the terminals, if the matching is unsuccessful, the information interaction is terminated, and meanwhile, the used key is abolished, and the key is sent as a calculated key result, so that the key cannot be obtained even if the key result is intercepted, and the security of the key is ensured; the used key is discarded, and the data loss caused by repeated utilization after leakage is avoided.

Description

API (application program interface) message protection method and system, electronic equipment and storage medium
Technical Field
The invention relates to the technical field of information security interaction, in particular to an API (application program interface) interface message protection method, an API interface message protection system, electronic equipment and a storage medium.
Background
The key is a parameter, which is input in an algorithm for converting a plaintext into a ciphertext or converting the ciphertext into the plaintext, and the security of data transmission can be protected through links such as key verification. In the current data transmission, a plurality of situations exist in which data is maliciously acquired by impersonating a data end. In order to confirm the authenticity of the identities of the transmitting and receiving parties and protect the data security of the transmitting and receiving parties during data transmission, steps such as key verification and the like are added before data transmission. However, many current key verifications adopt fixed-form keys, but verification methods are too traditional, and in such a case, the keys are easy to crack if leaked.
Disclosure of Invention
The embodiment of the invention aims to provide an API (application program interface) message protection method, an API message protection system, electronic equipment and a storage medium, which are used for solving the problems that in the prior art, a secret key form is fixed, a verification method is traditional, and the verification method is easy to crack.
In order to achieve the above object, an embodiment of the present invention further illustrates a technical solution through four aspects, and in a first aspect, provides an API interface message protection method, including the following steps:
forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal;
acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
acquiring a corresponding key from a key table according to the key information;
calculating the obtained key, and matching according to the calculation result;
if the key matching is successful, the information interaction is carried out between the terminals, if the matching is unsuccessful, the information interaction is terminated, and meanwhile, the used key is abolished.
With reference to the first aspect, a method for distributing a plurality of generated keys to a first terminal, a second terminal and a third terminal in different key tables includes the following steps:
generating a plurality of keys according to a key generation rule, and dividing the keys into a plurality of groups according to the number of terminals to form a key table;
and distributing the key table to each terminal, wherein the keys in each key table are not repeated.
With reference to the first aspect, the method for obtaining the key information of the other party before the information interaction between the first terminal, the second terminal and the third terminal includes the following steps:
before the information interaction of the first terminal, the second terminal and the third terminal, sending the key information of the first terminal, the second terminal and the third terminal to the terminal needing the information interaction;
the two interactive parties respectively receive the key information sent by the other party.
With reference to the first aspect, the key table includes a key table ID, a key sequence number, and a key, where the key sequence number corresponds to the key one to one;
the key information comprises a key table ID, a key sequence number, a check code and a key result, and the key result is obtained after operation according to the key and the check code.
With reference to the first aspect, the method for obtaining a corresponding key from a key table according to the key information includes the following steps:
before information interaction, firstly, key information of an interactive terminal needs to be acquired;
extracting a key table ID and a key sequence number from the key information;
searching a key table corresponding to the ID in a key database according to the ID of the key table;
finding out a corresponding key in a key table according to the key sequence number;
the key store is a repository for storing all key tables.
With reference to the first aspect, the method for calculating the obtained key and matching according to the calculation result includes the following steps:
performing joint calculation on the key searched in the key table and the acquired check code;
after the calculation is finished, comparing the calculation result with the obtained key result;
if the two results can correspond to each other, the matching is successful, otherwise, the matching is unsuccessful.
With reference to the first aspect, if the key matching is successful, the terminals perform information interaction, and if the key matching is unsuccessful, the information interaction is terminated, and the method for revoking the used key includes the following steps:
after the key matching is successful, information interaction is carried out between the successfully matched terminals;
both interactive parties delete or lock the used key in the key table and keep the key serial numbers of other keys unchanged;
and if the matching is unsuccessful, terminating the information interaction.
In a second aspect, an API interface message protection system is provided, where the system includes:
the key distribution module: the key distribution system is used for forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal;
the first key acquisition module is used for acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
the second key obtaining module is used for obtaining a corresponding key from a key table according to the key information;
the key calculation module is used for calculating the acquired key and matching according to the calculation result;
and the key processing module is used for judging whether the key matching is successful or not, carrying out information interaction between the terminals if the key matching is successful, terminating the information interaction if the key matching is unsuccessful, and simultaneously abandoning the used key.
In a third aspect, an electronic device is provided, which includes: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the API interface message protection method of any one of the first aspects.
In a fourth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the API interface message protection method according to any one of the first aspect.
The embodiment of the invention has the following advantages:
1. the key forms generated by the key generation rule are different, so that the key cannot be cracked even if the key is acquired unintentionally, and the security of the key is improved;
2. when the secret key is sent, the calculated secret key result is sent, and even if the secret key result is intercepted, the secret key result can only be known, but the secret key itself is not known, so that the safety of the secret key is ensured;
3. the used key is discarded, so that the loss of transmission data caused by repeated utilization after leakage is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary and that other implementation drawings may be derived from the provided drawings by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so as to be understood and read by those skilled in the art, and are not used to limit the conditions that the present invention can be implemented, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the effects and the achievable by the present invention, should still fall within the range that the technical contents disclosed in the present invention can cover.
Fig. 1 is a schematic flow chart of a method according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a connection between a key management module and a terminal according to embodiment 2 of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The invention is further illustrated by the following two examples:
example 1
As shown in fig. 1, a schematic method flow diagram provided in an embodiment of the present invention provides a method for protecting an API interface message, where the method includes the following steps:
s1: forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal;
the specific implementation method comprises the following steps:
generating a plurality of keys according to a key generation rule, and dividing the keys into a plurality of groups according to the number of terminals to form a key table;
distributing a key table to each terminal, wherein keys in each key table are not repeated;
the key generation rule comprises the content of key generation, and the key needs to comprise capital and lower English letters, Greek letters, Arabic numerals, computer symbols and the like and is generated by random staggered arrangement;
according to different terminals, a specific rule can be selected for constraint, for example, in a first terminal, the first two characters must be capital letters, the first two characters of a second terminal must be letters plus numbers, and in a third terminal, the first two characters must be symbols plus numbers;
after the key is generated, a key table is formed, and the key table can be distributed according to the rule of each terminal or only can be randomly distributed;
distributing the formed key table to each terminal, and each terminal obtains the key table with the same content and quantity;
s2: acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
the specific implementation method comprises the following steps:
before the information interaction of the first terminal, the second terminal and the third terminal, sending own key information to a terminal needing information interaction;
the interactive two parties respectively receive the key information sent by the opposite party;
the key table comprises a key table ID, a key serial number and a key, wherein the key serial number corresponds to the key one to one;
the key information comprises a key table ID, a key sequence number, a check code and a key result, and the key result is obtained after operation according to the key and the check code;
before sending information, a terminal firstly needs to form own key information, firstly selects a key table ID as a head of head key information, namely a first item of the key information, then takes a check code corresponding to the key table as a second item of the key information, then selects a key in the key table, takes a key serial number of the key as a third item of the key information, and finally carries out operation on the key and the check code to obtain a key result, and takes the key result as a fourth item of the key information;
the operation of the check code and the secret key is a calculation formula agreed in advance between the terminals;
s3: acquiring a corresponding key from a key table according to the key information;
the specific implementation method comprises the following steps:
before information interaction, firstly, key information of an interactive terminal needs to be acquired;
extracting a key table ID and a key sequence number from the key information;
searching a key table corresponding to the ID in a key database according to the ID of the key table;
finding a corresponding key in a key table according to the key sequence number;
the key bank is a storage bank for storing all key tables, a plurality of key tables are arranged in the key bank, each key table is distinguished through an ID number, and the composition form or the coding form of each ID is different;
the terminal searches the corresponding key table ID in the key base after obtaining the key table ID, then obtains the corresponding key in the key table according to the key sequence number, if the key table ID which is not provided in the key base or the corresponding key sequence number does not exist in the key table is found in the searching process, the searching failure information is returned, and the terminal immediately stops continuing the information interaction according to the feedback.
S4: calculating the obtained key, and matching according to the calculation result;
the specific implementation method comprises the following steps:
performing joint calculation on the key searched in the key table and the acquired check code;
after the calculation is finished, comparing a calculation result with the obtained key result;
if the two results can correspond to each other, the matching is successful, otherwise, the matching is unsuccessful;
calculating according to the searched key and check code, wherein the calculation method comprises the steps of performing one or more combinations of addition operation, subtraction operation, multiplication operation, character increase and decrease operation and NOR operation on the key and the check code;
s5: if the key matching is successful, the information interaction is carried out between the terminals, if the matching is unsuccessful, the information interaction is terminated, and meanwhile, the used key is discarded;
the specific implementation method comprises the following steps:
after the key matching is successful, information interaction is carried out between the successfully matched terminals;
both interactive parties delete or lock the used key in the key table and keep the key serial numbers of other keys unchanged;
if the matching is unsuccessful, terminating the information interaction;
after matching is successful, the used key needs to be deleted, namely, deleted in the key table, or the key is locked in a state that the key can only be displayed and found but cannot be used, and after deletion or locking, the key serial numbers of other keys are not changed, namely, the key serial numbers are not changed after the key serial numbers are matched with the key from the beginning.
An API interface message protection system, the system comprising:
the key distribution module: the key distribution system is used for forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal;
the first key acquisition module is used for acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
the second key obtaining module is used for obtaining a corresponding key from a key table according to the key information;
the key calculation module is used for calculating the acquired key and matching according to the calculation result;
the key processing module is used for judging whether the key matching is successful or not, carrying out information interaction between the terminals if the key matching is successful, and simultaneously abandoning the used key, and terminating the information interaction if the key matching is unsuccessful;
wherein the content of the first and second substances,
the key distribution module: the key list generation device is used for forming a plurality of generated keys into different key lists and distributing the key lists to the first terminal, the second terminal and the third terminal;
distributing a key table to each terminal, wherein keys in each key table are not repeated;
the key generation rule comprises the content of key generation, and the key needs to comprise capital and lower English letters, Greek letters, Arabic numerals, computer symbols and the like and is generated by random staggered arrangement;
according to different terminals, a specific rule can be selected for constraint, for example, in a first terminal, the first two characters must be capital letters, the first two characters of a second terminal must be letters plus numbers, and in a third terminal, the first two characters must be symbols plus numbers;
after the key is generated, a key table is formed, and can be distributed according to the rule of each terminal or only randomly distributed;
distributing the formed key table to each terminal, wherein the key table with the same content and number is obtained by each terminal;
the first key acquisition module is used for acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
before the information interaction of the first terminal, the second terminal and the third terminal, sending own key information to a terminal needing information interaction;
the two interactive parties respectively receive the key information sent by the other party;
the key table comprises a key table ID, a key serial number and a key, wherein the key serial number corresponds to the key one to one;
the key information comprises a key table ID, a key sequence number, a check code and a key result, and the key result is obtained by operation according to the key and the check code;
before sending information, a terminal firstly needs to form own key information, firstly selects a key table ID as a head of head key information, namely a first item of the key information, then takes a check code corresponding to the key table as a second item of the key information, then selects a key in the key table, takes a key serial number of the key as a third item of the key information, and finally carries out operation on the key and the check code to obtain a key result, and takes the key result as a fourth item of the key information;
the operation of the check code and the secret key is a calculation formula agreed in advance between the terminals;
the second key obtaining module is used for obtaining a corresponding key from a key table according to the key information;
before information interaction, firstly, key information of an interactive terminal needs to be acquired;
extracting a key table ID and a key sequence number from the key information;
searching a key table corresponding to the ID in a key database according to the ID of the key table;
finding out a corresponding key in a key table according to the key sequence number;
the key bank is a storage bank for storing all key tables, a plurality of key tables are arranged in the key bank, each key table is distinguished through an ID number, and the composition form or the coding form of each ID is different;
the terminal searches the corresponding key table ID in the key base after obtaining the key table ID, then obtains the corresponding key in the key table according to the key sequence number, if the key table ID which is not provided in the key base or the corresponding key sequence number does not exist in the key table is found in the searching process, the searching failure information is returned, and the terminal immediately stops continuing the information interaction according to the feedback.
The key calculation module is used for calculating the acquired key and matching according to the calculation result;
performing joint calculation on the key searched in the key table and the acquired check code;
after the calculation is finished, comparing the calculation result with the obtained key result;
if the two results can correspond to each other, the matching is successful, otherwise, the matching is unsuccessful;
calculating according to the searched key and check code, wherein the calculation method comprises the steps of performing one or more combinations of addition operation, subtraction operation, multiplication operation, character increase and decrease operation and NOR operation on the key and the check code;
the key processing module is used for judging whether the key matching is successful or not, carrying out information interaction between the terminals if the key matching is successful, and simultaneously abandoning the used key, and terminating the information interaction if the key matching is unsuccessful;
after the key matching is successful, information interaction is carried out between the successfully matched terminals;
both interactive parties delete or lock the used key in the key table and keep the key serial numbers of other keys unchanged;
if the matching is unsuccessful, terminating the information interaction;
after matching is successful, the used key needs to be deleted, namely, deleted in the key table, or the key is locked in a state that the key can only be displayed and found but cannot be used, and after deletion or locking, the key serial numbers of other keys are not changed, namely, the key serial numbers are not changed after the key serial numbers are matched with the key from the beginning.
The embodiment of the invention also comprises an electronic device, which comprises: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the API interface message protection method described above.
The embodiment of the present invention further includes a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the API interface message protection method is implemented.
Example 2
As shown in fig. 1, a schematic method flow diagram provided by the embodiment of the present invention provides a method for protecting API interface messages, where the method includes the following steps:
s1: forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal;
the specific implementation method comprises the following steps:
generating a plurality of keys according to a key generation rule, and dividing the keys into a plurality of groups according to the number of terminals to form a key table;
distributing a key table to each terminal, wherein keys in each key table are not repeated;
the key generation rule comprises the content of key generation, and the key needs to comprise capital and lower English letters, Greek letters, Arabic numerals, computer symbols and the like and is generated by random staggered arrangement;
according to different terminals, specific rules can be selected for constraint, such as that in a first terminal, the first two characters must be capital letters, the first two characters of a second terminal must be letters plus numbers, and the first two characters of a third terminal must be symbols plus numbers;
after the key is generated, a key table is formed, and can be distributed according to the rule of each terminal or only randomly distributed;
distributing the formed key table to each terminal, wherein the key table with the same content and number is obtained by each terminal;
s2: acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
the specific implementation method comprises the following steps:
before the information interaction of the first terminal, the second terminal and the third terminal, sending the key information of the first terminal, the second terminal and the third terminal to the terminal needing the information interaction;
the two interactive parties respectively receive the key information sent by the other party;
the key table comprises a key table ID, a key serial number and a key, wherein the key serial number corresponds to the key one to one;
the key information comprises a key table ID, a key sequence number, a check code and a key result, and the key result is obtained after operation according to the key and the check code;
before sending information, a terminal firstly needs to form own key information, firstly selects a key table ID as a head of head key information, namely a first item of the key information, then takes a check code corresponding to the key table as a second item of the key information, then selects a key in the key table, takes a key serial number of the key as a third item of the key information, and finally carries out operation on the key and the check code to obtain a key result, and takes the key result as a fourth item of the key information;
the operation of the check code and the secret key is a calculation formula agreed in advance between the terminals;
s3: acquiring a corresponding key from a key table according to the key information;
the specific implementation method comprises the following steps:
before information interaction, firstly, key information of an interactive terminal needs to be acquired;
extracting a key table ID and a key sequence number from the key information;
searching a key table corresponding to the ID in a key database according to the ID of the key table;
finding a corresponding key in a key table according to the key sequence number;
the key bank is a storage bank for storing all key tables, a plurality of key tables are arranged in the key bank, each key table is distinguished through an ID number, and the composition form or the coding form of each ID is different;
after the terminal obtains the key table ID, the corresponding key table ID is searched in the key base, then the corresponding key is obtained in the key table according to the key serial number, if the key table ID which is not provided in the key base or the corresponding key serial number is not provided in the key table is found in the searching process, the searching failure information is returned, and the terminal immediately stops continuing information interaction according to the feedback.
S4: calculating the obtained key, and matching according to the calculation result;
the specific implementation method comprises the following steps:
performing joint calculation on the key searched in the key table and the acquired check code;
after the calculation is finished, comparing the calculation result with the obtained key result;
if the two results can correspond to each other, the matching is successful, otherwise, the matching is unsuccessful;
calculating according to the searched key and check code, wherein the calculation method comprises the steps of performing one or more combinations of addition operation, subtraction operation, multiplication operation, character increase and decrease operation and NOR operation on the key and the check code;
s5: if the key matching is successful, the information interaction is carried out between the terminals, if the matching is unsuccessful, the information interaction is terminated, and meanwhile, the used key is discarded;
the specific implementation method comprises the following steps:
after the key matching is successful, information interaction is carried out between the successfully matched terminals;
both interactive parties delete or lock the used key in the key table and keep the key serial numbers of other keys unchanged;
if the matching is unsuccessful, terminating the information interaction;
after matching is successful, the used key needs to be deleted, namely, deleted in the key table, or the key is locked in a state that the key can only be displayed and found but cannot be used, and after deletion or locking, the key serial numbers of other keys are not changed, namely, the key serial numbers are not changed after the key serial numbers are matched with the key from the beginning.
As shown in fig. 2, a schematic connection diagram of a key management module and each terminal provided in the embodiment of the present invention, where a key management module is integrated, and the module includes:
a key production unit: the system comprises a key generation rule, a key table and a key generation module, wherein the key generation rule is used for randomly generating a plurality of keys according to the key generation rule and dividing the keys into a plurality of key tables;
a key service unit: the system is used for distributing the generated key table to other units or terminals, calculating the key, searching and matching the key according to the ID of the key table and the key sequence number;
a key exchange unit: the system comprises a key acquisition module, a key distribution module and a key distribution module, wherein the key acquisition module is used for acquiring key information of a terminal and exchanging the acquired key information according to two information interaction parties;
the optical machine control unit: the optical channel is used for establishing information interaction for a plurality of interactive terminals;
a task scheduling unit: the unit is used for acquiring the task instruction and scheduling the corresponding unit according to the content of the task instruction;
the operation and maintenance management unit: the system is used for managing and maintaining the operation of each unit and monitoring the safety condition of each unit;
a safeguard key management unit: and the system is used for providing a guarantee key and performing information interaction with the key production unit, the task scheduling unit and the operation and maintenance management unit in a manual mode.
The manual mode, namely information can not be directly sent between the units, and the information can be sent only after manual confirmation, so that information leakage or information bombing is avoided, and the safety of data is further ensured.
The embodiment of the invention also provides a terminal, which comprises a plurality of ground stations, wherein the ground stations are connected with the key management module and comprise a key management module for managing the key management module,
the ground station receives user demand information sent by a user and sends the user demand information to a service management center;
the service management center plans a task plan for three days in the future according to the user demand information, and the task plan generates a task instruction after on-satellite arbitration is carried out through a communication satellite;
receiving a task instruction, and executing a task according to the task instruction;
meanwhile, the safety of data and keys during communication with a service management center and a communication satellite is ensured, a plurality of ground stations are mutually connected through a network, and when the ground stations output key information, the key information of the ground stations is obtained and checked through the key management module, so that the safety and the correctness of the keys output by the ground stations are ensured;
the embodiment of the invention also provides a terminal which comprises a communication satellite, wherein the communication satellite is connected with the key management module and comprises the steps of acquiring a task plan and carrying out on-satellite conflict arbitration to obtain an arbitration result;
the service management center sends the task plan to an operation and maintenance management center;
the service operation and maintenance management center sends the task plan to a communication satellite;
the communication satellite carries out on-satellite conflict arbitration according to the task plan and transmits an arbitration result to the operation and maintenance management center 12h in advance;
the operation and maintenance management center sends the received arbitration result to the service management center;
after receiving the arbitration result, the service management center analyzes and judges the arbitration result;
if the arbitration is passed, namely the task plan can be implemented, sending an execution instruction to the ground station;
if the arbitration is not passed, namely the task plan conflicts with other tasks, the service management center replans the task plan according to the conflict factor and the user demand information;
the re-planned task plan needs to carry out on-satellite conflict arbitration again until the on-satellite conflict arbitration passes;
meanwhile, in order to ensure the safety of data and keys when the communication satellite outputs key information, the key information of the communication satellite is obtained and checked through the key management module when the communication satellite outputs the key information, so that the safety and the correctness of the keys output by the communication satellite are ensured.
The embodiment of the invention also provides a terminal, which comprises a service management center, wherein the service management center is connected with the key management module and is used for,
receiving a user demand request sent by a ground station, and generating a task plan according to the user demand request;
receiving an arbitration result from a communication satellite, and sending a task instruction to a ground station according to the arbitration result, wherein the arbitration result is made by the satellite through on-satellite arbitration according to a task plan;
and receiving task result feedback from the ground station, and managing a key table according to the feedback result, wherein the task result feedback is made by the ground station according to the arbitration result.
Although the invention has been described in detail with respect to the general description and the specific embodiments, it will be apparent to those skilled in the art that modifications and improvements may be made based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.

Claims (10)

1. An API message protection method, characterized in that the method comprises the following steps:
forming different key tables by the generated keys and distributing the key tables to the first terminal, the second terminal and the third terminal;
acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
acquiring a corresponding key from a key table according to the key information;
calculating the obtained key, and matching according to the calculation result;
and if the key matching is successful, performing information interaction between the terminals, and if the key matching is unsuccessful, terminating the information interaction and simultaneously abandoning the used key.
2. The API interface message protection method of claim 1, further comprising: the method for distributing the generated keys to the first terminal, the second terminal and the third terminal by forming different key tables comprises the following steps:
generating a plurality of keys according to a key generation rule, and dividing the keys into a plurality of groups according to the number of terminals to form a key table;
and distributing the key table to each terminal, wherein the keys in each key table are not repeated.
3. The API interface message protection method of claim 2, wherein: the method for acquiring the key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal comprises the following steps:
before the information interaction of the first terminal, the second terminal and the third terminal, sending the key information of the first terminal, the second terminal and the third terminal to the terminal needing the information interaction;
the two interactive parties respectively receive the key information sent by the other party.
4. The API interface message protection method of claim 3, further comprising: the key table comprises a key table ID, a key serial number and a key, and the key serial number corresponds to the key one by one;
the key information comprises a key table ID, a key sequence number, a check code and a key result, and the key result is obtained after operation according to the key and the check code.
5. The API interface message protection method of claim 4, wherein: the method for acquiring the corresponding key from the key table according to the key information comprises the following steps:
before information interaction, firstly, key information of an interactive terminal needs to be acquired;
extracting a key table ID and a key sequence number from the key information;
searching a key table corresponding to the ID in a key database according to the ID of the key table;
finding out a corresponding key in a key table according to the key sequence number;
the key bank is a storage bank for storing all key tables.
6. The API interface message protection method of claim 5, further comprising: the method for calculating the acquired key and matching according to the calculation result comprises the following steps:
performing joint calculation on the key searched in the key table and the acquired check code;
after the calculation is finished, comparing the calculation result with the obtained key result;
if the two results can correspond to each other, the matching is successful, otherwise, the matching is unsuccessful.
7. The API interface message protection method of claim 6, further comprising: if the key matching is successful, the information interaction is carried out between the terminals, if the matching is unsuccessful, the information interaction is terminated, and meanwhile, the method for eliminating the used key comprises the following steps:
after the key matching is successful, information interaction is carried out between the successfully matched terminals;
both interactive parties delete or lock the used key in the key table and keep the key serial numbers of other keys unchanged;
and if the matching is unsuccessful, terminating the information interaction.
8. An API interface message protection system, the system comprising:
the key distribution module: the key list generation device is used for forming a plurality of generated keys into different key lists and distributing the key lists to the first terminal, the second terminal and the third terminal;
the first key acquisition module is used for acquiring key information of the other party before the information interaction of the first terminal, the second terminal and the third terminal;
the second key obtaining module is used for obtaining a corresponding key from a key table according to the key information;
the key calculation module is used for calculating the acquired key and matching according to the calculation result;
and the key processing module is used for judging whether the key matching is successful or not, carrying out information interaction between the terminals if the key matching is successful, terminating the information interaction if the key matching is unsuccessful, and simultaneously abandoning the used key.
9. An electronic device, characterized in that the electronic device comprises: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the API interface message protection method of any one of claims 1 to 7.
10. A computer-readable storage medium characterized by: the storage medium has stored thereon a computer program which, when executed by a processor, implements the API interface message protection method of any one of claims 1 to 7.
CN202210650062.1A 2022-06-10 2022-06-10 API (application program interface) message protection method and system, electronic equipment and storage medium Active CN114745119B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210650062.1A CN114745119B (en) 2022-06-10 2022-06-10 API (application program interface) message protection method and system, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210650062.1A CN114745119B (en) 2022-06-10 2022-06-10 API (application program interface) message protection method and system, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114745119A true CN114745119A (en) 2022-07-12
CN114745119B CN114745119B (en) 2022-09-27

Family

ID=82287887

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210650062.1A Active CN114745119B (en) 2022-06-10 2022-06-10 API (application program interface) message protection method and system, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114745119B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691578A (en) * 2004-04-29 2005-11-02 华为技术有限公司 A method of self validity verification for an equipment
CN104702408A (en) * 2014-04-11 2015-06-10 上海智向信息科技有限公司 Method and system for authenticating connection on basis of iBeacon
CN113489589A (en) * 2021-09-06 2021-10-08 蜂巢能源科技有限公司 Data encryption and decryption method and device and electronic equipment
CN114154128A (en) * 2021-12-03 2022-03-08 杭州安恒信息技术股份有限公司 User information cloud sharing method and system, computer and readable storage medium
WO2022111187A1 (en) * 2020-11-30 2022-06-02 腾讯科技(深圳)有限公司 Terminal authentication method and apparatus, computer device, and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691578A (en) * 2004-04-29 2005-11-02 华为技术有限公司 A method of self validity verification for an equipment
CN104702408A (en) * 2014-04-11 2015-06-10 上海智向信息科技有限公司 Method and system for authenticating connection on basis of iBeacon
WO2022111187A1 (en) * 2020-11-30 2022-06-02 腾讯科技(深圳)有限公司 Terminal authentication method and apparatus, computer device, and storage medium
CN113489589A (en) * 2021-09-06 2021-10-08 蜂巢能源科技有限公司 Data encryption and decryption method and device and electronic equipment
CN114154128A (en) * 2021-12-03 2022-03-08 杭州安恒信息技术股份有限公司 User information cloud sharing method and system, computer and readable storage medium

Also Published As

Publication number Publication date
CN114745119B (en) 2022-09-27

Similar Documents

Publication Publication Date Title
CN104519066B (en) A kind of method for activating mobile terminal token
ES2244843T3 (en) PROCEDURE AND SYSTEM FOR THE VERIFICATION OF THE AUTHENTICITY OF A FIRST COMMUNICATIONS SUBSCRIBER IN A COMMUNICATIONS NETWORK.
CN105554032B (en) A kind of identity real name verification method and verification system for posting part based on express delivery
EP0660565A2 (en) A method and network for communicating between a group of entities a text encrypted using an encryption key intrinsic to the group of entities in a network having a plurality of entities and a center
DE60310439T2 (en) MESSAGE AUTHENTICATION CODE BASED ON ERROR CORRECTION CODE
CN110324351B (en) System and method for information interconnection in network collaborative manufacturing
CN113645278B (en) Cross-chain message transmission method, device and storage medium of block chain
CN110365483A (en) Cloud platform authentication method, client, middleware and system
CN105515781B (en) A kind of application platform login system and its login method
CN105187373B (en) The transmission method and system of a kind of data
CN113536284B (en) Digital certificate verification method, device, equipment and storage medium
CN111416864A (en) Block chain-based data management system for Internet
CN105323094A (en) Safety management method based on equipment identification and system thereof
CN108337092A (en) Method and system for executing collective's certification in a communication network
CN109709917A (en) A kind of fault handling method and system of intelligence production line
CN114745119B (en) API (application program interface) message protection method and system, electronic equipment and storage medium
CN115174570A (en) Cross-chain consensus method and system based on dynamic committee
CN105357015B (en) A kind of Internet of Things safety certifying method
CN115982687B (en) User identity verification system for data operation and maintenance management platform
CN117240473A (en) Electronic contract signing method, electronic contract signing device, electronic equipment and storage medium
CN107104797A (en) Encryption method of handling official business and device
CN115964755A (en) Data authorization and verification method, device, equipment and storage medium
CN115329313A (en) Dealer customer data management system and method
CN111708996B (en) Enterprise internal management consultation information sharing system based on Internet
CN115357915A (en) Block chain method based on deep learning and information hiding and medical health transaction system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220825

Address after: 755000 office building and TT & C center 101 of antenna array project of Satellite TT & C ground station on the south side of Fengyun Road, Zhongwei Industrial Park, Ningxia Hui Autonomous Region

Applicant after: Ningxia Yuxing Aerospace Technology Co.,Ltd.

Address before: 100094 room A601, 6th floor, building 1, plot T01, Shengjing Pioneer Park, tujing village, south side of Dengzhuang South Road and west side of Youyi Road, Xibeiwang Town, Haidian District, Beijing

Applicant before: BEIJING AEROSPACE SATELLITEHERD SCIENCE AND TECHNOLOGY CO.,LTD.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant