Research And Implementation Of Security Mechanism In Data Exchange Between Frontend And Backend Of MVVM

With the rapid development of Internet and Web technology,frontend and backend(F&B)technology advance correspondingly.Currently the wide-accepted developing mode in Web application development is to achieve F&B separation,which is also applied in many sorts of frontend frameworks.From the initial MVC to MVP and then to MVVM,the function is more powerful and more suitable to practical demands.Although the MVVM achieved its original target: separating components,decreasing the connection between components and evolving them independently,yet the homologous measures of security problems have not been proposed.By studying the MVVM framework,two security problems are founded: the first one is that backend data is highly connected,so the insecurity of part of the data will lead to the whole data's security problem.In addition,JSON is used to transmit data between F&B,even with the encryption AES algorithm,there still exists some insecurity situation.Therefore,this paper will study the security mechanism in data exchange between F&B of MVVM.The main research work of this paper includes:(1)Dividing backend data into different micro-service modules according to their functions so as to solve the problem of highly connection of backend data.(2)Using API Gateway as the uniform access interface to solve the complexity problem raised by the division of micro-service modules,then achieving the communication between F&B.(3)Adding JWT to API Gateway as plugin and realizing verification and authorization with the Token to increase security enormously.(4)Studying mixed-encrypt method based on AES and RSA algorithm's respective advantages.(5)Achieving higher level mixed-encrypt method based on RSA algorithm's interchangeability.(6)Studying improving the security of AES secret key by declining their relativity of each round and each bit in each round of secret key.(8)Testing and analyzing the security of micro-service,testing the execution efficiency of original and modified AES secret key extension algorithm,verifying the solution's availability by comparing the execution efficiency of original MVVM application and application added with the security mechanism mentioned in this paper.