摘要
为解决当前Open API面临的身份伪造钓鱼攻击、账户与业务信息泄露和API平台恶意攻击等问题,提出了一种基于Request Body(请求体)的API安全认证机制。该机制由双重签名验证、请求体加密、URI验证、接口权限认证和异常侦测五部分组成,用于防范钓鱼网站诱骗、加固用户数据传输安全和提升API平台抵御攻击的能力。通过在线测试和实际项目验证,表明该机制能够在保证API认证速度的同时保证用户和接口的安全。
Aiming at the problems of identity forgery phishing attacks, account and business information leakage and API platform malicious attacks, an API security authentication mechanism based on Request Body was proposed. The mechanism consists of five parts: double signature verification, request body encryption, URI verification, interface authority authentication and exception detection. It is used to prevent phishing scams, strengthen user data transmission security and improve the ability of the API platform to resist attacks. Through online testing and actual project verification, it shows that the mechanism can ensure the security of users and interfaces while ensuring the speed of API authentication.
作者
姜建武
胡垚
李景文
JIANG Jian-wu;HU Yao;LI Jing-wen(College of Geomatics and Geoinformation,Guilin University of Technology,Guilin 541004,China)
出处
《科学技术与工程》
北大核心
2019年第19期196-200,共5页
Science Technology and Engineering
基金
国家自然科学基金(41461085)
桂林市科学技术局项目(20170220)
广西测绘局项目(2018-B-02)资助