Anti-tamper and anti-replay method in support of REST API

An anti-replay and anti-tamper technology, applied in the field of Internet WEBAPI security

Inactive Publication Date: 2017-12-08
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] Today, with the rapid development of the software industry, the traditional software architecture can no longer meet the development of an IT company. The application architecture

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anti-tamper and anti-replay method in support of REST API

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to make the purpose, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0031] as attached figure 1 As shown, a method for supporting tamper-proof and anti-replay of REST API includes the following steps:

[0032] Step 1: Apply for user query API permission for the caller, obtain AppKey=11676533, AppSecret=a0a41ad0c8167a8ec3c9c384388f99e1;

[0033] Step 2: Construct the signature string: request parameters are sorted by dictionary, add the request header that needs to be signed, and the result is as follows:

[0034] {

[0035] X-CH-Key: 11676533

[0036] X-CH-Timestamp: 1500538695596

[0037] X-CH-Nonce: 4cdbc040657a4847b2667e31d9e2c3d9

[0038] / user? age=27&name=Jony

[0039]};

[0040] Step 3: Use a0a41ad0c8167a8ec3c9c384388f99e1 as the HMAC-SHA256 algorithm key to sign the signature string, and process the result with BAS...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anti-tamper and anti-replay method in support of REST API. The method includes the following steps: 1. an API invocation end applying access authority and secret key for performing signing to an API server; 2. the API invocation end generating invocation timestamp and random number, ranking request parameters in a lexicographic order, in combination with system request headers, performing signing with the applied secret key; 3. the server detecting the identity of the API invocation person, determining whether the API invocation person has invocation authority; 4. the server using the same secret key to sign request parameters and system request headers in accordance with same rules, comparing whether the signatures are the same, and preventing the parameters from being tampered; 5. the server determining the API invocation timestamp, and determining timeout; and 6. the server re-determining random number. According to the invention, the API invocation person only needs to strictly save the secret key, and attacker does not need to forge the signature and the parameters in the request process are unable to be tampered, thus achieving safe access to API.

Description

technical field [0001] The invention relates to the field of Internet WEB API security, in particular to a REST API anti-tampering and anti-replay method. Background technique [0002] Today, with the rapid development of the software industry, the traditional software architecture can no longer meet the development of an IT company. The application architecture will become more and more simplified, and the architecture is more and more inclined to distributed horizontal expansion. External service provision It will also become more and more SaaS. In this context, many companies have begun to provide API services to the outside world. Due to the concise and lightweight features of REST, it quickly became one of the popular solutions, because REST is based on HTTP, and REST services have the same tendency to be vulnerable as standard web applications, and REST has no predefined security methods, and must rely on Developers define their own safe methods to maintain resource ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/32H04L29/06H04L9/08
CPCH04L9/0869H04L9/3239H04L9/3247H04L9/3297H04L63/08H04L2463/121
Inventor 白伟谌烜
Owner SICHUAN CHANGHONG ELECTRIC CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap