CN110011950A - A kind of method for authenticating and device of video flowing address - Google Patents
A kind of method for authenticating and device of video flowing address Download PDFInfo
- Publication number
- CN110011950A CN110011950A CN201810008106.4A CN201810008106A CN110011950A CN 110011950 A CN110011950 A CN 110011950A CN 201810008106 A CN201810008106 A CN 201810008106A CN 110011950 A CN110011950 A CN 110011950A
- Authority
- CN
- China
- Prior art keywords
- authentication
- information
- server
- client
- video flowing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/60—Network streaming of media packets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The embodiment of the invention provides the method for authenticating and device of a kind of video flowing address, method therein includes: to send log-on message to first server and second server;Receive the second information for being used for authentication and the user authentication information that the first server is sent;According to for authentication the first information and the user authentication information determine the first authentication values, be based on user authentication information and first authentication values, obtain video flowing address request information;Video flowing address request information is sent to first server, after determining the second authentication values by the first information and the user authentication information that are used for authentication again, judge whether first authentication values match with second authentication values, if it does, then client is authenticated by video flowing address.Method of the invention solves the technical problem lower there are safety due to the easy acquisition video flowing address information of hacker in the prior art.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of method for authenticating and device of video flowing address.
Background technique
With the development of HTML technology, HTML5 has become next-generation HTML standard, and major part browser can be supported at present
HTML5, to be applied in web program more and more based on the new features of HTML5, such as the broadcasting of live video
Deng.
In the prior art, video playing is also based on HTML5 technology, when the video flowing that server receives client is asked
After asking, video flowing address corresponding with video flowing request can be sent to client by server, so that it is above-mentioned to be based on client
Video flowing address plays corresponding video.However due in the video render based on HTML5 technology, video flowing address information is
It is indicated using JavaScript language, since JavaScript is a kind of explanatory scripting language, so that client
Video flowing address information in browser is presented in the form of source code, and such third-party platform or hacker are easy acquisition
Then video flowing address information cracks code logic therein, thus with can obtaining video flowing without any authorization
The corresponding video content in location, thus the illegal risk for obtaining video is increased, safety is lower.
Therefore, in the prior art due to third-party platform or hacker are easy to obtain video flowing address information and there are safeties
Lower technical problem.
Summary of the invention
The embodiment of the invention provides the method for authenticating and device of a kind of video flowing address, to solve in the prior art by
It is easy to obtain video flowing address information and the technical problem lower there are safety in third-party platform or hacker.
First aspect present invention provides a kind of method for authenticating of video flowing address, comprising: sends log-on message to first
Server and second server so that the first server according to the log-on message generate for authentication the first information and
User authentication information, and generate after being encrypted using the first information described in predetermined encryption key pair for authentication for authenticating
The second information, and make the second server be based on the log-on message to the client send it is close with the predetermined encryption
The corresponding decruption key of key, wherein the decruption key is generation of the second server according to the predetermined encryption key
Logic obtains;
Second information for authentication and the user authentication information that the first server is sent are received, and is led to
It crosses the decruption key second information for authentication is decrypted, obtains the first information for authentication;
The first authentication values are determined according to the first information for authentication and the user authentication information, and are based on institute
User authentication information and first authentication values are stated, video flowing address request information is obtained;
The video flowing address request information is sent to first server, so that the first server passes through the view
Frequency stream address request information obtains first authentication values, then passes through the first information and the user authentication for authentication
After information determines the second authentication values, judge whether first authentication values match with second authentication values, wherein when described
When first authentication values are matched with second authentication values, client is authenticated by video flowing address.
Based on same inventive concept, second aspect of the present invention provides a kind of method for authenticating of video flowing address, comprising:
The log-on message of client is received, and is generated according to the log-on message and is recognized for the first information of authentication and user
Information is demonstrate,proved, the first information described in predetermined encryption key pair for authentication is recycled to be encrypted, generates second for authentication
Information;
Second information and user authentication information for authentication is sent to the client, so that the client is logical
It crosses decruption key second information for authentication is decrypted, obtains the first information for authentication, wherein institute
Stating decruption key is to send out after second server is obtained according to the generation logic of the predetermined encryption key, based on the log-on message
It send to the client;
Receive the video flowing address request information that the client is sent, wherein the video flowing address request information is
The client the first authentication values are determined according to the first information for authentication and the user authentication information after, again will
It is obtained after the user authentication information and first authentication values combination;
First authentication values are obtained according to the video flowing address request information, and according to first for authentication
Information and the user authentication information determine the second authentication values;
Judge whether first authentication values match with second authentication values, when first authentication values and described second
When authentication values match, authenticate the client by video flowing address.
Optionally, pass through the client when first authentication values are matched with second authentication values described
After the authentication of video flowing address, the method also includes:
Video flowing address corresponding with the video flowing address request information is sent to the client.
Optionally, the predetermined encryption key is what first server was generated according to current time stamp.
Based on same inventive concept, third aspect present invention provides a kind of method for authenticating of video flowing address, comprising:
Receive the log-on message of client;
Decruption key is sent to the client based on the log-on message, so that the client is close by the decryption
Key the second information for authentication is decrypted the first information obtained for authentication, and according to first for authentication
Information and user authentication information determine the first authentication values, will obtain after the user authentication information and first authentication values combination
Video flowing address request information is obtained, and the video flowing address request information is sent to first server, and make described first
Server obtains first authentication values according to the video flowing address request information, according to the first information for authentication
After determining the second authentication values with the user authentication information, judge first authentication values and second authentication values whether
Match, when first authentication values are matched with second authentication values, authenticates the client by video flowing address;Its
In, second information for authentication is that the first server generates the first letter for being used for authentication according to the log-on message
It ceases and is obtained after being encrypted using the predetermined encryption key, the user authentication information is first server reception
The client is sent to after the log-on message, the decruption key is second server according to the predetermined encryption key
Generation logic obtain.
Based on same inventive concept, fourth aspect present invention provides a kind of authentication device of video flowing address, described
Device is client, comprising:
First sending module, for sending log-on message to first server and second server, so that first clothes
Business device generates the first information and user authentication information for authentication according to the log-on message, and utilizes predetermined encryption key pair
The first information for authentication generates the second information for authentication after being encrypted, and is based on the second server
The log-on message sends decruption key corresponding with the predetermined encryption key to the client, wherein the decryption is close
Key is that the second server is obtained according to the generation logic of the predetermined encryption key;
Receiving module, for receiving the second information and the user described in the first server transmission for authentication
Authentication information, and second information for authentication is decrypted by the decruption key, it obtains described for authenticating
The first information;
Determining module, for determining the first mirror according to the first information for authentication and the user authentication information
Weight, and the user authentication information and first authentication values are based on, obtain video flowing address request information;
Second sending module, for the video flowing address request information to be sent to first server, so that described
One server obtains first authentication values by the video flowing address request information, then passes through first for authentication
After information and the user authentication information determine the second authentication values, judge that first authentication values are with second authentication values
No matching, wherein when first authentication values are matched with second authentication values, client is authenticated by video flowing address.
Based on same inventive concept, fifth aspect present invention provides a kind of authentication device of video flowing address, described
Device is first server, comprising:
First receiving module is generated for receiving the log-on message of client, and according to the log-on message for authenticating
The first information and user authentication information, recycle predetermined encryption key pair described in for authentication the first information encrypted,
Generate the second information for authentication;
Sending module, for sending second information and user authentication information for authentication to the client, with
The client is decrypted to second information for authentication by decruption key, obtains for authentication
One information, wherein the decruption key is after second server is obtained according to the generation logic of the predetermined encryption key, is based on
The log-on message is sent to the client;
Second receiving module, the video flowing address request information sent for receiving the client, wherein the video
Stream address request information is that the client is determined according to the first information for authentication and the user authentication information
It is obtained after being combined after first authentication values, again by the user authentication information and first authentication values;
Determining module, for obtaining first authentication values according to the video flowing address request information, and according to described
The second authentication values are determined for the first information of authentication and the user authentication information;
Authentication module, for judging whether first authentication values match with second authentication values, when first mirror
When weight is matched with second authentication values, authenticate the client by video flowing address.
Based on same inventive concept, sixth aspect present invention provides a kind of authentication device of video flowing address, described
Device is second server, comprising:
Receiving module, for receiving the log-on message of client;
Sending module, for sending decruption key to the client based on the log-on message, so that the client
The first information obtained for authentication is decrypted to the second information for authentication by the decruption key, and according to described
The first information and user authentication information for authentication determine the first authentication values, by the user authentication information and described first
Video flowing address request information is obtained after authentication values combination, and the video flowing address request information is sent to first service
Device, and the first server is made to obtain first authentication values according to the video flowing address request information, according to the use
After the first information of authentication and the user authentication information determine the second authentication values, judge first authentication values with it is described
Whether the second authentication values match, and when first authentication values are matched with second authentication values, the client are made to pass through view
Frequency stream address authentication;Wherein, second information for authentication is that the first server is generated according to the log-on message
For authentication the first information and obtain after being encrypted using the predetermined encryption key, the user authentication information is institute
State first server and receive and be sent to the client after the log-on message, the decruption key be second server according to
What the generation logic of the predetermined encryption key obtained.
Based on same inventive concept, seventh aspect present invention provides a kind of computer readable storage medium, deposits thereon
Computer program is contained, the method that first aspect present invention provides is realized when which is executed by processor.
Based on same inventive concept, eighth aspect present invention provides a kind of computer equipment, including memory, processing
On a memory and the computer program that can run on a processor, when processor execution described program, is realized for device and storage
The method that first aspect present invention provides.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects
Fruit:
In method provided by the invention, on the one hand, client needs the first information and user by being used for authentication to recognize
After demonstrate,proving the first authentication values of information acquisition, video flowing address request information just can be generated, be rather than directly to first server hair
Video flowing address request information is sent, and calculated first authentication values of client will be with first server according to same method
When calculated second authentication values match, client just passes through authentication, and then just can receive corresponding video flowing address, this
Sample client before sending video flowing address, first server can video flowing address request information to client carry out legitimacy
Examination and judgement, compared to client directly to server send video flowing address request information for, video flowing can be improved
The safety of address request information.On the other hand, the second information for authentication that client receives is by predetermined encryption
The encrypted information of key, thus client need sent according to second server it is corresponding with predetermined encryption key decrypt it is close
Key can just obtain the first information for authentication after recycling decruption key that the second information for authentication is decrypted,
The difficulty for obtaining the first information for authentication, also, received the second information for authentication of client are increased in this way
What one server was sent, and the decruption key for being used to decrypt the second information for authentication is that second server is sent, two
Server is independent from each other, and is to be sent by different network channels, therefore can reinforce to decruption key
Protection, and then the acquisition difficulty of decruption key is increased, further increase decruption key cracks difficulty, so further mention
High acquisition video flowing address safety.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow chart of the method for authenticating of video flowing address in the embodiment of the present invention;
Fig. 2 is the flow chart of the method for authenticating of another video flowing address in the embodiment of the present invention;
Fig. 3 is the flow chart of the method for authenticating of another video flowing address in the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram of the authentication device of video flowing address in the embodiment of the present invention;
Fig. 5 is the structural schematic diagram of the authentication device of another video flowing address in the embodiment of the present invention;
Fig. 6 is the structural schematic diagram of the authentication device of another video flowing address in the embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of computer readable storage medium in the embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of computer equipment in the embodiment of the present invention.
Specific embodiment
The embodiment of the present application by providing the method for authenticating and device of a kind of video flowing address, solve in the prior art by
It is easy to obtain video flowing address information and the technical problem lower there are safety in hacker, realizes and improve video flowing address and ask
Seek the technical effect of the safety and reliability of information.
Technical solution in the embodiment of the present application, general thought are as follows: client is sending video flowing to first server
Before address request information, need to obtain the first information and user authentication information for authentication for calculating the first authentication values, and it is objective
Family end it is received for authentication the second information be utilize predetermined encryption key pair for authentication the first information encrypt after generate
, the first information for needing to utilize decruption key corresponding with predetermined encryption key that could obtain for authentication increases in this way
The difficulty of the first information for authentication is obtained, and then increases the difficulty of hack, also, the decryption that client obtains is close
Key is that second server is sent, i.e., in the information that client needs, the second information and user authentication information for authentication are
From first server, and the decruption key for being used to decrypt the second information for authentication comes from second server,
And first server is independent from each other with second server, to further increase the difficulty that client obtains decruption key
Degree, so further improve the safety of video flowing address acquisition.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Embodiment one
It should be noted that method provided in this embodiment is applied to client, the client and the server are logical
It crosses network to be attached, to realize communication;In the specific implementation process, the client can be applied to mobile terminal device
(such as mobile phone, tablet computer) also can be applied to fixed terminal equipment (such as desktop computer), herein also with no restriction.
The present embodiment provides a kind of method for authenticating of video flowing address, the method is applied to client, as shown in Figure 1,
This method comprises:
Step S101: sending log-on message to first server and second server so that the first server according to
The log-on message generates the first information and user authentication information for authentication, and is used for using described in predetermined encryption key pair
The first information of authentication generates the second information for authentication after being encrypted, and the second server is made to be based on the login
Information sends decruption key corresponding with the predetermined encryption key to the client, wherein the decruption key is described
Second server is obtained according to the generation logic of the predetermined encryption key.
Specifically, above-mentioned log-on message includes user name, password etc., preferably, in the embodiment of the present invention, the first clothes
Business device is PHP (Hypertext Preprocessor) server, and second server is C++ server, to pass through the first clothes
Business device sends HTML (HyperText Markup Language) file, JavaScript file etc. that the page needs, Ke Yichong
Divide the short link properties using PHP server, and C++ server can then be carried out using Websocket agreement and client
Long connection, so that the transmission of data is safer and maintains secrecy.
When client logs in, log-on message can be sent to first server and second server, first server receives
The first information and user authentication information for authentication are generated according to the log-on message of client after to log-on message.It is specific next
It says, user authentication information may include token information, the unique identification of client device, the unique identification of user account, furthermore
It can also include the environmental information, such as system time, room number etc. that client logs in.And the first information for being used to authenticate, it can
To be indicated by JavaScript scripted code, becomes complexity to be used in the first information of authentication, can pass through
MD5 algorithm is realized, by taking user authentication information and environmental information as an example, the first information specific implementation code for authentication is such as
Under:
function CreateMd5Key(UID,Token,DID,TimeStamp,RoomId)
{
Above-mentioned function name be CreateMd5Key, wherein the parameter needed include UID, Token, DID, TimeStamp,
RoomId。
After generating the first information for authentication, first server it can be added using predetermined encryption key pair
Algorithm close, that the method for encryption can be made an appointment using server and client, such as can be des encryption algorithm, AES pairs
Claim Encryption Algorithm, RSA cryptographic algorithms etc..Then added using the above-mentioned first information for authentication of predetermined encryption key pair
Close, encrypted second information is one section of character string.Predetermined encryption key can be generated using different logics, below with several
It is described in detail for generation method.
The first, can generate predetermined encryption key by calling Md5.Create.
Second, a fixed initial value is taken, then carries out different geometric operations every time, generates predetermined encryption key.
The third, generates predetermined encryption key according to the current time stamp that first server obtains.
4th kind, predetermined encryption key can be generated with second of implementation in conjunction with the first.
First below in a manner of the first predetermined encryption key for prescribed server to the first information for authentication into
The process of row encryption, firstly generates predetermined encryption key KEY value, and wherein KEY value can be realized by calling Md5.Create,
The difficulty of predetermined encryption key in order to further increase can also add random number R andData, then predetermined encryption key KEY
=Md5.Create (Token+UID+RandData), i.e. server use Token, UID and the service for being handed down to client
Device generate random number R andData calculate KEY value obtained from a MD5 together, then to the first information for authentication into
Row encryption.
After describing using the method for Md5.Create and generating predetermined encryption key, the present invention can also pass through
One server generates the predetermined encryption key according to current time stamp, can guarantee predetermined encryption key and decruption key in this way
There is different values at different times, increase decruption key cracks difficulty, as long as it is default to generate first server
Encryption key is identical with the decruption key that second server generates.
In order to further ensure accuracy, it is contemplated that the calculating of predetermined encryption key is participated in using current timestamp,
And the current time stamp that the current time stamp and second server due to first server acquisition obtain there may be small difference
It is different, thus it is for example possible to one is 1: 59 minute, and the other is 2 points 0 minute, it is also possible to one be 2 points 0 minute, the other is 1
Point 59 minutes etc., so that the server time stamp on both sides is inconsistent, it is close so as to cause the predetermined encryption being finally calculated
Key and decruption key are inconsistent.The application can be obtained by the timestamp and second server that are obtained to first server when
Between stab and be normalized so that the timestamp value that first server and second server are used to computation key is consistent.
Preferably, can try to realize by a kind of time-triggered protocol mode of compatibility, concrete implementation process is as described below:
Assuming that predetermined encryption key is realized using the 4th kind of mode, i.e., by way of combining MD5 and timestamp
It realizes, the calculation of predetermined encryption key JSKEY is JSKEY=md5.create (Initial_Key+Time), certainly
It can also include the UID etc. in other information, such as user authentication information, be not particularly limited herein.Initial_Key is
The initial key that one server and second server all have, the initial key can be a fixed character string.The
The difference for the timestamp that one server and second server obtain is usually no more than 1 minute, and the present invention can choose 3 minutes, 4 points
Clock, 5 minutes or 10 minutes are interval, at the current time stamp obtained respectively to first server and second server
Reason.It is that the method that first server calculates predetermined encryption key JSKEY is removed after first server obtains current time stamp first
With time interval 5 minutes, is then calculated together with Initial_Key and finally obtain predetermined encryption key, concrete implementation process
Are as follows:
Step a1: calling system function getLocalTime so that obtain current time in system stamp time Long time=
getLocalTime()。
Step a2: taking quotient at current time stamp with time interval after five minutes, the timestamp finally calculated, Time
=time% (60*5).
Step a3: MD5 function is calculated together to obtain to Initial_Key and obtained quotient using HASH function MD5
To predetermined encryption key, JSKEY=md5.create (Initial_Key+Time).
In order to allow second server that decruption key identical with the predetermined encryption key of first server is calculated,
The embodiment of the present invention subtracts the current time stamp that second server obtains after time interval again divided by time interval, obtains one
Quotient Time1;Current time stamp obtains another quotient Time divided by time interval;After current time stamp adds time interval
Again divided by time interval, another quotient Time2 is obtained, is implemented as follows:
Step b1: calling system function getLocalTime so that obtain current time in system stamp time Long time=
getLocalTime();
Step b2: respectively being handled the timestamp time of acquisition, Time=time% (60*5), Time1=(time
+ 60*5) % (60*5);Time2=(time-60*5) % (60*5)
Step b3: Initial_Key and obtained Time, Time1 and Time2 are counted together using HASH function MD5
MD5 function is calculated to obtain three decruption keys.
JSKEY=md5.create (Initial_Key+Time);
JSKEY1=md5.create (Initial_Key+Time1);
JSKEY2=md5.create (Initial_Key+Time2).
By the processing method of the above-mentioned timestamp for calculating second server decruption key, it is recognised that second service
In device three obtained decruption key, must there is that a value is identical as the predetermined encryption key value in first server, thus can
So that second server obtains decruption key identical with predetermined encryption key.
More specifically, for example, first server obtain current time be 1 point 59 minutes, second server obtain it is current
Time be 2 points 0 minute, time interval is 5 minutes, then by after getLocalTime, respectively 7140 and 7200, for the first clothes
Be engaged in for device, 7140 divided by after 300 quotient be 23,7200 quotient obtained divided by 300 be 24,7200 subtract 300 after again divided by 300
It plus the quotient obtained again divided by 300 after 300 is 25 that obtained quotient, which is 23,7200, then therein 23 obtain with first server
Quotient it is identical.
After first server generates predetermined encryption key, then system function ReadFile can be called to read one from memory
A js file, file name are urlrequst.js, are read in variable buff, and reading length is nLength, ReadFile
(" urlrequst.js ", char*buff, int&nLength) next then calls the Encryption Algorithm made an appointment to come to reading
The JavaScript code taken is encrypted, Aes.Encrypt (buff, nLength, KEY).
It is encrypted authentication information since client is obtained from first server, client needs to obtain decryption close
Encrypted authentication information could be decrypted in key, and decruption key is after client logs in second server, by the second clothes
It is engaged in what device was sent, thus decruption key is that second server is obtained according to the generation logic of the predetermined encryption key, also
It is to say, the logic that the logical AND first server that second server calculates decruption key calculates encryption key is identical, to guarantee
Client can obtain the first information for authentication by decruption key.In above scheme, due to first server and the second clothes
Business device is mutually independent, and sends the second information for authentication by a network channel, another network channel sends solution
Key increases the acquisition difficulty of decruption key so as to reinforce the protection to decruption key.
Due to first server be used to encryption key that the first information for authentication is encrypted be it is diversified,
To increase the diversity of decruption key corresponding with encryption key, to further improve the first letter for authentication
The acquisition difficulty of breath.And the present processes are based on HTML5 technology, because without having Flash file, and the present invention
The programming language being related to is then JavaScript scripting language, and the first information for authentication is also using JavaScript code
It writes.
Step S102: second information for authentication and the user authentication that the first server is sent are received
Information, and second information for authentication being decrypted by the decruption key obtains for authentication
One information.
It, can be then in client's end memory to for authentication after client obtains the decruption key that second server is sent
Two information are decrypted, and then obtain the first information for authentication.It specifically, is according to timestamp with predetermined encryption key
Information calculates MD5 come for obtaining, since second server can generate three decruption keys, then client receive also can be
Three decruption keys.Client can be utilized respectively each decruption key to be decrypted to for authenticating the second information, then look into
See whether obtain normal JavaScript code, if decruption key and the predetermined encryption key of first server are inconsistent,
The meeting then obtained is messy code or is not inconsistent logical JavaScript code.In the specific implementation process, client utilizes
The decrypting process of decruption key is as follows: be JSKEY first, client can execute Aes.Decrypt (buff, nLength,
JSKEY), illustrate that decruption key is JSKEY if the JavaScript code of JSKEY decryption is correctly, otherwise use
JSKEY1 is decrypted;Then Aes.Decrypt (buff, nLength, JSKEY1) is executed;If JSKEY1 decryption
JavaScript code is correctly then to illustrate that code key is JSKEY1, is otherwise decrypted using JSKEY2, Aes.Decrypt
(buff,nLength,JSKEY2)。
Since above-mentioned decrypting process is executed in the memory of client, because without specific corresponding
JavaScript file, it is therefore provided that the method for the present embodiment is safer and hidden.And in existing method, in webpage
HTML, JavaScript file, CSS file, picture file etc. can all be downloaded from server, and above-mentioned file is one at this time
A independent file, therefore hacker is easy to obtain above-mentioned associated documents from client browser.
Step S103: the first authentication is determined according to the first information for authentication and the user authentication information
Value, and the user authentication information and first authentication values are based on, obtain video flowing address request information.
Specifically, client needs to generate video flowing address request information, and first choice needs to be used to reflect according to what is decrypted
The first information of power and the user authentication information determine the first authentication values, in the specific implementation process, the first authentication values
Can be obtained by following methods: using user authentication information as parameter, then being executed according to above-mentioned parameter includes the use
In the JavaScript code of the first information of authentication, implementing result is obtained, the implementing result is first authentication values.
Specifically client can according to first server generate for authentication the first information method, i.e., by UID,
Then these information such as Token, DID, TimeStamp, Roomid are stitched together together calls MD5 algorithm to obtain a view
Frequency flows the request MD5KEY value of address, i.e. the first authentication values.
After calculating the first authentication values, client by authentication information that first server before is sent and can calculate the
One authentication values are combined to generate video flowing address request information, specifically, can be by using the POST method of HTTP
To request video flowing address from server:
Post
/ live/room_id? ClientType=H5Web&TimeStamp=1505487520&Did=
Abdef1258ewfefefsw3&Auth=MD5KEY
Wherein, the interface of Post server is /live/room_id, and the parameter that when request carries includes the type of client
ClientType, the time TimeStamp of system, the unique ID of the equipment of UID client and the first authentication values MD5KEY.
Step S104: the video flowing address request information is sent to first server, so that the first server
First authentication values are obtained by the video flowing address request information, then pass through the first information for authentication and institute
It states after user authentication information determines the second authentication values, judges whether first authentication values match with second authentication values,
Wherein, when first authentication values are matched with second authentication values, client is authenticated by video flowing address.
Specifically, client can send video flowing address request information after generating video flowing address request information
To first server, first server can extract the first authentication values from video flowing address request information first at this time, because objective
When video flowing address is requested at family end, relevant parameter, such as DID, Token, RoomId, TimeStamp etc. can be carried.Server
And same method is understood to calculate the second authentication values, i.e. MD5KEY=MD5.Create (UID+Token+DID+TimeStamp
+RoomId);Calling the encryption library function MD5 of JavaScript to carry out splicing to above- mentioned information, to calculate its corresponding
MD5KEY value.Next, server can match oneself calculated second authentication values with the first authentication values, that is, judge two
Whether person is identical, if identical, shows that client is legal, authenticates the client by video flowing address.
Based on the same inventive concept, present invention also provides the method for authenticating of another video flowing address, are applied to first
Server, detailed in Example two.
It should be noted that method provided in this embodiment is applied to server, the server and the client are logical
It crosses network to be attached, to realize communication;In the specific implementation process, the client can be applied to mobile terminal device
(such as mobile phone, tablet computer) also can be applied to fixed terminal equipment (such as desktop computer), herein also with no restriction.It is described
Server is the server for handling video information, can be individual server, or multiple server compositions
Server group.
Embodiment two
A kind of method for authenticating of video flowing address is present embodiments provided, first server is applied to, as shown in Fig. 2, should
Method includes:
Step S201: the log-on message of client is received, and the first letter for authentication is generated according to the log-on message
Breath and user authentication information recycle the first information described in predetermined encryption key pair for authentication to be encrypted, and generation is used for
Second information of authentication;
First server has been described in detail in example 1 to be generated according to the log-on message of client for authenticating
The first information and user authentication information, and using predetermined encryption key pair to it is described for authentication the first information add
It is close, the detailed process of the second information for authentication is generated, therefore details are not described herein.
S202: Xiang Suoshu client of step sends second information and user authentication information for authentication, so that institute
It states client and second information for authentication is decrypted by decruption key, obtain first letter for authentication
Breath, wherein the decruption key is after second server is obtained according to the generation logic of the predetermined encryption key, based on described
Log-on message is sent to the client;
Describe the detailed process for the first information that client is obtained for authentication in embodiment one in detail, therefore herein
It repeats no more.
Step S203: the video flowing address request information that the client is sent is received, wherein the video flowing address asks
Seeking information is that the client determines the first authentication for the first information of authentication and the user authentication information according to
It is obtained after being combined after value, again by the user authentication information and first authentication values.
Step S204: first authentication values are obtained according to the video flowing address request information, and are used for according to described
The first information of authentication and the user authentication information determine the second authentication values;
Step S205: judging whether first authentication values match with second authentication values, when first authentication values
When matching with second authentication values, authenticate the client by video flowing address.
Step S204: the first authentication is determined according to the first information for authentication and the user authentication information
Value, and the user authentication information and first authentication values are combined, obtain video flowing address request information.
Step S205: being sent to server for the video flowing address request information, so that the server is described in
Video flowing address request information obtains first authentication values, then is recognized by the first information for authentication and the user
After card information determines the second authentication values, judge whether first authentication values match with second authentication values, wherein work as institute
When stating the first authentication values and matching with second authentication values, client is authenticated by video flowing address.
First server has been described in detail in example 1 according to the first information and the user for being used for authentication
Authentication information determines the method for the second authentication values and the method for authentication, therefore details are not described herein.
In method provided in this embodiment, described when first authentication values are matched with second authentication values, make
After the client is authenticated by video flowing address, the method also includes:
Video flowing address corresponding with the video flowing address request information is sent to the client.
In method provided in this embodiment, when the first authentication values and the second authentication values mismatch, refuse to send out to client
Send video flowing address.Specifically, if client is the client forged, the method for calculating the first authentication values due to it
It is not identical as the method for server, then the second authentication values that the first authentication values obtained can also be obtained with first server are not
Together, first server will not send video flowing address to the client at this time.
Specifically, using user authentication as token information, the unique identification of client device, the unique identification of user account
For, the calculation method of the second authentication values is MD5KEY=MD5.Create (UID+Token+DID), further, in order to increase
Add the complexity of authentication, environmental information can also be further increased and authenticated, MD5KEY=MD5.Create (UID+Token+
DID+TimeStamp+RoomId),
In method provided in this embodiment, the predetermined encryption key is that first server is generated according to current time stamp
's.
The generating process of predetermined encryption key is described in detail in example 1, therefore details are not described herein.
Method described in the method and embodiment one introduced by the embodiment of the present invention two belongs to same invention structure
Think, should be recognized that the implementation steps and principle of two providing method of embodiment based on one those skilled in the art of embodiment, so
This is repeated no more.
Based on the same inventive concept, present invention also provides a kind of and video flowing address method for authenticating, are applied to third
Server, detailed in Example three.
Embodiment three
The present embodiment provides a kind of method for authenticating of video flowing address, as shown in Figure 3, which comprises
Step S301: the log-on message of client is received;
Step S302: decruption key is sent to the client based on the log-on message, so that the client passes through
The decruption key the second information for authentication is decrypted the first information obtained for authentication, and is used for according to described
The first information and user authentication information of authentication determine the first authentication values, by the user authentication information and first authentication
Video flowing address request information is obtained after value combination, and the video flowing address request information is sent to first server, and
The first server is set to obtain first authentication values according to the video flowing address request information, according to described for authenticating
The first information and after the user authentication information determines the second authentication values, judge first authentication values and second mirror
Whether weight matches, and when first authentication values are matched with second authentication values, makes the client by video flowing
Location authentication;Wherein, second information for authentication is that the first server is generated according to the log-on message for reflecting
The first information of power is simultaneously obtained after being encrypted using the predetermined encryption key, and the user authentication information is described first
Server is sent to the client after receiving the log-on message, and the decruption key is second server according to described pre-
What if the generation logic of encryption key obtained.
Based on the same inventive concept, present invention also provides a kind of dresses corresponding with the method for authenticating of video flowing address
It sets, applications client, detailed in Example four.
Example IV
The present embodiment provides a kind of authentication devices of video flowing address, as shown in figure 4, described device is client, comprising:
First sending module 401, for sending log-on message to first server and second server, so that described first
Server generates the first information and user authentication information for authentication according to the log-on message, and utilizes predetermined encryption key
The second information for authentication is generated after encrypting to the first information for authentication, and makes the second server base
Decruption key corresponding with the predetermined encryption key is sent to the client in the log-on message, wherein the decryption
Key is that the second server is obtained according to the generation logic of the predetermined encryption key;
Receiving module 402, for receive the first server send described in for the second information of authentication and described
User authentication information, and second information for authentication is decrypted by the decruption key, it is used for described in acquisition
The first information of authentication;
Module 403 is obtained, for determining the according to the first information for authentication and the user authentication information
One authentication values, and the user authentication information and first authentication values are based on, obtain video flowing address request information;
Second sending module 404, for the video flowing address request information to be sent to first server, so that described
First server obtains first authentication values by the video flowing address request information, then passes through for authentication
After one information and the user authentication information determine the second authentication values, first authentication values and second authentication values are judged
Whether match, wherein when first authentication values are matched with second authentication values, client is reflected by video flowing address
Power.
By the device that the embodiment of the present invention four is introduced, for the authentication of the video flowing address of the implementation embodiment of the present invention one
Device used by method, so based on the method that the embodiment of the present invention one is introduced, the affiliated personnel in this field can understand this
The specific structure of device and deformation, so details are not described herein.Device used by the method for all embodiment of the present invention one is all
Belong to the range of the invention to be protected.
Based on the same inventive concept, present invention also provides corresponding with the method for authenticating of video flowing address in embodiment two
Device, detailed in Example five.
Embodiment five
The present embodiment provides a kind of authentication device of video flowing address, described device is first server, as shown in figure 5,
Above-mentioned apparatus includes:
First receiving module 501 is generated for receiving the log-on message of client, and according to the log-on message for reflecting
The first information and user authentication information of power recycle the first information described in predetermined encryption key pair for authentication to be added
It is close, generate the second information for authentication;
First sending module 502, for sending second information and user authentication for authentication to the client
Information is used for described in acquisition so that the client is decrypted second information for authentication by decruption key
The first information of authentication, wherein the decruption key is that second server is obtained according to the generation logic of the predetermined encryption key
The client is sent to after obtaining, based on the log-on message;
Second receiving module 503, the video flowing address request information sent for receiving the client, wherein described
Video flowing address request information is that the client is true according to the first information for authentication and the user authentication information
After making the first authentication values, again it will obtain after the user authentication information and first authentication values combination;
Determining module 504, for obtaining first authentication values according to the video flowing address request information, and according to institute
It states and determines the second authentication values for the first information of authentication and the user authentication information;
Authentication module 505, for judging whether first authentication values match with second authentication values, when described first
When authentication values are matched with second authentication values, authenticate the client by video flowing address.
Optionally, described device further includes the second sending module, for described when first authentication values and described the
When two authentication values match, after authenticating the client by video flowing address:
Video flowing address corresponding with the video flowing address request information is sent to the client.
Optionally, the predetermined encryption key is what first server was generated according to current time stamp.
By the device that the embodiment of the present invention five is introduced, for the authentication of the video flowing address of the implementation embodiment of the present invention two
Device used by method, so based on the method that the embodiment of the present invention two is introduced, the affiliated personnel in this field can understand this
The specific structure of device and deformation, so details are not described herein.Device used by the method for all embodiment of the present invention two is all
Belong to the range of the invention to be protected.
Embodiment six
The present embodiment provides a kind of authentication device of video flowing address, described device is second server, as shown in fig. 6,
Above-mentioned apparatus includes:
Receiving module 601, for receiving the log-on message of client;
Sending module 602, for sending decruption key to the client based on the log-on message, so that the client
The first information obtained for authentication is decrypted to the second information for authentication by the decruption key in end, and according to institute
It states and determines the first authentication values for the first information and user authentication information of authentication, by the user authentication information and described
Video flowing address request information is obtained after the combination of one authentication values, and the video flowing address request information is sent to first service
Device, and the first server is made to obtain first authentication values according to the video flowing address request information, according to the use
After the first information of authentication and the user authentication information determine the second authentication values, judge first authentication values with it is described
Whether the second authentication values match, and when first authentication values are matched with second authentication values, the client are made to pass through view
Frequency stream address authentication;Wherein, second information for authentication is that the first server is generated according to the log-on message
For authentication the first information and obtain after being encrypted using the predetermined encryption key, the user authentication information is institute
State first server and receive and be sent to the client after the log-on message, the decruption key be second server according to
What the generation logic of the predetermined encryption key obtained.
By the device that the embodiment of the present invention six is introduced, for the authentication of the video flowing address of the implementation embodiment of the present invention three
Device used by method, so based on the method that the embodiment of the present invention three is introduced, the affiliated personnel in this field can understand this
The specific structure of device and deformation, so details are not described herein.Device used by the method for all embodiment of the present invention three is all
Belong to the range of the invention to be protected.
Embodiment seven
Based on the same inventive concept, present invention also provides a kind of computer readable storage medium 700, it is stored thereon with meter
Calculation machine program 711 realizes the method in the embodiment of the present invention one when the program is executed by processor.
Embodiment eight
Based on the same inventive concept, present invention also provides a kind of computer equipment, Fig. 8 is referred to, including storage 801,
Processor 802 and storage on a memory and the computer program 803 that can run on a processor, the execution of processor 802
The method in the embodiment of the present invention one is realized when described program.
For ease of description, only parts related to embodiments of the present invention are shown, disclosed by specific technical details, asks
Referring to present invention method part.Memory 801 can be used for storing computer program 803, and above-mentioned computer program includes
Software program, module and data, processor 802 execute the computer program 803 for being stored in memory 801 by running, thus
Execute the various function application and data processing of electronic equipment.
In the specific implementation process, memory 801 can be used for storing software program and module, and processor 802 passes through
Operation is stored in the software program and module of memory 801, thereby executing the various function application and data of electronic equipment
Processing.Memory 801 can mainly include storing program area and storage data area, wherein storing program area can storage program area,
Application program needed at least one function etc.;Storage data area, which can be stored, uses created data according to electronic equipment
Deng.In addition, memory 801 may include high-speed random access memory, it can also include nonvolatile memory, for example, at least
One disk memory, flush memory device or other volatile solid-state parts.Processor 802 is the control of electronic equipment
Center is stored in memory by running or executing using the various pieces of various interfaces and the entire electronic equipment of connection
Software program and/or module in 801, and the data being stored in memory 801 are called, execute the various function of electronic equipment
Data can and be handled, to carry out integral monitoring to electronic equipment.Optionally, processor 802 may include one or more processing
Unit;Preferably, processor 802 can integrate application processor, wherein the main processing operation system of application processor, Yong Hujie
Face and application program etc..
It should be noted that computer corresponding with present invention implementation two and three kinds of video flowing address method for authenticating of implementation
The implementation with method described in implementation two and three kinds of embodiment respectively of the embodiment of readable storage medium storing program for executing and computer equipment
Mode is identical, and details are not described herein.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects
Fruit:
In method provided by the invention, on the one hand, client needs the first information and user by being used for authentication to recognize
After demonstrate,proving the first authentication values of information acquisition, video flowing address request information just can be generated, be rather than directly to first server hair
Video flowing address request information is sent, and calculated first authentication values of client will be with first server according to same method
When calculated second authentication values match, client just passes through authentication, and then just can receive corresponding video flowing address, this
Sample client before sending video flowing address, first server can video flowing address request information to client carry out legitimacy
Examination and judgement, compared to client directly to server send video flowing address request information for, video flowing can be improved
The safety of address request information.On the other hand, the second information for authentication that client receives is by predetermined encryption
The encrypted information of key, thus client need sent according to second server it is corresponding with predetermined encryption key decrypt it is close
Key can just obtain the first information for authentication after recycling decruption key that the second information for authentication is decrypted,
The difficulty for obtaining the first information for authentication, also, received the second information for authentication of client are increased in this way
What one server was sent, and the decruption key for being used to decrypt the second information for authentication is that second server is sent, two
Server is independent from each other, and is to be sent by different network channels, therefore can reinforce to decruption key
Protection, and then the acquisition difficulty of decruption key is increased, further increase decruption key cracks difficulty, so further mention
High acquisition video flowing address safety.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of method for authenticating of video flowing address characterized by comprising
Log-on message is sent to first server and second server, so that the first server is raw according to the log-on message
At the first information and user authentication information for authentication, and utilize the first information described in predetermined encryption key pair for authentication
The second information for authentication is generated after being encrypted, and the second server is made to be based on the log-on message to the client
End sends corresponding with predetermined encryption key decruption key, wherein the decruption key for the second server according to
The generation logic of the predetermined encryption key obtains;
Second information for authentication and the user authentication information that the first server is sent are received, and passes through institute
It states decruption key second information for authentication is decrypted, obtains the first information for authentication;
The first authentication values are determined according to the first information for authentication and the user authentication information, and are based on the use
Family authentication information and first authentication values obtain video flowing address request information;
The video flowing address request information is sent to first server, so that the first server passes through the video flowing
Address request information obtains first authentication values, then passes through the first information and the user authentication information for authentication
After determining the second authentication values, judge whether first authentication values match with second authentication values, wherein when described first
When authentication values are matched with second authentication values, client is authenticated by video flowing address.
2. a kind of method for authenticating of video flowing address characterized by comprising
The log-on message of client is received, and is generated according to the log-on message and is believed for the first information and user authentication of authentication
Breath recycles the first information described in predetermined encryption key pair for authentication to be encrypted, and generates the second information for authentication;
Second information and user authentication information for authentication is sent to the client, so that the client passes through solution
The second information described in close key pair for authentication is decrypted, and obtains the first information for authentication, wherein the solution
Key is to be sent to after second server is obtained according to the generation logic of the predetermined encryption key, based on the log-on message
The client;
Receive the video flowing address request information that the client is sent, wherein the video flowing address request information is described
Client the first authentication values are determined according to the first information for authentication and the user authentication information after, again will be described
It is obtained after user authentication information and first authentication values combination;
First authentication values are obtained according to the video flowing address request information, and according to the first information for authentication
The second authentication values are determined with the user authentication information;
Judge whether first authentication values match with second authentication values, when first authentication values and second authentication
When value matching, authenticate the client by video flowing address.
3. method according to claim 2, which is characterized in that work as first authentication values and second authentication values described
When matching, after authenticating the client by video flowing address, the method also includes:
Video flowing address corresponding with the video flowing address request information is sent to the client.
4. method according to claim 2, which is characterized in that the predetermined encryption key be first server according to it is current when
Between stab generate.
5. a kind of method for authenticating of video flowing address characterized by comprising
Receive the log-on message of client;
Decruption key is sent to the client based on the log-on message, so that the client passes through the decruption key pair
The first information obtained for authentication is decrypted in the second information for authentication, and according to the first information for authentication
The first authentication values are determined with user authentication information, will be regarded after the user authentication information and first authentication values combination
Frequency stream address request information, and the video flowing address request information is sent to first server, and make the first service
Device obtains first authentication values according to the video flowing address request information, according to the first information for authentication and institute
It states after user authentication information determines the second authentication values, judges whether first authentication values match with second authentication values,
When first authentication values are matched with second authentication values, authenticate the client by video flowing address;Wherein, institute
Stating for the second information of authentication is that the first server generates according to the log-on message first information, simultaneously for authentication
It is obtained after being encrypted using the predetermined encryption key, the user authentication information is to step on described in the first server receives
The client is sent to after record information, the decruption key is generation of the second server according to the predetermined encryption key
What logic obtained.
6. a kind of authentication device of video flowing address, which is characterized in that described device is client, comprising:
First sending module, for sending log-on message to first server and second server, so that the first server
The first information and user authentication information for authentication are generated according to the log-on message, and using described in predetermined encryption key pair
The first information for authentication generates the second information for authentication after being encrypted, and it is described to be based on the second server
Log-on message sends corresponding with predetermined encryption key decruption key to the client, wherein the decruption key is
The second server is obtained according to the generation logic of the predetermined encryption key;
Receiving module, for receiving the second information and the user authentication described in the first server transmission for authentication
Information, and second information for authentication being decrypted by the decruption key obtains for authentication
One information;
Determining module, for determining the first authentication according to the first information for authentication and the user authentication information
Value, and the user authentication information and first authentication values are based on, obtain video flowing address request information;
Second sending module, for the video flowing address request information to be sent to first server, so that first clothes
Device be engaged in by video flowing address request information acquisition first authentication values, then passes through the first information for authentication
After determining the second authentication values with the user authentication information, judge first authentication values and second authentication values whether
Match, wherein when first authentication values are matched with second authentication values, client is authenticated by video flowing address.
7. a kind of authentication device of video flowing address, which is characterized in that described device is first server, comprising:
First receiving module generates for authentication for receiving the log-on message of client, and according to the log-on message
One information and user authentication information recycle the first information described in predetermined encryption key pair for authentication to be encrypted, and generate
The second information for authentication;
Sending module, for sending second information and user authentication information for authentication to the client, so that institute
It states client and second information for authentication is decrypted by decruption key, obtain first letter for authentication
Breath, wherein the decruption key is after second server is obtained according to the generation logic of the predetermined encryption key, based on described
Log-on message is sent to the client;
Second receiving module, the video flowing address request information sent for receiving the client, wherein the video flowing
Location solicited message is that the client determines first for the first information of authentication and the user authentication information according to
It is obtained after being combined after authentication values, again by the user authentication information and first authentication values;
Determining module for obtaining first authentication values according to the video flowing address request information, and is used for according to described
The first information of authentication and the user authentication information determine the second authentication values;
Authentication module, for judging whether first authentication values match with second authentication values, when first authentication values
When matching with second authentication values, authenticate the client by video flowing address.
8. a kind of authentication device of video flowing address, which is characterized in that described device is second server, comprising:
Receiving module, for receiving the log-on message of client;
Sending module, for sending decruption key to the client based on the log-on message, so that the client passes through
The decruption key the second information for authentication is decrypted the first information obtained for authentication, and is used for according to described
The first information and user authentication information of authentication determine the first authentication values, by the user authentication information and first authentication
Video flowing address request information is obtained after value combination, and the video flowing address request information is sent to first server, and
The first server is set to obtain first authentication values according to the video flowing address request information, according to described for authenticating
The first information and after the user authentication information determines the second authentication values, judge first authentication values and second mirror
Whether weight matches, and when first authentication values are matched with second authentication values, makes the client by video flowing
Location authentication;Wherein, second information for authentication is that the first server is generated according to the log-on message for reflecting
The first information of power is simultaneously obtained after being encrypted using the predetermined encryption key, and the user authentication information is described first
Server is sent to the client after receiving the log-on message, and the decruption key is second server according to described pre-
What if the generation logic of encryption key obtained.
9. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is held by processor
The method as described in claim 1 is realized when row.
10. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor realizes the method as described in claim 1 when executing described program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810008106.4A CN110011950B (en) | 2018-01-04 | 2018-01-04 | Authentication method and device for video stream address |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810008106.4A CN110011950B (en) | 2018-01-04 | 2018-01-04 | Authentication method and device for video stream address |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110011950A true CN110011950A (en) | 2019-07-12 |
CN110011950B CN110011950B (en) | 2021-11-09 |
Family
ID=67164327
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810008106.4A Active CN110011950B (en) | 2018-01-04 | 2018-01-04 | Authentication method and device for video stream address |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110011950B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111931159A (en) * | 2020-08-11 | 2020-11-13 | 福建天晴在线互动科技有限公司 | Method and system for verifying validity of webpage data interface |
CN112953724A (en) * | 2021-02-22 | 2021-06-11 | 广州虎牙科技有限公司 | Authentication method of anti-theft chain, and related device and equipment |
WO2022041806A1 (en) * | 2020-08-31 | 2022-03-03 | 北京市商汤科技开发有限公司 | Authentication method, apparatus and device, and computer-readable storage medium |
CN114760138A (en) * | 2022-04-20 | 2022-07-15 | 深圳市昊洋智能有限公司 | Video conference system security method and device based on cloud architecture |
CN115002089A (en) * | 2022-06-30 | 2022-09-02 | 兰州乐智教育科技有限责任公司 | Streaming media transmission method and device, electronic equipment and storage medium |
CN115297346A (en) * | 2022-06-30 | 2022-11-04 | 贵阳朗玛视讯科技有限公司 | Multi-application authentication method and device based on EPG system |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100253847A1 (en) * | 2009-04-01 | 2010-10-07 | Rgb Networks, Inc. | Two-stage digital program insertion system |
CN105657474A (en) * | 2016-02-19 | 2016-06-08 | 微鲸科技有限公司 | Anti-stealing link method and system using identity-based signature in video application |
CN105897746A (en) * | 2016-05-26 | 2016-08-24 | 深圳市金立通信设备有限公司 | Cross-website login method, terminal and website server |
CN105959728A (en) * | 2016-06-27 | 2016-09-21 | 武汉斗鱼网络科技有限公司 | System and method for counting number of online users of live platform |
CN107094261A (en) * | 2017-03-17 | 2017-08-25 | 武汉斗鱼网络科技有限公司 | The authorization check method and device of video playback |
CN107135408A (en) * | 2017-03-31 | 2017-09-05 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and device of video flowing address |
CN107483987A (en) * | 2017-06-30 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and device of video flowing address |
-
2018
- 2018-01-04 CN CN201810008106.4A patent/CN110011950B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100253847A1 (en) * | 2009-04-01 | 2010-10-07 | Rgb Networks, Inc. | Two-stage digital program insertion system |
CN105657474A (en) * | 2016-02-19 | 2016-06-08 | 微鲸科技有限公司 | Anti-stealing link method and system using identity-based signature in video application |
CN105897746A (en) * | 2016-05-26 | 2016-08-24 | 深圳市金立通信设备有限公司 | Cross-website login method, terminal and website server |
CN105959728A (en) * | 2016-06-27 | 2016-09-21 | 武汉斗鱼网络科技有限公司 | System and method for counting number of online users of live platform |
CN107094261A (en) * | 2017-03-17 | 2017-08-25 | 武汉斗鱼网络科技有限公司 | The authorization check method and device of video playback |
CN107135408A (en) * | 2017-03-31 | 2017-09-05 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and device of video flowing address |
CN107483987A (en) * | 2017-06-30 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | A kind of method for authenticating and device of video flowing address |
Non-Patent Citations (1)
Title |
---|
张玉清等: ""HTML5新特性安全研究综述"", 《计算机研究与发展》 * |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111931159A (en) * | 2020-08-11 | 2020-11-13 | 福建天晴在线互动科技有限公司 | Method and system for verifying validity of webpage data interface |
CN111931159B (en) * | 2020-08-11 | 2023-04-07 | 福建天晴在线互动科技有限公司 | Method and system for verifying validity of webpage data interface |
WO2022041806A1 (en) * | 2020-08-31 | 2022-03-03 | 北京市商汤科技开发有限公司 | Authentication method, apparatus and device, and computer-readable storage medium |
CN112953724A (en) * | 2021-02-22 | 2021-06-11 | 广州虎牙科技有限公司 | Authentication method of anti-theft chain, and related device and equipment |
CN114760138A (en) * | 2022-04-20 | 2022-07-15 | 深圳市昊洋智能有限公司 | Video conference system security method and device based on cloud architecture |
CN114760138B (en) * | 2022-04-20 | 2024-02-13 | 深圳市昊洋智能有限公司 | Video conference system safety method and device based on cloud architecture |
CN115002089A (en) * | 2022-06-30 | 2022-09-02 | 兰州乐智教育科技有限责任公司 | Streaming media transmission method and device, electronic equipment and storage medium |
CN115297346A (en) * | 2022-06-30 | 2022-11-04 | 贵阳朗玛视讯科技有限公司 | Multi-application authentication method and device based on EPG system |
CN115297346B (en) * | 2022-06-30 | 2023-08-25 | 贵阳朗玛视讯科技有限公司 | EPG system-based multi-application authentication method and device |
CN115002089B (en) * | 2022-06-30 | 2023-09-19 | 兰州乐智教育科技有限责任公司 | Streaming media transmission method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110011950B (en) | 2021-11-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106850699B (en) | A kind of mobile terminal login authentication method and system | |
CN110011950A (en) | A kind of method for authenticating and device of video flowing address | |
CN108197891B (en) | Electronic signing device and method based on block chain | |
CN111708991A (en) | Service authorization method, service authorization device, computer equipment and storage medium | |
CN106302606B (en) | Across the application access method and device of one kind | |
CN108322416B (en) | Security authentication implementation method, device and system | |
CN111541542B (en) | Request sending and verifying method, device and equipment | |
CN109040079A (en) | The establishment of live streaming chained address and verification method and related device | |
CN111753014B (en) | Identity authentication method and device based on block chain | |
CN107483987A (en) | A kind of method for authenticating and device of video flowing address | |
CN111460400A (en) | Data processing method and device and computer readable storage medium | |
CN109040134A (en) | A kind of design method and relevant apparatus of information encryption | |
CN108259183B (en) | Attention method, attention device, attention electronic equipment and attention medium | |
CN112004201A (en) | Short message sending method and device and computer system | |
CN108235067B (en) | Authentication method and device for video stream address | |
CN114553590A (en) | Data transmission method and related equipment | |
CN109740319B (en) | Digital identity verification method and server | |
CN108200450B (en) | A kind of determination method, apparatus, electronic equipment and medium for paying close attention to legitimacy | |
CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
CN109711178A (en) | A kind of storage method of key-value pair, device, equipment and storage medium | |
CN111147471B (en) | Terminal network access authentication method, device, system and storage medium | |
CN108292997B (en) | Authentication control system and method, server device, client device, authentication method, and recording medium | |
CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
CN110139163A (en) | A kind of method and relevant apparatus obtaining barrage | |
CN113869901B (en) | Key generation method, key generation device, computer-readable storage medium and computer equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |