REST security system based on signature mechanism

A security system and mechanism technology, applied in the field of web security, can solve the problems of REST not having predefined security methods and being vulnerable to attacks, etc.

Inactive Publication Date: 2013-05-08
LANGCHAO ELECTRONIC INFORMATION IND CO LTD
View PDF3 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Because REST is based on HTTP, and REST services have the same tendency to be vulnerable as standard web applications, and REST has no predefined security methods, developers must define their own security methods to maintain resource calls

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • REST security system based on signature mechanism
  • REST security system based on signature mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0025] The method of the present invention is described in detail below with reference to the accompanying drawings.

[0026] The first step: verification and authorization, the client application must obtain authorization from the authentication and authorization system before calling the REST API. From a technical point of view, obtaining authorization is to obtain a Session Key;

[0027] The second step: interface call, here we first define a signature algorithm:

[0028] S:{

[0029] Format the request parameters into "key=value" format, namely "k1=v1", "k2=v2", "k3=v3";

[0030] Arrange the above-formatted parameter key-value pairs in ascending order of the dictionary, and splice them together, that is, "k1=v1k2=v2k3=v3";

[0031] Append the private key of the API application at the end of the concatenated string;

[0032] The MD5 value of the above string is the value of the signature;

[0033]}

[0034] Then we use this algorithm to process the request to get the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a REST security system based on a signature mechanism. According to the REST security system, the signature mechanism is used as the core of the system, sessionkey and an md5 encrypted message of a parameter are encapsulated in a http request, hostile attacks such as interception, data tampering and the like carried out by a hacker in transmission are confronted through the transmission of the encrypted data, meanwhile, the encrypted data can also be used for protecting private information of a user, and a safe purpose is achieved. Compared with the prior art, the REST security system based on the signature mechanism has the advantages that a REST usage model which is based on signature is adopted, through certification and authority, an illegal user is limited to access application before an application program interface (API) method is called, then a private key of an application that the API belongs to is obtained after the user passes the certification and the authority to access the API, parameters of a RESTAPL request is obtained in the request, the parameters are organized according to an agreed form of application, namely the parameters and the private key, and then md5 encryption is conducted, the data after being encrypted is placed in the request, and therefore a safe aim is achieved.

Description

technical field [0001] The invention relates to the field of web security, in particular to a REST security system based on a signature mechanism. Background technique [0002] At present, the popularity of REST makes more and more frameworks start to support REST, REST-representational state transfer, which provides us with the ability to build the next generation of high-performance, high-scalability, simplicity, portability, and reliability of Web programs. An architectural style guideline. The Web is simple, and the Web is even more programmable. REST uses simple HTTP, URI standards, and XML languages ​​to build lightweight Web services, thereby greatly improving development efficiency and program performance. [0003] In this process, as security has become one of the main tenets of SOA implementation, and REST has quickly become one of the popular SOA implementation solutions, REST security has become a timely topic. Because REST is based on HTTP, and REST services h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08H04L9/32
Inventor 王帅张培训刘俊朋许磊刘凡凡
Owner LANGCHAO ELECTRONIC INFORMATION IND CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap