CN111988644B - Anti-stealing-link method, device, equipment and storage medium for network video - Google Patents

Anti-stealing-link method, device, equipment and storage medium for network video Download PDF

Info

Publication number
CN111988644B
CN111988644B CN202010803759.9A CN202010803759A CN111988644B CN 111988644 B CN111988644 B CN 111988644B CN 202010803759 A CN202010803759 A CN 202010803759A CN 111988644 B CN111988644 B CN 111988644B
Authority
CN
China
Prior art keywords
user
identification information
network video
user terminal
identity identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010803759.9A
Other languages
Chinese (zh)
Other versions
CN111988644A (en
Inventor
陈国利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
LeTV Sports Culture Develop Beijing Co Ltd
Original Assignee
LeTV Sports Culture Develop Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by LeTV Sports Culture Develop Beijing Co Ltd filed Critical LeTV Sports Culture Develop Beijing Co Ltd
Priority to CN202010803759.9A priority Critical patent/CN111988644B/en
Publication of CN111988644A publication Critical patent/CN111988644A/en
Application granted granted Critical
Publication of CN111988644B publication Critical patent/CN111988644B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/239Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests
    • H04N21/2393Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests involving handling client requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/65Transmission of management data between client and server
    • H04N21/658Transmission by the client directed to the server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/80Generation or processing of content or additional data by content creator independently of the distribution process; Content per se
    • H04N21/85Assembly of content; Generation of multimedia applications
    • H04N21/858Linking data to content, e.g. by linking an URL to a video object, by creating a hotspot
    • H04N21/8586Linking data to content, e.g. by linking an URL to a video object, by creating a hotspot by using a URL

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Graphics (AREA)
  • Information Transfer Between Computers (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The disclosure provides a method, a device, equipment and a storage medium for preventing a hotlink of a network video. The method comprises the following steps: the proxy layer responds to a received network video address acquisition request sent by a user side to acquire the identity identification information of the first user side; judging whether the identity identification information is legal or not; if the identity identification information is legal identity identification information, allocating a unique identification for the first user terminal, and returning video address information with the unique identification; the scheduling layer determines a unique identifier corresponding to the user side according to the identity identifier information of the second user side; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if not, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal. In this way, spoofing of the IP authentication of the media server by the same IP address as the authorized user can be effectively prevented.

Description

Anti-stealing-link method, device, equipment and storage medium for network video
Technical Field
Embodiments of the present disclosure relate generally to the field of anti-stealing link technology for network videos, and more particularly, to an anti-stealing link method, apparatus, device, and storage medium for network videos.
Background
With the rapid development of internet technology and multimedia technology, authorized users can access streaming media files, such as video files, provided by multimedia service providers through media servers through clients (such as mobile phones, notebooks, and other terminals), but in practical applications, some illegal merchants can steal Uniform Resource Locators (URLs) of the streaming media files provided by the multimedia service providers through related technologies (such as a packet capture technology), and enable other users (users unauthorized by the multimedia service providers) to access the streaming media files provided by the multimedia service providers through the stolen URLs to illegally obtain benefits, which causes legitimate benefits of the multimedia service providers to be damaged, and thus, an anti-theft chain of the streaming media files is particularly important for the multimedia service providers.
The working principle of the dynamic Streaming media Transport Protocol (HLS, HTTP Live Streaming) is to divide the whole data Stream into small fragment Transport Stream (TS, Transport Stream) files based on hypertext Transport Protocol (HTTP), and download the small fragment Transport Stream (TS, Transport Stream) files, and when a Streaming media session is started, the client downloads an index file (M3u8, extended M3U) containing metadata, then parses out the URL of each TS file from the list of index files, and then downloads the fragment files for playing.
In the prior art, no effective method is provided for preventing illegal merchants from forging the same IP address as an authorized user to cheat the IP authentication of the media server, and then obtaining the streaming media file through a hotlink.
Disclosure of Invention
According to the embodiment of the disclosure, a hotlink prevention scheme is provided, which can prevent illegal merchants from forging the same IP address as an authorized user to cheat the IP authentication of a media server, and further prevent network videos of streaming media files from being acquired through hotlink.
In a first aspect of the present disclosure, a method for preventing a hotlink of a network video is provided, including:
the proxy layer responds to a received network video address acquisition request sent by a first user end to acquire the identity identification information of the first user end; judging whether the identity identification information is legal or not; if the identity identification information is legal identity identification information, allocating a unique identification for the first user terminal, and returning video address information with the unique identification;
the scheduling layer responds to a received acquisition request of network video content sent by a second user end, and determines a unique identifier corresponding to the user end according to the identity identifier information of the second user end; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if the unique identifier is not consistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
The above-described aspects and any possible implementations further provide an implementation in which the identification information includes user agent service identification information and user IP address information;
the determining whether the identification information is legal specifically includes:
judging whether the user agent service identification information and the user IP address information are in a preset blacklist list or not;
if the user agent service identification information and the user IP address information are in a preset blacklist, the identity identification information is illegal identity identification information;
and if the user agent service identification information and the user IP address information are not in a preset blacklist, the identity identification information is legal identity identification information.
The foregoing aspects and any possible implementations further provide an implementation, where assigning a unique identifier to the first user end and returning video address information with the unique identifier includes:
generating a random number for the first user terminal, integrating the generated random number and the identity identification information of the first user terminal into a first character string, encrypting the first character string to generate a first encryption character string, taking the first encryption character string as a unique identification, and returning video address information with the unique identification.
The above-described aspects and any possible implementation further provide an implementation, further including:
and judging whether the access frequency of the first user side in a preset time period is greater than a first preset threshold value according to the network video address acquisition request, and if the access frequency is greater than the first preset threshold value, adding the identity identification information of the first user side into a blacklist.
As to the above-described aspect and any possible implementation, there is further provided an implementation, further including:
and judging whether the access bandwidth of the second user side in a preset time period is greater than a second preset threshold value according to the acquisition request of the network video content, and if the access bandwidth is greater than the second preset threshold value, adding the identity identification information of the second user side into a blacklist.
As to the above-mentioned aspect and any possible implementation manner, further providing an implementation manner, where determining the unique identifier corresponding to the ue according to the identity information of the second ue includes:
and acquiring a random number generated by the agent layer for the first user side, integrating the random number and the identification information of the second user side into a second character string, encrypting the second character string by using the same encryption method as that for the first character string to generate a second encryption character string, and using the second encryption character string as the unique identification of the second user side.
The above-described aspects and any possible implementation further provide an implementation, further including:
judging whether the acquisition request of the network video content accords with a preset rule, if not, refusing to return the network video content to the second user end, wherein the preset rule comprises:
a video request in a player MP4 format, which is sent by a mobile phone app end, refuses to provide video content;
when a request is sent by the Safari browser, the UA prohibits the occurrence of Windows keywords;
and when the request is sent by the PC browser, the UA forbids the keywords of Dalvik and Lavf.
In a second aspect of the present disclosure, there is provided a device for preventing a hotlink of a network video, including:
the proxy service module is used for responding to an acquisition request of a network video address sent by a first user terminal by a layer and acquiring the identity identification information of the first user terminal; if the identity identification information is legal identity identification information, allocating a unique identification to the first user terminal, and returning video address information with the unique identification;
the scheduling service module is used for responding to a received acquisition request of network video content sent by a second user end and determining a unique identifier corresponding to the user end according to the identity identification information of the second user end; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if the unique identifier is inconsistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
In a third aspect of the present disclosure, an electronic device is provided, comprising a memory having stored thereon a computer program and a processor implementing the method as described above when executing the program.
In a fourth aspect of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method as set forth above.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
By the anti-stealing-link method for the network video, the problem that illegal merchants forge the same IP address as an authorized user to cheat the IP authentication of the media server can be solved, and further the streaming media file is prevented from being acquired through stealing-link.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
fig. 1 shows a flowchart of a method for preventing a network video from stealing a link according to a first embodiment of the disclosure;
fig. 2 is a flowchart illustrating a specific example of a network video anti-stealing link method according to a second embodiment of the disclosure;
fig. 3 is a functional structure diagram of a network video anti-stealing-link device according to a third embodiment of the disclosure;
fig. 4 shows a schematic structural diagram of a network video anti-stealing-link device according to a fourth embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The anti-stealing link method for the network video of the embodiment judges whether the identity information of the user side sending the request twice is consistent by comparing the user identity identification information contained in the network video address acquisition request sent by the user and received by the proxy layer with the user identity information contained in the network video content acquisition request sent by the user and the unique identification distributed to the first user side after the network video address acquisition request sent by the user is received by the scheduling layer, and whether the stealing link occurs when the scheduling layer receives the network video address acquisition request sent by the user. Meanwhile, the unique identification is determined through a specific algorithm, so that the stealing link judgment result is more accurate.
Specifically, as shown in fig. 1, it is a flowchart of a method for preventing a network video from being stolen according to a first embodiment of the present disclosure. As shown in fig. 1, the method of this embodiment may include the following steps:
s101: the proxy layer responds to a received network video address acquisition request sent by a first user end to acquire the identity identification information of the first user end; judging whether the identity identification information is legal or not; if the identity identification information is legal identity identification information, allocating a unique identification for the first user terminal, and returning video address information with the unique identification.
In general, when a user obtains a network video provided by a service provider through a user side, the network video content is obtained through an HTTP protocol, and the HTTP protocol involves seven layers of information interaction in an interaction process. The method comprises the steps that an agent layer receives an acquisition request of a network video address sent by a first user end, the acquisition request comprises identity identification information of the first user end and request information for acquiring network video content, the identity identification information further comprises UA and IP addresses, the format of the identity identification information can be UA + IP + network video names, the UA, the IP and the network video names can be divided through necessary symbols, wherein the UA is user agent service identification information, called UA for short, and is a special character string header, so that a server can identify information such as an operating system and version, CPU type, browser and version, browser rendering engine, browser language, browser plug-in and the like used by a client.
For the same user side, the UA + IP is generally fixed, so when receiving an acquisition request of a network video address sent by the user side, the UA and IP address of the first user side can be acquired from the acquisition request first, and then whether the user agent service identification information and the user IP address information are in a preset blacklist is judged first. And if the user agent service identification information and the user IP address information are in a preset blacklist list and the identity identification information is illegal identity identification information, refusing to return a network video playing address to the first user terminal and refusing to provide network video playing service for the first user terminal. And if the user agent service identification information and the user IP address information are not in a preset blacklist, the identity identification information is legal identity identification information. Then, a network video playing service can be provided for the first user end, and at this time, a unique identifier can be allocated to the first user end, and video address information with the unique identifier is returned.
In this embodiment, the blacklist is a pre-established blacklist, the UA and IP addresses of the user side with the hotlink behavior are recorded in the blacklist, and by matching the UA and IP addresses of the first user side with the UA and IP addresses in the blacklist, it can be determined whether the UA and IP addresses of the first user side are recorded in the blacklist. In order to avoid the blacklist mechanism, some users acquire network video addresses through the UA and the user side whose IP address is not in the blacklist, and then acquire network video content, that is, a so-called hotlink, on other user sides by using the acquired network video addresses, and therefore, the behavior needs to be further discriminated. In order to screen such behaviors, the present disclosure adopts corresponding technical means, specifically referring to step S102.
S102: the scheduling layer responds to a received network video content acquisition request sent by a second user end, and determines a unique identifier corresponding to the user end according to the identity identification information of the second user end; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if the unique identifier is not consistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
In this embodiment, in general, the time interval between the proxy layer and the scheduling layer receiving the acquisition request from the user end is very short, and generally does not exceed 1S. In this embodiment, mainly for identifying whether the ue sending the network video address obtaining request and the ue sending the network video content obtaining request are the same ue, since in an actual application scenario, the ue sending the network video address obtaining request and the ue sending the network video content obtaining request may be the same ue (i.e. legal users) or may not be the same ue (i.e. there is a hotlinking behavior), in order to clearly describe the technical solution of this embodiment, the two-purpose first ue and second ue refer to two ues sending obtaining requests to the proxy layer and the scheduling layer, it is understood that "first" and "second" herein refer to only two ues without any limiting effect.
And after the agent layer distributes the unique identifier for the first user terminal and returns the video address information with the unique identifier, under the normal condition, the first user terminal sends an acquisition request of the network video content to the scheduling layer according to the video address information with the unique identifier. When a link stealing behavior occurs, the first user sends the video address information with the unique identifier to the second user, and the second user sends an acquisition request of the network video content to the scheduling layer according to the video address information with the unique identifier.
When the scheduling layer receives an acquisition request of network video content sent by a second user end, determining a unique identifier corresponding to the user end according to the identity identification information of the second user end. The unique identifier is generated in the following manner. Firstly, when the proxy layer receives a request for acquiring a network video address sent by a first user, a unique identifier is allocated to the user, the unique identifier can be an encrypted character string obtained by encrypting a character string formed by a random number allocated to the first user by the proxy layer and identity information of the first user by a secret key stored by the proxy layer and a scheduling layer, then the unique identifier and the video address information of the network video are sent to the first user, and the random number is sent to the scheduling layer at the same time. And the second user end accesses the scheduling layer according to the video address information and sends a video content acquisition request with the unique identifier to the scheduling layer. After receiving the acquisition request, the scheduling layer calculates to obtain a unique identifier according to the identity identifier information of the second user, the random number sent by the proxy layer and the secret key stored in the scheduling layer, judges whether the calculated unique identifier is consistent with the unique identifier in the acquisition request sent by the second user, and if so, determines that the first user and the second user are the same user and returns network video content to the second user. And if the unique identifier is not consistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
In this embodiment, when calculating the unique identifier, an MD5 encryption algorithm may be used, and other similar encryption algorithms may also be used, which is not listed in this embodiment.
The method of the embodiment can prevent illegal merchants from forging the same IP address as the authorized user to cheat the IP authentication of the media server, and further prevent the streaming media file from being acquired through a hotlink.
As an optional embodiment of the present disclosure, in the above embodiment, when the proxy layer receives an acquisition request of a network video address sent by the first user, the access frequency of the first user, that is, the frequency of the acquisition request of the network video address sent by the first user to the proxy layer, may be obtained according to the identity information of the first user, and it is determined whether a hotlinking behavior exists. Specifically, the number of times that the first user accesses the proxy layer may be counted by using a big data technology at a time interval of one month, the access frequency of the first user is determined, and a threshold value may be preset, for example, 20 times/month, and if the access frequency of the first user exceeds the preset threshold value, it indicates that the user is suspected of acquiring the network video address for another user, and the first user is added to the blacklist list. The threshold of the access frequency in this embodiment may be specifically set according to actual situations.
As an optional embodiment of the present disclosure, in the above embodiment, when the scheduling layer receives an acquisition request of the network video content sent by the second user, the scheduling layer may acquire the access bandwidth of the second user, that is, the amount of traffic of the video content sent to the second user, according to the identity information of the second user, and determine whether a hotlinking behavior exists. Specifically, the data amount of the second user terminal acquiring the video content from the scheduling layer may also be counted by using a big data technology at a time interval of one month, and similarly, a threshold may also be preset, and if the data amount of the second user terminal acquiring the video content exceeds the preset threshold, the second user terminal is added to the blacklist list.
It should be noted that, in the embodiments of the present disclosure, the network video address and the network video content refer to an address and content of the same network video. In short, the scheme of the embodiment of the present disclosure is to prevent the same user terminal from accessing the same network video content for multiple times, because no one can watch the same video repeatedly under normal conditions.
As an optional embodiment of the present disclosure, in the above embodiment, when the scheduling layer receives an acquisition request of a network video content sent by a second user end, it is determined whether the acquisition request of the network video content meets a preset rule, and if the acquisition request of the network video content does not meet the preset rule, the scheduling layer rejects to return the network video content to the second user end, where the preset rule includes:
a video request in a player MP4 format, which is sent by a mobile phone app end, refuses to provide video content;
when a request is sent by the Safari browser, the UA prohibits the occurrence of Windows keywords;
and when the request is sent by the PC browser, the UA prohibits the keywords of Dalvik and Lavf from appearing.
Alternative embodiments of the present disclosure can achieve similar technical effects as the first embodiment, and are not repeated herein.
Fig. 2 is a flowchart illustrating a specific example of a method for preventing a network video from being stolen according to a second embodiment of the disclosure. As shown in the figure, when a user accesses the proxy layer and the proxy layer receives a network video address acquisition request of a user side, the proxy layer first acquires the identification information (i.e., UA and IP addresses) of the user side, and in addition, can also acquire the account information of the user, upload the acquired identification information and account information to a Redis cluster, and update the frequency of the identification information and account information of the user side, that is, statistics is performed on the access frequency of the user side by using big data, and the Redis cluster is an open-source database and can store data. Then the agent layer judges whether the identity identification information and the account information of the user side are in a blacklist, if so, the agent layer refuses to provide service for the user side, namely refuses to return a network video address to the user side. If the network video address is not in the blacklist, the network video address is returned to the user terminal according to the first embodiment. Then, after receiving the network video content acquisition request sent by the user side, the scheduling layer judges whether the unique identifier of the user side is consistent with the unique identifier in the network video address information returned by the proxy layer, if so, the scheduling layer further executes the logic judgment of operation and maintenance configuration, and if not, the scheduling layer refuses to provide the network video content for the user side. The operation and maintenance configuration logic judges whether parameters such as ua (user agent), Referer, URL and the like in the identity information of the user side are in compliance, for example, a player MP4 format video request sent by the mobile phone app side refuses to provide video content; when a request is sent by the Safari browser, the UA prohibits the occurrence of Windows keywords; and when the request is sent by the PC browser, the UA prohibits the occurrence of Dalvik keywords, Lavf keywords and the like. If the request for obtaining the network video content conforms to the logic of the operation and maintenance configuration, the scheduling layer returns the network video content to the user side, otherwise, the video content is refused to be provided.
In this embodiment, when a false seal occurs (that is, the user side does not have a stealing link behavior, but is still denied to provide service), the user side may complain to the background server, the acquired server may use a big data technology to count the complaining content, and the operation and maintenance staff may periodically update the configured logic according to the statistical result, thereby avoiding the false seal.
The method of the embodiment can prevent illegal merchants from forging the same IP address as the authorized user to cheat the IP authentication of the media server, and further prevent the streaming media file from being acquired through a hotlink.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that acts and modules referred to are not necessarily required by the disclosure.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
The above is a description of embodiments of the method, and the embodiments of the apparatus are described below to further illustrate the aspects of the disclosure.
Fig. 3 is a schematic functional structure diagram of a network video anti-stealing device according to a third embodiment of the disclosure. The anti-stealing-link device for the network video comprises:
the proxy service module 301 is configured to layer, in response to receiving an acquisition request of a network video address sent by a first user, acquire identity information of the first user; if the identity identification information is legal identity identification information, allocating a unique identification for the first user terminal, and returning video address information with the unique identification;
the scheduling service module 302 is configured to, in response to receiving an acquisition request of network video content sent by a second user, determine, according to the identity information of the second user, a unique identifier corresponding to the user; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if the unique identifier is not consistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
Fig. 4 shows a schematic structural diagram of a network video anti-stealing-link device according to a fourth embodiment of the present disclosure. The terminal device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 4, the computer system includes a Central Processing Unit (CPU)401 that can perform various appropriate actions and processes based on a program stored in a Read Only Memory (ROM)402 or a program loaded from a storage section 408 into a Random Access Memory (RAM) 403. In the RAM403, various programs and data necessary for system operation are also stored. The CPU 401, ROM 402, and RAM403 are connected to each other via a bus 404. An input/output (I/O) interface 405 is also connected to bus 404.
The following components are connected to the I/O interface 405: an input section 406 including a keyboard, a mouse, and the like; an output section 407 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 408 including a hard disk and the like; and a communication section 409 including a network interface card such as a LAN card, a modem, or the like. The communication section 409 performs communication processing via a network such as the internet. Drivers 410 are also connected to the I/O interface 405 on an as needed basis. A removable medium 411 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 410 on an as-needed basis, so that a computer program read out therefrom is mounted on the storage section 408 on an as-needed basis.
In particular, based on the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 409 and/or installed from the removable medium 411. The computer program performs the above-described functions defined in the method of the present application when executed by a Central Processing Unit (CPU) 401.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), an Application Specific Standard Product (ASSP), a system on a chip (SOC), a load programmable logic device (CPLD), and the like.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, causes the functions/acts specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (8)

1. A method for preventing a network video from being stolen is characterized by comprising the following steps:
the proxy layer responds to a received network video address acquisition request sent by a first user end to acquire the identity identification information of the first user end; judging whether the identity identification information is legal or not; if the identity identification information is legal identity identification information, generating a random number for the first user side, integrating the generated random number and the identity identification information of the first user side into a first character string, encrypting the first character string to generate a first encrypted character string, taking the first encrypted character string as a unique identifier, and returning video address information with the unique identifier;
the method comprises the steps that a dispatching layer responds to a received acquisition request of network video content sent by a second user end, acquires a random number generated by a proxy layer for the first user end, integrates the random number and identity identification information of the second user end into a second character string, encrypts the second character string by using the same encryption method as that of the first character string to generate a second encryption character string, and uses the second encryption character string as a unique identification of the second user end; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if the unique identifier is not consistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
2. The method of claim 1, wherein the id information comprises user agent service identification information and user IP address information;
the determining whether the identification information is legal specifically includes:
judging whether the user agent service identification information and the user IP address information are in a preset blacklist;
if the user agent service identification information and the user IP address information are in a preset blacklist, the identity identification information is illegal identity identification information;
and if the user agent service identification information and the user IP address information are not in a preset blacklist, the identity identification information is legal identity identification information.
3. The method for preventing hotlinking of network video according to claim 1, further comprising:
and judging whether the access frequency of the first user side in a preset time period is greater than a first preset threshold value according to the network video address acquisition request, and if the access frequency is greater than the first preset threshold value, adding the identity identification information of the first user side into a blacklist.
4. The network video anti-hotlinking method according to claim 3, further comprising:
and judging whether the access bandwidth of the second user side in a preset time period is greater than a second preset threshold value according to the acquisition request of the network video content, and if the access bandwidth is greater than the second preset threshold value, adding the identity identification information of the second user side into a blacklist.
5. The method for preventing hotlinking of network video according to claim 1, further comprising:
judging whether the acquisition request of the network video content accords with a preset rule, if not, refusing to return the network video content to the second user end, wherein the preset rule comprises:
a video request in a player MP4 format, which is sent by a mobile phone app end, refuses to provide video content;
when a request is sent by the Safari browser, the UA prohibits the occurrence of Windows keywords;
and when the request is sent by the PC browser, the UA prohibits the keywords of Dalvik and Lavf from appearing.
6. An anti-stealing-link device for network video, comprising:
the proxy service module is used for responding to an acquisition request of a network video address sent by a first user terminal by a layer and acquiring the identity identification information of the first user terminal; if the identity identification information is legal identity identification information, generating a random number for the first user side, integrating the generated random number and the identity identification information of the first user side into a first character string, encrypting the first character string to generate a first encrypted character string, taking the first encrypted character string as a unique identifier, and returning video address information with the unique identifier;
the scheduling service module is used for responding to a received acquisition request of network video content sent by a second user end, acquiring a random number generated by an agent layer for the first user end, integrating the random number and identity identification information of the second user end into a second character string, encrypting the second character string by using the same encryption method as that for the first character string to generate a second encrypted character string, and using the second encrypted character string as a unique identification of the second user end; and judging whether the unique identifier is consistent with the unique identifier distributed to the first user terminal by the proxy layer, if the unique identifier is not consistent with the unique identifier distributed to the first user terminal by the proxy layer, determining that the first user terminal and the second user terminal are not the same user terminal, and refusing to return network video content to the second user terminal.
7. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor, when executing the program, implements the method of any of claims 1-5.
8. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method according to any one of claims 1 to 5.
CN202010803759.9A 2020-08-11 2020-08-11 Anti-stealing-link method, device, equipment and storage medium for network video Active CN111988644B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010803759.9A CN111988644B (en) 2020-08-11 2020-08-11 Anti-stealing-link method, device, equipment and storage medium for network video

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010803759.9A CN111988644B (en) 2020-08-11 2020-08-11 Anti-stealing-link method, device, equipment and storage medium for network video

Publications (2)

Publication Number Publication Date
CN111988644A CN111988644A (en) 2020-11-24
CN111988644B true CN111988644B (en) 2022-08-16

Family

ID=73434334

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010803759.9A Active CN111988644B (en) 2020-08-11 2020-08-11 Anti-stealing-link method, device, equipment and storage medium for network video

Country Status (1)

Country Link
CN (1) CN111988644B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113938715A (en) * 2021-09-26 2022-01-14 山东浪潮通软信息科技有限公司 Video data acquisition system and method
CN114143577B (en) * 2021-11-26 2023-10-24 中电信数智科技有限公司 Video acquisition method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101815060A (en) * 2009-02-23 2010-08-25 未序网络科技(上海)有限公司 Anti-stealing link method of internet content delivery network
CN105721411A (en) * 2015-05-15 2016-06-29 乐视云计算有限公司 Method for preventing hotlinking, server and client terminalfor preventing hotlinking
US9888290B1 (en) * 2016-03-24 2018-02-06 Sprint Communications Company L.P. Service denial notification in secure socket layer (SSL) processing
CN107911336A (en) * 2017-10-09 2018-04-13 西安交大捷普网络科技有限公司 A kind of WEB steals chain means of defence
CN109040079A (en) * 2018-08-09 2018-12-18 广东省南方数字电视无线传播有限公司 The establishment of live streaming chained address and verification method and related device
CN109905731A (en) * 2019-02-22 2019-06-18 湖南快乐阳光互动娱乐传媒有限公司 It can the anti-pass video file downloading anti-stealing link method, system and the medium usurped

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101815060A (en) * 2009-02-23 2010-08-25 未序网络科技(上海)有限公司 Anti-stealing link method of internet content delivery network
CN105721411A (en) * 2015-05-15 2016-06-29 乐视云计算有限公司 Method for preventing hotlinking, server and client terminalfor preventing hotlinking
US9888290B1 (en) * 2016-03-24 2018-02-06 Sprint Communications Company L.P. Service denial notification in secure socket layer (SSL) processing
CN107911336A (en) * 2017-10-09 2018-04-13 西安交大捷普网络科技有限公司 A kind of WEB steals chain means of defence
CN109040079A (en) * 2018-08-09 2018-12-18 广东省南方数字电视无线传播有限公司 The establishment of live streaming chained address and verification method and related device
CN109905731A (en) * 2019-02-22 2019-06-18 湖南快乐阳光互动娱乐传媒有限公司 It can the anti-pass video file downloading anti-stealing link method, system and the medium usurped

Also Published As

Publication number Publication date
CN111988644A (en) 2020-11-24

Similar Documents

Publication Publication Date Title
US9990507B2 (en) Adapting decoy data present in a network
CN103957436B (en) A kind of video anti-stealing link method based on OTT business
CN107517179B (en) Authentication method, device and system
CN111478910B (en) User identity authentication method and device, electronic equipment and storage medium
CN108243188B (en) Interface access, interface call and interface verification processing method and device
CN107046544B (en) Method and device for identifying illegal access request to website
CN109756337B (en) Secure access method and device for service interface
CN110096639B (en) Method and device for monitoring and obtaining evidence of infringement and terminal equipment
CN105721411A (en) Method for preventing hotlinking, server and client terminalfor preventing hotlinking
US20210194906A1 (en) Method and server for recognizing abnormal access behavior
CN111988644B (en) Anti-stealing-link method, device, equipment and storage medium for network video
CN108449308B (en) Method and device for identifying malicious resource access
CN106254528B (en) Resource downloading method and caching device
CN111083093B (en) Method and device for calling terminal capability, electronic equipment and storage medium
CN112364274A (en) WEB site access acceleration method and device
CN105844121A (en) Method and system for applying digital watermark to content delivery network (CDN)
CN109905376B (en) Method and system for preventing illegal access to server
CN113329242A (en) Resource management method and device
CN117134979A (en) Data communication method, device, equipment and medium
CN112688963A (en) Method, device and storage medium for gateway authorized access and external open service
CN109379344B (en) Authentication method and authentication server for access request
CN111182010B (en) Local service providing method and device
WO2017096886A1 (en) Content pushing method, apparatus and system
CN109428924B (en) Application online state maintenance method, access layer assembly, application system and equipment
CN107566410B (en) Data security message request processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant