CN105357190A - Method and system for performing authentication on access request - Google Patents
Method and system for performing authentication on access request Download PDFInfo
- Publication number
- CN105357190A CN105357190A CN201510703837.7A CN201510703837A CN105357190A CN 105357190 A CN105357190 A CN 105357190A CN 201510703837 A CN201510703837 A CN 201510703837A CN 105357190 A CN105357190 A CN 105357190A
- Authority
- CN
- China
- Prior art keywords
- access request
- authentication
- request
- server
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention discloses a method and system for performing authentication on an access request. The method comprises the following steps: receiving an access request of an access terminal by a CDN (Content Distribution Network) server, wherein the access request at least comprises a first identification used for identifying the access request; if the first identification is inquired in a local cache of the CDN server, then performing authentication on the access request locally by the CDN server, wherein authentication is used for determining the legality of the access request; and if the first identification is not inquired in the local cache of the CDN server, then transmitting the access request to an authentication server to perform authentication by the CDN server. The method and system for performing authentication on the access request provided by the invention solve the technical problem that an anti-stealing link method of the existing back to the source authentication only depends on the authentication server to recognize a hotlinking request in any case, so that the load of the authentication server is excessive.
Description
Technical field
The present invention relates to computer realm, in particular to a kind of method and system of access request authentication.
Background technology
Along with the development of stream media technology, robber's chain behavior of Streaming Media is also becoming increasingly rampant, and means are day by day brilliant.Steal chain person by placing the video resource of other Streaming Media manufacturers in oneself website, usurp the video copy of regular manufacturer, this behavior not only can bring infringement of copyright, bandwidth resources also can be brought exhausted simultaneously, the problems such as server collapse, Video service business often takes back source authentication, embeds the modes such as processing module to identify and steal chain request in player, then carries out denied access to the request of robber's chain.
It should be noted that, often there are the following problems for the scheme of above-mentioned existing door chain:
(1) anti-stealing link method returning source authentication under any circumstance all only relies on authentication server to identify the request of robber's chain, causes authentication server load excessive.
(2) utilize and in player, embed processing module need again to develop player to the scheme that video is encrypted, consumes resources, and along with the complexity of algorithm, also larger to the degree of dependence of hardware.
(3) scheme of above-mentioned door chain is all directly refuse the request of robber's chain recognizing the request of robber's chain, and such consequence steals chain person to know that his robber's chain behavior is irrational very soon, then will make very soon and again steal chain strategy.
(4) the scheme accuracy rate of existing access request authentication is low, easily causes Lawful access request to be mistaken for unauthorized access request.
Anti-stealing link method for above-mentioned existing time source authentication under any circumstance all only relies on authentication server to identify the request of robber's chain, causes the technical problem that authentication server load is excessive, not yet proposes effective solution at present.
Summary of the invention
Embodiments provide a kind of method and system of access request authentication, under any circumstance all only rely on authentication server to identify the request of robber's chain with the anti-stealing link method at least solving existing time source authentication, cause the technical problem that authentication server load is excessive.
According to an aspect of the embodiment of the present invention, provide a kind of method of access request authentication, the method comprises: CDN server receives the access request of access terminal, and wherein, access request at least comprises the first mark for identification access request; If inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, and wherein, authentication is for determining the legitimacy of access request; If do not inquire the first mark in the local cache of CDN server, access request is sent to authentication server and carries out authentication by CDN server.
According to the another aspect of the embodiment of the present invention, additionally provide a kind of system of access request authentication, this system comprises: client, and for sending the access request of access terminal, wherein, access request is at least for the first mark of identification access request; CDN server, for receiving access request, if inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, if do not inquire the first mark in the local cache of CDN server, access request forwards by CDN server, and wherein, authentication is for determining the legitimacy of access request; Authentication server, sets up correspondence with CDN server, carries out authentication to the access request that CDN server forwards.
In embodiments of the present invention, adopt CDN server to receive the access request of access terminal, wherein, access request at least comprises the first mark for identification access request; If inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, and wherein, authentication is for determining the legitimacy of access request; If do not inquire the first mark in the local cache of CDN server, access request is sent to authentication server and carries out authentication by CDN server.The anti-stealing link method solving existing time source authentication under any circumstance all only relies on authentication server to identify the request of robber's chain, causes the technical problem that authentication server load is excessive.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the method for access request authentication according to the embodiment of the present invention one;
Fig. 2 is the flow chart of the method for the authentication of access request alternatively according to the embodiment of the present invention one;
Fig. 3 is the flow chart of the method for the authentication of access request alternatively according to the embodiment of the present invention one; And
Fig. 4 is the schematic diagram of the access request right discriminating system according to the embodiment of the present invention two.
Embodiment
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.
It should be noted that, term " first ", " second " etc. in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged in the appropriate case, so as embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
Embodiment one
According to the embodiment of the present invention, provide a kind of embodiment of method of access request authentication, it should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, in some cases, can be different from the step shown or described by order execution herein.
Fig. 1 is the flow chart of the method for a kind of access request authentication according to the embodiment of the present invention, and as shown in Figure 1, the method comprises the steps:
Step S12, CDN server receives the access request of access terminal, and wherein, access request at least comprises the first mark for identification access request.
Particularly, in this programme, above-mentioned access request can be URL request, above-mentioned first mark can for being included in an ID in URL request, this ID is used for each access request of identifying user, this ID can by following schemes generation: user is when by client-access CDN server, above-mentioned client can by the URI of user access request, timestamp, random string and KEY use irreversible encryption algorithm for encryption, generate the ID for identifying above-mentioned URL request, then by above-mentioned ID, timestamp expressly and random number are inserted in after URL domain name, generate the resource request URL that has uniqueness, then the resource request URL of the above-mentioned ID contained is sent to CDN server by client, it should be noted that, CDN server in the application can be CDN node server, also can be CDN Edge Server.
It should be noted that, the generation method of the ID of URL request is not limited to aforesaid way, as long as the generation scheme of ID can reach the uniqueness of ID.
Such as, user A accesses CDN server by client (legitimate client or illegitimate client), in the URL of the access request of the user A received in CDN server, contains the ID of identification access request, timestamp, random string.Can the access request URL of user A be following example: http://wstest.com.cn/a.flv? k=68b329da9893e34099c7d8ad5cb9c940 & t=554afcb4 & UID=11111111; K is unique ID, and wherein t is timestamp, and UID is random train).Here it should be noted that, if when user A accesses CDN server by a legal client (such as portal website), to be above-mentioned legal client generate for the access request of user URL request received by CDN server, if when user A accesses CDN server by an illegal client (third party steals chain website), the URL request received by CDN server is that above-mentioned illegal client is stolen or forged.
It should be noted that, the scheme of the application, only need exploitation system client being carried out to lightweight, to the code structure in CDN source server and service logic without the need to making any change, player end in client can initiate the request using md5sum (timestamp+random string+KEY) as random catalogue, therefore in this programme, player end only need do light methods, saves the resource of developer.
Step S14, if inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, and wherein, authentication is for determining the legitimacy of access request.
Particularly, in this programme, above-mentioned CDN server can first be inquired about from local cache, inquire under comprising above-mentioned ID situation in local cache, then carry out authentication by above-mentioned CDN server according to authentication policy this access request to user preset, namely determine that the access request of above-mentioned user is the access request that chain is still stolen in Lawful access request.
It should be noted that, if have accessed CDN server by normal client (such as portal website) before user arbitrarily, so in CDN server, then can the IP address of access terminal corresponding to the ID of the ID of the access request of validated user and the access request of validated user by buffer memory, so in above-mentioned steps S14, if preserve the ID of the access request of validated user in the local cache of CDN server, so CDN server may be used for the legitimacy identifying this access request.
Step S16, if do not inquire the first mark in the local cache of CDN server, access request is sent to authentication server and carries out authentication by CDN server.
Particularly, in this programme, if do not have the first mark in the local cache of CDN server, CDN server will initiate authentication request to authentication server, carry out authentication by authentication server to above-mentioned access request.
First the present embodiment receives the access request of access terminal by CDN server, wherein, access request at least comprises the first mark for identification access request; If inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, and wherein, authentication is for determining the legitimacy of access request; If do not inquire the first mark in the local cache of CDN server, access request is sent to authentication server and carries out authentication by CDN server, the anti-stealing link method solving existing time source authentication under any circumstance all only relies on authentication server to identify the request of robber's chain, causes the problem that authentication server load is excessive.
It should be noted that the pattern that this programme adopts local CDN node server judgement+authentication server to judge effectively can reduce the pressure of authentication server.
Alternatively, can also comprise the IP address of access terminal, step S14 in above-mentioned access request, if inquire the first mark in the local cache of CDN server, CDN server can comprise the step that access request carries out authentication in this locality:
Step S141, CDN server judges whether at least one IP address of local cache comprises the IP address of access terminal, and wherein, at least one IP address and first identifies has corresponding relation.
Step S142, when comprising, CDN server determination access request is legitimate request.
Step S143, in situation not to be covered, CDN server determination access request is for stealing chain request.
Particularly, in this programme, at least one IP address in above-mentioned steps S141 be before validated user sent after resource request to CDN server by legal client, multiple IP addresses of institute's buffer memory in CDN server, it should be noted that, in CDN server, at least one IP address and above-mentioned first of buffer memory identifies (ID) and has corresponding relation.In the buffer memory of CDN server, multiple IP address corresponding with multiple IP address first to identify (ID) be all legal, therefore, after CDN server receives this access request of active user, first judge that whether the ID of the access request of user is identical with the ID of buffer memory in CDN server, under identical circumstances, CDN server then can judge that whether the IP address of this access request of active user is identical with the IP address of buffer memory, under identical circumstances, then authentication is by illustrating that this current access request is legitimate request, if IP address is different, then illustrate that this current access request is illegal robber's chain request, authentication is not passed through, it should be noted that, in the buffer memory of CDN server, legal ID can corresponding multiple IP address, as long as the IP address of this access request of user is included in above-mentioned multiple IP address, then illustrate that this access request of user is legal request, can avoid because multiple exit IP causes the erroneous judgement of access request.
Here it should be noted that, when being cached with the ID of current access request in CDN server, this current access request one that might not illustrate is decided to be legal access request, because ID is likely the client forgery of current calling party or steals, in CDN server, the ID of institute's buffer memory is legal access request with corresponding multiple IP addresses, therefore, CDN server can judge whether the IP address of the reality of current access request belongs to above-mentioned multiple IP address further.
Alternatively, step S16, if do not inquire the first mark in the local cache of CDN server, access request is sent to the step that authentication server carries out authentication and can comprises by CDN server:
Step S161, if do not inquire the first mark in the local cache of authentication server, authentication server determination access request is legitimate request, and buffer memory first identifies the corresponding relation between the IP address of access terminal.
Particularly, in this programme, current access request (this access request) can be sent to authentication server by CDN server, by authentication server, authentication is carried out to this current access request, if do not inquire the ID of current access request in the local cache of authentication server, then illustrate, this current access request is for access first, access request can not for stealing chain request first, therefore, authentication server then determines that this accesses non-legally request first, and the corresponding relation between the IP address of this ID accessed first of buffer memory and access terminal.
Step S162, if inquire in the local cache of authentication server and comprise the first mark, authentication server judges whether at least one IP address of local cache comprises the IP address of access terminal, and wherein, at least one IP address and first identifies has corresponding relation; When comprising, authentication server determination access request is legitimate request; In situation not to be covered, authentication server determination access request is for stealing chain request.
Particularly, in this programme, at least one IP address in above-mentioned steps S162 can be sent after resource request by other the CDN server of legal client to CDN distributed network for validated user, the legitimate ip address of institute's buffer memory in other CDN server, then at least one corresponding for ID and ID of Lawful access request IP address is sent in the buffer memory of authentication server by other CDN server, it should be noted that, in authentication server the ID of buffer memory and at least one there is corresponding relation.In the buffer memory of authentication server, ID is legal with at least one corresponding IP address, therefore, after authentication server receives the current access request of current C DN server forwarding, first judge that whether the ID of the current access request of user is identical with the ID of buffer memory in authentication server, under identical circumstances, authentication server then can judge that whether the IP address of the access request of active user is identical with the IP address of buffer memory, under identical circumstances, then authentication is passed through, illustrate that this current access request is legitimate request, if IP address is different, then illustrate that this current access request is illegal robber's chain request, authentication is not passed through.It should be noted that, in the buffer memory of authentication server, legal ID can corresponding multiple IP address, as long as the IP address of this access request of user is included in above-mentioned multiple IP address, then illustrates that this access request of user is legal request.
Alternatively, step S16, if do not inquire the first mark in the local cache of CDN server, access request is sent to after authentication server carries out authentication by CDN server, and the method that the present embodiment provides can also comprise:
Step S17, authenticating result is sent to CDN server by authentication server, and wherein, authenticating result at least comprises: steal the IP address of access terminal of chain request and the IP address of the access terminal of legitimate request.
Particularly, in this programme, if when authentication server does not pass through current access request authentication, then the IP address of the access terminal stealing chain request is sent to CDN server, if when authentication server passes through current access request authentication, the IP address of the access terminal of legitimate request is also sent to CDN server by authentication server, is processed current access request by CDN server.
Alternatively, in step S17, after authenticating result is sent to CDN server by authentication server, the method that the present embodiment provides can also comprise:
Step S18, speed limit or denied access are carried out in the IP address of CDN server to the access terminal stealing chain request.
Particularly, in this programme, CDN server can to the IP address normal feedback resource of legitimate request, to illegal robber's chain request with refusal.
In a kind of preferred embodiment, CDN server does not directly carry out denied access to the IP address of stealing chain request, but speed limit, the effect that chain person is stolen in fascination can be played like this, allow robber's chain person think and steal chain success, directly can hit the website user stealing chain person and experience.
The application's composition graphs 2 to Fig. 3 below, describes this programme under a kind of application scenarios of reality:
This programme can be applied to the system preventing from illegally stealing chain, prevents from illegally stealing in the system of chain can comprise client, CDN server, authentication server at this.Client sends access request to CDN node server, CDN server oneself can carry out authentication and customer in response end to access request, access request also can be forwarded to authentication server by client, authentication is carried out by authentication server, authentication server carries out authentication to this access request, and authenticating result is fed back to CDN server, CDN server is according to authenticating result customer in response end.
Particularly, client can initiate with unique ID (ID using URI+ timestamp+random string+KEY four uses irreversible encryption algorithm for encryption to generate), timestamp expressly and at random string as the URL request of catalogue.CDN server is on the basis of CDN distribution function, realizes Edge Server and judges URL in this locality and process, and initiates authentication and process authenticating result.The authentication server mainly authentication request be responsible for CDN Edge Server module is initiated judges, and issues judged result.
Composition graphs 2, the step that CDN server carries out authentication to access request is as follows:
Step S30, CDN server receives the access request of client.
Step S31, CDN server judges that whether the encryption format in access request in URL is correct, and whether timestamp is effective, when encryption is incorrect or timestamp is invalid, perform step S32, under, timestamp correct at encryption format is effectively asked, perform step S33.
Particularly, above-mentioned steps S31 carries out time wrong door chain verification to the URL of access request, mainly comprises unique ID and encrypts string correctness and the whether expired verification of timestamp.
Step S32, the access of refusal client, it should be noted that, if the encryption format of the URL of access request or the incorrect words of timestamp, then illustrate that the robber's chain mode stealing chain person is not brilliant, CDN server then directly refuses the access request of client.
Step S33, CDN server judges the corresponding relation of local cache whether buffer memory ID and IP address, in a case of yes, performs step S34, in a case of no, performs step S35.
It should be noted that, the ID of above-mentioned ID entrained by the access request URL of user.
Step S34, CDN server judges that whether ID and the IP address of local cache is identical with ID and the IP address that the URL of access request carries, and under identical circumstances, performs step S341, when not identical, performs step S342.
Step S341, authentication is passed through, normal response client.
Step S342, authentication is not passed through, and carries out speed limit to client
Step S35, access request is sent to authentication server by CDN server, carries out authentication by authentication server to this access request.
Particularly, if the corresponding relation between ID and IP that the URL of this access request carries is not at CDN server local cache, then CDN server then initiates authentication request to authentication server, and does local cache process to the corresponding relation of ID and IP that URL carries at CDN fringe node.
Step S36, CDN server receives the authenticating result of authentication server feedback, according to authenticating result customer in response end.
Particularly, if the authenticating result of authentication server response is that authentication is not passed through, then CDN fringe node does speed limit process to response to the content of client.Particularly, if the authenticating result of authentication server response is that authentication is passed through, then CDN server normal response content is to client.
As shown in Figure 3, the step that authentication server carries out authentication to access request can be as follows:
Step S40, authentication server receives the authentication request that CDN server sends.
Step S41, authentication server judges the corresponding relation of ID and the IP of local whether cache access request, in a case of yes, performs step S42, in a case of no, execution step S43.
It should be noted that, the ID of above-mentioned ID entrained by the access request URL of user.
Step S42, ID and the IP address of buffer memory is identical with ID and the IP address that the URL of access request carries in authentication server, performs step S421, in different situations, performs step S422.
Step S421, authentication is passed through, and authenticating result is sent to CDN server by authentication server.
Step S422, authentication is not passed through, and authenticating result is sent to CDN server by authentication server.
Step S43, authentication is passed through, and the corresponding relation between ID and the IP address that the URL of access request carries by authentication server carries out buffer memory.
Step S44, authenticating result is sent to CDN server by authentication server.
Embodiment two
The embodiment of the present invention additionally provides a kind of system of access request authentication, and this system may be used for the method performing above-described embodiment one, and as shown in Figure 4, this system can comprise: client 20, CDN server 22 and authentication server 24.
Client 20, for sending the access request of access terminal, wherein, access request is at least for the first mark of identification access request.
CDN server 22, for receiving access request, if inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, if do not inquire the first mark in the local cache of CDN server, access request forwards by CDN server, and wherein, authentication is for determining the legitimacy of access request.
Particularly, in this programme, above-mentioned access request can be URL request, above-mentioned first mark can for being included in an ID in URL request, this ID is used for each access request of identifying user, this ID can by following schemes generation: user is when by client-access CDN server, above-mentioned client can by the URI of user access request, timestamp, random string and KEY use irreversible encryption algorithm for encryption, generate the ID for identifying above-mentioned URL request, then by above-mentioned ID, timestamp expressly and random number are inserted in after URL domain name, generate the resource request URL that has uniqueness, then the resource request URL of the above-mentioned ID contained is sent to CDN server by client, it should be noted that, CDN server in the application can be CDN node server, also can be CDN Edge Server.
It should be noted that, the generation method of the ID of URL request is not limited to aforesaid way, as long as the generation scheme of ID can reach the uniqueness of ID.
Such as, user A accesses CDN server by client (legitimate client or illegitimate client), in the URL of the access request of the user A received in CDN server, contains the ID of identification access request, timestamp, random string.Can the access request URL of user A be following example: http://wstest.com.cn/a.flv? k=68b329da9893e34099c7d8ad5cb9c940 & t=554afcb4 & UID=11111111; K is unique ID, and wherein t is timestamp, and UID is random train).Here it should be noted that, if when user A accesses CDN server by a legal client (such as portal website), to be above-mentioned legal client generate for the access request of user URL request received by CDN server, if when user A accesses CDN server by an illegal client (third party steals chain website), the URL request received by CDN server is that above-mentioned illegal client is stolen or forged.
It should be noted that, the scheme of the application, only need exploitation system client being carried out to lightweight, to the code structure in CDN source server and service logic without the need to making any change, player end in client can initiate the request using md5sum (timestamp+random string+KEY) as random catalogue, therefore in this programme, player end only need do light methods, saves the resource of developer.
Optionally, in this programme, above-mentioned CDN server can first be inquired about from local cache, inquire under comprising above-mentioned ID situation in local cache, then carry out authentication by above-mentioned CDN server according to authentication policy this access request to user preset, namely determine that the access request of above-mentioned user is the access request that chain is still stolen in Lawful access request.
It should be noted that, if have accessed CDN server by normal client (such as portal website) before user arbitrarily, so in CDN server, then can the IP address of access terminal corresponding to the ID of the ID of the access request of validated user and the access request of validated user by buffer memory, so in above-mentioned steps S14, if preserve the ID of the access request of validated user in the local cache of CDN server, so CDN server may be used for the legitimacy identifying this access request, if preserve the ID of the access request of validated user in the local cache of CDN server, access request forwards by CDN server.
Authentication server 24, sets up correspondence with CDN server, carries out authentication to the access request that CDN server forwards.
Particularly, in this programme, if do not have the first mark in the local cache of CDN server, CDN server will initiate authentication request to authentication server, carry out authentication by authentication server to above-mentioned access request.
First the present embodiment receives the access request of access terminal by CDN server, wherein, access request at least comprises the first mark for identification access request; If inquire the first mark in the local cache of CDN server, CDN server carries out authentication in this locality to access request, and wherein, authentication is for determining the legitimacy of access request; If do not inquire the first mark in the local cache of CDN server, access request is sent to authentication server and carries out authentication by CDN server, the anti-stealing link method solving existing time source authentication under any circumstance all only relies on authentication server to identify the request of robber's chain, causes the problem that authentication server load is excessive.
Alternatively, access request also comprises the IP address of access terminal, wherein, above-mentioned CDN server 22 can comprise: first processor, for judging whether at least one IP address of local cache comprises the IP address of access terminal, wherein, at least one IP address and first identifies has corresponding relation; When comprising, CDN server determination access request is legitimate request; In situation not to be covered, CDN server determination access request is for stealing chain request.
Alternatively, above-mentioned authentication server can also comprise: the second processor, if do not inquire the first mark in the local cache of authentication server, authentication server determination access request is legitimate request, and buffer memory first identifies the corresponding relation between the IP address of access terminal; If inquire in the local cache of authentication server and comprise the first mark, authentication server judges whether at least one IP address of local cache comprises the IP address of access terminal, and wherein, at least one IP address and first identifies has corresponding relation; When comprising, authentication server determination access request is legitimate request; In situation not to be covered, authentication server determination access request is for stealing chain request.
Alternatively, above-mentioned authentication server can also comprise: communicator, and for authenticating result is sent to CDN server, wherein, authenticating result at least comprises: steal the IP address of access terminal of chain request and the IP address of the access terminal of legitimate request.
Alternatively, above-mentioned first processor can also be used for carrying out speed limit or denied access to the IP address of the access terminal stealing chain request.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
In the above embodiment of the present invention, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
In several embodiments that the application provides, should be understood that, disclosed technology contents, the mode by other realizes.Wherein, device embodiment described above is only schematic, the such as division of described unit, can be that a kind of logic function divides, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of unit or module or communication connection can be electrical or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed on multiple unit.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises all or part of step of some instructions in order to make a computer equipment (can be personal computer, server or the network equipment etc.) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. a method for access request authentication, is characterized in that, comprising:
CDN server receives the access request of access terminal, and wherein, described access request at least comprises the first mark for identifying described access request;
If inquire described first mark in the local cache of described CDN server, described CDN server carries out authentication in this locality to described access request, and wherein, described authentication is for determining the legitimacy of described access request;
If do not inquire described first mark in the local cache of described CDN server, described access request is sent to authentication server and carries out authentication by described CDN server.
2. method according to claim 1, it is characterized in that, described access request also comprises the IP address of described access terminal, wherein, if inquire described first mark in the local cache of described CDN server, described CDN server is carried out authentication in this locality to described access request and is comprised:
Described CDN server judges whether at least one IP address of local cache comprises the IP address of described access terminal, and wherein, at least one IP address described and described first identifies has corresponding relation;
When comprising, described CDN server determines that described access request is legitimate request;
In situation not to be covered, described CDN server determines that described access request is for stealing chain request.
3. method according to claim 1, is characterized in that, described access request is sent to authentication server and carries out authentication and comprise by described CDN server:
If do not inquire described first mark in the local cache of described authentication server, described authentication server determines that described access request is legitimate request, and the corresponding relation described in buffer memory between the first mark and the IP address of described access terminal;
Described first mark is comprised if inquired in the local cache of described authentication server, described authentication server judges whether at least one IP address of local cache comprises the IP address of described access terminal, wherein, at least one IP address described and described first identifies and has corresponding relation;
When comprising, described authentication server determines that described access request is legitimate request;
In situation not to be covered, described authentication server determines that described access request is for stealing chain request.
4. method according to claim 3, is characterized in that, described access request to be sent to after authentication server carries out authentication in described CDN server, described method also comprises:
Authenticating result is sent to described CDN server by described authentication server, and wherein, described authenticating result at least comprises: the IP address of the IP address of the access terminal of described robber's chain request and the access terminal of described legitimate request.
5. method according to claim 4, is characterized in that, after authenticating result is sent to described CDN server by described authentication server, described method also comprises:
Speed limit or denied access are carried out in the IP address of described CDN server to the access terminal of described robber's chain request.
6. a system for access request authentication, is characterized in that, described system comprises:
Client, for sending the access request of access terminal, wherein, described access request is at least for identifying the first mark of described access request;
CDN server, for receiving described access request, if inquire described first mark in the local cache of described CDN server, described CDN server carries out authentication in this locality to described access request, if do not inquire described first mark in the local cache of described CDN server, described access request forwards by described CDN server, and wherein, described authentication is for determining the legitimacy of described access request;
Authentication server, sets up correspondence with described CDN server, carries out authentication to the described access request that described CDN server forwards.
7. system according to claim 6, is characterized in that, described access request also comprises the IP address of described access terminal, and wherein, described CDN server comprises:
First processor, for judging whether at least one IP address of local cache comprises the IP address of described access terminal, wherein, at least one IP address described and described first identifies has corresponding relation;
When comprising, described CDN server determines that described access request is legitimate request;
In situation not to be covered, described CDN server determines that described access request is for stealing chain request.
8. system according to claim 7, is characterized in that, described authentication server comprises:
Second processor, if do not inquire described first mark in the local cache of described authentication server, described authentication server determines that described access request is legitimate request, and the corresponding relation described in buffer memory between the first mark and the IP address of described access terminal;
Described first mark is comprised if inquired in the local cache of described authentication server, described authentication server judges whether at least one IP address of local cache comprises the IP address of described access terminal, wherein, at least one IP address described and described first identifies and has corresponding relation;
When comprising, described authentication server determines that described access request is legitimate request;
In situation not to be covered, described authentication server determines that described access request is for stealing chain request.
9. system according to claim 8, is characterized in that, described authentication server also comprises:
Communicator, for authenticating result is sent to described CDN server, wherein, described authenticating result at least comprises: the IP address of the IP address of the access terminal of described robber's chain request and the access terminal of described legitimate request.
10. system according to claim 9, is characterized in that, described first processor also carries out speed limit or denied access for the IP address of the access terminal to the request of described robber's chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510703837.7A CN105357190B (en) | 2015-10-26 | 2015-10-26 | The method and system of access request authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510703837.7A CN105357190B (en) | 2015-10-26 | 2015-10-26 | The method and system of access request authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105357190A true CN105357190A (en) | 2016-02-24 |
| CN105357190B CN105357190B (en) | 2018-12-07 |
Family
ID=55333054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510703837.7A Active CN105357190B (en) | 2015-10-26 | 2015-10-26 | The method and system of access request authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105357190B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844121A (en) * | 2016-03-31 | 2016-08-10 | 乐视控股(北京)有限公司 | Method and system for applying digital watermark to content delivery network (CDN) |
| CN105871888A (en) * | 2016-05-16 | 2016-08-17 | 乐视控股(北京)有限公司 | Identity authentication method, device and system |
| CN106357613A (en) * | 2016-08-25 | 2017-01-25 | 乐视控股(北京)有限公司 | Validation method of mobile terminal and validation system thereof |
| CN106790262A (en) * | 2017-02-07 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of method for authenticating and device |
| CN107517194A (en) * | 2016-06-17 | 2017-12-26 | 阿里巴巴集团控股有限公司 | A kind of content distributing network returns source authentication method and device |
| CN109379344A (en) * | 2018-09-27 | 2019-02-22 | 网宿科技股份有限公司 | The method for authenticating and authentication server of access request |
| CN109982277A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团北京有限公司 | A kind of business authorization method and device |
| CN110062006A (en) * | 2019-05-08 | 2019-07-26 | 福州福昕网络技术有限责任公司 | A kind of client high concurrent method for authenticating and system |
| CN110392016A (en) * | 2018-04-18 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Prevent the methods, devices and systems that flow is held as a hostage |
| CN110740353A (en) * | 2018-07-20 | 2020-01-31 | 北京优酷科技有限公司 | Request identification method and device |
| WO2020098773A1 (en) * | 2018-11-15 | 2020-05-22 | 北京金山云网络技术有限公司 | Request response method and device, edge node and authentication system |
| CN111277592A (en) * | 2018-06-27 | 2020-06-12 | 贵州白山云科技股份有限公司 | Authentication method, authentication device, storage medium and computer equipment |
| CN111314365A (en) * | 2020-02-25 | 2020-06-19 | 卓望数码技术(深圳)有限公司 | Application downloading method, application link generating method, device and medium |
| CN112565305A (en) * | 2021-02-19 | 2021-03-26 | 北京翼辉信息技术有限公司 | Method, system and storage medium for accessing local area network equipment by using domain name |
| CN112866221A (en) * | 2021-01-11 | 2021-05-28 | 中国邮政储蓄银行股份有限公司 | Authentication method, authentication system, computer-readable storage medium, and processor |
| CN114500067A (en) * | 2022-02-09 | 2022-05-13 | 厦门元屿安科技有限公司 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
| WO2023231848A1 (en) * | 2022-05-31 | 2023-12-07 | 华为技术有限公司 | Cross-domain access method and content delivery network edge server |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102468961A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Distributive enterprise identification authentication method, system and embedded terminal |
| CN103888409A (en) * | 2012-12-19 | 2014-06-25 | 中国电信股份有限公司 | Distributed unified authentication method and system |
| CN103986735A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| US20140258713A1 (en) * | 2010-03-22 | 2014-09-11 | Echostar Technologies L.L.C. | Systems and methods for securely streaming media content |
| US20150201033A1 (en) * | 2014-01-10 | 2015-07-16 | Facebook. Inc. | Content specific router caching |
| CN104811438A (en) * | 2015-03-26 | 2015-07-29 | 网宿科技股份有限公司 | Asynchronous hotlink protection method and system based on scheduling system |
-
2015
- 2015-10-26 CN CN201510703837.7A patent/CN105357190B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140258713A1 (en) * | 2010-03-22 | 2014-09-11 | Echostar Technologies L.L.C. | Systems and methods for securely streaming media content |
| CN102468961A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Distributive enterprise identification authentication method, system and embedded terminal |
| CN103888409A (en) * | 2012-12-19 | 2014-06-25 | 中国电信股份有限公司 | Distributed unified authentication method and system |
| US20150201033A1 (en) * | 2014-01-10 | 2015-07-16 | Facebook. Inc. | Content specific router caching |
| CN103986735A (en) * | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN104811438A (en) * | 2015-03-26 | 2015-07-29 | 网宿科技股份有限公司 | Asynchronous hotlink protection method and system based on scheduling system |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105844121A (en) * | 2016-03-31 | 2016-08-10 | 乐视控股(北京)有限公司 | Method and system for applying digital watermark to content delivery network (CDN) |
| CN105871888A (en) * | 2016-05-16 | 2016-08-17 | 乐视控股(北京)有限公司 | Identity authentication method, device and system |
| CN107517194B (en) * | 2016-06-17 | 2020-09-01 | 阿里巴巴集团控股有限公司 | Return source authentication method and device of content distribution network |
| CN107517194A (en) * | 2016-06-17 | 2017-12-26 | 阿里巴巴集团控股有限公司 | A kind of content distributing network returns source authentication method and device |
| CN106357613A (en) * | 2016-08-25 | 2017-01-25 | 乐视控股(北京)有限公司 | Validation method of mobile terminal and validation system thereof |
| CN106790262A (en) * | 2017-02-07 | 2017-05-31 | 腾讯科技(深圳)有限公司 | A kind of method for authenticating and device |
| WO2018145546A1 (en) * | 2017-02-07 | 2018-08-16 | 腾讯科技(深圳)有限公司 | Authentication method, device and storage medium |
| CN109982277B (en) * | 2017-12-28 | 2021-04-13 | 中国移动通信集团北京有限公司 | Service authorization method, device and readable medium |
| CN109982277A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团北京有限公司 | A kind of business authorization method and device |
| CN110392016A (en) * | 2018-04-18 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Prevent the methods, devices and systems that flow is held as a hostage |
| CN110392016B (en) * | 2018-04-18 | 2022-05-31 | 阿里巴巴集团控股有限公司 | Method, device and system for preventing traffic from being hijacked |
| CN111277592A (en) * | 2018-06-27 | 2020-06-12 | 贵州白山云科技股份有限公司 | Authentication method, authentication device, storage medium and computer equipment |
| CN110740353A (en) * | 2018-07-20 | 2020-01-31 | 北京优酷科技有限公司 | Request identification method and device |
| CN109379344B (en) * | 2018-09-27 | 2022-05-10 | 网宿科技股份有限公司 | Authentication method and authentication server for access request |
| CN109379344A (en) * | 2018-09-27 | 2019-02-22 | 网宿科技股份有限公司 | The method for authenticating and authentication server of access request |
| CN111193692A (en) * | 2018-11-15 | 2020-05-22 | 北京金山云网络技术有限公司 | Request response method, device, edge node and authentication system |
| WO2020098773A1 (en) * | 2018-11-15 | 2020-05-22 | 北京金山云网络技术有限公司 | Request response method and device, edge node and authentication system |
| CN110062006A (en) * | 2019-05-08 | 2019-07-26 | 福州福昕网络技术有限责任公司 | A kind of client high concurrent method for authenticating and system |
| CN111314365A (en) * | 2020-02-25 | 2020-06-19 | 卓望数码技术(深圳)有限公司 | Application downloading method, application link generating method, device and medium |
| CN111314365B (en) * | 2020-02-25 | 2022-08-16 | 卓望数码技术(深圳)有限公司 | Application downloading method, application link generating method, device and medium |
| CN112866221A (en) * | 2021-01-11 | 2021-05-28 | 中国邮政储蓄银行股份有限公司 | Authentication method, authentication system, computer-readable storage medium, and processor |
| CN112565305A (en) * | 2021-02-19 | 2021-03-26 | 北京翼辉信息技术有限公司 | Method, system and storage medium for accessing local area network equipment by using domain name |
| CN112565305B (en) * | 2021-02-19 | 2022-03-08 | 北京翼辉信息技术有限公司 | Method, system and storage medium for accessing local area network equipment by using domain name |
| CN114500067A (en) * | 2022-02-09 | 2022-05-13 | 厦门元屿安科技有限公司 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
| WO2023231848A1 (en) * | 2022-05-31 | 2023-12-07 | 华为技术有限公司 | Cross-domain access method and content delivery network edge server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105357190B (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105357190A (en) | Method and system for performing authentication on access request | |
| KR100568228B1 (en) | Method for resisting program tampering using serial number and for upgrading obfuscated program, and apparatus for the same | |
| KR101531450B1 (en) | Improvements in watermark extraction efficiency | |
| WO2016184216A1 (en) | Link-stealing prevention method, link-stealing prevention server, and client side | |
| US7426750B2 (en) | Network-based content distribution system | |
| US7653940B2 (en) | Tracing and identifying piracy in wireless digital rights management system | |
| CN101075866B (en) | Method and system for loading message on Internet | |
| CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
| JP2018501567A (en) | Device verification method and equipment | |
| CN107517179A (en) | A kind of method for authenticating, device and system | |
| WO2012117253A1 (en) | An authentication system | |
| GB2508965A (en) | Copyright protection by comparing identifiers of first and second electronic content | |
| US11503072B2 (en) | Identifying, reporting and mitigating unauthorized use of web code | |
| WO2001061913A2 (en) | Network-based content distribution system | |
| CN110690972A (en) | Token authentication method and device, electronic equipment and storage medium | |
| CN106330968B (en) | Identity authentication method and device for access equipment | |
| TWI422206B (en) | Tolerant key verification method | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| CN110955909B (en) | Personal data protection method and block link point | |
| US9294480B2 (en) | Tracking and tracing information theft from information systems | |
| CN111602380A (en) | Method and system for identifying a user terminal for receiving streaming protected multimedia content | |
| JP5161053B2 (en) | User authentication method, user authentication system, service providing apparatus, and authentication control apparatus | |
| CN110348177B (en) | Copyright protection method and system for media file | |
| CN114978552B (en) | Security management method, device, equipment and medium for mailbox verification code | |
| CN117579338A (en) | Method for processing streaming media file and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |