CN102143184A - Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication - Google Patents
Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication Download PDFInfo
- Publication number
- CN102143184A CN102143184A CN2011100806230A CN201110080623A CN102143184A CN 102143184 A CN102143184 A CN 102143184A CN 2011100806230 A CN2011100806230 A CN 2011100806230A CN 201110080623 A CN201110080623 A CN 201110080623A CN 102143184 A CN102143184 A CN 102143184A
- Authority
- CN
- China
- Prior art keywords
- authentication
- cdn1
- token
- cdn2
- parameters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Abstract
The invention relates to an authentication method, a authentication device and a authentication system for realizing CND (content delivery network) intercommunication. The authentication method comprises the following steps: a second content delivery network CDN2 receives a service request from a first content delivery network CDN1 or terminal; the CDN2 acquires authentication parameters and a token provided by a content provider CP, the CP signs a contract with the CDN1, the CDN1 signs a contract with the CDN2, and the CP signs a contract with the CDN2; the CDN2 authenticates the CP according to the authentication parameters and the token; the CDN2 returns the service response to the CDN1 or the terminal according to the authentication results. The CDN2 authenticates the CP, so that the method, the device and the system in the embodiment of the invention ensures the intercommunication security between the CDN1 and the CDN2 and ensures that the CDN2 only provides service for the CP signing the contract with the CDN1.
Description
Technical field
The present invention relates to communication technical field, authentication method, device and the system of particularly a kind of realization CDN (Content Dilivery Network, content distributing network) intercommunication.
Background technology
The data service (as business of networking, video traffic etc.) of content supplier in order to expand oneself often needs to dispose a large amount of servers, for user capture.Fig. 1 for adopt C-S (client-server) pattern by content supplier (Content Provider, CP)/(Service Provider, content source server SP) provides the schematic diagram of content service to service provider for terminal.
Along with increasing of Operational Visit, deployment mode shown in Figure 1 exposes some problems.At first, these servers often are deployed in the higher position (as backbone layer, convergence-level etc.) of network, reaching bigger coverage, but when mass users is visited, will cause taking in a large number of backbone, convergence-level bandwidth, and the network bandwidth is posed a big pressure.Secondly, because server location is higher, user's request has than long time delay, causes user experience undesirable.
At the problems referred to above, independently CDN service provider has appearred.CDN service provider nearby for the user provides service, thereby reaches the saving network bandwidth by dispose the CDN system that a large amount of edges cache node is formed at network edge, promotes the purpose that customer service is experienced.Simultaneously, telecom operators also begin oneself and dispose the CDN system, are that the business of oneself is quickened on the one hand, can offer other guide provider simultaneously and use.
The appearance of CDN system makes content supplier can only dispose a spot of content source server, and the business of just can finishing provides.Simultaneously, when number of users increased, the CDN system was responsible for the flow of managing business, and content supplier need not to carry out the network capacity extension.Adopt network model that the CDN system provides content service for the terminal use as shown in Figure 2.
CDN operator, telecom operators plan according to the business development of oneself, are chosen in different areas and dispose the CDN system.Also may there be the overlapping of overlay area in coverage difference between the CDN system of each producer simultaneously.But at present the CDN system does not also have standardization, and the CDN system of each producer establishes one's own system, independent each other running, and not cooperation causes that ability can't be complementary between each CDN system.
Such as, first content distributing network CDN1 has covered Beijing, Shanghai; Second content distributing network CDN2 has covered Xi'an, Shenzhen.If certain CP of content supplier this moment wish its content in Beijing, the user on Shanghai, Xi'an, four ground, Shenzhen can visit, then CDN1 still is that CDN2 can't satisfy the requirement of this content supplier separately, thereby needs the intercommunication between the CDN.Because CP and CDN1 are signatory, CDN1 is signatory with CDN2, and CP contracts with CDN2, CDN2 can't carry out safety certification to CP at this moment.
Summary of the invention
In order to overcome the defective of prior art, the embodiment of the invention provides a kind of authentication method, device and system of the CDN of realization intercommunication, and when CP and CDN1 are signatory, CDN1 is signatory with CDN2, and CP is with CDN2 when signatory, and realization CDN2 is to the authentication of CP.
On the one hand, the embodiment of the invention provides a kind of authentication method of the CDN of realization intercommunication, and described method comprises: second content distributing network CDN2 receives the service request from first content distributing network CDN1 or terminal; Parameters for authentication and the token that is provided by the CP of content supplier is provided described CDN2, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2; Described CDN2 authenticates described CP according to described parameters for authentication and token; Described CDN2 returns service response according to authentication result to described CDN1 or described terminal.
On the other hand, the embodiment of the invention provides a kind of authenticate device of the CDN of realization intercommunication, and described device is arranged in second content distributing network CDN2, and described device comprises: receiving element is used to receive the service request from first content distributing network CDN1 or terminal; Acquiring unit is used to obtain the parameters for authentication and the token that are provided by the CP of content supplier; Described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2; Authentication ' unit, the parameters for authentication and the token that are used for getting access to according to described acquiring unit authenticate described CP; Transmitting element is used for the authentication result according to described authentication ' unit, returns service response to described CDN1 or described terminal.
Another aspect, the embodiment of the invention provide a kind of Verification System of the CDN of realization intercommunication, and described system comprises: the safety function device SF2 and the safety function device SF1 that is positioned at first content distributing network CDN1 that are positioned at second content distributing network CDN2; Described SF2 is used to receive the service request from described SF1 or terminal; The parameters for authentication and the token that are provided by the CP of content supplier are provided, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2; According to described parameters for authentication and token described CP is authenticated; According to authentication result, return service response to described SF1 or described terminal.
The method of the embodiment of the invention, device and system, when CP and CDN1 are signatory, CDN1 contracts with CDN2, and CP is with CDN2 when signatory, obtain parameters for authentication and the token of CP by CDN2, and described CP is authenticated according to parameters for authentication of obtaining and token, guaranteed the fail safe of intercommunication between CDN1 and the CDN2, made CDN2 only for providing service with the signatory CP of CDN1.
Description of drawings
Fig. 1 is provided the schematic diagram of content service for prior art adopts the C-S pattern for terminal by the content source server of CP/SP;
Fig. 2 provides the network model figure of content service for prior art adopts the CDN system for the terminal use;
Fig. 3 is the CDN systemic-function Organization Chart of the embodiment of the invention;
Fig. 4 is the typical application scenarios figure of the embodiment of the invention;
Fig. 4 a is the authentication method flow chart that the embodiment of the invention realizes the CDN intercommunication;
Fig. 4 b is the authenticate device functional block diagram that the embodiment of the invention realizes the CDN intercommunication;
Fig. 4 c is the Verification System annexation schematic diagram that the embodiment of the invention realizes the CDN intercommunication;
Fig. 5 is embodiment of the invention CDN2 to one of identifying procedure figure of CP;
Fig. 6 is embodiment of the invention CDN2 to two of the identifying procedure figure of CP;
Fig. 7 is embodiment of the invention CDN2 to three of the identifying procedure figure of CP;
Fig. 8 is embodiment of the invention CDN2 to four of the identifying procedure figure of CP;
Fig. 9 is embodiment of the invention CDN2 to five of the identifying procedure figure of CP;
Figure 10 is embodiment of the invention CDN2 to six of the identifying procedure figure of CP.
Embodiment
The embodiment of the invention provides a kind of authentication method, device and system of the CDN of realization intercommunication.The CDN intercommunication can promote the ability complementation between the CDN system, as the expansion of covering power, and the load sharing of CDN flow system flow when increasing etc.Safety is one of key issue of CDN intercommunication, when CDN2 and CDN1 intercommunication, must guarantee that CDN2 only provides service for the CDN1 that has interoperation relationships with it.The technical scheme of the embodiment of the invention, the safety issue in the time of can solving the CDN intercommunication promotes the intercommunication between the different CDN system.
The CDN systemic-function framework of the embodiment of the invention as shown in Figure 3.
(1) content source: Content Source (CS)
Store original contents, and content is sent to the CDN system.CP/SP can oneself dispose content source, also can select content stores in third party's storage system.
The content that is stored in content source can be injected into CDN system (in particular, be to be injected into the content stores entity, perhaps content delivery entity) by the content injection process.The CDN system also can be when being necessary initiatively to the content source request content.
(2) storage control: Storage Controller
Storage control selects suitable content stores to obtain content from content source; And select suitable content delivery to obtain content from the content stores of appointment.
The function of storage control specifically comprises: understand the load condition of content stores, as CPU usage, internal memory operating position, input output band width situation; Understand the ability information of content stores, as the content of supporting inject agreement (as HTTP, FTP), the content distribution protocol (HTTP, FTP) etc.; Be responsible for the route of content requests, inject request, content dispense request etc. as content.
(3) pay control: Delivery Controller
Paying control chosen content payment entity is the terminal transfers media content.
The function of paying controlled entity specifically comprises: understand the load condition of content delivery, as CPU usage, internal memory operating position, input output band width situation; Understand the ability information of content delivery, as the content of supporting inject agreement (as HTTP, FTP), the content delivery agreement (as RTSP, HTTP, SilverLight, Flash) etc.; Be responsible for the route of content association requests, inject, the content distribution as content.
(4) content route: Content Route (CR)
In the embodiment of the invention, will store control and pay control and be referred to as the content route.For simplicity, among the following embodiment of the present invention, the content route is not specifically divided into storage control and is paid control, only adopts the content route entity to describe related embodiment.
(5) safety function: Security Fucntion (SF)
In the embodiment of the invention, safety function is a logical functional entity, can be positioned at key-course, perhaps resource layer.Can independently be provided with, perhaps be integrated in content route or the content delivery entity.
The function of SF specifically comprises: the management of CP security information (as sharing key, authentication method etc.); The transmission of CP security information, the security information of transmitting CP such as the SF1 of CDN1 is given the SF2 of CDN2; Finish authentication, in other words to the authentication of CP particular portal to CP; Alternatively, also comprise the authentication between the CDN, CDN1 is the CDN that contracts such as the CDN2 authentication.
(6) content stores: Content Storage (CSG)
CSG obtains, stores original contents from content source, and is distributed to the content delivery entity; Alternatively, CSG can also carry out preliminary treatment to content, as content fragment, and transcoding.
(7) content delivery: Content Delivery (CD)
CD obtains content from content stores, and is distributed to terminal; Alternatively, CD can also carry out the code check conversion to content, file format conversion, processing such as burst.
The embodiment of the invention is that example describes with 2 CDN intercommunications, the typical scene that this scheme is suitable for as shown in Figure 4: suppose CDN1 overlay area 1, CDN2 overlay area 2.CP wishes in zone 1 and zone 2 for the user provides service, CP only and CDN1 signatory, CDN1 and CDN2 contract.Since CP only and CDN1 signatory, so think that content is injected into the content stores entity of CDN1.Simultaneously, because CP is only signatory with CDN1, thereby the content delivery request arrives the content route of CDN1 earlier.
The intercommunication of CDN system relates to following operation flow: content distribution flow, content delivery flow process.By the content distribution flow, CDN2 obtains content from CDN1, comprises that CDN1 pushes content to CDN2, and perhaps CDN2 is to the CDN1 request content.By the content delivery flow process, terminal is obtained media content from CDN2.
Embodiment 1 has described the entire flow of CDN safe intercommunication, and embodiment 2 has described the safe intercommunication process of content distribution flow, and embodiment 3-6 describes the safe intercommunication process of content delivery flow process, and embodiment 7 is applicable to content distribution and content delivery flow process.
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Embodiment 1:
Present embodiment at first provides a kind of authentication method of the CDN of realization intercommunication, and this method is applied to scene shown in Figure 4; Fig. 4 a is the method flow diagram of present embodiment, and shown in Fig. 4 a, this method comprises:
S401, CDN2 receive the service request from CDN1 or terminal;
Parameters for authentication and the token that is provided by CP is provided for S402, CDN2, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2;
S403, CDN2 authenticate described CP according to described parameters for authentication and token;
S404, CDN2 return service response according to authentication result to CDN1 or described terminal.
Alternatively, S402 specifically comprises: parameters for authentication and the token that is provided by CP is provided from described service request CDN2; Perhaps CDN2 is provided from described service request by the parameters for authentication that is provided by CP, and obtains the token that is provided by CP by the verification process with CP.
Alternatively, described method also comprises: CDN2 receives the security information that CDN1 sends, and described security information comprises the shared key of CP and CDN1 at least; Correspondingly, S403 specifically comprises: CDN2 generates token according to described parameters for authentication and described shared key, and relatively whether the token of Sheng Chenging is consistent with the token that obtains, if unanimity then authenticate is passed through.
Alternatively, when CDN1 was not handed down to CDN2 with security information, S403 specifically comprised: CDN2 offers CDN1 with described parameters for authentication and token, described CP is authenticated according to the shared key of CP and CDN1, described parameters for authentication and token by CDN1; And receive the authentication result of returning by CDN1.
Alternatively, described method also comprises: carry out the conversion of agreement and/or message format between CDN1 and the CDN2 by security gateway.
Alternatively, the executive agent of described method is: the safety function device among the CDN2.
Corresponding to the method for Fig. 4 a, present embodiment also provides a kind of authenticate device of the CDN of realization intercommunication, and described device is arranged in second content distributing network CDN2; Fig. 4 b is the functional block diagram of this device, and shown in Fig. 4 b, this device 40 comprises: receiving element 401 is used to receive the service request from CDN1 or terminal; Acquiring unit 402 is used to obtain the parameters for authentication and the token that are provided by CP, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2; Authentication ' unit 403, the parameters for authentication and the token that are used for getting access to according to described acquiring unit authenticate described CP; Transmitting element 404 is used for the authentication result according to described authentication ' unit, returns service response to CDN1 or described terminal.
Alternatively, described acquiring unit 402 specifically is used for obtaining parameters for authentication and the token that is provided by CP from described service request; The parameters for authentication that provides by CP perhaps is provided from described service request, and is obtained the token that provides by CP by verification process with CP.
Alternatively, described receiving element 401 also is used to receive the security information that CDN1 sends, and described security information comprises the shared key of CP and CDN1 at least; Correspondingly, described authentication ' unit 403 specifically is used for the parameters for authentication that gets access to according to described acquiring unit and described shared key generates token, and relatively whether the token of Sheng Chenging is consistent with the token that obtains, if unanimity then authenticate is passed through.
Alternatively, when receiving element 401 not when CDN1 receives security information, described authentication ' unit 403 specifically is used for described parameters for authentication and token are offered CDN1, described CP is authenticated according to the shared key of CP and CDN1, described parameters for authentication and token by CDN1; The authentication result that reception is returned by CDN1.
Corresponding to the method for Fig. 4 a and the device of Fig. 4 b, present embodiment also provides a kind of Verification System of the CDN of realization intercommunication, and described system applies is in scene shown in Figure 4; Fig. 4 c is a present embodiment system annexation schematic diagram.
Shown in Fig. 4 c, the system of present embodiment comprises: the safety function device SF2 and the safety function device SF1 that is positioned at CDN1 that are positioned at CDN2; Described SF2 is used to receive the service request from SF1 or terminal; The parameters for authentication and the token that are provided by CP are provided, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2; According to described parameters for authentication and token described CP is authenticated; According to authentication result, return service response to SF1 or described terminal.
Alternatively, described SF2 specifically is used for obtaining parameters for authentication and the token that is provided by CP from described service request; The parameters for authentication that provides by CP perhaps is provided from described service request, and is obtained the token that provides by CP by verification process with CP.
Alternatively, described SF2 also is used to receive the security information that CDN1 sends, and described security information comprises the shared key of CP and CDN1 at least; Generate token according to described parameters for authentication and described shared key, relatively whether the token of Sheng Chenging is consistent with the token that obtains, if unanimity then authenticate is passed through.
Alternatively, described SF2 also is used for described parameters for authentication and token are offered SF1, described CP is authenticated according to the shared key of CP and CDN1, described parameters for authentication and token by SF1; And receive the authentication result of returning by SF1.
Alternatively, described system also comprises: the security gateway (not shown) between SF1 and SF2; Described security gateway is used to realize agreement and/or message format conversion between CDN1 and the CDN2.
The method of the embodiment of the invention, device and system, when CP and CDN1 are signatory, CDN1 contracts with CDN2, and CP is with CDN2 when signatory, parameters for authentication and the token of CDN2 by obtaining CP, realized that CDN2 authenticates CP, guaranteed the fail safe of intercommunication between CDN1 and the CDN2, made CDN2 only for providing service with the signatory CP of CDN1.
Embodiment 2:
Present embodiment has realized that based on the scene of Fig. 4 CDN2 is to the authentication of CP in the content distribution procedure.Under this scene, CDN1 initiatively carries out the content distribution according to the particular dispensed rule and promptly initiatively content is pushed to CDN2 from CDN1.Specifically verification process is as shown in Figure 5:
S500, safety function device SF1 issue security information to safety function device SF2.
The security information particular content depends on the security information that CP and CDN1 share, and comprises authentication mode, the shared key between CP and the CDN1, certificate scheme etc.
CDN1 and CDN2 have a plurality of signatory, each have different contracting such as the different CP of correspondence, and a plurality of different contracting are arranged under the perhaps same CP.General CDN sign and the signatory mark of adopting identifies that these are signatory, thereby identifies (CDN ID) and signatory mark (Profile ID) with the CDN that can also have that security information issues simultaneously.CDN2 can contract by the specific of certain specific CDN of unique identification by CDN sign and signatory mark.
Authentication mode has symmetric key authentication and unsymmetrical key to authenticate two kinds.When adopting the symmetric key authentication mode, the key in the security information is the shared key of CP and CDN1.When adopting unsymmetrical key (PKI) authentication mode, the key in the security information is the PKI of CP.Present embodiment is that example describes to share key.
Certificate scheme is corresponding to different digest algorithms, as MD5 (eap-message digest 5), and SHA1 (SHA 1), perhaps other digest algorithms.
The embodiment of the invention can be the part of security information as CAMEL-Subscription-Information, and the service contract and the necessary shared information of CAMEL-Subscription-Information storage concluding parties are bases of service.The CAMEL-Subscription-Information example of the embodiment of the invention is as follows: CDN sign, signatory mark, security information (authentication mode, key, certificate scheme), and other CAMEL-Subscription-Information.The CAMEL-Subscription-Information of the embodiment of the invention and security information also can adopt other organizational forms, and these organizational forms do not influence the realization of this programme.
S501, content route device CR1 send service request to SF1.
With the HTTP request is example, the URL of this business request information schematically as follows:
http://www.sina.com/movie/hero.flv。Wherein www.sina.com is a domain name.
In order to realize specific business, business request information also may be passed through URL, and HTTP message header field or message body are carried other professional specific parameters, and the embodiment of the invention is not done qualification to this.
S502, SF1 send service request to SF2, wherein carry parameters for authentication.
This step can specifically comprise:
After A, SF1 receive business request information,, otherwise refuse this request if judge this request from signatory CP then carry out follow-up flow process;
If B should ask from signatory CP, SF1 judges further whether this request message has carried token;
If C carries, SF1 can carry out: substep 1) directly transmit this service request and give SF2; Perhaps substep 2) increase new parameters for authentication, as CDN ID and/or Profile ID, recomputate token, send amended service request then to SF2.
If D does not carry token, SF1 directly carries out substep 2).
The parameters for authentication of present embodiment comprises: request URL/domain name, CDN sign, signatory mark, authentication mode, certificate scheme.Signatory mark wherein, authentication mode, certificate scheme is optional.
Token is obtained by parameters for authentication and cipher key calculation.With SHA1 is example, token=SHA1 (request URL/domain name, CDN sign, signatory mark, authentication mode, certificate scheme, key).Signatory mark wherein, authentication mode, certificate scheme is optional.
During computational token, can adopt URL, perhaps the domain name among the URL.
With the HTTP request is example, this business request information URL schematically as follows, wherein TOKEN is a token:
http://www.sina.com/movie/hero.flv?CDNID=1234&ProfileID=5678&AuthMode=1&AuthAlgorithm=1&TOKEN=abcdef123456.
During specific implementation, the mode of carrying of above-mentioned information is not limit.Also can be used as the partial content of token such as parameters for authentication.Simultaneously, can carry token with the message header field.
S503, SF2 authenticate service request.
SF2 determines corresponding security information according to CDN ID and/or Profile ID.SF2 is according to the key in the security information, and the parameters for authentication computational token in the service request; Whether the token that carries in the relatively new token that calculates and the service request is consistent; If consistent, then authentication is passed through, otherwise authentication is not passed through.
S504, SF2 send service request to CR2 according to authentication result.
S505, CR2 return service response and give SF2.
CR2 carries out different processing at different service request, and concrete the processing depended on carrier policy, and the embodiment of the invention is not done qualification to concrete processing procedure.
S506, SF2 send service response to SF1.
S507, SF1 send service response to CR1.
Whether in the present embodiment, CDN1 carries CP and authenticates needed parameters for authentication and token, and CDN2 recomputates token according to parameters for authentication and with the CDN1 cipher key shared, consistent with the token of receiving by the token that relatively generates, and then finishes the authentication to CP.
Embodiment 3:
Present embodiment has realized that based on the scene of Fig. 4 CDN2 is to the authentication of CP in the content delivery process, and specifically verification process is as shown in Figure 6:
S600, safety function SF1 issue security information and give SF2.The detailed process of this step is referring to the S500 of Fig. 5.
Certain navigation door that S601, terminal are browsed CP in the response message that CP returns, carries parameters for authentication and token.
Parameters for authentication and token can return by URL, for example:
www.sina.com/movie/hero.flv?CDNID=1234&ProfileID=5678&ClientID=10 .144.111.11&AuthMode=1&AuthAlgorithm=1&TOKEN=abcdef123456。
Parameters for authentication comprises: request URL/domain name, CDN sign, signatory mark, client identification, authentication mode, certificate scheme.Wherein CDN identifies, signatory mark, and client identification, authentication mode, certificate scheme is optional.
Specific to above-mentioned response message: www.sina.com/movie/hero.flv is request URL, and wherein www.sina.com is a domain name; 1234 are the CDN sign; 5678 is signatory mark; 10.144.111.11 be client identification, this sentences the IP address is example; AuthMode=1 represents authentication mode, and AuthAlgorithm=1 represents certificate scheme.TOKEN calculates resulting token.
Here parameters for authentication has increased client identification.By increasing this sign, can prevent that other clients from retransmitting this message.The CP door can be the IP address of browse request message as client identification.
Token is according to parameters for authentication, and cipher key calculation gets.With SHA1 is example, token=SHA1 (request URL/domain name, CDN sign, signatory mark, client identification, authentication mode, certificate scheme, key).Wherein CDN identifies, signatory mark, and client identification, authentication mode, certificate scheme is optional.
S602-S603: terminal is initiated service request to CR1, and CR1 is redirected service request by service response message notice terminal and asks CR2.
Described request is carried parameters for authentication and token.With the HTTP request is example, this business request information schematically as follows:
http://www.sina.com/movie/hero.flv?CDNID=1234&ProfileID=5678&ClientID=10.144.111.11&AuthMode=1&AuthAlgorithm=1&TOKEN=abcdef123456.
Parameters for authentication comprises: request URL/domain name, CDN sign, signatory mark, client identification, authentication mode, certificate scheme.Wherein CDN identifies, signatory mark, and client identification, authentication mode, certificate scheme is optional, if having on the CP door, can carry.
Described token is according to parameters for authentication, and cipher key calculation gets.With SHA1 is example, token=SHA1 (request URL/domain name, CDN sign, signatory mark, client identification, authentication mode, certificate scheme, key).Wherein CDN identifies, signatory mark, and client identification, authentication mode, certificate scheme is optional.
Here parameters for authentication has increased client identification.Because the IP or the MAC Address difference of different clients,, can prevent that other clients from retransmitting this message by increasing this sign.Client address can adopt IP address or MAC Address.
Present embodiment can adopt URL, and perhaps the domain name among the URL is come computational token, is example with SHA1, token=SHA1 (request URL/domain name, CDN sign, signatory mark, client identification, authentication mode, certificate scheme, key).
S604, terminal send service requesting information to CR2.
Terminal is initiated service request according to the service response message of receiving among the S603 to CR2.Service request is carried parameters for authentication and token.
S605, CR2 send service request to SF2, and service request is carried parameters for authentication and token.
S606, the request of SF2 authentication business are returned service response and are given CR2.
Particularly, this step can comprise:
A, SF2 determine corresponding security information according to CDNID and/or ProfileID.If do not carry CDNID and ProfileID in the parameters for authentication, can determine corresponding security information according to the CP domain name;
B, SF2 are according to the key in the security information, and the parameters for authentication in the service request, computational token; Whether the token that carries in the relatively new token that calculates and the service request is consistent, if consistent, then authentication is passed through, and does not pass through otherwise authenticate;
Behind C, the authentication success, return service response.
S607, CR2 return service response and give terminal.
The scheme of the embodiment of the invention is given under the situation of CDN2 when issued security information at CDN1, and CDN2 obtains key from security information, and acquisition is authenticated CP by parameters for authentication and token that CP provides from service request.This moment, CP only needed and CDN1 has contract signing relationship, and a system that only needs to understand CDN1 gets final product, as disposing reporting system etc.This scheme has been simplified the work of CP greatly.
Embodiment 4:
Present embodiment has realized that based on the scene of Fig. 4 CDN2 is to the authentication of CP in the content delivery process, and present embodiment hypothesis CDN1 does not issue security information and gives CDN2.Thereby CDN2 needs and CDN1 carries out finishing the authentication to service request alternately.Concrete verification process as shown in Figure 7.
S701-S704 is with the S602-S605 of embodiment 2.
The same with embodiment 2, parameters for authentication and token in the service request that terminal sends among the S701 in the present embodiment also are to be obtained by CP, detailed process referring among the embodiment 2 to the associated description of S601, no longer launch to describe herein.
Wherein, among the step S702, CR1 can increase the routing iinformation of CDN1 in redirect message, so that SF2 can send to CDN1 to service request among the step S705.Routing iinformation can directly carry URL or the IP address of SF1; Perhaps carry CDN1 sign and/or signatory mark, so that SF2 is according to the destination of the definite route of sign, the URL or the IP address that for example obtain SF1 from local configuration information.
S705, SF2 send service request to SF1.
SF2 can determine which address to send business request information to according to the routing iinformation in the message.As described in S702.
Present embodiment signal SF2 directly sends business request information to SF1, and this message also can be transmitted through CR1.
S706, the request of SF1 authentication business are returned service response and are given SF2.
Particularly, this step can comprise:
A, SF1 determine corresponding security information according to CDNID and/or ProfileID.If do not carry CDNID and ProfileID in the parameters for authentication, can determine corresponding security information according to the CP domain name;
B, SF1 are according to the key in the security information, and the parameters for authentication in the service request, computational token; The token that carries in relatively newer token that calculates and the service request, if consistent, then authentication is passed through, otherwise authentication is not passed through;
Behind C, the authentication success, return service response.
S707, SF2 return service response and give CR2.
S708, CR2 return service response and give terminal.
The method of the embodiment of the invention, do not issue security information at CDN1 and give under the situation of CDN2, by parameters for authentication and token are offered CDN1, after by CDN1 replaced C DN2 CP being authenticated, to CDN2 return authentication result, thereby realized the authentication of CDN2 to CP.This moment, CP only needed and CDN1 has contract signing relationship.Work such as the operation of CP system, maintenance, statistics, monitoring have been simplified greatly.
Embodiment 5:
Present embodiment has realized that based on the scene of Fig. 4 CDN2 is to the authentication of CP in the content delivery process.Present embodiment supposes that equally CDN1 does not issue security information and gives CDN2.Thereby CDN2 needs and CDN1 carries out finishing the authentication to service request alternately.Specifically verification process is as shown in Figure 8:
S801-S804 is with the S602-S605 of embodiment 2.
The same with embodiment 2, parameters for authentication and token in the service request that terminal sends among the S801 in the present embodiment also are to be obtained by CP, detailed process referring among the embodiment 2 to the associated description of S601, no longer launch to describe herein.
Wherein among the S802, CR1 can increase routing iinformation in redirect message, so that CR2 can send to CDN1 to service request among the S806.Wherein routing iinformation can directly carry URL or the IP address of SF1, perhaps carries CDN2 sign and/or signatory mark, so that SF2 is according to the destination of the definite route of sign, the URL or the IP address that for example obtain SF1 from local configuration information.
CR2 is given in S805, the request of SF2 redirection business.
S806, CR2 send service request to SF1.
CR2 can determine which address to send business request information to according to the routing iinformation in the message.As described in step 2.
S807, the request of SF1 authentication business are returned service response and are given CR2.
Particularly, this step can comprise:
A, SF1 determine corresponding security information according to CDNID and/or ProfileID.If do not carry CDNID and ProfileID in the parameters for authentication, can determine corresponding security information according to the CP domain name;
B, SF1 are according to the key in the security information, and the parameters for authentication in the service request, computational token; Whether the token that carries in the relatively new token that calculates and the service request is consistent, if consistent, then authentication is passed through, and does not pass through otherwise authenticate;
Behind C, the authentication success, return service response.
S808, CR2 return service response and give terminal.
The method of the embodiment of the invention, do not issue security information at CDN1 and give under the situation of CDN2, by parameters for authentication and token are offered CDN1, after by CDN1 replaced C DN2 CP being authenticated, to CDN2 return authentication result, thereby realized the authentication of CDN2 to CP.This moment, CP only needed and CDN1 has contract signing relationship.Simplified the work such as system's operation, maintenance, statistics, monitoring of CP greatly.
Embodiment 6:
Present embodiment has realized that based on the scene of Fig. 4 CDN2 is to the authentication of CP in the content delivery process, and specifically identifying procedure is as shown in Figure 9:
S900, SF1 issue security information and give SF2.This step is with the S500 of embodiment 1.This step is an optional step, gives under the situation of CDN2 and issue security information at CDN1, can finish local authentication by CDN2, do not issue security information at CDN1 and give under the situation of CDN2, and will be that CDN2 finishes verification process by CDN1.
S901-S902, terminal are initiated service request to CR1, and CR1 is redirected service request by service response message notice terminal and asks CR2.
Token is not carried in request.With the HTTP request is example, this business request information schematically as follows:
http://www.sina.com/movie/hero.flv
S903, terminal send solicited message to CR2.
Terminal is initiated service request according to the redirect message of receiving among the step S902 to CR2.
S904, CR2 send service request to SF2.
S905, SF2 send authentication request to SF1.
Do not carry token in the SF2 judgement service request.SF2 sends authentication request to SF1, can carry the parameters for authentication of SF2 structure alternatively in this authentication request.With HTTP POST is example:
http://www.sina.com/movie/hero.flv?CDNID=1234&ProfileID=5678&AuthMode=1&AuthAlgorithm=1.
Here CDN ID is the sign of CDN1; Profile ID is the signatory mark of CDN1 and CDN2.
The parameters for authentication of above-mentioned request message also can be passed through HTTP message header field, and perhaps message body (as XML) is carried.
Concrete route is with the description of aforesaid embodiment S701-S704.
S906, SF1 send authentication request to content operator CP (being specially the secure entity of content operator).
With HTTP POST is example:
http://www.sina.com/movie/hero.flv?CDNID=1234&ProfileID=6789&AuthMode=1&AuthAlgorithm=1.
SF1 replaces to signatory mark between CDN1 and the CP to Profile ID.If CDN1 is handed down in the security information of CDN2, directly use the signatory mark between CP and the CDN1, then the SF1 value that need not replace signatory mark herein.
The parameters for authentication of above-mentioned request message also can be passed through HTTP message header field, and perhaps message body (as XML) is carried.
The response of S907, CP (being specially the secure entity of content operator) return authentication.
The secure entity of CP is according to parameters for authentication, and computational token is carried at token and returns to SF1 in the authentication response.
With HTTP is example:
HTTP/1.1200OK
Authorization:response=abcdef123456.
The optional parameters for authentication of carrying of authentication response message is with the parameters for authentication of receiving in the authentication request.
Wherein, parameters for authentication, token also can pass through HTTP message header field, and perhaps message body (as XML) is carried.
S908, SF1 carry out local verification, and this step is an optional step, if carry out S900 then do not need to carry out this step but carry out S910, otherwise then need to carry out this step.Particularly, SF1 generates token according to parameters for authentication and shared key, and relatively whether the token of Sheng Chenging is consistent with the token that returns from CP, if unanimity then authenticate is passed through.
S909, SF1 return authentication respond to SF2.If S908 does not carry out, then this step is also omitted.
This message is with the authentication response message among the S907.
S910, SF2 carry out local verification, and this step is an optional step, if carry out S900 then need to carry out this step, on the contrary execution in step S908 then.SF2 is according to parameters for authentication and key, and computational token will be calculated the token of generation and compare from the token that CP returns.If consistent, then authentication is passed through; Otherwise authentication is not passed through.
S911, SF2 return service response and give CR2.
If authentication is passed through, SF2 returns 200OK; Otherwise return 401 (unauthorizeds).
S912CR2 returns service response and gives terminal.
Among this embodiment, SF2 sends authentication request by SF1 to CP (being specially the secure entity of content operator).SF2 also can directly send authentication request to CP.
In addition, among the S912, SF2 also can return 401 (unauthorizeds) and give UE.UE sends authentication request to CP, and transmits the authentication response that CP returns and give SF2, and SF2 verifies the authentication response that returns.
In the present embodiment, when service request is not carried token, obtain the token information that CP responds, CDN2 can be authenticated CP according to parameters for authentication of obtaining and token information by the authentication request of initiating a CP.By said process, realized the authentication of CDN2 to CP, this moment, CP only needed and CDN1 has contract signing relationship, had simplified the work such as system's operation, maintenance, statistics, monitoring of CP greatly.
Embodiment 7:
Present embodiment has been realized the authentication of CDN2 to CP based on the scene of Fig. 4, and wherein CDN1 adopts different safety approachs with CDN2, by the gateway intercommunication.The method of present embodiment both can be used for the content distribution procedure, also went for the content delivery process.
Service request/service response of handling as CDN1 and CDN2 is different, the agreement difference of Cai Yonging for example, and perhaps the message content difference can be passed through security gateway, asks/conversion of service response.Thereby finish the authentication of service request smoothly.In like manner, when CDN1 is different with authentication request/authentication response that CDN2 handles, also can change by security gateway.During the security gateway specific implementation, a part that can be used as safety function realizes.
The concrete identifying procedure of present embodiment is as shown in figure 10:
S1001, SF2 send service request to security gateway.
S1002, security gateway are handled the service request of receiving.
Whether security gateway checking service request is legal, and to change this service request be the manageable form of SF1.
Service request after S1003, the security gateway transmission conversion is to SF1.
S1004, SF1 return service response and give security gateway.
The service request that the SF1 authentication is received is returned service response, and service response is carried token.Concrete verification process is referring to the verification process of safety function in the foregoing description.
S1005, security gateway are handled the service response of receiving.
Whether security gateway checking service response is legal, and to change this service response be the manageable form of SF2.
Service response after S1006, the security gateway transmission conversion is to SF2.
Security gateway is identical to the processing procedure of authentication request and authentication response, sees S1101-S1106 for details, repeats no more herein.
Present embodiment goes for above-mentioned all embodiment.
The beneficial effect that embodiment of the invention technical scheme is brought: when CP and CDN1 are signatory, CDN1 contracts with CDN2, and CP is with CDN2 when signatory, obtain parameters for authentication and the token of CP by CDN2, and described CP is authenticated according to parameters for authentication of obtaining and token, guarantee the fail safe of intercommunication between CDN1 and the CDN2, guarantee that CDN2 is only for providing service with the signatory CP of CDN1.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above embodiment only in order to the technical scheme of the explanation embodiment of the invention, is not intended to limit; Although the embodiment of the invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the scope of each embodiment technical scheme of the embodiment of the invention.
Claims (15)
1. an authentication method of realizing the CDN intercommunication is characterized in that, described method comprises:
Second content distributing network CDN2 receives the service request from first content distributing network CDN1 or terminal;
Parameters for authentication and the token that is provided by the CP of content supplier is provided described CDN2, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2;
Described CDN2 authenticates described CP according to described parameters for authentication and token;
Described CDN2 returns service response according to authentication result to described CDN1 or described terminal.
2. method according to claim 1 is characterized in that, described CDN2 the parameters for authentication and the token that are provided by the CP of content supplier is provided comprises:
Parameters for authentication and the token that is provided by described CP is provided from described service request described CDN2; Perhaps
Described CDN2 is provided from described service request by the parameters for authentication that is provided by described CP, and obtains the token that is provided by described CP by the verification process with described CP.
3. method according to claim 1 and 2 is characterized in that,
Described method also comprises: described CDN2 receives the security information that described CDN1 sends, and described security information comprises the shared key of described CP and described CDN1 or the PKI of described CP at least;
Described CDN2 authenticates described CP according to described parameters for authentication and token and comprises: described CDN2 generates token according to described parameters for authentication and described shared key, and relatively whether the token of Sheng Chenging is consistent with the token that obtains, if unanimity then authenticate is passed through.
4. method according to claim 1 and 2 is characterized in that, described CDN2 authenticates described CP according to described parameters for authentication and token and comprises:
Described CDN2 offers described CDN1 with described parameters for authentication and token, described CP is authenticated according to the shared key of described CP and described CDN1, described parameters for authentication and token by described CDN1; And receive the authentication result of returning by described CDN1.
5. method according to claim 1 is characterized in that, described method realizes by the safety function device among the described CDN2.
6. method according to claim 5 is characterized in that, the safety function device among the described CDN2 is mutual by content route device and CDN1 among the described CDN2.
7. an authenticate device of realizing the CDN intercommunication is characterized in that, described device is arranged in second content distributing network CDN2, and described device comprises:
Receiving element is used to receive the service request from first content distributing network CDN1 or terminal;
Acquiring unit is used to obtain the parameters for authentication and the token that are provided by the CP of content supplier; Described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2;
Authentication ' unit, the parameters for authentication and the token that are used for getting access to according to described acquiring unit authenticate described CP;
Transmitting element is used for the authentication result according to described authentication ' unit, returns service response to described CDN1 or described terminal.
8. device according to claim 7 is characterized in that,
Described acquiring unit specifically is used for obtaining parameters for authentication and the token that is provided by described CP from described service request; The parameters for authentication that provides by described CP perhaps is provided from described service request, and is obtained the token that provides by described CP by verification process with described CP.
9. according to claim 7 or 8 described devices, it is characterized in that,
Described receiving element also is used to receive the security information that described CDN1 sends, and described security information comprises the shared key of described CP and described CDN1 or the PKI of described CP at least;
Described authentication ' unit specifically is used for the parameters for authentication that gets access to according to described acquiring unit and described shared key generates token, and relatively whether the token of Sheng Chenging is consistent with the token that obtains, if unanimity then authenticate is passed through.
10. according to claim 7 or 8 described devices, it is characterized in that,
Described authentication ' unit specifically is used for described parameters for authentication and token are offered described CDN1, described CP is authenticated according to the shared key of described CP and described CDN1, described parameters for authentication and token by described CDN1; The authentication result that reception is returned by described CDN1.
11. a Verification System that realizes the CDN intercommunication is characterized in that, described system comprises: the safety function device SF2 and the safety function device SF1 that is positioned at first content distributing network CDN1 that are positioned at second content distributing network CDN2;
Described SF2 is used to receive the service request from described SF1 or terminal; The parameters for authentication and the token that are provided by the CP of content supplier are provided, and described CP and described CDN1 are signatory, and described CDN1 and described CDN2 are signatory, and described CP is not signatory with described CDN2; According to described parameters for authentication and token described CP is authenticated; According to authentication result, return service response to described SF1 or described terminal.
12. system according to claim 11 is characterized in that,
Described SF2 specifically is used for obtaining parameters for authentication and the token that is provided by described CP from described service request; The parameters for authentication that provides by described CP perhaps is provided from described service request, and is obtained the token that provides by described CP by verification process with described CP.
13. system according to claim 11 is characterized in that,
Described SF2 also is used to receive the security information that described CDN1 sends, and described security information comprises the shared key of CP and CDN1 at least; Generate token according to described parameters for authentication and described shared key, relatively whether the token of Sheng Chenging is consistent with the token that obtains, if unanimity then authenticate is passed through.
14. system according to claim 11 is characterized in that,
Described SF2 also is used for described parameters for authentication and token are offered described SF1, described CP is authenticated according to the shared key of described CP and described CDN1, described parameters for authentication and token by described SF1; And receive the authentication result of returning by described SF1.
15. system according to claim 11 is characterized in that, described system also comprises: the security gateway between described SF1 and described SF2;
Described security gateway is used to realize the agreement between described CDN1 and the described CDN2 and/or the conversion of message format.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110080623 CN102143184B (en) | 2011-03-31 | 2011-03-31 | Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication |
| PCT/CN2011/083908 WO2012129934A1 (en) | 2011-03-31 | 2011-12-14 | Authentication method, apparatus and system for achieving cdn interconnection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110080623 CN102143184B (en) | 2011-03-31 | 2011-03-31 | Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102143184A true CN102143184A (en) | 2011-08-03 |
| CN102143184B CN102143184B (en) | 2013-08-28 |
Family
ID=44410406
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110080623 Expired - Fee Related CN102143184B (en) | 2011-03-31 | 2011-03-31 | Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102143184B (en) |
| WO (1) | WO2012129934A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012129934A1 (en) * | 2011-03-31 | 2012-10-04 | 华为技术有限公司 | Authentication method, apparatus and system for achieving cdn interconnection |
| WO2012163055A1 (en) * | 2011-11-18 | 2012-12-06 | 华为技术有限公司 | Method and related apparatus for transmitting media content |
| CN102932358A (en) * | 2012-11-07 | 2013-02-13 | 网宿科技股份有限公司 | Third-party document-rewriting and rapid distribution method and device based on content distribution network |
| CN103297337A (en) * | 2012-02-23 | 2013-09-11 | 中兴通讯股份有限公司 | Method and system for achieving content distribution network interconnection routing |
| WO2016054923A1 (en) * | 2014-10-11 | 2016-04-14 | 中兴通讯股份有限公司 | Hls protocol-based user information acquisition method and server |
| CN105530226A (en) * | 2014-09-30 | 2016-04-27 | 中国电信股份有限公司 | Content distribution network system, and access control method and system thereof |
| CN112507320A (en) * | 2020-12-10 | 2021-03-16 | 东莞市盟大塑化科技有限公司 | Access control method, device, system, electronic equipment and storage medium |
| CN115378878A (en) * | 2021-05-21 | 2022-11-22 | 北京字跳网络技术有限公司 | CDN scheduling method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972519A (en) * | 2006-12-12 | 2007-05-30 | 华为技术有限公司 | A method for preventing abnormal access terminal to access and access network |
| CN101043337A (en) * | 2007-03-22 | 2007-09-26 | 中兴通讯股份有限公司 | Interactive process for content class service |
| WO2010142118A1 (en) * | 2009-06-12 | 2010-12-16 | 中兴通讯股份有限公司 | Login authentication method and system in electronic advertisement system |
| CN101964791A (en) * | 2010-09-27 | 2011-02-02 | 北京神州泰岳软件股份有限公司 | Communication authenticating system and method of client and WEB application |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143184B (en) * | 2011-03-31 | 2013-08-28 | 华为技术有限公司 | Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication |
-
2011
- 2011-03-31 CN CN 201110080623 patent/CN102143184B/en not_active Expired - Fee Related
- 2011-12-14 WO PCT/CN2011/083908 patent/WO2012129934A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972519A (en) * | 2006-12-12 | 2007-05-30 | 华为技术有限公司 | A method for preventing abnormal access terminal to access and access network |
| CN101043337A (en) * | 2007-03-22 | 2007-09-26 | 中兴通讯股份有限公司 | Interactive process for content class service |
| WO2010142118A1 (en) * | 2009-06-12 | 2010-12-16 | 中兴通讯股份有限公司 | Login authentication method and system in electronic advertisement system |
| CN101964791A (en) * | 2010-09-27 | 2011-02-02 | 北京神州泰岳软件股份有限公司 | Communication authenticating system and method of client and WEB application |
Non-Patent Citations (1)
| Title |
|---|
| G.WATSON ET AL: "Use Cases for Content Distribution Network Interconnection", 《INTERNET ENGINEERING TASK FORCE》 * |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012129934A1 (en) * | 2011-03-31 | 2012-10-04 | 华为技术有限公司 | Authentication method, apparatus and system for achieving cdn interconnection |
| WO2012163055A1 (en) * | 2011-11-18 | 2012-12-06 | 华为技术有限公司 | Method and related apparatus for transmitting media content |
| CN103222312A (en) * | 2011-11-18 | 2013-07-24 | 华为技术有限公司 | Method and related apparatus for transmitting media content |
| CN103297337A (en) * | 2012-02-23 | 2013-09-11 | 中兴通讯股份有限公司 | Method and system for achieving content distribution network interconnection routing |
| CN102932358A (en) * | 2012-11-07 | 2013-02-13 | 网宿科技股份有限公司 | Third-party document-rewriting and rapid distribution method and device based on content distribution network |
| CN102932358B (en) * | 2012-11-07 | 2015-10-21 | 网宿科技股份有限公司 | Third party's file of content-based distributing network is rewritten and is accelerated distribution method and device |
| CN105530226A (en) * | 2014-09-30 | 2016-04-27 | 中国电信股份有限公司 | Content distribution network system, and access control method and system thereof |
| CN105530226B (en) * | 2014-09-30 | 2019-01-15 | 中国电信股份有限公司 | Content distribution network system and its connection control method and system |
| WO2016054923A1 (en) * | 2014-10-11 | 2016-04-14 | 中兴通讯股份有限公司 | Hls protocol-based user information acquisition method and server |
| CN112507320A (en) * | 2020-12-10 | 2021-03-16 | 东莞市盟大塑化科技有限公司 | Access control method, device, system, electronic equipment and storage medium |
| CN115378878A (en) * | 2021-05-21 | 2022-11-22 | 北京字跳网络技术有限公司 | CDN scheduling method, device, equipment and storage medium |
| CN115378878B (en) * | 2021-05-21 | 2023-11-14 | 北京字跳网络技术有限公司 | CDN scheduling method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012129934A1 (en) | 2012-10-04 |
| CN102143184B (en) | 2013-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102143184B (en) | Authentication method, authentication device and authentication system for realizing CND (content delivery network) intercommunication | |
| CN102187698B (en) | An improved method and system for IP multimedia bearer path optimization through a succession of border gateways | |
| JP7169462B2 (en) | Method, apparatus, storage medium and computer equipment for exchanging identity certificates in blockchain network | |
| Pahl et al. | Securing IoT microservices with certificates | |
| US9350818B2 (en) | Method and system for enabling data usage accounting for unreliable transport communication | |
| CN1901448B (en) | Access identification system in communication network and realizing method | |
| EP3528468B1 (en) | Profile information sharing | |
| EP1747636A2 (en) | Method and system for secure distribution of content over a communications network | |
| WO2018005238A1 (en) | Multi-hop secure content routing based on cryptographic partial blind signatures and embedded terms | |
| US9100390B1 (en) | Method and system for enrolling and authenticating computing devices for data usage accounting | |
| EP3366019B1 (en) | Method and apparatus for secure content caching and delivery | |
| Forné et al. | Pervasive authentication and authorization infrastructures for mobile users | |
| CN107888615B (en) | Safety authentication method for node registration | |
| CN113992418A (en) | IoT (Internet of things) equipment management method based on block chain technology | |
| CN102714653B (en) | For the system and method for accessing private digital content | |
| Yan et al. | BGPChain: Constructing a secure, smart, and agile routing infrastructure based on blockchain | |
| CN101674178A (en) | User information storage method as well as user information authentication method and device | |
| Palacios et al. | MioStream: a peer-to-peer distributed live media streaming on the edge | |
| CN113141542B (en) | Video stream safe playing system, method, medium and server based on block chain | |
| JP6215508B1 (en) | Method and system for compliance monitoring in a secure media-based conference | |
| JP2008211329A (en) | Session key sharing system, third institution apparatus, request-side apparatus and answer-side apparatus | |
| FR3003975A1 (en) | METHOD OF PROCESSING USER DATA OF A SOCIAL NETWORK | |
| Meinel et al. | The foundation of the internet: Tcp/ip reference model | |
| Gafni et al. | Multi-Party Secured Collaboration Architecture from Cloud to Edge | |
| CN116743377B (en) | Data processing method, device, equipment and storage medium based on blockchain key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: HUIZHOU ZHITAI ENTERPRISE MANAGEMENT CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20141229 Owner name: NANTONG BEICHENG TECHNOLOGY ENTREPRENEURIAL MANAGE Free format text: FORMER OWNER: HUIZHOU ZHITAI ENTERPRISE MANAGEMENT CO., LTD. Effective date: 20141229 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 516003 HUIZHOU, GUANGDONG PROVINCE TO: 226000 NANTONG, JIANGSU PROVINCE Free format text: CORRECT: ADDRESS; FROM: 518129 SHENZHEN, GUANGDONG PROVINCE TO: 516003 HUIZHOU, GUANGDONG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20141229 Address after: 226000 Jiangsu province Nantong City Outer Ring Road No. 639 Patentee after: NANTONG BEICHENG SCIENCE & TECHNOLOGY ENTREPRENEURIAL MANAGEMENT Co.,Ltd. Address before: 516003 Guangdong province Huizhou City Mountain Road No. 4 Building 12 layer Dweh No. 06 A District Patentee before: HUIZHOU ZHITAI ENTERPRISE MANAGEMENT CO.,LTD. Effective date of registration: 20141229 Address after: 516003 Guangdong province Huizhou City Mountain Road No. 4 Building 12 layer Dweh No. 06 A District Patentee after: HUIZHOU ZHITAI ENTERPRISE MANAGEMENT CO.,LTD. Address before: 518129 headquarters building of Bantian HUAWEI base, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130828 Termination date: 20200331 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |