CN101247409A - Live broadcast stream media authentication method based on P2P network - Google Patents

Live broadcast stream media authentication method based on P2P network Download PDF

Info

Publication number
CN101247409A
CN101247409A CN 200810102396 CN200810102396A CN101247409A CN 101247409 A CN101247409 A CN 101247409A CN 200810102396 CN200810102396 CN 200810102396 CN 200810102396 A CN200810102396 A CN 200810102396A CN 101247409 A CN101247409 A CN 101247409A
Authority
CN
China
Prior art keywords
program
user
digital certificate
p2p
authentication
Prior art date
Application number
CN 200810102396
Other languages
Chinese (zh)
Inventor
王新立
Original Assignee
中国科学院电工研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国科学院电工研究所 filed Critical 中国科学院电工研究所
Priority to CN 200810102396 priority Critical patent/CN101247409A/en
Publication of CN101247409A publication Critical patent/CN101247409A/en

Links

Abstract

The present invention provides authentication method based on P2Pnetwork living broadcast stream medium, first step: user terminal examines live program information from indexes server, and sends playing certain program demand when process flow starts; second step: indexes server provides connection information of program source provider and information of playing program required digital certificate to user terminal; third step: customer terminal software checks whether or not local installs required digital certificate, if digital certificate has already be mounted, application can be applied at digital certificate server of program provider according to required digital certificate information; four step: program provider executes user authentication according to user demand, and distributes digital certificate to legality user, at the same time executes authentication and management to user; five step: after obtaining digital certificate, user registers in P2Pnetwork for transmitting of living broadcast stream medium, receiving stream medium data for executing decipher, decoding and playing.

Description

一种基于P2P网络的直播流媒体的鉴权方法 One kind of authentication method based live media streaming P2P networks

技术领域 FIELD

本发明涉及基于P2P网络直播流媒体数字加密及用户鉴权的实现方法。 The present invention relates to a method based on P2P networks implement live streaming digital encryption and user authentication. 技术背景 technical background

随着互联网技术的迅速发展,在网络上传输视频和音频慢慢地成为一种趋势。 With the rapid development of Internet technology, the transmission of video and audio over the network gradually become a trend. 网络视频直播适应了这种发展,并越来越得到大家的重视,主要用于实现多用户对网络多媒体文件的共享播放。 Video broadcast network adapted to this development, and more and get everyone's attention, mainly for multiple users to share multimedia files to play on the network.

P2P (Peer to Peer),即为网络节点对等互联之意。 P2P (Peer to Peer), is the meaning of network peering nodes. 应该说,平行于目前因特网上流行的客户端/服务器的主从互联模式,P2P实现了分布式资源利用与共享,每一节点可进行对等通信, 可具备同时对信息内容进行接收、发送、存储和集成,并对信息元数据(Metadata)进行搜索和被搜索等功能,各节点对等协同完成任务。 It should be said that, parallel to the main popular on the Internet, client / server model from a network, P2P resource utilization and a distributed shared, each node may be peer to peer communications, the information content can be provided simultaneously receive, transmit, storage and integration, and information element data (the metadata) are search and search functions, each node in the peer collaborative tasks.

P2P技术突破了传统的Client/Server模式,服务器的地位和作用大大减弱,充分地利用了网络上的空闲资源,在共享、协同工作、网络存储等方面取得了良好的应用。 P2P technology to break through the traditional Client / Server mode, the status and role of the server greatly weakened, full use of the free resources on the network in a shared, collaborative work, network storage and achieved good application. 随着P2P技术的发展,出现了基于P2P的文件传输与下载,每台计算机既是客户端又是服务器,在下载的同时又向别人传输文件内容。 With the development of P2P technology, the emergence of P2P file transfer and download-based, each computer is both a client and a server, the ED also transfer files to others while downloading content. 这种传输方式在一定的时期弥补了网络带宽瓶颈的问题,提高了传输效率,减轻了服务器的负担。 This method of transmission in a certain period of time to make up for the problem of network bandwidth bottleneck, transmission efficiency is improved, thereby reducing the burden on the server. 这种方式也成为了目前网络上大文件传输(共享下载)的非常流行的方式之一。 One way this way has become the current network of large file transfer (sharing download) is very popular.

P2P与传统的流媒体视频点播相结合,可以充分发挥众多客户机的作用,Internet上的众多用户可以直接进行信息交换,减轻了服务器的负担,降低了网络带宽的占用率,具有很大的应用前景。 P2P with the traditional combination of streaming video on demand, can give full play to the role of numerous clients, many users on the Internet can be a direct exchange of information, reducing the burden on the server, reducing network bandwidth usage, has great application prospect. P2P技术与流媒体技术相结合产生了IPTV、网络电视、网络广播等多种形式的网络直播的应用。 P2P technology and streaming media technology combine to produce the application forms of the webcast IPTV, Internet TV, Internet broadcasting. 这种应用与文件传输有着很大不同,主要是传输具有实时性,传输的内容具有连续性, 每个客户端都有一个缓冲区,里面存放一个时间段内可供播放的流式媒体内容,随着时间的延续,新的数据不断读入,过期的数据被丢弃。 This application and file transfer has a very different, mainly with real-time transmission, content delivery continuity, each client has a buffer, which kept streaming media content to play for a period of time, as time, new data is continuously read, the data is discarded expired. 与文件传输的方式相比,它的数据块数相对比较少,传输过程中对计算机和网络资源的占用相对较少。 Compared with the file transfer mode, its relatively small number of data blocks, the transmission process of the computer and network resources occupied by relatively small. 在基于P2P的网络上传输过程中不断复制和传输的是和一个时间段相对应的、连续的数据包。 Replication and transmission in the continuous transmission on P2P networks and is based on a time period corresponding to consecutive packets.

对于一个流媒体的传输,每个人都充当了接收和发送的角色,由于这种方式的灵活性,使得对于一些流媒体的合法性、版权保护等权益的保护变得更加困难。 For a media transport stream, and everyone acts as the receiving and sending of roles, because of the flexibility of this approach, so that the protection of rights and interests of streaming media for some of legality, copyright protection has become more difficult. 就好比始做俑者放了一把火,便在网络上烧起了在规模和生命周期上都不可控的大火。 Like start doing figurines put a fire, it burned up in size and life cycle are not controlled fires on the network. 一个人把一份媒体文件或流媒体直播在非授权的情况下就可以在传输的过程中不断地复制和传播,而在整个过程中每个人都充当了非法复制和传输的角色。 A person to a media file or live streaming can continue to replicate and spread in the transmission process in the case of unauthorized, and throughout the process everyone played the role of illegal copying and transmission.

目前P2P网络直播方案中采用了调度的方法技术对P2P网络中客户之间的P2P传输进行控第L常用的控制策略包括客户端的认证、授权、计费、审计、分组、流媒体功能限制、通信加密等方法。 P2P network currently broadcast program scheduling technique uses a method of P2P network P2P transmission between clients of the control L control strategies commonly includes a client authentication, authorization, accounting, auditing, packet, streaming media capabilities limitation, communication encryption and other methods. 通过一系列的技术措施来实现对P2P网络的控制,对参与到P2P网络传输的客户进行认证、收费、授权,对于通信加密是在客户和调度服务器之间的信息传递采用加密协议的方式进行,而流媒体限制是控制用户对某些流媒体资源进行传输上的限制。 To achieve control of the P2P network through a series of technical measures for the client to participate in the P2P network transmission authentication, charging, authorization, encryption is a transfer mode for communication using encryption protocol information between the client and the scheduling server, and the flow limit control media streaming user some restrictions on the transmission resource.

这种可控的P2P的技术方法存在着以下不足:首先是对P2P网络的限制和施加的控制策略大大降低了P2P网络的自由度,P2P网络的高效来源于高度的开放和自由传输,所以这必然会大大降低P2P网络传输的效率,且控制及限制越多,效率越低。 This controlled method of P2P technology there are the following shortcomings: First, the P2P network restrictions and control strategies applied greatly reduces the freedom of P2P networks, highly efficient from the open and free transport of P2P networks, so this is bound to the P2P network transmission efficiency is greatly reduced, and more controls and restrictions, the lower the efficiency. 突破限制后的用户以及部分合法的用户就可以播放了,对于用户通过对软件破解,边播放边下载,下载后恶意修改、重新编码、转换、传播等行为无法避免。 User limit after the break and some legitimate users can play, and for the user through the crack of the software, while playing download, after downloading malicious modification, re-encoding, conversion, communication and other behavior can not be avoided. 所以就目前而言还没有从技术上实现对流媒体版权的保护。 So for now, it has not been achieved protection from copyright streaming media technology.

所以, 一种能够实现P2P网络传输和鉴权和方法对于数字产品的授权传播与复制、保护数字产品的版权有着非常重要的意义。 Therefore, a way to achieve P2P network transmission and authentication and authorization methods for dissemination and replication of digital products, digital copyright protection products has a very important significance. 发明内容 SUMMARY

本发明的目的是克服P2P网络直播现有技术的缺点,提出一种P2P网络上流媒体直播的数字鉴权及实现方法,实现直播流媒体内容通过数字证书的保护实现在P2P网络上安全的,自由而灵活地分发和传输,同时直播媒体的提供者可以根据需要实现自己的用户管理及收费,可以自行开发数字证书。 Object of the present invention to overcome the disadvantages of the prior art P2P network broadcast the proposed authentication and digital method for implementing a P2P network streaming media broadcast, live streaming content to achieve implemented on a P2P network security by protecting digital certificates, free and flexible distribution and transmission, and broadcast media providers may need to implement their own management and user charges based on, they can develop their own digital certificate. 有效地防止非授权用户对直播流媒体内容的传输和播放,从技术上更好地保护直播流媒体的版权。 Effectively prevent unauthorized users transfer and playback of live streaming content, better protected by copyright live streaming technically. _ _

本发明所述的基于P2P网络直播系统共包括三个子系统对象:P2P索引提供者、直播流媒体提供者、最终直播用户。 P2P network-based broadcast system includes a total of three sub-objects of the present invention: P2P index provider, live streaming media provider, the final live user. 其中,直播流媒体提供者包括流媒体服务器l、数据库服务器2、证书服务器3; P2P索引服务提供者包括数据库服务器4、索引服务器5、 HTTP服务器6;最终直播用户是指用户端软件,包含P2P网络组件和媒体播放器。 Wherein, live streaming providers, including streaming server L, the database server 2, a certificate server. 3; P2P indexing service provider includes a database server 4, the index server 5, HTTP server 6; final live user is a client software, including P2P network components and media players.

本发明所述P2P网络直播系统各子系统功能及流程如下- Each subsystem functions and processes of the present invention is as follows P2P network broadcast systems -

第l步:流程开始,启动P2P索引服务;第2步:启动直播流媒体提供者的服务,完成对 L The first step: start the process, start the P2P indexing services; Step 2: Start the live streaming of service providers to complete the

直播流媒体内容的编码和利用密钥加密直播媒体数据流,启动证书服务器的服务,向P2P索引服务器注册节目号ChandID及所需证书信息CAID;第3步:用户访问从P2P索引提供者得到节目列表,发出所选节目播放请求;第4步:用户根据査询P2P索引服务得到节目流媒体直播提供者的信息MSPID,査找本地所存储的数字证书中是否有所选节目所需的数字证书CAID; 第5步:如果没有所需证书,则向直播流媒体提供者申请数字证书,接受用户身份验证,获得数字证书或者退出当前直播节目;如果成功获取所需证书,则向P2P索引服务提供者申请参于P2P网络数据转输;第6步:索引服务提供者校验用户是否具有节目所需的数字证书,比对数字证书识别号CAID,如果相同,则通过用户申请,提供种子列表,允许用户加入到P2P网络传输。 Live streaming media content encoding and encryption key using the live media stream, start the Certificate Server service, program number ChandID to the P2P index server and the required registration certificate information CAID; Step 3: User access provider to get the program from P2P index list, send out the selected program playback request; step 4: You get information MSPID program live streaming provider based on P2P indexing service query, if there are digital certificates required for the selected program CAID Find locally stored digital certificate ; step 5: If the certificate is not required, it is available to those who live streaming request a digital certificate, accept user authentication, obtain a digital certificate or exit the current live show; if successful, to obtain the required certificate, the service provider to the P2P index participate in the P2P network application data transfusion; step 6: indexing service providers verify whether a user desired program having the digital certificate, the digital certificate identifier than CAID, if the same, then the user application, a list of seed, allowing user added to the P2P network transmission. 第7步:缓冲接收到的数据流,利用获取的数字证书,进行直播流媒体的解密和解码;第8 步:进行播放直播媒体,流程结束。 Step 7: buffering the received data stream with a digital certificate to the acquired live streaming decryption and decoding; Step 8: play live media, the flow ends.

本发明所述的方法主要通过开发四个功能模块来实现上述三个子系统的功能以及所述流程,它们分别是:用户鉴权功能模块、数字证书管理模块、索引服务扩展模块、客户端处理模块。 The method of the present invention to achieve the above-described three major subsystems and functions of the four modules through the development process, which are: a user authentication function module, digital certificate management module, indexing service extension module, the client module . 其中用户鉴权功能模块、数字证书管理模块部署在直播流媒体提供者子系统中,索引扩展模块部署在索引服务器中,客户端处理模块部署在最终用户终端。 Wherein the user authentication function module, digital certificate management module deployed provided by live streaming subsystem index extension module is deployed in the index server, the client modules are deployed in the end user terminal. 各模块实现的功能如下: Each module implements the following functions:

用户鉴权功能模块主要完成的功能是处理用户对于数字证书的申请,对于用户进行管理和授权,对于授权的用户将请求传递给数字证书管理模块;数字证书管理模块主要完成的功能是生成用户证书,并分发给用户,并完成把节目数据加密后提供给P2P网络上的用户;索引扩展 User authentication function module of the completion of the processing function of the user request for digital certificate, user management and authorization, the user authorization request to the digital certificate management module; digital certificate management module performs the function generating user certificate , and distributed to the user, and completes the encrypted program data to a user on a P2P network; index extension

模块主要完成的功能是存储节目信息MSPID、 ChanelID,数字证书相关信息,每个节目合法授权用户种子队列,鉴别申请注册到P2P的用户是否具有节目ChandID所需的数字证书CAID, 并把具有数字证书的用户分配到对应节目ChanelID的P2P种子队列中去;客户端处理模块的功能主要是处理每个用户接收到以P2P方式传输的数据后,用节目所需的数字证书解密后将流式数据传递给媒体播放软件进行视频解码和播放。 Module of the completion of the function is to store the program information MSPID, ChanelID, digital certificate information, each program authorized users seeds queue, to apply for registration to identify whether the user has P2P programs ChandID required digital certificate CAID, and to have a digital certificate users assigned to the corresponding program ChanelID queue to a P2P seeds; function after the client processing module mainly processing each user receives data transmitted in a P2P manner, the digital certificate required by the program after decrypting streaming data transfer video decoding and playing to the media player software. 本发明具有以下特征- The present invention has the following features -

1、 根据数据在P2P网络上传输的自由、开放、传播过程不可准确控制的特点,采用加密直播媒体源端数据流的方法实现了在P2P网络上安全、自由、开放、高效的数据传送。 1, the free data transmission over the P2P network, open, accurate control of the propagation characteristics can not be used to encrypt the data stream broadcast media source method to achieve a safe, free, open on the P2P network, efficient data transfer.

优点在于:采用基于源端数据流的加密,增加了P2P网络上数据的安全性,实现了对直播流媒体的数字版权保护,实现了数据安全与网络高效的结合。 Advantages: based encryption source data stream, it increases the security of the P2P network data, realization of the digital copyright protection of live streaming, to achieve efficient binding data and network security.

2、 通过把网络高效传输与用户严格鉴权分离的做法实现了用户严格精准的管理,授权与网络自由、开放、高效的结合,大大提高了系统的可靠性及兼容性,可以在同一系统体系中实现多种直播媒体、多种数据库管理、多种身份验证机制的共存,对于目前P2P与流媒体技术发展的百花齐放的态势具有很好的包容性。 2, through the efficient transmission of network and user authentication strict separation approach to achieve the strict precise user management, authorization and network free, open and efficient combination, greatly improving the reliability and compatibility of the system, the same system can be in the system to achieve a variety of live media, a variety of database management, the coexistence of multiple authentication mechanisms, the current situation of the flourishing development of P2P and streaming media technology with good tolerance.

3、 P2P索引服务提供者和直播流媒体提供者相对独立,这使得直播流媒体提供者有更广阔的技术空间和更灵活的技术手段来实现自己的数字证书和加密方法,这种数字证书也可以是独立于操作系统的文件。 3, P2P indexing service providers and live streaming media provider independent, which makes live streaming media providers have a broader space technology and more flexible technology means to achieve their own digital certificates and encryption methods, such digital certificate also It can be independent of the operating system files.

4、 在用户端解密、解码和播放不可分离,这保证了直播流媒体数据不会被截流、存储和分发,保证了直播流媒体数据时安全性。 4, the client decryption, decoding and playback can not be separated, which ensures that data is not live streaming closure, storage and distribution to ensure the safety during live streaming data. 附图说明 BRIEF DESCRIPTION

图l本发明适用的P2P直播流媒体系统结构示意图; 图2 P2P直播流媒体系统流程框图; Figure l media system schematic structure of the present invention is applicable P2P live streaming; live streaming P2P system flow diagram of FIG 2;

图3 P2P直播流媒体系统的时序图。 FIG timing chart of FIG. 3 P2P live streaming media system.

具体实施方式 Detailed ways

如图1所示,本发明适用的P2P直播流媒体系统共包括三个子系统对象:P2P索引提供者, As shown in FIG 1, the present invention is applicable P2P live streaming system includes a total of three sub-objects: P2P index provider,

直播流媒体提供者,最终直播用户。 Live streaming media providers, end-users live. 其中直播流媒体提供者包括流媒体服务器l,数据库服务器 Wherein the provider comprises a live streaming media server streaming l, database server

2,证书服务器3; P2P索引服务提供者包括数据库服务器4,索引服务器5, HTTP服务器6; 最终直播用户是指用户端软件,包含P2P网络组件和媒体播放器。 2, the server certificate. 3; Index P2P service provider includes a database server 4, the index server 5, HTTP server 6; refers to the final broadcast user client software, and network components comprising P2P media player.

图2所示是本发明所涉及的系统流程框图:首先启动P2P索引服务,启动直播流媒体提供者的服务,完成对直播流媒体内容的编码和数字加密,准备好证书服务器,向P2P索引服务器注册节目及所需证书;用户查询节目列表,发出播放请求,并根据査询P2P索引服务得到节目流媒体直播提供者的信息,查验是否有所需数字证书;如果没有所需证书,则向直播流媒体提供者申请数字证书,向P2P索引服务提供者注册,参加P2P网络数据转输,缓冲接收到的数据流,利用获取的数字证书进行直播流媒体的解密和解码;然后进行播放直播媒体。 As shown in FIG. 2 is a flow diagram of the system according to the present invention: First, the index start P2P service, start the service provider of live streaming, and digital encryption of the complete coding live streaming content, the certificate server is ready, the P2P index server registration and certificate programs required; user query program list, send out a play request and get information about the program live streaming provider based on P2P indexing service query, check whether there needed digital certificates; if there is no certificate, then to live streaming media provider request a digital certificate, the provider registered to the P2P indexing service, participation in P2P network data transfusion, buffering the received data stream using a digital certificate acquisition will be live streaming of the decrypted and decoded; then play live media.

本发明P2P直播流媒体系统的实现方法时序如图3所示:首先启动P2P索引服务器2,依次启动直播流媒体提供者的数据库服务器3、数字证书服务器4、直播服务器5,由直播服务器5在启动过程中完成对直播流媒体内容的编码和数字加密19,根据节目向证书服务器准备好证书18,完成后向索引服务器注册节目及所需证书并成为P2P网络中的媒体流种子20,系统启动完成。 Sequential achieve P2P live streaming system of the present invention is shown in Figure 3: first start P2P index server 2, and start the live streaming provider database server 3, the digital certificate server 4, live server 5, the server 5 by live startup complete digital coding and encryption for live streaming content, 19, prepared according to the certificate server good certificate program 18, after the completion of the index server registration program and the required certificate and become a media stream seed the P2P network 20, the system starts carry out. 终端用户1通过HTTP服务査询节目列表6,发出播放请求,接收返回的节目提供者的信息和所需数字证书的信息7,并根据査询P2P索引服务得到节目流媒体直播提供者的信息,査验是否有所需数字证书:如果没有所需证书,则向直播流媒体提供者申请数字证书9,由直播流媒体提供者通过数据库服务器3实现对用户的鉴权及管理10,根据用户ID生成数字证书并发布ll到数字证书服务器,由数字证书服务器进行证书的分发12,终端用户接收申请返回的数字证书并保存到本地系统中13,并向P2P索引服务器注册为成P2P网络中的一员14,参加P2P网络数据转输,缓冲接收到的数据流15,利用获取的数字证书,进行直播流媒体的解密和解码:然后进行播放直播媒体16。 HTTP service by the end user a program list 6 queries, issuing a play request, receiving the return information and the required program providing digital certificate's 7, and the program information to obtain live streaming provider service based on the query P2P index, check whether there needed a digital certificate: If a certificate is not required, the provider to request a digital certificate live streaming 9, is provided by live streaming database server 3 implements user authentication and management through 10, according to the user ID ll generate a digital certificate and publish digital certificate server, distributing the digital certificate by the certificate server 12, the end user receives the digital certificate request and saves it to the return system 13, to the P2P server is registered as an index into the P2P network a members 14, participated in the P2P network transfusion data, buffering the received data stream 15, using the acquired digital certificate, for live streaming decryption and decoding: 16 then displays the live media.

以下为采用本发明方法的实施例: The following is the method of the present embodiment of the invention:

1. 本发明实施例的系统环境包括:直播流媒体系统(直播流媒体提供者),P2P网络系统(P2P 索引服务者),客户端直播流媒体解密、解码及播放系统。 1. The system environment in which embodiments of the present invention include: live streaming media system (live streaming providers), are P2P network system (P2P indexing service provider), live streaming client to decrypt, decode and playback system.

2. 配置系统服务器,对于直播流媒体服务本实例采用VideoLAN-VLC media player软件包进行部署流媒体直播系统。 2. Configure system servers for live streaming service this example uses VideoLAN-VLC media player software package for deployment streaming system. 部署MySQL数据库系统用于对用户的管理及收费。 Deploy MySQL database system for management and user fees. 部署Apache HTTP服务用于发布数字证书。 Deploy Apache HTTP service for issuing digital certificates. 对于P2P索引服务提供者本实例采用mini-SAP-server索引发布, 进行apache扩展模块开发。 For P2P service index provider This example uses mini-SAP-server publishing index, apache extension modules were developed. 对于用户终端采用VLC media player进行播放,并采用C有语言进行客户端模块的开发。 For a user terminal using VLC media player for playback, and use of C language development have client modules. 3.基于步骤2选择,选用MicrosoftVisualStudio.net进行开发和调试。 3. Step 2 development and debugging options, choose MicrosoftVisualStudio.net based. 开发语言选用C/C++, 主要开发的模块有用户鉴权功能模块、数字证书管理模块、索引服务扩展模块、客户端处理模块。 Choice of development language C / C ++, the main module developed functional module has a user authentication, digital certificate management module, indexing service expansion module, the client processing module. 用户鉴权功能模块主要完成的功能是处理用户对于数字证书的申请,对于用户进行管理和授权,对于授权的用户将请求传递给数字证书管理模块,实现方式是进行进行Apache扩展模块幵发,使用MYSQL数据库的API函数进行数据库相关操作,主要函数接口定义如下:GetUInfo():取得客户的信息;CerCurUser(uID):完成当前用户的管理,签别是否是合法用户; GetUKey(uID):得到客户端认证码; CenCAData(uID):生成数字证书文件;数字证书管理模块主要完成的功能是生成用户证书,并分发给用户,并完成把节目数据加密后提供给P2P网络上的用户,主要函数接口定义如下:GenCAdata(ukey,沐ey):产生数字证书,生成数字证书;EncodeStreamModule(pStre咖Buf): 加密数据流;RegStreamProfile(chaneIID):向索引服务器注册节目信息;索引扩展模块主要完成的功能是存储节目信息,数字证书相关信息,每 User authentication function module of the completion of the processing function of the user request for digital certificate, user management and authorization, the user authorization request to the digital certificate management module implementation is performed concurrently occurring Apache extension module, use API function MYSQL database database-related operations, the main function interface is defined as follows: GetUInfo (): information acquired customers; CerCurUser (uID): completion of the current user's management, signed do not whether it is legitimate user; GetUKey (uID): get the customer terminal authentication code; CenCAData (uID): generating a digital certificate file; digital certificate management module performs the function generating a user certificate, and distributed to the user, and completes the program data encrypted to the user on a P2P network, the main function interface is defined as follows: GenCAdata (ukey, Mu ey): generating a digital certificate, generating a digital certificate; EncodeStreamModule (pStre coffee Buf): encrypted data stream; RegStreamProfile (chaneIID): information index server registration program; index extension module mainly performs the function storing program information, digital certificate information, each 节目合法授权用户种子队列,鉴别申请注册到P2P的用户是否具有节目所需的数字证书,并把具有数字证书的用户分配到对应节目的P2P种子队列中去,主要函数接口定义如下: ProcStreamProfile(chanelID):处理提供者提交的节目信息; GetStreamCAID(chanelID):得到节目所需的数字证书识别号; CerCurUserCA(userID,CAID):校验当前用户是否有所需证书; RegSeedGroup(userID,chanelID):注册用户到相应节目的P2P种子队列; 客户端处理模块的功能主要是处理每个用户接收到以P2P方式传输的数据后,用节目所需的数字证书解密后将流式数据传递给媒体播放软件进行视频解码和播放,主要函数接口定义如下:ValideCA(chanelID):査验本地数是否数字证书RequestCA(chanelID,uID):申请数字证书文件DecoderStreamModule(pStreamBuf):解密数据流; ParseStreamModule(pStreamBuf):解码媒体流。 Program authorized users seeds queue, identify whether the application for registration to P2P users have a digital certificate required for the program, and to assign a user has a digital certificate to P2P seed in the queue of the corresponding program, whose main function interface is defined as follows: ProcStreamProfile (chanelID ): a program information providing process submitted; GetStreamCAID (chanelID): to obtain a digital certificate identification number of the desired program; CerCurUserCA (userID, CAID): checking whether the current user has the required certificates; RegSeedGroup (userID, chanelID): Register user to queue corresponding program P2P seed; function after the client processing module mainly processing each user receives data transmitted in a P2P manner, the digital certificate required by the program after decrypting streaming data transmitted to the media player software video decoding and playback, the main function interface is defined as follows: ValideCA (chanelID): checks if the number of local digital certificate RequestCA (chanelID, uID): request a digital certificate documents DecoderStreamModule (pStreamBuf): decrypt the data stream; ParseStreamModule (pStreamBuf): decoded media flow. 4. 加密数据流的方法可以采用BlowFish、 MD5、 Secretl6、 AES、 SHA、 CRC32、 RSA、 DES、 Vernam等,本实例采用Vernam的方法是:首先从密钥文件中得到密钥值,然后从这段密钥中截取和我们需要加密的明文同样长度的密钥。 Encrypted data streams may be employed BlowFish, MD5, Secretl6, AES, SHA, CRC32, RSA, DES, Vernam the like, examples of the present method is employed Vernam: first key value obtained from the key file, and then from segment keys taken and we need the same plaintext encryption key length. 然后使用一个简单的异或操作将明文和密钥进行运算,那么得到的结果就是加密后的密文了。 Then using a simple XOR operation calculates the plaintext and the key, then the result is obtained after the encrypted ciphertext. 解密过程是:由于是使用了异或操作,所以解密将非常简单,只要使用同样的密钥对密文再次进行异或操作就能够解密了。 Decryption process are: Since the XOR operation is used, the decryption will be very simple as using the same key ciphertext XOR operation again can be decrypted. 5. 基于步骤3的确定,粮据图2及图3所述的思路和步骤进行功能开发和实现。 5. Step 3 is determined based on grain according to FIG. 2 and FIG. 3, the ideas and functional development and implementation steps. 本发明对于实现基于P2P网络的直播流媒体的数字加密及用户鉴权,保护了直播流媒体在自由、开放的P2P网络上进行安全的传输和播放。 Based on the present invention for digital encryption live streaming P2P network and user authentication, protection transmission and playing live streaming security at the free, open P2P network. 对于P2P网络直播流媒体的数字版权保护的发展有着重要的促进作用和现实意义。 The development of digital copyright protection for live streaming P2P network plays an important role in promoting and practical significance.

Claims (6)

1、一种基于P2P网络的直播流媒体的鉴权方法,其特征在于: 第1步:流程开始,用户终端从索引服务器查看直播节目信息,发起播放某个节目的请求;第2步:索引服务器提供节目源提供者的连接信息以及节目播放所需数字证书的信息给用户终端;第3步:由客户端软件查验本地是否安装有所需数字证书,如果已经安装了数字证书,则向索引服务器请求转发者列表,并加入到P2P网络中进行下载和播放,如果没有安装数字证书,则根据所需数字证书信息到节目提供者的数字证书服务器进行申请;第4步:节目提供者根据用户请求进行用户鉴权,对于合法用户进行数字证书分发,每个节目提供者可根据自己的情况进行计费及用户鉴权和管理;第5步:用户得到数字证书后注册到P2P网络中进行直播流媒体的传输,接收流媒体数据进行解密、解码和播放。 A live streaming authentication method based on the P2P network, comprising: Step 1: The process starts, the user terminal to view the live program information from the index server, a request to initiate playback of a title; Step 2: Index server program source provider of information and connection information required to broadcast programs of digital certificates to the user terminal; step 3: check by the client software is installed locally have the required digital certificate, if the digital certificate is already installed, the index the server forwards the request list, and added to the P2P network to download and playback, if the digital certificate is not installed, the program provider's digital certificate according to the desired application server digital certificate information; step 4: the user program provider request user authentication, digital certificate distribution for legitimate users, each program may provide billing and user authentication and management according to their own circumstances; step 5: after a user to obtain a digital certificate registered in the P2P network broadcast live streaming media transmission, receiving streaming media data is decrypted, decoded and played.
2、 按照权利要求1所述的流媒体的动态认证及授权方法,其特征在于:节目提供者把节目数据加密后提供给P2P网络上的用户,每个用户在接收到P2P方式传输的数据后,需要用节目提供者的数字证书解密后方可进行视频解码和播放。 2. A method of dynamic authentication and authorization of the streaming media to claim 1, wherein: the program provider the encrypted program data to a user on a P2P network, each user receives the data transferred in the P2P It requires only video decoding and playback of digital certificates with the decryption program provider.
3、 按照权利要求1或2所述的流媒体的动态认证及授权方法,其特征在于:只有申请到所选节目所需的数字证书的用户才允许注册到P2P网络中进行传输;P2P网络节点上每个用户都有不同的授权,拥有同一节目的授权的用户成为一组,可以自由的进行数据传输,实现节目的P2P直播。 3. The method of claim dynamic authentication and authorization streaming media claim 1 or claim 2, wherein: the user is only required to apply to the digital certificate of the selected program are allowed to register for transmission to the P2P network; P2P network node each user has a different authorization, authorized users have the same program as a set, are free for data transmission, to achieve P2P live broadcasts.
4、 按照权利要求1或2所述的流媒体的动态认证及授权方法,其特征在于-. 在节目提供服务里,在节目向己签权用户传输前,首先交由用户鉴权功能模块进行数字处理,该模块功能有:将客户的信息传递给用户认证系统;根据客户端认证码生成数字证书,进行数字证书的发布;对数据流进行加密;向索引服务器注册节目信息。 4. The dynamic authentication and authorization method of streaming media to claim 1 or claim 2, characterized in that - the service program, in the program prior to the transmission of the user has the right to sign, the user submits the authentication function module digital processing, the module functions: to pass the client information to the user authentication system; generating a digital certificate authentication code based on the client, publishing digital certificates; encrypting the data stream; registered program information to the index server.
5、 按照权利要求1所述的流媒体的动态认证及授权方法,其特征在于:客户端软件接收P2P 方式传输的数据首先经过数字证书管理模块进行处理,解密;所用模块功能有:根据节目号和所需数字证书识别号査验本地是否有所需节目的数字证书;申请所需节目的数字证书;利用数字证书解密数据流。 5, according to claim dynamic authentication and authorization method of streaming media according to claim 1, wherein: the client software receives data P2P transferred in first through digital certificate management module for processing, the decryption; as used with modules are: The program number and the required digital certificate identifier check whether the local digital certificate of the desired program; application programs required for a digital certificate; descrambled stream using a digital certificate.
6、 按照权利要求1所述的流媒体的动态认证及授权方法,其特征在于:在索引服务器上增加节目提供者所有节目的鉴权信息,包括:节目提供者识别号MSPID、视频节目号ChandID、 节目所需证书识别号CAID;索引服务器上增加只对授权用户提供P2P网络传输的服务,收到用户P2P网络传输请求的时候,比对用户提供的证书识别号CAID,如果和节目要求的证书识别号相同,则允许注册,加入到种子对队列,进行P2P数据传输。 6, according to the dynamic authentication and authorization method of streaming media according to claim 1, wherein: increased program provider authentication information of all programs on the index server, comprising: providing a program identification number MSPID, video program number ChandID required certificate identification number CAID program; CAID than the certificate identification number provided by the user, and if the certificate program requirements increase only P2P network transport services to an authorized user on the index server, P2P network transmission received when the user requests, the same identification number, registration is allowed, a seed was added to the queue, the P2P data transmission.
CN 200810102396 2008-03-21 2008-03-21 Live broadcast stream media authentication method based on P2P network CN101247409A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810102396 CN101247409A (en) 2008-03-21 2008-03-21 Live broadcast stream media authentication method based on P2P network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810102396 CN101247409A (en) 2008-03-21 2008-03-21 Live broadcast stream media authentication method based on P2P network

Publications (1)

Publication Number Publication Date
CN101247409A true CN101247409A (en) 2008-08-20

Family

ID=39947607

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810102396 CN101247409A (en) 2008-03-21 2008-03-21 Live broadcast stream media authentication method based on P2P network

Country Status (1)

Country Link
CN (1) CN101247409A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010025638A1 (en) * 2008-09-04 2010-03-11 华为技术有限公司 Method, equipment and system of peer to peer live broadcast stream transfer
CN101815071A (en) * 2010-04-01 2010-08-25 北京数码视讯科技股份有限公司 Method, device and system for applying for digital certificate
CN101867777A (en) * 2010-04-20 2010-10-20 南京邮电大学 Video ordering transmission method based on peer-to-peer computing set-top box
CN101917417A (en) * 2010-07-30 2010-12-15 中山大学 3Tnet network-based media file play and control system
CN102075338A (en) * 2009-11-25 2011-05-25 突触计算机系统(上海)有限公司 Distributed network-based live broadcasting method and device
CN102333236A (en) * 2011-10-27 2012-01-25 中国华录集团有限公司 Video content encryption and decryption system
CN102946554A (en) * 2012-09-29 2013-02-27 合一网络技术(北京)有限公司 Method and system for charging and sharing according to network video playing amount
CN104618738A (en) * 2015-01-14 2015-05-13 青岛海信电器股份有限公司 Method and device for playing programs of intelligent TV
CN105704139A (en) * 2016-03-16 2016-06-22 杭州狮说教育科技有限公司 RTMP protocol-based streaming media service user authentication method
CN106664300A (en) * 2014-06-04 2017-05-10 搜诺思公司 Cloud queue access control
US10212166B2 (en) 2014-03-24 2019-02-19 Huawei Technologies Co., Ltd. File downloading method, apparatus, and system
US10452343B2 (en) 2014-06-04 2019-10-22 Sonos, Inc. Prioritizing media content requests

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010025638A1 (en) * 2008-09-04 2010-03-11 华为技术有限公司 Method, equipment and system of peer to peer live broadcast stream transfer
CN102075338B (en) * 2009-11-25 2015-05-13 突触计算机系统(上海)有限公司 Distributed network-based live broadcasting method and device
CN102075338A (en) * 2009-11-25 2011-05-25 突触计算机系统(上海)有限公司 Distributed network-based live broadcasting method and device
CN101815071A (en) * 2010-04-01 2010-08-25 北京数码视讯科技股份有限公司 Method, device and system for applying for digital certificate
CN101815071B (en) * 2010-04-01 2014-04-16 北京数码视讯科技股份有限公司 Method, device and system for applying for digital certificate
CN101867777B (en) 2010-04-20 2013-04-10 南京邮电大学 Video ordering transmission method based on peer-to-peer computing set-top box
CN101867777A (en) * 2010-04-20 2010-10-20 南京邮电大学 Video ordering transmission method based on peer-to-peer computing set-top box
CN101917417A (en) * 2010-07-30 2010-12-15 中山大学 3Tnet network-based media file play and control system
CN102333236A (en) * 2011-10-27 2012-01-25 中国华录集团有限公司 Video content encryption and decryption system
CN102333236B (en) * 2011-10-27 2014-07-02 中国华录集团有限公司 Video content encryption and decryption system
CN102946554A (en) * 2012-09-29 2013-02-27 合一网络技术(北京)有限公司 Method and system for charging and sharing according to network video playing amount
CN102946554B (en) * 2012-09-29 2016-06-15 合一网络技术(北京)有限公司 A kind of carry out method and the system thereof that charging is divided into according to Internet video playback volume
US10212166B2 (en) 2014-03-24 2019-02-19 Huawei Technologies Co., Ltd. File downloading method, apparatus, and system
US10462119B2 (en) 2014-06-04 2019-10-29 Sonos, Inc. Cloud queue synchronization
CN106664300A (en) * 2014-06-04 2017-05-10 搜诺思公司 Cloud queue access control
US10412073B2 (en) 2014-06-04 2019-09-10 Sonos, Inc. Cloud queue synchronization
US10116641B2 (en) 2014-06-04 2018-10-30 Sonos, Inc. Cloud queue playback policies on a graphical user interface
US10158619B2 (en) 2014-06-04 2018-12-18 Sonos, Inc. Cloud queue access control
US10452343B2 (en) 2014-06-04 2019-10-22 Sonos, Inc. Prioritizing media content requests
US10333920B2 (en) 2014-06-04 2019-06-25 Sonos, Inc. Cloud queue synchronization
US10326750B2 (en) 2014-06-04 2019-06-18 Sonos, Inc. Cloud queue playhead
CN104618738B (en) * 2015-01-14 2019-05-21 青岛海信电器股份有限公司 A kind of smart television program broadcasting method and device
CN104618738A (en) * 2015-01-14 2015-05-13 青岛海信电器股份有限公司 Method and device for playing programs of intelligent TV
CN105704139B (en) * 2016-03-16 2018-05-11 杭州开课啦教育科技有限公司 Streaming media service user authen method based on RTMP agreements
CN105704139A (en) * 2016-03-16 2016-06-22 杭州狮说教育科技有限公司 RTMP protocol-based streaming media service user authentication method

Similar Documents

Publication Publication Date Title
EP1728374B1 (en) Protection of digital data content
EP1628187B1 (en) System and method for secure data streaming by means of a virtual smart card
KR101153013B1 (en) Binding content to a domain
DE69925466T2 (en) Streaming media player with continuing control and protection of media content
CN1238989C (en) Data released
EP1442351B1 (en) Secure content distribution method and system
CN101504707B (en) Conditional access to digital rights management conversion
JP5156858B2 (en) Using a media storage structure with multiple pieces of content in a content delivery system
JP4563450B2 (en) Content distribution system
US7349886B2 (en) Securely relaying content using key chains
US7328345B2 (en) Method and system for end to end securing of content for video on demand
US9213809B2 (en) System and method for protecting digital contents with digital rights management (DRM)
US9608806B2 (en) Extending data confidentiality into a player application
EP1836795B1 (en) Method for managing digital rights in broadcast/multicast service
US20050246763A1 (en) Secure digital content reproduction using biometrically derived hybrid encryption techniques
TWI510066B (en) Systems and methods for securely streaming media content
US8555367B2 (en) Method and system for securely streaming content
CA2822185C (en) Method and system for unified mobile content protection
US7769880B2 (en) Carrying protected content using a control protocol for streaming and a transport protocol
JP2005526320A (en) Secure content sharing in digital rights management
DE60306210T2 (en) System and method for the local joint use of multimedia content
US8526612B2 (en) Selective and persistent application level encryption for video provided to a client
CN101547205B (en) Method, apparatus and system for remote real-time access of multimedia content
US20050262573A1 (en) Content presentation
CN103620609B (en) DRM(digital rights management is utilized for playing) method of digital content of scheme protection and corresponding system

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C02 Deemed withdrawal of patent application after publication (patent law 2001)