Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

API key protection method and system based on SGX software extension instruction

A technology of key protection and extended instructions, which is applied in the field of information security, can solve the problems of high hardware cost, unsuitable automation programs, unsuitable for individual developers or small teams, etc., to achieve high mobility, high scalability, The effect of high adaptability

Active Publication Date: 2020-07-31
ZHEJIANG UNIV
View PDF7 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, Barbican protects API keys based on software methods, which cannot effectively deal with system attacks with advanced privileges
Using a secure hardware module (HSM) can provide almost complete API key protection, but the hardware cost is high and it is not suitable for individual developers or small teams
The existing secure element (SE)-based API key protection mechanism still requires manual authentication, so it is not suitable for automated programs that require large-scale API access

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • API key protection method and system based on SGX software extension instruction
  • API key protection method and system based on SGX software extension instruction
  • API key protection method and system based on SGX software extension instruction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0055] The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be noted that the following embodiments are intended to facilitate the understanding of the present invention, but do not limit it in any way.

[0056] Such as figure 1 As shown, the API key protection system of the present invention includes 4 modules:

[0057] The remote authentication module runs on the server where the user program is located, and is used to cooperate with the user's trusted device to complete SGX remote authentication and securely obtain the user's API key;

[0058] The key management module runs on the server where the user program is located, and is used to store and manage the acquired API key in the SGX security zone;

[0059] The trusted time module runs on the server where the user program is located, and is used to provide trusted time stamps to the user program to enhance signature security;

[0060] The s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an API key protection method based on an SGX software extension instruction. The API key protection method comprises the following steps: (1) API key protection system initialization; (2) remote authentication and API key import; (3) API request signature and signature information export. According to the method, a secure API key storage and use environment is constructed by introducing Intel SGX hardware and a trusted space mechanism of the SGX, and protection is provided for a user API key; the invention further discloses an API secret key protection system based on the SGX software extension instruction. The API secret key protection system comprises a remote authentication module used for cooperating with user trusted equipment to complete SGX remote authentication. The key management module is used for storing and managing the acquired API key in the SGX security area; the trusted time module is used for providing a trusted timestamp for a user program; andthe signature module is used for generating an effective signature according to the request of the user program and the API key.

Description

technical field [0001] The invention relates to the field of information security, in particular to an API key protection method and system based on SGX software extension instructions. Background technique [0002] API key, that is, the application program interface key, is used to determine the identity of the user calling the application service. It is mostly applied by the application developer and used by the program. It is widely used in cross-service applications and cloud scenarios. Generally, API keys appear in pairs and are divided into Access Key and Secret Key, which are used to represent user ID and perform signature calculation respectively. The signature calculation generally uses a hash message authentication code algorithm (such as HMAC-256), and the calculation result is output as a signature. Among the above key pairs, the key used for signature calculation is particularly important, and needs strict security protection to avoid spreading in the public ne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/12G06F21/64G06F21/31
CPCG06F21/121G06F21/64G06F21/31
Inventor 陈建海刘丁豪沈睿纪守领何钦铭黄步添
Owner ZHEJIANG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com