CN108881205A - A kind of safety broadcasting system and playback method of HLS Streaming Media - Google Patents

A kind of safety broadcasting system and playback method of HLS Streaming Media Download PDF

Info

Publication number
CN108881205A
CN108881205A CN201810590071.XA CN201810590071A CN108881205A CN 108881205 A CN108881205 A CN 108881205A CN 201810590071 A CN201810590071 A CN 201810590071A CN 108881205 A CN108881205 A CN 108881205A
Authority
CN
China
Prior art keywords
key
server
client
token
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810590071.XA
Other languages
Chinese (zh)
Other versions
CN108881205B (en
Inventor
王林
石焘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Technology
Original Assignee
Xian University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Technology filed Critical Xian University of Technology
Priority to CN201810590071.XA priority Critical patent/CN108881205B/en
Publication of CN108881205A publication Critical patent/CN108881205A/en
Application granted granted Critical
Publication of CN108881205B publication Critical patent/CN108881205B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

本发明公开了一种HLS流媒体的安全播放系统和播放方法,通过对切片密钥进行加密,保证了密钥的安全性。同时,采用客户端与服务器约定好的密钥生成算法,将随机生成的、不断更新的认证令牌生成密钥,用来加密和解密视频切片密钥,进一步增加了密钥的安全性,从而增加了流媒体文件的安全性;另外,由于客户端用来解密的对称密钥是采用指定算法生成的,在达到更高安全性的同时,避免了安装额外客户端证书等的复杂操作,使用户在播放视频时保持简单、方便。

The invention discloses a safe playing system and playing method of HLS streaming media, which ensures the security of the key by encrypting the slice key. At the same time, using the key generation algorithm agreed between the client and the server, the randomly generated and constantly updated authentication token is used to generate a key for encrypting and decrypting the video slice key, which further increases the security of the key, thereby It increases the security of streaming media files; in addition, because the symmetric key used by the client to decrypt is generated using a specified algorithm, while achieving higher security, it avoids complicated operations such as installing additional client certificates, making Keep it simple and convenient for users when playing videos.

Description

一种HLS流媒体的安全播放系统及播放方法A safe playing system and playing method of HLS streaming media

技术领域technical field

本发明属于流媒体安全系统技术领域,具体涉及一种HLS流媒体的安全播放系统,还涉及一种HLS流媒体的安全播放方法。The invention belongs to the technical field of streaming media security systems, in particular to a system for safely playing HLS streaming media, and also to a method for safely playing HLS streaming media.

背景技术Background technique

HLS(HTTP Live Streaming,基于HTTP的流媒体网络传输协议)允许内容提供者通过网络服务器向客户端提供接近实时的音视频流媒体服务。它的工作原理是把整个流分成一个个小的基于HTTP的切片文件来下载,每次只下载一些。在开始一个流媒体会话时,客户端会下载一个包含元数据的M3U8索引列表文件,用于寻找可用的媒体流。HLS支持通过对切片加密的方式来达到媒体版权保护。HLS (HTTP Live Streaming, an HTTP-based streaming media network transmission protocol) allows content providers to provide near-real-time audio and video streaming services to clients through web servers. It works by dividing the entire stream into small HTTP-based slice files for download, only a few at a time. When starting a streaming session, the client downloads an M3U8 index list file containing metadata for finding available media streams. HLS supports media copyright protection by encrypting slices.

在现有技术中,HLS协议里提供了AES-128(Advanced Encryption Standard,高级加密标准)音视频码流数据加密方法。服务器将流媒体生成一个个切片文件,用AES-128的密钥对切片加密,然后生成M3U8索引列表文件。M3U8索引列表文件中包含加密后的切片和切片密钥的URL地址,之后发布到HTTP服务器上。客户端下载并解析M3U8索引列表文件,然后下载切片文件和切片对应的密钥即可进行解密播放。In the prior art, the HLS protocol provides an AES-128 (Advanced Encryption Standard, Advanced Encryption Standard) audio and video stream data encryption method. The server generates slice files from the streaming media, encrypts the slices with an AES-128 key, and then generates an M3U8 index list file. The M3U8 index list file contains the encrypted slice and the URL address of the slice key, and then publishes it to the HTTP server. The client downloads and parses the M3U8 index list file, and then downloads the slice file and the key corresponding to the slice to decrypt and play.

但是这种保护方式只是单一的对流媒体切片进行加密,不能保证密钥文件的安全,密钥文件不安全就会影响到流媒体文件的安全性。However, this protection method only encrypts the streaming media slices, and cannot guarantee the security of the key file. If the key file is not safe, it will affect the security of the streaming media file.

发明内容Contents of the invention

本发明的目的在于提供一种HLS流媒体的安全播放系统,能够提高流媒体文件的安全性,本发明的另一目的在于提供一种HLS流媒体的安全播放方法。The purpose of the present invention is to provide a system for safely playing HLS streaming media, which can improve the security of streaming media files. Another purpose of the present invention is to provide a method for safely playing HLS streaming media.

本发明采用的第一种技术方案为,一种HLS流媒体的安全播放系统,包括服务端模块和客户端;The first technical solution adopted by the present invention is a safe playback system for HLS streaming media, including a server module and a client;

服务端模块包括内容分发服务器,内容分发服务器分别连接身份认证服务器和索引列表服务器,身份认证服务器内置验证模块、令牌生成模块,索引列表服务器依次连接密钥服务器、加密服务器,并形成加密闭合环路,身份认证服务器连接加密服务器;The server module includes a content distribution server. The content distribution server is connected to the identity authentication server and the index list server respectively. The identity authentication server has a built-in verification module and a token generation module. The index list server is connected to the key server and the encryption server in turn to form an encryption closed loop. way, the identity authentication server connects to the encryption server;

客户端内置密钥生成模块、解密模块、播放模块,客户端通过网络连接内容分发服务器,并且能够发出服务请求。The client has a built-in key generation module, a decryption module, and a playback module. The client connects to the content distribution server through the network and can issue service requests.

本发明的特征还在于:The present invention is also characterized in that:

内容分发服务器能够通过网络接收客户端的请求,具有反向代理功能并且提供分发服务指令。The content distribution server can receive the client's request through the network, has a reverse proxy function and provides distribution service instructions.

身份认证服务器能够身份验证,生成相应的令牌,并且对该令牌进行更新,身份认证服务器采用基于token的身份验证。The identity authentication server can authenticate, generate a corresponding token, and update the token, and the identity authentication server adopts token-based authentication.

密钥服务器能够随机生成密钥key-ts,还能够将接收的令牌通过指定的密钥生成算法转换成密钥key-key。The key server can randomly generate the key key-ts, and can also convert the received token into the key key-key through the specified key generation algorithm.

加密服务器能够使密钥key-ts对视频切片进行加密,同时使密钥key-key对密钥key-ts进行加密,得到加密视频切片和加密密钥key-ts。The encryption server can enable the key key-ts to encrypt the video slice, and at the same time enable the key key-key to encrypt the key key-ts to obtain the encrypted video slice and the encryption key key-ts.

索引列表服务器内置M3U8索引列表文件,M3U8索引列表文件能够写入加密视频切片的URL地址和加密密钥key-ts的URL地址。The index list server has a built-in M3U8 index list file, and the M3U8 index list file can write the URL address of the encrypted video slice and the URL address of the encryption key key-ts.

客户端能够向身份认证服务器进行身份认证,客户端向索引列表服务器请求M3U8索引列表文件,并对M3U8索引列表文件的解析,客户端采用指定的密钥生成算法生成密钥key-key;客户端用密钥key-key对加密密钥key-ts进行解密,得到密钥key-ts,用密钥key-ts对加密视频切片进行解密并播放。The client can perform identity authentication to the identity authentication server, the client requests the M3U8 index list file from the index list server, and analyzes the M3U8 index list file, the client uses the specified key generation algorithm to generate the key key-key; the client The encryption key key-ts is decrypted with the key key-key to obtain the key key-ts, and the encrypted video slice is decrypted and played with the key key-ts.

本发明采用的另一种技术方案为,一种HLS流媒体的安全播放方法,使用一种HLS流媒体的安全播放系统,具体按照以下步骤实施:Another technical solution adopted by the present invention is a safe playback method of HLS streaming media, using a safe playback system of HLS streaming media, specifically implemented according to the following steps:

步骤1、密钥服务器随机生成密钥key-ts,加密服务器通过密钥key-ts对视频切片进行加密,获得加密视频切片;Step 1. The key server randomly generates the key key-ts, and the encryption server encrypts the video slice through the key key-ts to obtain the encrypted video slice;

步骤2、客户端发送身份认证请求至内容分发服务器、身份认证服务器,得到登陆令牌,并将登陆令牌传输至客户端,客户端用登陆令牌向服务端模块发送请求,身份认证服务器验证登陆令牌,通过验证后生成认证令牌,并将认证令牌分别传输至客户端和密钥服务器;Step 2. The client sends the identity authentication request to the content distribution server and the identity authentication server, obtains the login token, and transmits the login token to the client. The client uses the login token to send a request to the server module, and the identity authentication server verifies Login token, generate an authentication token after passing the verification, and transmit the authentication token to the client and the key server respectively;

步骤3、密钥服务器通过密钥生成算法将认证令牌生成密钥key-key,通过密钥key-key对密钥key-ts进行加密,获得加密密钥key-ts;将加密视频切片的URL地址和加密密钥key-ts的URL地址写入索引列表服务器的M3U8索引列表文件;Step 3. The key server generates the key key-key from the authentication token through the key generation algorithm, encrypts the key key-ts through the key key-key, and obtains the encryption key key-ts; Write the URL address of the URL address and the encryption key key-ts into the M3U8 index list file of the index list server;

步骤4、客户端向索引列表服务器请求M3U8索引列表文件,并对M3U8索引列表文件的解析,获得加密视频切片和加密密钥key-ts;同时,客户端用指定的密钥生成算法将认证令牌转换成密钥key-key;Step 4, the client requests the M3U8 index list file from the index list server, and analyzes the M3U8 index list file to obtain encrypted video slices and encryption key key-ts; at the same time, the client uses the specified key generation algorithm to generate the authentication token The card is converted into a key key-key;

步骤5、通过密钥key-key对加密密钥key-ts进行解密,得到密钥key-ts,用密钥key-ts对视频切片密文进行解密,实现对视频切片的播放。Step 5. Decrypt the encryption key key-ts with the key key-key to obtain the key key-ts, and use the key key-ts to decrypt the ciphertext of the video slice to realize the playback of the video slice.

步骤1密钥key-ts和密钥key-key均为128位对称秘钥。Step 1 The key key-ts and the key key-key are both 128-bit symmetric keys.

步骤2具体过程为:通过客户端向内容分发服务器发送身份认证请求,内容分发服务器将身份认证请求处理成身份认证服务指令,并将该身份认证服务指令传输至验证模块进行身份验证,验证通过后将身份认证服务指令传输至令牌生成模块,并在令牌生成模块内转换成登陆令牌,该登陆令牌通过内容分发服务器传输至客户端,客户端用登陆令牌向服务端模块发送请求,身份认证服务器验证登陆令牌,通过验证后,内容分发服务器生成认证令牌。The specific process of step 2 is: the client sends an identity authentication request to the content distribution server, and the content distribution server processes the identity authentication request into an identity authentication service instruction, and transmits the identity authentication service instruction to the verification module for identity verification. The identity authentication service command is transmitted to the token generation module, and converted into a login token in the token generation module. The login token is transmitted to the client through the content distribution server, and the client uses the login token to send a request to the server module , the identity authentication server verifies the login token, and after passing the verification, the content distribution server generates an authentication token.

本发明有益效果是:The beneficial effects of the present invention are:

通过对切片密钥进行加密,保证了密钥的安全性。同时,采用客户端与服务器约定好的密钥生成算法,将随机生成的、不断更新的认证令牌生成密钥,用来加密和解密视频切片密钥,进一步增加了密钥的安全性,从而增加了流媒体文件的安全性。By encrypting the slice key, the security of the key is guaranteed. At the same time, using the key generation algorithm agreed between the client and the server, the randomly generated and constantly updated authentication token is used to generate a key for encrypting and decrypting the video slice key, which further increases the security of the key, thereby Increased the security of streaming media files.

另外,由于客户端用来解密的对称密钥是采用指定算法生成的,在达到更高安全性的同时,避免了安装额外客户端证书等的复杂操作,使用户在播放视频时保持简单、方便。In addition, since the symmetric key used by the client to decrypt is generated using a specified algorithm, while achieving higher security, it avoids complicated operations such as installing additional client certificates, making it simple and convenient for users to play videos .

附图说明Description of drawings

图1是本发明一种HLS流媒体的安全播放系统结构示意图;Fig. 1 is a schematic structural diagram of a safe playing system of HLS streaming media of the present invention;

图2是本发明一种HLS流媒体的安全播放方法流程图。Fig. 2 is a flowchart of a method for safely playing HLS streaming media according to the present invention.

图中,1.内容分发服务器,2.身份认证服务器,3.索引列表服务器,4.密钥服务器,5.加密服务器,6.客户端。In the figure, 1. Content distribution server, 2. Identity authentication server, 3. Index list server, 4. Key server, 5. Encryption server, 6. Client.

具体实施方式Detailed ways

下面结合附图和具体实施方式对本发明进行详细说明。The present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

本发明一种HLS流媒体的安全播放系统,如图1所示,包括服务端模块和客户端6;A kind of safe playing system of HLS streaming media of the present invention, as shown in Figure 1, comprises server module and client 6;

服务端模块包括内容分发服务器1,内容分发服务器1分别连接身份认证服务器2和索引列表服务器3,身份认证服务器2内置验证模块、令牌生成模块,索引列表服务器3依次连接密钥服务器4、加密服务器5,并形成加密闭合环路,身份认证服务器2连接加密服务器5;The server module includes a content distribution server 1. The content distribution server 1 is respectively connected to the identity authentication server 2 and the index list server 3. The identity authentication server 2 has a built-in verification module and a token generation module. The index list server 3 is connected to the key server 4 and the encryption server in turn. The server 5 forms an encrypted closed loop, and the identity authentication server 2 connects to the encrypted server 5;

客户端6内置密钥生成模块、解密模块、播放模块,客户端6通过网络连接内容分发服务器1,并且能够发出服务请求。The client 6 has a built-in key generation module, a decryption module, and a playback module. The client 6 is connected to the content distribution server 1 through the network, and can send service requests.

内容分发服务器1能够通过网络接收客户端6的请求,具有反向代理功能并且提供分发服务指令。The content distribution server 1 can receive the request of the client 6 through the network, has a reverse proxy function and provides distribution service instructions.

身份认证服务器2能够身份验证,生成相应的令牌,并且对该令牌进行更新,身份认证服务器2采用基于token的身份验证。The identity authentication server 2 can authenticate the identity, generate a corresponding token, and update the token, and the identity authentication server 2 adopts token-based identity authentication.

密钥服务器4能够随机生成密钥key-ts,还能够将接收的令牌通过指定的密钥生成算法转换成密钥key-key。The key server 4 can randomly generate the key key-ts, and can also convert the received token into a key key-key through a specified key generation algorithm.

加密服务器5能够使密钥key-ts对视频切片进行加密,同时使密钥key-key对密钥key-ts进行加密,得到加密视频切片和加密密钥key-ts。The encryption server 5 can enable the key key-ts to encrypt the video slice, and at the same time enable the key key-key to encrypt the key key-ts to obtain the encrypted video slice and the encryption key key-ts.

索引列表服务器3内置M3U8索引列表文件,M3U8索引列表文件能够写入加密视频切片的URL地址和加密密钥key-ts的URL地址。The index list server 3 has a built-in M3U8 index list file, and the M3U8 index list file can write the URL address of the encrypted video slice and the URL address of the encryption key key-ts.

客户端6能够向身份认证服务器2进行身份认证,客户端6向索引列表服务器3请求M3U8索引列表文件,并对M3U8索引列表文件的解析,客户端6采用指定的密钥生成算法生成密钥key-key;客户端6用密钥key-key对加密密钥key-ts进行解密,得到密钥key-ts,用密钥key-ts对加密视频切片进行解密并播放。The client 6 can perform identity authentication to the identity authentication server 2, and the client 6 requests the M3U8 index list file from the index list server 3, and analyzes the M3U8 index list file, and the client 6 uses the specified key generation algorithm to generate a key key -key; the client 6 decrypts the encryption key key-ts with the key key-key to obtain the key key-ts, and uses the key key-ts to decrypt the encrypted video slice and play it.

一种HLS流媒体的安全播放方法,如图2所示,使用一种HLS流媒体的安全播放系统,具体按照以下步骤实施:A kind of safe playing method of HLS streaming media, as shown in Figure 2, uses a kind of safe playing system of HLS streaming media, specifically implements according to the following steps:

步骤1、密钥服务器4随机生成密钥key-ts,加密服务器5通过密钥key-ts对视频切片进行加密,获得加密视频切片;密钥key-ts和密钥key-key均为128位对称秘钥。Step 1, the key server 4 randomly generates the key key-ts, and the encryption server 5 encrypts the video slice through the key key-ts to obtain the encrypted video slice; both the key key-ts and the key key-key are 128 bits Symmetric key.

步骤2、客户端6发送身份认证请求至内容分发服务器1、身份认证服务器2,得到登陆令牌,并将登陆令牌传输至客户端6,客户端6用登陆令牌向服务端模块发送请求,身份认证服务器2验证登陆令牌,通过验证后生成认证令牌,并将认证令牌分别传输至客户端6和密钥服务器4;Step 2. The client 6 sends an identity authentication request to the content distribution server 1 and the identity authentication server 2, obtains the login token, and transmits the login token to the client 6, and the client 6 uses the login token to send a request to the server module , the identity authentication server 2 verifies the login token, generates an authentication token after passing the verification, and transmits the authentication token to the client 6 and the key server 4 respectively;

具体过程为:通过客户端6向内容分发服务器1发送身份认证请求,内容分发服务器1将身份认证请求处理成身份认证服务指令,并将该身份认证服务指令传输至验证模块进行身份验证,验证通过后将身份认证服务指令传输至令牌生成模块,并在令牌生成模块内转换成登陆令牌,该登陆令牌通过内容分发服务器传输至客户端6,客户端6用登陆令牌向服务端模块发送请求,身份认证服务器2验证登陆令牌,通过验证后,内容分发服务器1生成认证令牌。The specific process is: the client 6 sends an identity authentication request to the content distribution server 1, and the content distribution server 1 processes the identity authentication request into an identity authentication service instruction, and transmits the identity authentication service instruction to the verification module for identity verification, and the verification passes Afterwards, the identity authentication service instruction is transmitted to the token generation module, and is converted into a login token in the token generation module. The login token is transmitted to the client 6 through the content distribution server, and the client 6 uses the login token to send the server The module sends a request, and the identity authentication server 2 verifies the login token. After passing the verification, the content distribution server 1 generates an authentication token.

步骤3、密钥服务器4通过密钥生成算法将认证令牌生成密钥key-key,通过密钥key-key对密钥key-ts进行加密,获得加密密钥key-ts;将加密视频切片的URL地址和加密密钥key-ts的URL地址写入索引列表服务器3的M3U8索引列表文件。Step 3, the key server 4 generates the key key-key from the authentication token through the key generation algorithm, encrypts the key key-ts through the key key-key, and obtains the encryption key key-ts; slices the encrypted video The URL address and the URL address of the encryption key key-ts are written into the M3U8 index list file of the index list server 3.

步骤4、客户端6向索引列表服务器3请求M3U8索引列表文件,并对M3U8索引列表文件的解析,获得加密视频切片和加密密钥key-ts;同时,客户端6用指定的密钥生成算法将认证令牌转换成密钥key-key。Step 4, the client 6 requests the M3U8 index list file from the index list server 3, and analyzes the M3U8 index list file to obtain the encrypted video slice and the encryption key key-ts; meanwhile, the client 6 uses the specified key generation algorithm Convert an authentication token into a key key-key.

步骤5、通过密钥key-key对加密密钥key-ts进行解密,得到密钥key-ts,用密钥key-ts对视频切片密文进行解密,实现对视频切片的播放。Step 5. Decrypt the encryption key key-ts with the key key-key to obtain the key key-ts, and use the key key-ts to decrypt the ciphertext of the video slice to realize the playback of the video slice.

通过上述方式,本发明一种HLS流媒体的安全播放系统和播放方法,通过对切片密钥进行加密,保证了密钥的安全性。同时,采用客户端与服务器约定好的密钥生成算法,将随机生成的、不断更新的认证令牌生成密钥,用来加密和解密视频切片密钥,进一步增加了密钥的安全性,从而增加了流媒体文件的安全性;另外,由于客户端用来解密的对称密钥是采用指定算法生成的,在达到更高安全性的同时,避免了安装额外客户端证书等的复杂操作,使用户在播放视频时保持简单、方便。Through the above method, the present invention provides a safe playback system and playback method for HLS streaming media, which ensures the security of the key by encrypting the slice key. At the same time, using the key generation algorithm agreed between the client and the server, the randomly generated and constantly updated authentication token is used to generate a key for encrypting and decrypting the video slice key, which further increases the security of the key, thereby It increases the security of streaming media files; in addition, because the symmetric key used by the client to decrypt is generated using a specified algorithm, while achieving higher security, it avoids complicated operations such as installing additional client certificates, making Keep it simple and convenient for users when playing videos.

Claims (10)

1. a kind of safety broadcasting system of HLS Streaming Media, which is characterized in that including server module and client (6);
The server module includes content distributing server (1), and content distributing server (1) is separately connected identity authentication service Device (2) and index list server (3), authentication module, token generation module built in authentication server (2), index list Server (3) is sequentially connected key server (4), encryption server (5), and forms encryption closed loop, identity authentication service Device (2) connects encryption server (5);
Client (6) the built-in key generation module, deciphering module, playing module, the client (6) pass through network connection Content distributing server (1), and service request can be issued.
2. a kind of safe playback method of HLS Streaming Media according to claim 1, which is characterized in that the content distribution clothes Business device (1) can receive the request of client (6) by network, have the function of reverse proxy and provide distribution service order.
3. a kind of safe playback method of HLS Streaming Media according to claim 2, which is characterized in that the authentication clothes Be engaged in device (2) can authentication, generate corresponding token, and be updated to the token, the authentication server (2) Using the authentication based on token.
4. a kind of safe playback method of HLS Streaming Media according to claim 3, which is characterized in that the key server (4) key key-ts can be generated at random, additionally it is possible to which received token is converted into key by specified key schedule key-key。
5. a kind of safe playback method of HLS Streaming Media according to claim 4, which is characterized in that the encryption server (5) key key-ts can be made to encrypt video segment, while encrypts key key-key to key key-ts, Obtain encrypted video slice and encryption key key-ts.
6. a kind of safe playback method of HLS Streaming Media according to claim 5, which is characterized in that the index list clothes The address URL of encrypted video slice can be written in M3U8 index list file built in business device (3), the M3U8 index list file With the address URL of encryption key key-ts.
7. a kind of safe playback method of HLS Streaming Media according to claim 6, which is characterized in that client (6) energy Enough to carry out authentication to authentication server (2), the client (6) requests M3U8 rope to index list server (3) Draw listing file, and the parsing to M3U8 index list file, the client (6) is generated using specified key schedule Key key-key;The client (6) is decrypted encryption key key-ts with key key-key, obtains key key- Ts is decrypted and is played to encrypted video slice with key key-ts.
8. a kind of safe playback method of HLS Streaming Media, which is characterized in that use a kind of HLS Streaming Media as described in claim 1 Safety broadcasting system, be specifically implemented according to the following steps:
Step 1, key server (4) generate key key-ts at random, and encryption server (5) cuts video by key key-ts Piece is encrypted, and encrypted video slice is obtained;
Step 2, client (6) send ID authentication request to content distributing server (1), authentication server (2), obtain Log in token, and token will be logged in and be transmitted to client (6), client (6) with log in token to server module send request, Authentication server (2) verifying logs in token, by generating authentication token after verifying, and authentication token is transmitted separately to visitor Family end (6) and key server (4);
Authentication token is generated key key-key by key schedule by step 3, key server (4), passes through key key- Key encrypts key key-ts, obtains encryption key key-ts;By the address URL of encrypted video slice and encryption key The M3U8 index list file of the address URL write-in index list server (3) of key-ts;
Step 4, client (6) request M3U8 index list file to index list server (3), and to M3U8 index list text The parsing of part obtains encrypted video slice and encryption key key-ts;Meanwhile the specified key schedule of client (6) Authentication token is converted into key key-key;
Step 5 is decrypted encryption key key-ts by key key-key, key key-ts is obtained, with key key-ts Video segment ciphertext is decrypted, realizes the broadcasting to video segment.
9. a kind of safe playback method of HLS Streaming Media according to claim 8, which is characterized in that key described in step 1 Key-ts and key key-key is 128 symmetrical code keys.
10. a kind of safe playback method of HLS Streaming Media according to claim 8, which is characterized in that step 2 detailed process For:ID authentication request is sent to content distributing server (1) by client (6), content distributing server (1) recognizes identity Card request is processed into identity authentication service instruction, and identity authentication service instruction is transmitted to authentication module progress identity and is tested Identity authentication service instruction is transmitted to token generation module after being verified, and is converted into stepping in token generation module by card Land token, this logs in token and is transmitted to client (6) by content distributing server, and client (6) is with logging in token to service End module sends request, and authentication server (2) verifying logs in token, and after verifying, content distributing server (1) is generated Authentication token.
CN201810590071.XA 2018-06-08 2018-06-08 HLS streaming media safe playing system and playing method Expired - Fee Related CN108881205B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810590071.XA CN108881205B (en) 2018-06-08 2018-06-08 HLS streaming media safe playing system and playing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810590071.XA CN108881205B (en) 2018-06-08 2018-06-08 HLS streaming media safe playing system and playing method

Publications (2)

Publication Number Publication Date
CN108881205A true CN108881205A (en) 2018-11-23
CN108881205B CN108881205B (en) 2020-11-17

Family

ID=64338580

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810590071.XA Expired - Fee Related CN108881205B (en) 2018-06-08 2018-06-08 HLS streaming media safe playing system and playing method

Country Status (1)

Country Link
CN (1) CN108881205B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672670A (en) * 2018-12-11 2019-04-23 中新金桥数字科技(北京)有限公司 A method of based on mobile phone H5 safe web page playing stream media
CN109743170A (en) * 2018-11-30 2019-05-10 视联动力信息技术股份有限公司 A kind of Streaming Media logs in and the method and apparatus of data transmission encryption
CN111294667A (en) * 2020-03-09 2020-06-16 联通沃音乐文化有限公司 Online video anti-theft system and method based on encryption timestamp
WO2020256666A1 (en) * 2019-06-21 2020-12-24 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi A media streaming system compatible with content distribution networks
CN112188308A (en) * 2020-08-31 2021-01-05 北京火眼目测科技有限公司 Method and device for generating encrypted video file library
CN114501069A (en) * 2020-11-13 2022-05-13 北京新氧科技有限公司 HLS-based multimedia playing method, system, device and storage medium
CN114666616A (en) * 2022-03-16 2022-06-24 同方知网数字出版技术股份有限公司 Low-cost high-confidentiality live broadcast playback method
CN115811625A (en) * 2021-09-14 2023-03-17 果核数位股份有限公司 Streaming media service method and system for customizing information security level
WO2023039694A1 (en) * 2021-09-14 2023-03-23 果核数位股份有限公司 Streaming service method and system capable of realizing information security level customization

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1498479A (en) * 2002-01-31 2004-05-19 ���ṫ˾ Streaming system and streaming method for distributing encrypted data
CN1964479A (en) * 2006-11-24 2007-05-16 清华大学 Method for realizing management of digital copyright based on stream media broadcast
US20100119060A1 (en) * 2008-11-13 2010-05-13 Canon Kabushiki Kaisha Receiving apparatus and method for controlling the same
JP2010130054A (en) * 2008-11-25 2010-06-10 Renesas Electronics Corp Descrambler, descrambling method and control program
CN102255886A (en) * 2011-04-02 2011-11-23 南京邮电大学 Encryption and decryption methods of streaming media on-demand system
CN104283686A (en) * 2014-05-27 2015-01-14 深圳市天朗时代科技有限公司 Digital right management method and system
CN106464485A (en) * 2014-02-11 2017-02-22 爱立信股份有限公司 System and method for securing content keys delivered in manifest files
CN106790074A (en) * 2016-12-21 2017-05-31 中国传媒大学 A kind of fine granularity streaming media video encryption and decryption method based on HLS protocol
CN106936770A (en) * 2015-12-30 2017-07-07 玲珑视界科技(北京)有限公司 A kind of HLS index lists encrypted antitheft catenary system and method
CN107707504A (en) * 2016-08-08 2018-02-16 中国电信股份有限公司 A kind of player method of Streaming Media, system and server and client side
CN108038355A (en) * 2017-12-14 2018-05-15 安徽新华传媒股份有限公司 IPTV system for numeral copyright management and its method based on Database Systems on-line authentication
CN108111876A (en) * 2017-12-21 2018-06-01 北京四达时代软件技术股份有限公司 A kind of LAN video contents of streaming media method for security protection, terminal and server

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1498479A (en) * 2002-01-31 2004-05-19 ���ṫ˾ Streaming system and streaming method for distributing encrypted data
CN1964479A (en) * 2006-11-24 2007-05-16 清华大学 Method for realizing management of digital copyright based on stream media broadcast
US20100119060A1 (en) * 2008-11-13 2010-05-13 Canon Kabushiki Kaisha Receiving apparatus and method for controlling the same
JP2010130054A (en) * 2008-11-25 2010-06-10 Renesas Electronics Corp Descrambler, descrambling method and control program
CN102255886A (en) * 2011-04-02 2011-11-23 南京邮电大学 Encryption and decryption methods of streaming media on-demand system
CN106464485A (en) * 2014-02-11 2017-02-22 爱立信股份有限公司 System and method for securing content keys delivered in manifest files
CN104283686A (en) * 2014-05-27 2015-01-14 深圳市天朗时代科技有限公司 Digital right management method and system
CN106936770A (en) * 2015-12-30 2017-07-07 玲珑视界科技(北京)有限公司 A kind of HLS index lists encrypted antitheft catenary system and method
CN107707504A (en) * 2016-08-08 2018-02-16 中国电信股份有限公司 A kind of player method of Streaming Media, system and server and client side
CN106790074A (en) * 2016-12-21 2017-05-31 中国传媒大学 A kind of fine granularity streaming media video encryption and decryption method based on HLS protocol
CN108038355A (en) * 2017-12-14 2018-05-15 安徽新华传媒股份有限公司 IPTV system for numeral copyright management and its method based on Database Systems on-line authentication
CN108111876A (en) * 2017-12-21 2018-06-01 北京四达时代软件技术股份有限公司 A kind of LAN video contents of streaming media method for security protection, terminal and server

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109743170A (en) * 2018-11-30 2019-05-10 视联动力信息技术股份有限公司 A kind of Streaming Media logs in and the method and apparatus of data transmission encryption
CN109743170B (en) * 2018-11-30 2021-12-10 视联动力信息技术股份有限公司 Method and device for logging in streaming media and encrypting data transmission
CN109672670A (en) * 2018-12-11 2019-04-23 中新金桥数字科技(北京)有限公司 A method of based on mobile phone H5 safe web page playing stream media
WO2020256666A1 (en) * 2019-06-21 2020-12-24 Medianova Internet Hizmetleri Ve Ticaret Anonim Sirketi A media streaming system compatible with content distribution networks
CN111294667A (en) * 2020-03-09 2020-06-16 联通沃音乐文化有限公司 Online video anti-theft system and method based on encryption timestamp
CN112188308A (en) * 2020-08-31 2021-01-05 北京火眼目测科技有限公司 Method and device for generating encrypted video file library
CN112188308B (en) * 2020-08-31 2022-08-12 北京火眼目测科技有限公司 Method and device for generating encrypted video file library
CN114501069A (en) * 2020-11-13 2022-05-13 北京新氧科技有限公司 HLS-based multimedia playing method, system, device and storage medium
CN114501069B (en) * 2020-11-13 2024-06-07 北京新氧科技有限公司 HLS-based multimedia playing method, system, equipment and storage medium
CN115811625A (en) * 2021-09-14 2023-03-17 果核数位股份有限公司 Streaming media service method and system for customizing information security level
WO2023039694A1 (en) * 2021-09-14 2023-03-23 果核数位股份有限公司 Streaming service method and system capable of realizing information security level customization
CN114666616A (en) * 2022-03-16 2022-06-24 同方知网数字出版技术股份有限公司 Low-cost high-confidentiality live broadcast playback method

Also Published As

Publication number Publication date
CN108881205B (en) 2020-11-17

Similar Documents

Publication Publication Date Title
CN108881205B (en) HLS streaming media safe playing system and playing method
CN105939484B (en) A kind of the encryption playback method and its system of audio-video
US10698985B2 (en) Extending data confidentiality into a player application
TWI510066B (en) Systems and methods for securely streaming media content
US20230214459A1 (en) Digital rights management for http-based media streaming
KR101541911B1 (en) Devices and methods that provide security services in the user interface
US9026782B2 (en) Token-based entitlement verification for streaming media decryption
CN107707504B (en) Streaming media playing method and system, server and client
WO2019153433A1 (en) Secret key providing method, video playback method, server and client
JP5021639B2 (en) Protected content transport using streaming control and transport protocols
CN106936770B (en) A kind of HLS index list encrypted antitheft catenary system and method
CN101299753A (en) Web service security control mechanism based on proxy server
CN111556340B (en) Safe cross-platform video stream playing method
US20220171832A1 (en) Scalable key management for encrypting digital rights management authorization tokens
WO2018120998A1 (en) Method and system for interaction between set top box and server
KR20070029864A (en) Method and apparatus for securely transmitting and receiving data one-to-one
CN112752122B (en) Video encryption transmission method of intelligent camera and computer readable storage medium
CN102843335B (en) The processing method of streaming medium content and equipment
CN101980500A (en) Digital signature-based point-to-point flow control method and system
CN111917756B (en) Encryption system and encryption method of law enforcement recorder based on public key routing
CN114189706B (en) Media playing method, system, device, computer equipment and storage medium
CN114040229B (en) Video encryption and decryption method and device
CN117857852A (en) Method and device for preventing video downloading
CN115643459A (en) Video processing method, system, storage medium and electronic equipment
CN114760501A (en) Digital copyright protection method, system, server, module, player and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201117