CN110691267A - TLS-based video stream address authentication method, storage medium, equipment and system - Google Patents
TLS-based video stream address authentication method, storage medium, equipment and system Download PDFInfo
- Publication number
- CN110691267A CN110691267A CN201810732395.2A CN201810732395A CN110691267A CN 110691267 A CN110691267 A CN 110691267A CN 201810732395 A CN201810732395 A CN 201810732395A CN 110691267 A CN110691267 A CN 110691267A
- Authority
- CN
- China
- Prior art keywords
- key value
- client
- global variable
- value
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Graphics (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
Abstract
The invention discloses a TLS-based video stream address authentication method, a storage medium, equipment and a system, and relates to the technical field of live video stream playing, wherein the method comprises the steps of taking a numerical value generated by an MAP container using an STL as a global variable, and storing the global variable in thread local storage; the client uses an MD5 algorithm to splice the global variable and the live broadcast related data to generate a first KEY value, and sends the first KEY value, the global variable and the live broadcast related data to the server; the server splices the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value; and comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending the video stream address to the client, and if the second KEY value is different from the first KEY value, refusing the access of the client to the server. The invention can effectively prevent the video stream address from being acquired by the third-party platform and ensure the legal rights and interests of the live broadcast platform.
Description
Technical Field
The invention relates to the technical field of live video stream playing, in particular to a video stream address authentication method, a storage medium, equipment and a system based on TLS.
Background
Live video is a mode of utilizing internet and streaming media technology to carry out live broadcast, but at live video in-process, live video content's provider has the problem that the video stream address is obtained by the third party platform to the third party platform can walk around live official website and carry out the broadcast of live video, does not use the video player that live official website provided to carry out live watching promptly, thereby reduces the flow of live official website, causes the harm to live official's benefit.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a video stream address authentication method based on TLS (transport layer security), which can effectively prevent a video stream address from being acquired by a third-party platform and ensure the legal rights and interests of a live broadcast platform.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows:
taking a numerical value generated by using the MAP container of the STL as a global variable, and storing the global variable in a thread local storage;
the client uses an MD5 algorithm to splice the global variable and the live broadcast related data to generate a first KEY value, and sends the first KEY value, the global variable and the live broadcast related data to the server;
the client sends a calculation process of generating a first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to a server;
the server splices the received global variable and the live broadcast related data by using an MD5 algorithm to generate a second KEY value, and meanwhile, the server receives the calculation process for generating the first KEY value sent by the client and the model of the equipment where the client is located;
comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is not the same as the first KEY value, denying the client to access the server, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to a background analysis database;
the global variable comprises a plurality of numerical values, and the calculation mode of the numerical values in the global variable is as follows: and summing the ID of the equipment where the client is positioned and the value i, calculating the obtained value by using a crc32 algorithm, taking the obtained value again as the numerical value of the global variable, wherein the value of i is different, the obtained numerical value of the global variable is different, the value range of i is more than or equal to 0 and less than 100, and i is an integer.
On the basis of the technical proposal, the device comprises a shell,
the live broadcast related data comprises an ID of equipment where the client is located, a token value, a room number of a live broadcast watching request room of the client and a current timestamp of the client;
and when the token value is logged in the server by the client, the server issues the token value to the client.
On the basis of the technical proposal, the device comprises a shell,
the client uses an MD5 algorithm to splice the global variables and the live broadcast related data to generate a first KEY value, which specifically comprises the following steps: the client uses an MD5 algorithm to splice one numerical value in the global variables and the live broadcast related data to generate a first KEY value;
the room number of a live broadcast room requested to be watched by the client is subjected to complementation for 100, the obtained remainder is used as the value of i, calculation is carried out according to the calculation mode of the numerical value in the global variable, and the obtained global variable numerical value is used as the numerical value of the global variable used when the first KEY value is generated;
each room number corresponds to the value of a global variable;
the value of the global variable used in generating the second KEY value is the same as the value of the global variable used in generating the first KEY value.
On the basis of the technical scheme, the specific process for storing the global variable in the process local part is as follows:
and calling a TlsAlloc function of an API (application program interface) in the windows system to distribute TLS (transport layer services) indexes, finding an idle index in the windows system, and storing the global variable into the thread local part after obtaining the idle index.
On the basis of the technical scheme, the client uses an MD5 algorithm to splice the global variables and the live broadcast related data to generate a first KEY value, and the specific steps are as follows:
the client uses an MD5 algorithm to splice the ID of the device where the client is located, the token value, the room number of the live broadcast room requested to be watched by the client, the current timestamp of the client and the value in the global variable corresponding to the live broadcast room requested to be watched by the client to generate a first KEY value.
On the basis of the technical proposal, the device comprises a shell,
and comparing the second KEY value with the first KEY value, uploading the model of the equipment where the client is located, the room number of the live broadcast room requested to be watched by the client in the live broadcast related data and the calculation process for generating the first KEY value to a background analysis database when the second KEY value is different from the first KEY value, and counting the model of the equipment where the client is located and the room number of the live broadcast room requested to be watched by the client by the background analysis database.
On the basis of the technical scheme, two different data channels are used for transmitting the data of the client to the server, one data channel is used for transmitting the first KEY value, the global variable and the live broadcast related data to the server, and the other data channel is used for transmitting the calculation process for generating the first KEY value and the model of the equipment where the client is located to the server.
The present invention also provides a storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of:
using the value generated by the MAP container using the STL as a global variable;
storing the global variable in a thread local storage;
splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value;
and sending the global variable, the live broadcast related data and the generated first KEY value to a server, and sending a calculation process for generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server.
When the storage medium is a server, the computer program when executed by a processor performs the steps of:
receiving a global variable, live broadcast related data and a first KEY value sent by a client, and receiving a calculation process for generating the first KEY value sent by the client and the model of equipment where the client is located;
splicing the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value;
and comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is not the same as the first KEY value, refusing the access of the client, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to a background analysis database.
The invention also provides an electronic device, comprising a client and a server, comprising:
a generation unit for generating a numerical value using the MAP container of the STL and taking the generated numerical value as a global variable;
a storage unit for storing the global variable in a thread local storage;
the first computing unit is used for splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value;
and the sending unit is used for sending the global variable, the live broadcast related data and the generated first KEY value to the server, and sending a calculation process for generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server.
The server includes:
the receiving unit is used for receiving the global variable, the live broadcast related data and the first KEY value sent by the client, and receiving the calculation process for generating the first KEY value sent by the client and the model of the equipment where the client is located;
the second computing unit is used for splicing the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value;
and the comparison unit is used for comparing the second KEY value with the first KEY value, sending a video stream address to the client if the second KEY value is the same as the first KEY value, refusing the access of the client if the second KEY value is not the same as the first KEY value, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to the background analysis database.
The invention also provides a video stream address authentication system based on TLS, comprising:
the generating module runs on the client and is used for taking a numerical value generated by the MAP container using the STL as a global variable and storing the global variable in the thread local storage;
the first computing module runs on the client and is used for splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value, sending the first KEY value, the global variable and the live broadcast related data to the server, and sending a computing process for generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server;
the second computing module runs on the server and is used for splicing the received global variables and the live related data by using an MD5 algorithm to generate a second KEY value and receiving a computing process for generating the first KEY value sent by the client and the model of the equipment where the client is located;
and the comparison module runs on the server and is used for comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is different from the first KEY value, denying the client to access the server, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to the background analysis database.
Compared with the prior art, the invention has the advantages that: the method has the advantages that the global variable is generated, the KEY value obtained by calculation through the global variable and the live related data is compared with the KEY value obtained by calculation through the server through the global variable and the live related data, so that the legality of the client is judged, the video stream address is effectively prevented from being acquired by a third-party platform, the legal right and the interest of the live platform are guaranteed, the global variable is generated through calculation, in the subsequent process of combining the global variable and the live related data and carrying out authentication calculation, only the global variable generated before is needed to be taken, the generation calculation of the global variable is avoided when authentication calculation is carried out every time, and the authentication speed of the server on the client is effectively improved.
Drawings
Fig. 1 is a flowchart of a TLS-based video stream address authentication method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a client according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Referring to fig. 1, an embodiment of the present invention provides a TLS-based video stream address authentication method, which verifies the validity of a client in an authentication manner, where the client in the embodiment of the present invention runs in a device installed with a Windows operating system, and is a live broadcast client. The TLS-based video stream address authentication method provided by the embodiment of the invention specifically comprises the following steps:
s1: a value generated using a MAP container of STL (Standard Template Library) is used as a global variable, and the global variable is stored in a thread local storage. The MAP container is an associated container of the STL, provides one-to-one data processing capacity, namely the MAP container of the STL is used as a global variable, the interior of the MAP container is realized by using a red-black tree, the data structure in the memory of the MAP container is complex, and a plurality of memory fragments are used for storage, so that a hacker can have more complexity in reverse analysis compared with a simple memory space of continuous storage such as a group, and the safety of the generated numerical value is effectively ensured. The global variable includes a plurality of values. The calculation mode of the numerical value in the global variable is as follows: and summing the ID of the equipment where the client is positioned and the value i, calculating the obtained value by using a crc32 algorithm, taking the obtained value again as the numerical value of the global variable, wherein the value of i is different, the obtained numerical value of the global variable is different, the value range of i is more than or equal to 0 and less than 100, and i is an integer. Thus, values of 100 global variables can be obtained.
For the numerical value of the global variable, the specific implementation process of the code level is as follows:
defining MAP < int, int > mapKey, wherein MAP is a container of a key value pair, the first int represents a key, the second int represents a value, for the first int, the value is serial number 0-100, the value of the second int is calculated by using the ID number of the device where the client is located and serial number 0-100, and the calculation process for the second int is as follows:
For(int i=0;i<100;i++)
{
Value=crc32.Create(deviceId+i);
}
firstly, writing a for loop to calculate a value of mapKey, wherein the value is a value generated by using a MAP container of STL, and then calculating the value by using a crc32 algorithm, wherein crc32.Create is a calculation interface of a crc32 algorithm, deviceid is an ID number of a device where a client is located, and i is a serial number.
After calculating the value, store the value into mapKey:
mapKey[i]=value
the value corresponding to the key with the sequence number of 0 in mapKey is realized, and if the values of i are different, the obtained values are different, namely the obtained global variable values are different. If i takes a plurality of different values, a plurality of numerical values can be obtained, so that the algorithm of the global variable is realized.
The use of the Thread Local Storage (TLS) to store the global variable can avoid the problem of multi-thread access caused by other threads when acquiring the global variable, thereby improving the processing speed of authentication. For the storage of the global variable in the thread local part, the specific process is as follows: and calling a TlsAlloc function of an API (application program interface) in the windows system to distribute TLS (transport layer services) indexes, finding an idle index in the windows system, and storing the global variable into the thread local part after obtaining the idle index. The tlsaloc function is a global variable in the process and a static variable defined in the function.
Further, for storing the global variable by using the thread local storage, the specific process is as follows:
in the windows system, a corresponding API (Application programming interface) is provided to allocate the index of TLS, so as to find a free index from the system, and the function prototype of the interface is as follows:
DWORD WINAPI TlsAlloc(void);
even if the system searches the bit marks in the process and finds one FREE mark, the system changes the FREE mark into the USE mark, and enables TlsAlloc (shared variable) to return the index of the USE mark in the bit array, and after the index is returned, the global variable mapKEy is stored in TLS.
An API interface for storing global variables is also provided in the windows system, and the function prototype of the interface is as follows:
BOOL WINAPI TlsSetValue(
DWORD dwTlsIndex,// index value, indicates a specific location in the array
LPVOID lptllsValue// value to be set
);
Wherein, the parameter DWORD dwTlsInd represents the index position required to be stored in the TLS, the index is the index position of the empty and virtual acquired by calling TlsAlloc, and the parameter LPVOID lpTLlsValue represents the value required to be stored in the TLS.
Storing a global variable mapKey into the TLS, specifically as follows:
DWORD dwTlsIndex=TlsAlloc();
TlsSetValue(dwTlsIndex,(LPVOID)&mapkey);
that is, first obtain the index ID, and then call the system function to store mapKey at the index dwTlsIndex, thereby implementing the storage of mapKey into the TLS of the thread.
S2: the client uses an MD5 algorithm to splice the global variable and the live broadcast related data to generate a first KEY value, and sends the first KEY value, the global variable and the live broadcast related data to the server. The live related data includes the ID of the device where the client is located, the token value, the room number of the live room the client requests to watch, and the current timestamp of the client. The ID of each device is unique; when the token value is logged in the server by the client, the server issues the token value to the client; the video stream address sent to the client by the subsequent server corresponds to the video stream address of a specific live broadcast room, the live broadcast room is the live broadcast room requested to be watched by the client, and the room number of the live broadcast room is added into the calculation, so that the first KEY values obtained through calculation are different when different live broadcast rooms are requested to be watched.
The client uses an MD5 algorithm to splice the global variables and the live broadcast related data to generate a first KEY value, which specifically comprises the following steps: the client uses the MD5 algorithm to splice one value in the global variable and the live related data to generate a first KEY value. And (3) the room number of the live broadcast room requested to be watched by the client is subjected to complementation for 100, the obtained remainder is used as the value of i, calculation is carried out according to the calculation mode of the numerical value in the global variable, the obtained global variable numerical value is used as the numerical value of the global variable used for generating the first KEY value, for example, the room number is 12312, after complementation for 100, the obtained remainder is 12, and the value of i is 12 at this time. So that each room number corresponds to the value of one global variable. The value of the global variable used in generating the second KEY value is the same as the value of the global variable used in generating the first KEY value.
The global variable includes a plurality of values generated using the MAP container of the STL, one value in the global variable for each live broadcast room, when the global variable is used for calculation, the value of the global variable is different according to the difference of the live broadcast rooms, in the mapKey [ i ] value, i has different values to obtain different values, obtaining the numerical values of different global variables, wherein i takes the value of serial number 0-100, therefore, in the embodiment of the invention, the numerical values of the global variables are 100, when the first KEY value is calculated, the room number of the live broadcast room is complemented by 100, the obtained remainder is used as an i value, a value obtained through calculation after substitution is used as a global variable value corresponding to the live broadcast room, and a specific code is int value ═ mapKey [ roomid% 100], wherein the key value is the remainder of 100 fetching of the room number roomid of the live broadcast room, and the value corresponding to the mapKey is the numerical value of the global variable. And generating numerical values of a plurality of global variables, so that in some specific application scenes, if a user needs to watch a plurality of live broadcast rooms at the same time and perform multi-thread authentication calculation, each thread only needs to take out the numerical value of the corresponding live broadcast room from the global variables, the condition under multi-thread is effectively met, thread blockage is avoided, and the authentication speed is ensured.
When the first KEY value is calculated, the global variable needs to be taken out from the thread local storage, and the process specifically comprises the following steps:
in the windos system, a corresponding API function tlsgettvalue is provided to fetch a stored object from the TLS, in the embodiment of the present invention, a previously stored global object mapKey object needs to be fetched, and a function prototype thereof is as follows:
PVOID TlsGetValue(
DWORD dwTlsIndex// TlsAlloc () function return value
);
Where the parameter DWORD dwTlsIndex requires the previously stored index value to be passed in.
mapKey=TlsSetValue(dwTlsIndex);
The previous mapKey object is retrieved from the thread local store by calling TlsSetValue.
And calculating a first KEY value by using an MD5 algorithm, wherein the specific calculation code is as follows:
key=Md5.Create(deviceId+token+roomid+timestamp+value)
in the code, KEY is a first KEY value, Md5.Create is an interface of an MD5 algorithm, deviceId is an ID of a device where a client is located, roomid is a room number of the client requesting to watch the live broadcast room, timestamp is a current timestamp of the client, token is a token value obtained when the client logs in a server, and value is a global variable corresponding to the live broadcast room.
After the first KEY value is calculated, the client sends the first KEY value, the global variable and the live broadcast related data to the server, namely the client sends deviceId, token, roomid, timestamp and value to the server, and the global variable sent to the server by the client is the same as the global variable used when the client calculates the first KEY value. Because the token value and the ID of the equipment where the client is located can exist in the server, the client only needs to send the roomid, the timestamp and the value to the server, the token value is the client sent by the server, so the server can have the token value, when the client logs in the server at first, the server can obtain the ID of the equipment where the client is located, and the server can have the ID of the equipment where the client is located.
S3: the client sends the server the calculation process for generating the first KEY value using the MD5 algorithm and the model of the device on which the client is located. In the embodiment of the present invention, the calculation process of generating the first KEY value using the MD5 algorithm refers to the above-mentioned whole process of calculating the first KEY value, and for the record of the process, a thread for recording a log may be created in the client, so as to record the calculation process of the first KEY value, and then send the recorded log to the client, that is, to send the calculation process of generating the first KEY value using the MD5 algorithm to the server. In the current market, PC equipment has a plurality of brands, and the PC equipment of same brand also has a plurality of models, so the customer end probably runs on the equipment of a plurality of different models, sends the model of the equipment that the customer end belongs to the server this moment, the subsequent statistical analysis of being convenient for.
S4: the server splices the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value, and the calculation code is as follows: server _ KEY ═ md5.create (deviceId + token + roomid + timestamp + value), where server _ KEY in the code is the second KEY value. And meanwhile, the server receives the calculation process for generating the first KEY value sent by the client and the model of the equipment where the client is located. And when the second KEY value is generated by calculation, the used global variable is a global variable value sent by the client.
S5: and comparing the second KEY value with the first KEY value, namely comparing the KEY with the server _ KEY, if the KEY is the same as the server, passing the authentication of the server to the client, sending a video stream address to the client by the server, if the KEY is different from the server, possibly obtaining the video stream address by a third-party platform, refusing the access of the client to the server at the moment, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to a background analysis database.
In one embodiment, to ensure the security of data transmission between the client and the server, the method may further include the following steps:
a: a pair of private and public keys is generated in both the server and the client.
The process of generating the private key by the client side comprises the following steps:
1 generating random data
Randdata=rand();
And generating a random data Randdata by calling a system function rand.
2. The timestamp and random number generate the Md5 value as the private key.
ServerPrivatekey=Md5.Create(Randdata+timestamp)
And splicing the random data and the current timestamp information together by calling an interface Md5.Create of an Md5 function and calculating an Md5 value to obtain a client private key ServerPrivatekey.
The process of generating the public key by the client side comprises the following steps:
ServerPublickey=RSA.CreatePair(ServerPrivatekey);
namely, a generation pairing key interface RSA.CreatePair of the RSA encryption algorithm is called to generate a client public key ServerPublinkey.
The method for generating the public key and the private key by the server is the same as the method for generating the public key and the private key by the server, and the server private key ServerPrivatekey and the server public key ServerPublinkey are obtained.
B: the server and the client send the public key generated by the server to the other side, and the server and the client store the private key;
c: the server generates a secret key by using the private key stored by the server and the received public key, the client generates the secret key by using the private key stored by the client and the received public key, and the secret key ShareKey generated by the client and the server is the same value.
The code for the server to generate the key is: ShareKey is rsa. createsharekey (ClientPublickey, ServerPrivatekey).
Similarly, the code for the client to generate the key is: ShareKey is rsa. createsharekey (ClientPublickey, ServerPrivatekey).
D: the client encrypts the first KEY value, the global variable and the live related data by using a KEY generated by the client, and then sends the encrypted first KEY value, the encrypted global variable and the live related data to the server. Since the token value and the ID of the device where the client is located do not need to be sent to the server, the encryption process of the first KEY value, the global variable, and the live related data using the KEY generated by the client is as follows:
encryptData=Aes.encrypt(key+value+timestamp,ShareKey)
encryption is an encryption interface of an encryption algorithm AES. And finally, obtaining encrypted data encryptData, and sending the encrypted data encryptData to the server by the client through the network socket.
E: the server decrypts the received encrypted first KEY value, the global variable and the live broadcast related data by using a KEY generated by the server, and then uses an MD5 algorithm to splice the decrypted global variable and the live broadcast related data to generate a second KEY value. The decryption process of the first KEY value, the global variable and the live related data is as follows:
key+value+timestamp=Aes.decrypt(encryptData,ShareKey)
decryption is a decryption interface of an encryption algorithm AES, and finally the decrypted first KEY value and the live broadcast related data are obtained.
In one embodiment, the second KEY value is compared with the first KEY value, when the second KEY value is different from the first KEY value, the model of the device where the client is located, the room number of the client requesting to watch the live broadcasting room in the live broadcasting related data, and the calculation process for generating the first KEY value are uploaded to a background analysis database, the background analysis database counts the model of the device where the client is located and the room number of the client requesting to watch the live broadcasting room, through statistics, if the situation that KEY value comparison is different frequently occurs in some types of devices is found, developers can be helped to analyze whether the devices of the models are incompatible with the authentication algorithm in the embodiment of the present invention or not, or whether the compatibility problem of the devices of the models to the client exists, and simultaneously, the developers can perform problem tracing by combining the uploaded calculation process for generating the first KEY value, so that developers can improve the authentication algorithm or optimize the operation of the client on the device of the model. Meanwhile, if the situation that the KEY value comparison is different frequently occurs when a certain client requests to watch the room number of the live broadcast room is found, the background security personnel can conveniently analyze whether the situation that the modified client is used by illegal personnel in a large quantity for refreshing people exists in the live broadcast room corresponding to the room number, and the situation is equivalent to giving an alarm to the background security personnel.
In one embodiment, two different data channels are used to transmit data of the client to the server, one data channel is used to transmit the first KEY value, the global variable and the live related data to the server, the data channel may be a conventional data communication transmission channel, the other data channel is used to transmit the calculation process for generating the first KEY value and the model of the device where the client is located to the server, and the data channel may be an encrypted data channel. Data transmission is carried out through the two data channels, the fault tolerance rate in the data transmission process is reduced, for example, when the first KEY value fails to be transmitted, the model of the device where the client in the other channel is located is successfully transmitted, developers can conveniently analyze whether the data transmission failure is caused by the fact that the client runs on the device with the model due to the compatibility problem, and the developers can conveniently optimize the client.
According to the TLS-based video stream address authentication method, the global variable is generated, the KEY value obtained by calculation through the global variable and the live broadcast related data is compared with the KEY value obtained by calculation through the global variable and the live broadcast related data through the server, so that the legality of the client is judged, the video stream address is effectively prevented from being acquired by a third-party platform, the legal right of the live broadcast platform is guaranteed, the global variable is calculated and generated firstly, the global variable generated before is used in the subsequent process of carrying out authentication calculation through combination of the global variable and the live broadcast related data, the generation calculation of the global variable is avoided when authentication calculation is carried out each time, and the authentication speed of the server to the client is effectively improved.
An embodiment of the present invention further provides a storage medium, on which a computer program is stored, where when the storage medium is a client, the computer program is executed by a processor to implement the following steps:
using the value generated by the MAP container using the STL as a global variable;
storing the global variable in a thread local storage;
splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value;
and sending the global variable, the live broadcast related data and the generated first KEY value to a server, and sending a calculation process for generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server.
When the storage medium is a server, the computer program when executed by a processor performs the steps of:
receiving a global variable, live broadcast related data and a first KEY value sent by a client, and receiving a calculation process for generating the first KEY value sent by the client and the model of equipment where the client is located;
splicing the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value;
and comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is not the same as the first KEY value, refusing the access of the client, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to a background analysis database.
An embodiment of the present invention further provides an electronic device, which includes a client and a server, and as shown in fig. 2, the client includes a generating unit 601, a storage unit 602, a first calculating unit 603, and a sending unit 604.
The generation unit 601 is configured to generate a numerical value using the MAP container of the STL, and take the generated numerical value as a global variable; the storage unit 602 is configured to store a global variable in a thread local storage; the first computing unit 603 is configured to splice the global variable and the live related data using an MD5 algorithm to generate a first KEY value; the sending unit 604 is configured to send the global variable, the live broadcast related data, and the generated first KEY value to the server, and receive a calculation process for generating the first KEY value sent by the client and a model of a device where the client is located.
Referring to fig. 3, the server includes a receiving unit 701, a second calculating unit 702, and a comparing unit 703.
The receiving unit 701 is configured to receive a global variable, live broadcast related data, and a first KEY value sent by a client, and receive a calculation process for generating the first KEY value sent by the client and a model of a device where the client is located; the second computing unit 702 is configured to splice the received global variable and the live related data using an MD5 algorithm to generate a second KEY value; the comparison unit 703 is configured to compare the second KEY value with the first KEY value, send a video stream address to the client if the second KEY value is the same as the first KEY value, deny the client access if the second KEY value is different from the first KEY value, and upload the model of the device where the client is located and the calculation process for generating the first KEY value to the background analysis database.
The invention also provides a TLS-based video stream address authentication system based on the video stream address authentication system, which comprises a generation module, a first calculation module, a second calculation module and a comparison module:
the generating module runs on the client and is used for taking a numerical value generated by the MAP container using the STL as a global variable and storing the global variable in the thread local storage; the first computing module runs on the client and is used for splicing the global variables and the live broadcast related data by using an MD5 algorithm to generate a first KEY value, sending the first KEY value, the global variables and the live broadcast related data to the server, and sending a computing process for generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server; the second computing module runs on the server and is used for splicing the received global variables and the live related data by using an MD5 algorithm to generate a second KEY value and receiving the computing process for generating the first KEY value sent by the client and the model of the equipment where the client is located; the comparison module runs on the server and is used for comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, the video stream address is sent to the client, if the second KEY value is different from the first KEY value, the client is denied access to the server, and the model of the equipment where the client is located and the calculation process for generating the first KEY value are uploaded to the background analysis database.
According to the TLS-based video stream address authentication system, the global variable is generated, the KEY value obtained by calculation through the global variable and the live broadcast related data is compared with the KEY value obtained by calculation through the global variable and the live broadcast related data through the server, so that the legality of the client is judged, the video stream address is effectively prevented from being acquired by a third-party platform, the legal right of the live broadcast platform is guaranteed, the global variable is calculated and generated firstly, the global variable generated before is used in the subsequent process of carrying out authentication calculation through combination of the global variable and the live broadcast related data, the generation calculation of the global variable is avoided when authentication calculation is carried out each time, and the authentication speed of the server to the client is effectively improved.
The present invention is not limited to the above-described embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (10)
1. A video stream address authentication method based on TLS is characterized by comprising the following steps:
taking a numerical value generated by using the MAP container of the STL as a global variable, and storing the global variable in a thread local storage;
the client uses an MD5 algorithm to splice the global variable and the live broadcast related data to generate a first KEY value, and sends the first KEY value, the global variable and the live broadcast related data to the server;
the client sends a calculation process of generating a first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to a server;
the server splices the received global variable and the live broadcast related data by using an MD5 algorithm to generate a second KEY value, and meanwhile, the server receives the calculation process for generating the first KEY value sent by the client and the model of the equipment where the client is located;
comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is not the same as the first KEY value, denying the client to access the server, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to a background analysis database;
the global variable comprises a plurality of numerical values, and the calculation mode of the numerical values in the global variable is as follows: and summing the ID of the equipment where the client is positioned and the value i, calculating the obtained value by using a crc32 algorithm, taking the obtained value again as the numerical value of the global variable, wherein the value of i is different, the obtained numerical value of the global variable is different, the value range of i is more than or equal to 0 and less than 100, and i is an integer.
2. The TLS-based video stream address authentication method as claimed in claim 1, wherein:
the live broadcast related data comprises an ID of equipment where the client is located, a token value, a room number of a live broadcast watching request room of the client and a current timestamp of the client;
and when the token value is logged in the server by the client, the server issues the token value to the client.
3. The TLS-based video stream address authentication method as claimed in claim 2, wherein:
the client uses an MD5 algorithm to splice the global variables and the live broadcast related data to generate a first KEY value, which specifically comprises the following steps: the client uses an MD5 algorithm to splice one numerical value in the global variables and the live broadcast related data to generate a first KEY value;
the room number of a live broadcast room requested to be watched by the client is subjected to complementation for 100, the obtained remainder is used as the value of i, calculation is carried out according to the calculation mode of the numerical value in the global variable, and the obtained global variable numerical value is used as the numerical value of the global variable used when the first KEY value is generated;
each room number corresponds to the value of a global variable;
the value of the global variable used in generating the second KEY value is the same as the value of the global variable used in generating the first KEY value.
4. The TLS-based video stream address authentication method as claimed in claim 2, wherein for the storage of the global variable in the thread local part, the specific process is as follows:
and calling a TlsAlloc function of an API (application program interface) in the windows system to distribute TLS (transport layer services) indexes, finding an idle index in the windows system, and storing the global variable into the thread local part after obtaining the idle index.
5. A TLS-based video stream address authentication method as claimed in claim 3, wherein: the client uses an MD5 algorithm to splice the global variables and the live broadcast related data to generate a first KEY value, and the specific steps are as follows:
the client uses an MD5 algorithm to splice the ID of the device where the client is located, the token value, the room number of the live broadcast room requested to be watched by the client, the current timestamp of the client and the value in the global variable corresponding to the live broadcast room requested to be watched by the client to generate a first KEY value.
6. The TLS-based video stream address authentication method as claimed in claim 2, wherein:
and comparing the second KEY value with the first KEY value, uploading the model of the equipment where the client is located, the room number of the live broadcast room requested to be watched by the client in the live broadcast related data and the calculation process for generating the first KEY value to a background analysis database when the second KEY value is different from the first KEY value, and counting the model of the equipment where the client is located and the room number of the live broadcast room requested to be watched by the client by the background analysis database.
7. The TLS-based video stream address authentication method as claimed in claim 1, wherein: and two different data channels are used for transmitting the data of the client to the server, one data channel is used for transmitting the first KEY value, the global variable and the live broadcast related data to the server, and the other data channel is used for transmitting the calculation process for generating the first KEY value and the model of the equipment where the client is located to the server.
8. A storage medium having a computer program stored thereon, wherein when the storage medium is a client, the computer program when executed by a processor performs the steps of:
using the value generated by the MAP container using the STL as a global variable;
storing the global variable in a thread local storage;
splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value;
sending the global variable, the live broadcast related data and the generated first KEY value to a server, and sending a calculation process of generating the first KEY value by using an MD5 algorithm and the model of equipment where a client is located to the server;
when the storage medium is a server, the computer program when executed by a processor performs the steps of:
receiving a global variable, live broadcast related data and a first KEY value sent by a client, and receiving a calculation process for generating the first KEY value sent by the client and the model of equipment where the client is located;
splicing the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value;
and comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is not the same as the first KEY value, refusing the access of the client, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to a background analysis database.
9. An electronic device comprising a client and a server, the client comprising:
a generation unit for generating a numerical value using the MAP container of the STL and taking the generated numerical value as a global variable;
a storage unit for storing the global variable in a thread local storage;
the first computing unit is used for splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value;
the sending unit is used for sending the global variable, the live broadcast related data and the generated first KEY value to the server, and sending a calculation process of generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server;
the server includes:
the receiving unit is used for receiving the global variable, the live broadcast related data and the first KEY value sent by the client, and receiving the calculation process for generating the first KEY value sent by the client and the model of the equipment where the client is located;
the second computing unit is used for splicing the received global variable and the live related data by using an MD5 algorithm to generate a second KEY value;
and the comparison unit is used for comparing the second KEY value with the first KEY value, sending a video stream address to the client if the second KEY value is the same as the first KEY value, refusing the access of the client if the second KEY value is not the same as the first KEY value, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to the background analysis database.
10. A TLS-based video stream address authentication system, comprising:
the generating module runs on the client and is used for taking a numerical value generated by the MAP container using the STL as a global variable and storing the global variable in the thread local storage;
the first computing module runs on the client and is used for splicing the global variable and the live broadcast related data by using an MD5 algorithm to generate a first KEY value, sending the first KEY value, the global variable and the live broadcast related data to the server, and sending a computing process for generating the first KEY value by using an MD5 algorithm and the model of the equipment where the client is located to the server;
the second computing module runs on the server and is used for splicing the received global variables and the live related data by using an MD5 algorithm to generate a second KEY value and receiving a computing process for generating the first KEY value sent by the client and the model of the equipment where the client is located;
and the comparison module runs on the server and is used for comparing the second KEY value with the first KEY value, if the second KEY value is the same as the first KEY value, sending a video stream address to the client, if the second KEY value is different from the first KEY value, denying the client to access the server, and uploading the model of the equipment where the client is located and the calculation process for generating the first KEY value to the background analysis database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810732395.2A CN110691267B (en) | 2018-07-05 | 2018-07-05 | TLS-based video stream address authentication method, storage medium, equipment and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810732395.2A CN110691267B (en) | 2018-07-05 | 2018-07-05 | TLS-based video stream address authentication method, storage medium, equipment and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110691267A true CN110691267A (en) | 2020-01-14 |
| CN110691267B CN110691267B (en) | 2021-11-09 |
Family
ID=69106828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810732395.2A Active CN110691267B (en) | 2018-07-05 | 2018-07-05 | TLS-based video stream address authentication method, storage medium, equipment and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110691267B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277096A (en) * | 2022-06-28 | 2022-11-01 | 重庆长安汽车股份有限公司 | Digital commodity rights and interests management method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090141887A1 (en) * | 2007-12-03 | 2009-06-04 | Yap Kirk S | Method and apparatus for generic multi-stage nested hash processing |
| CN107333151A (en) * | 2017-06-30 | 2017-11-07 | 武汉斗鱼网络科技有限公司 | A kind of video flowing address method for authenticating and device |
| CN108184146A (en) * | 2018-01-12 | 2018-06-19 | 武汉斗鱼网络科技有限公司 | A kind of method and relevant device for calculating live streaming platform popularity |
-
2018
- 2018-07-05 CN CN201810732395.2A patent/CN110691267B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090141887A1 (en) * | 2007-12-03 | 2009-06-04 | Yap Kirk S | Method and apparatus for generic multi-stage nested hash processing |
| CN107333151A (en) * | 2017-06-30 | 2017-11-07 | 武汉斗鱼网络科技有限公司 | A kind of video flowing address method for authenticating and device |
| CN108184146A (en) * | 2018-01-12 | 2018-06-19 | 武汉斗鱼网络科技有限公司 | A kind of method and relevant device for calculating live streaming platform popularity |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277096A (en) * | 2022-06-28 | 2022-11-01 | 重庆长安汽车股份有限公司 | Digital commodity rights and interests management method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110691267B (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11847190B2 (en) | Digital rights management for HTTP-based media streaming | |
| US20130283051A1 (en) | Persistent License for Stored Content | |
| US7650312B2 (en) | Method and system to enable continuous monitoring of integrity and validity of a digital content | |
| US20110231660A1 (en) | Systems and methods for securely streaming media content | |
| US11432039B2 (en) | Systems and methods for data processing, storage, and retrieval from a server | |
| US10284365B2 (en) | System and method for synchronized key derivation across multiple conditional access servers | |
| US20170034554A1 (en) | Method of delivering and protecting media content | |
| US10162944B2 (en) | Library style media DRM APIs in a hosted architecture | |
| CN108881966B (en) | Information processing method and related equipment | |
| KR20110004332A (en) | Processing recordable content in a stream | |
| US10298546B2 (en) | Asymmetrical encryption of storage system to protect copyright and personal information | |
| US20230132485A1 (en) | System for Thin Client Devices in Hybrid Edge Cloud Systems | |
| US11310212B2 (en) | Segmented encryption for content delivery | |
| BR112016009900B1 (en) | METHOD AND DEVICE FOR DISTRIBUTING MULTIMEDIA LICENSES IN A SECURE MULTIMEDIA SERVICE DISTRIBUTION SYSTEM | |
| CN110691267B (en) | TLS-based video stream address authentication method, storage medium, equipment and system | |
| US10387628B2 (en) | Accessing content at a device | |
| CN110380843B (en) | Information processing method and related equipment | |
| CN108769748B (en) | Information processing method and related equipment | |
| CN110381342B (en) | Information processing method and related equipment | |
| US20090313666A1 (en) | Television Content Management for Clients | |
| KR102286303B1 (en) | Key Rotation for DRM Systems in DASH base Media Service | |
| US20210258624A1 (en) | Systems and methods for managing access to content assets | |
| US10515194B2 (en) | Key rotation scheme for DRM system in dash-based media service | |
| Storey | The design and implementation of a security and containment platform for peer-to-peer media distribution | |
| KR20100069476A (en) | Method and system for providing broadcasting service using contents for vod encrypted by individual key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |