Dynaseal: A Backend-Controlled LLM API Key Distribution Scheme with Constrained Invocation Parameters
Jiahao Zhao, Jiayi Nan, Lai Wei, Yichen Yang, Fan Wu
TL;DR
Edge devices increasingly rely on cloud LLMs, but static Bearer Token schemes fail to provide backend policy control. Dynaseal introduces JWT-based tokens that embed constrained invocation parameters, with an ultra-short expiry of $1s$, enabling backend enforcement while preserving client authentication. The approach covers backend kv-pair authentication, token structure, an edge-to-provider interaction flow with callbacks, and robust defenses against tampering, replay, and invalid invocations. Results show Dynaseal reduces backend traffic without burdening LLM providers and supports multi-model scenarios, offering scalable and secure edge-to-cloud LLM access.
Abstract
Due to the exceptional performance of Large Language Models (LLMs) in diverse downstream tasks,there has been an exponential growth in edge-device requests to cloud-based models.However, the current authentication mechanism using static Bearer Tokens in request headersfails to provide the flexibility and backend control required for edge-device deployments.To address these limitations, we propose Dynaseal,a novel methodology that enables fine-grained backend constraints on model invocations.