计算机与现代化

• 信息安全 • 上一篇    

一种前后端数据交互的安全机制

  

  1. (1.北京师范大学研究生院珠海分院,广东珠海519087;2.北京师范大学珠海分校信息技术学院,广东珠海519087)
  • 收稿日期:2018-12-17 出版日期:2019-07-05 发布日期:2019-07-08
  • 作者简介:巫万坚(1994-),男,广东梅州人,硕士研究生,研究方向:软件工程,机器学习,E-mail: 1494844185@qq.com; 吴小勇(1975-),男,江西进贤人,高级工程师,硕士,研究方向:推荐系统,软件工程,E-mail: owlwxy@163.com。

A Security Mechanism for Front-end Data Interaction

  1. (1. Zhuhai Branch, Graduate School of Beijing Normal University, Zhuhai 519087, China;
    2. School of Information Technology, Beijing Normal University (Zhuhai), Zhuhai 519087, China)
  • Received:2018-12-17 Online:2019-07-05 Published:2019-07-08

摘要: 传统的前后端一体化模式已经发展为目前较为普遍的前后端分离模式。虽然前后端分离框架解决了组件之间耦合性强的问题,但是少有提及与安全性相关的描述。针对现有技术的优缺点,基于RSA和AES算法本身的特性,研究设计一种前后端数据交互的安全机制,通过RSA和AES混合加密并转码的方式增强数据传输中的稳定性和安全性,并使用散列算法的不可逆性验证数据的正确性,将算法密钥的相关业务逻辑抽离出来,形成一个单独的密钥管理服务。

关键词: 数据交互, 散列算法, RSA, AES, 密钥管理

Abstract: The traditional front-end integration mode has been developed into a more common front-end separation mode. Although the front-end separation frame solves the problem of strong coupling between components, there is little mention of safety-related descriptions. According to the advantages and disadvantages of the current technology, based on the characteristics of RSA and AES algorithms, we studied and designed a security mechanism for data exchange between front and rear ends. It enhanced the stability and security of data transmission through RSA and AES hybrid encryption and trans-coding. The correctness of the data was verified by using the irreversible hash algorithm. The relevant business logic of the algorithm key was extracted to form a separate key management service.

Key words: data interaction, hash algorithm, RSA, AES, key management

中图分类号: