基于SM9的API KEY强安全应用方案
API KEY Strong Security Application Solution Based on SM9
刘晨宁 1左黎明 1周婷1
作者信息
- 1. 华东交通大学 理学院,江西 南昌 330013
- 折叠
摘要
随着信息技术飞速发展,API在各种应用和服务中的重要性日益凸显,然而传统API KEY在应用中存在诸多安全风险.为此,提出一种基于SM9的API KEY强安全应用方案.首先,使用SM9对数据进行签名和验证;其次,引入可信第三方管理用户公私钥对,并结合随机状态码提高API KEY的安全性和可靠性;最后,与百度开放平台和FO-FA网络空间测绘平台的API KEY应用安全性进行比较.实验表明,基于SM9的API KEY强安全应用方案具有数据完整性、来源可靠性、抗泄露攻击、抗重放攻击、抗CSRF攻击和抗暴力破解攻击等优点.
Abstract
With the rapid development of information technology,the importance of APIs in various applications and services is becoming in-creasingly prominent.However,traditional API keys have many security risks in applications.Therefore,a strong security application scheme for API KEY based on SM9 is proposed.Firstly,use SM9 to sign and verify the data;Then introduce a trusted third-party to manage user pub-lic and private key pairs,and combine them with random status codes to improve the security and reliability of API KEY;Finally,compare the security of API KEY applications with Baidu Open Platform and FOFA Network Space Surveying Platform.The experiment shows that the API KEY strong security application scheme based on SM9 has advantages such as data integrity,source reliability,resistance to leakage at-tacks,resistance to replay attacks,resistance to CSRF attacks,and resistance to brute force attacks.
关键词
API/KEY/SM9/强安全/可信第三方/公私钥对Key words
API KEY/SM9/strong security/trusted third party/public and private key pairs引用本文复制引用
出版年
2024
国家科技期刊平台
NSTL
万方数据