Streaming media service user authen method based on RTMP agreements
Technical field
The invention belongs to streaming media service technical field, more particularly to a kind of streaming media service based on RTMP agreements, bag
Include the online live and user authen method of online request.
Background technology
In recent years, as the fast development of Internet technology, more and more services occur on the internet, Online Video
Service is exactly one of them.RTMP agreements are a transport protocols for aiming at Online Video design, have extraordinary real-time,
It is widely used to the online request or live etc. of video.Safety is carried out to user identity since RTMP agreements have no itself
The link of certification, under default situations, video server indiscriminate can receive from either party connection request, and provides and regard
Be taken in small doses at short intervals business.Have in need for confidentiality or commercialization field of media, the service for only relying only on standard RTMP agreements in terms of practicality
Significant limitation, is embodied in some following deficiency:
1. the video resource of nature of business is only browsed for registered user, if a certain registered user will be asked used in video resource
URL address informations disclose, then unregistered user group all can normal browsing to corresponding video resource, be unfavorable for copyright
Protection.
2. due to the publicity of RTMP agreements, rival can design customization video request client, with regard to that can pretend to be
Validated user asks video resource from server and is further stolen, backed up in batches, causes commercially valuable regard
Frequency resource or significant data are leaked or propagated, and are encroached on the copyright of streaming medium content.
3. rival sends substantial amounts of connection request by program means to video server, due to the nothing of RTMP agreements
Difference processing mode, server cannot be distinguished by effective and invalid connection request, be easy to cause the excessive machine of delaying of server stress, most
The availability of whole system is influenced eventually.
The content of the invention
Using standard RTMP agreements can not Support Resource holder copyright interest, generally require pin in practical applications
Access user identity and corresponding access level control, refuses the access of unauthorized, so as to ensure commercial resource energy
Used by rationalizing.In view of the above-mentioned deficiencies in the prior art, it is an object of the present invention to the RTMP in standard can using upper increase one kind
The access control mechanisms of customization, make video server provide Video service only for legal user group, while to video
Transmission is encrypted in data, fundamentally ensures the content of Streaming Media not by diffusive transport.
The present invention provides a kind of streaming media service user authen method based on RTMP agreements, video server is providing
Before Video service, the legitimacy of certificate server verification user identity is first passed through, the access rights of user are secondly verified, only to tool
The user for preparing enough enough access rights provides Video service, and refusal is illegal or the user of insufficient permission asks;Finally, to video fluxion
According to transmission is encrypted, prevent user from obtaining video content and diffusive transport by way of download, by above-mentioned several means,
The copyright information of Streaming Media can be avoided to be encroached on.The method of the present invention specifically includes following steps:
(1) video server receives the resource request from client.
(2) video server extracts user session information from request, the user session information include user conversation ID,
User ID, TOKEN and resource ID, and transfer to certificate server to be authenticated handling these information.
(3) certificate server commission unified entry system verification user conversation validity, if detect User ID or
When TOKEN is invalid, directly in response to being not logged in;When user conversation is expired, respond as invalid session;When user conversation is effective
When, unified entry system takes out the Permission Levels of active user from database server, and result returns to certification clothes in response
Business device.
(4) certificate server obtains after the Permission Levels of active user are obtained according to resource ID to resource management server
The Permission Levels information of accessed resource is taken, when user right grade is not enough to access to corresponding resource, responds and is
Insufficient permission.
(5) certificate server judges whether active user ID is in broadcast state, is being broadcast if active user ID exists
The session put, then notified to provide the video server break of video transmitting procedure of service by certificate server.
(6) video server establishes the RTMP interface channels with client, and the dynamic for generating 16 byte lengths at random is close
Key is sent to client as this session key, the RTMP successful connections of certificate server current sessions is then notified, by recognizing
Demonstrate,prove the broadcast state of server update current sessions.
(7) client receives session key, is stored in local, and send key response message to video server.
(8) after video server receives the key response of client, video data transmission is carried out, it is close according to current session
Key carries out video stream data real-time encrypted rear transmission.
(9) client receiving stream media data, are decrypted into normal play after plaintext.
(10) when the video data transmission of this session finishes, video server notice certificate server renewal user's broadcasts
Put state.
Further, the resource management server is used to managing and safeguarding all streaming media resources, externally provides money
The interface of source information inquiry;Administrative staff can upload video resource on backstage, be deleted, authority change operation;Resource pipe
The change that server timing detects local repository is managed, once detecting that local resource increases or decreases, notifies each regard immediately
Frequency server carries out the renewal of resources bank, so as to ensure the resource consistency on each video server.
The beneficial effects of the invention are as follows:
1st, possesses comprehensive access control function, it is ensured that streaming media resource can only be used by legal user group, refusal
Illegal video request, ensure that video resource by reasonable employment, while reduce the processing pressure of video server.
2nd, Information Security is ensure that, using dynamic key to video data encrypted transmission so that video can only be legal
User browses, and the video file after download is ciphertext state, can not normal play, ensure that the commercial value of video from invading
Evil.
3rd, prevent No.1 from using, with reference to unified entry system, using user conversation as reference factor, it is more to avoid an account number
The situation of video resource is asked to occur at the same time in place.It can prevent an account number in same equipment at the same time while play multiple videos
Situation occur, be conducive to bandwidth resources rationalization use.
4th, real-time update resource status, all media resources are managed collectively by resource management server, work as resources bank
When changing, instruction message is broadcast to each video server, at the video resource for ensureing each video server local
In last state.
5th, effective access control mechanisms, administrative staff can real-time update video resource Permission Levels or user access etc.
Level, achievees the purpose that the access mandate of change user in real time.
6th, the achievable streaming media on demand of the present invention and the reliability and confidentiality of live certification, can significantly improve network flow matchmaker
The security of body management, the development for network flow-medium safe practice have very important realistic meaning.
Brief description of the drawings
Fig. 1 is the graph of a relation of each key component in the present invention;
Fig. 2 is that video server is after user video request is received in the present invention, the flow chart comprising access control function;
Fig. 3 carries out resource management and synchronous flow chart for resource management server in the present invention.
Embodiment
As shown in Figure 1, step on the invention mainly comprises video server, certificate server, resource management server and uniformly
Four parts of recording system, user terminal is browser.
As shown in Fig. 2, a kind of streaming media service user authen method based on RTMP agreements provided by the invention, including with
Lower step:
(1) video server receives the client request from HTTP server.
(2) video server extracts user session information from request, the user session information include user conversation ID,
User ID, TOKEN and resource ID, and transfer to certificate server to be authenticated handling these information.
(3) certificate server commission unified entry system verification user conversation validity, if detect User ID or
When TOKEN is invalid, directly in response to being not logged in;When user conversation is expired, respond as invalid session;When user conversation is effective
When, unified entry system takes out the Permission Levels of active user from database server, and result returns to certification clothes in response
Business device.
(4) certificate server obtains after the Permission Levels of active user are obtained according to resource ID to resource management server
The Permission Levels information of accessed resource is taken, when user right grade is not enough to access to corresponding resource, responds and is
Insufficient permission.
(5) certificate server judges whether active user ID is in broadcast state, is being broadcast if active user ID exists
The session put, then notified to provide the video server break of video transmitting procedure of service by certificate server.
(6) video server establishes the RTMP interface channels with client, and the dynamic for generating 16 byte lengths at random is close
Key is sent to client as this session key, the RTMP successful connections of certificate server current sessions is then notified, by recognizing
Demonstrate,prove the broadcast state of server update current sessions.
(7) client receives session key, is stored in local, and send key response message to video server.
(8) after video server receives the key response of client, video data transmission is carried out, it is close according to current session
Key carries out video stream data real-time encrypted rear transmission.
(9) client receiving stream media data, are decrypted into normal play after plaintext.
(10) when the video data transmission of this session finishes, video server notice certificate server renewal user's broadcasts
Put state.
The present invention has done following extension on the basis of standard RTMP protocol realizations:
(1) the RTMP connection requests of client are extended, client needs to provide in request data:User ID, Yong Huhui
ID, TOKEN and resource id information are talked about, while adds key reception response and the processing logic of video data real time decrypting.
(2) change video server processing logic, video server after the video request that client is sent is received,
Video service is not provided directly, but User ID, user conversation ID, TOKEN and resource id information are first extracted from request,
Transfer to whether certificate server verification active user possesses enough access rights.After being verified, it can just be built with client
Vertical RTMP is connected and is provided follow-up Video service, otherwise it is assumed that be invalid connection request, refusal connection.
(3) generation dynamic key and the function to the real-time encrypted transmission of video data are increased newly to video server.
(4) increase certificate server newly, the service interface to user identity and Authority Verification, certification are provided to video server
Server determines whether the request of active user is legal, and Authority Verification result is returned according to User ID and resource id information
Back to video server.
(5) increase resource management server newly, for managing and safeguarding all streaming media resources, externally provide resource information
The interface of inquiry.As shown in figure 3, the operation such as administrative staff can upload video resource on backstage, delete, authority change.
Resource management server can periodically detect the change of local repository, once detecting that local resource increases or decreases, then can stand
Each video server is notified to carry out the renewal of resources bank, so as to ensure the resource consistency on each video server.
The present invention has following characteristics:
1st, dynamic key encrypted video stream.Video server generates different dynamic key for each session connection, right
Transmission is encrypted in data, and client real time decrypting simultaneously plays, and neither influences the real-time of video playing, and adds algorithm and guess
The difficulty that solution is cracked with ciphertext.
2nd, prevent video from being downloaded and illegally propagated.The present invention is by preventing video from providing the encrypted approach of video data
Source can not be played by illegal download and illegal propagation, encrypted video content, be cracked personnel and lack decipherment algorithm and decryption
Under conditions of key, it is difficult to obtain the content of video, fundamentally prevent video content from being leaked.
3rd, prevent No.1 from using.Certificate server records each in real time by the connection feedback information of video server
The broadcast state of User ID, when same account number repeatedly logs in and asks Video service, the video that only sends for the last time
Request is considered effective, and ongoing video display process can be forced to interrupt before same account.It can so prevent
One account number many places logs in, and asks the situation of Video service to occur at the same time, can also limit an account number in same equipment
It is carried out at the same time the page quantity of video playing.