Implementation of a RESTful Web Service with JSON Web Token Authentication and AES-256 Cryptographic Algorithm for Mobile-Based Laboratory Loan Applications at Budi Luhur University

Abstract

Leasing the lab room is one of the services provided by the Integrated ICT LAB for every citizen of the Budiluhur University campus. So far in the process of borrowing the computer laboratory, the borrower must come directly to the Integrated ICT LAB or use social networks such as WhatsApp to communicate in two directions in making loans lab. This is not effective enough to serve borrowers who are usually lecturers. In the process of borrowing the lab, there are many problems, for example, the collision between lecture schedule and lecturer activity units, student activity units and other activities that require laboratory facilities. Seeing this problem, an application is needed to facilitate lab borrowing and coordination to the mobile-based ICT LAB Assistant. Meanwhile, for integration with existing systems a web service is required as a backend system so that lab lending services can be accessed by various platforms. The architecture used in the web service uses the RESTFUL API (Application Programming Interface), but there are still some problems with the RESTFUL API, namely regarding security in the process of authentication and data encryption on borrower data. In the REST architecture, a security method is needed, namely using the JSON Web Token and the Advanced Encryption Standard-256 (AES-256) cryptographic method. On the Web Services client side that provides requests and receives responses from the server then a token will be generated for the user which becomes plain data to be encrypted then saved to the database, and pulls the cipher data to be decrypted and returned to the calling application so that it can make transactions between platforms