{"title":"安全Javascript对象表示法(SecJSON)支持JSON文档的粒度机密性和完整性","authors":"Tiago Santos, C. Serrão","doi":"10.1109/ICITST.2016.7856724","DOIUrl":null,"url":null,"abstract":"Currently, web and mobile-based systems exchange information with other services, mostly through APIs that extend the functionality and enable multipart interoperable information exchange. Most of this is accomplished through the usage of RESTful APIs and data exchange that is conducted using JSON over the HTTP or HTTPS protocol. In the case of the exchange requires some specific security requirements, SSL/TLS protocol is used to create a secure authenticated channel between the two communication end-points. This is a scenario where all the content of the channels is encrypted and is useful if the sender and the receptor are the only communicating parties, however this may not be the case. The authors of this paper, present a granular mechanism for selectively offering confidentiality and integrity to JSON documents, through the usage of public-key cryptography, based on the mechanisms that have been used also to provide XML security. The paper presents the proposal of the syntax for the SecJSON mechanism and an implementation that was created to offer developers the possibility to offer this security mechanism into their own services and applications.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"10 17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Secure Javascript Object Notation (SecJSON) Enabling granular confidentiality and integrity of JSON documents\",\"authors\":\"Tiago Santos, C. Serrão\",\"doi\":\"10.1109/ICITST.2016.7856724\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently, web and mobile-based systems exchange information with other services, mostly through APIs that extend the functionality and enable multipart interoperable information exchange. Most of this is accomplished through the usage of RESTful APIs and data exchange that is conducted using JSON over the HTTP or HTTPS protocol. In the case of the exchange requires some specific security requirements, SSL/TLS protocol is used to create a secure authenticated channel between the two communication end-points. This is a scenario where all the content of the channels is encrypted and is useful if the sender and the receptor are the only communicating parties, however this may not be the case. The authors of this paper, present a granular mechanism for selectively offering confidentiality and integrity to JSON documents, through the usage of public-key cryptography, based on the mechanisms that have been used also to provide XML security. The paper presents the proposal of the syntax for the SecJSON mechanism and an implementation that was created to offer developers the possibility to offer this security mechanism into their own services and applications.\",\"PeriodicalId\":258740,\"journal\":{\"name\":\"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"volume\":\"10 17 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITST.2016.7856724\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2016.7856724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure Javascript Object Notation (SecJSON) Enabling granular confidentiality and integrity of JSON documents
Currently, web and mobile-based systems exchange information with other services, mostly through APIs that extend the functionality and enable multipart interoperable information exchange. Most of this is accomplished through the usage of RESTful APIs and data exchange that is conducted using JSON over the HTTP or HTTPS protocol. In the case of the exchange requires some specific security requirements, SSL/TLS protocol is used to create a secure authenticated channel between the two communication end-points. This is a scenario where all the content of the channels is encrypted and is useful if the sender and the receptor are the only communicating parties, however this may not be the case. The authors of this paper, present a granular mechanism for selectively offering confidentiality and integrity to JSON documents, through the usage of public-key cryptography, based on the mechanisms that have been used also to provide XML security. The paper presents the proposal of the syntax for the SecJSON mechanism and an implementation that was created to offer developers the possibility to offer this security mechanism into their own services and applications.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
