检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘晨宁 左黎明 周婷 LIU Chenning;ZUO Liming;ZHOU Ting(School of Science,East China Jiaotong University,Nanchang 330013,China)
出 处:《软件导刊》2024年第10期146-151,共6页Software Guide
基 金:江西省教育厅科技项目(GJJ200626,GJJ210625)。
摘 要:随着信息技术飞速发展,API在各种应用和服务中的重要性日益凸显,然而传统API KEY在应用中存在诸多安全风险。为此,提出一种基于SM9的API KEY强安全应用方案。首先,使用SM9对数据进行签名和验证;其次,引入可信第三方管理用户公私钥对,并结合随机状态码提高API KEY的安全性和可靠性;最后,与百度开放平台和FOFA网络空间测绘平台的API KEY应用安全性进行比较。实验表明,基于SM9的API KEY强安全应用方案具有数据完整性、来源可靠性、抗泄露攻击、抗重放攻击、抗CSRF攻击和抗暴力破解攻击等优点。With the rapid development of information technology,the importance of APIs in various applications and services is becoming increasingly prominent.However,traditional API keys have many security risks in applications.Therefore,a strong security application scheme for API KEY based on SM9 is proposed.Firstly,use SM9 to sign and verify the data;Then introduce a trusted third-party to manage user public and private key pairs,and combine them with random status codes to improve the security and reliability of API KEY;Finally,compare the security of API KEY applications with Baidu Open Platform and FOFA Network Space Surveying Platform.The experiment shows that the API KEY strong security application scheme based on SM9 has advantages such as data integrity,source reliability,resistance to leakage attacks,resistance to replay attacks,resistance to CSRF attacks,and resistance to brute force attacks.
关 键 词:API KEY SM9 强安全 可信第三方 公私钥对
分 类 号:TP309.7[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15