CN112953724B

CN112953724B - Authentication method of anti-theft chain, and related device and equipment

Info

Publication number: CN112953724B
Application number: CN202110198900.1A
Authority: CN
Inventors: 林桂; 胡文送; 赵爽; 任中楠
Original assignee: Guangzhou Huya Technology Co Ltd
Current assignee: Guangzhou Huya Technology Co Ltd
Priority date: 2021-02-22
Filing date: 2021-02-22
Publication date: 2022-11-29
Anticipated expiration: 2041-02-22
Also published as: CN112953724A

Abstract

The application discloses an authentication method of a hotlink, a related device and equipment, wherein the authentication method of the hotlink comprises the following steps: the authentication device generates a secret key based on a preset encryption algorithm; acquiring a request instruction sent by the pull stream terminal, and issuing a secret key to the pull stream terminal based on the request instruction; acquiring anti-theft information sent by a pull stream terminal, and combining the anti-theft information and a secret key into standard authentication information; the anti-theft information is generated by the stream pulling terminal based on the secret key; acquiring authentication information to be verified transmitted by a pull flow terminal; authenticating the authentication information to be verified based on the standard authentication information to obtain an authentication result; and executing the authentication result. According to the scheme, the difficulty of the stealing chain can be improved, and the condition that the stealing chain is pulled is effectively reduced.

Description

Authentication method of anti-theft chain, and related device and equipment

Technical Field

The present application relates to the field of anti-stealing link technologies, and in particular, to an authentication method for an anti-stealing link, and a related apparatus and device.

Background

The current streaming media manufacturers are numerous, and the resources provided by the manufacturers bring convenience to users, but the resources also bring opportunities to stealers. The stealer places the resources of other streaming media manufacturers on the website of the stealer, steals the resources on the server of the manufacturers through illegal connection, and even exhausts the bandwidth resources of the streaming media manufacturers and crashes the server.

The traditional anti-stealing link method mainly comprises a reference address judging method. The quote address judging method is used for determining whether to steal a link by judging the value of fields such as HTTP header refer/Host/user and the like when the pull terminal requests to pull the stream, but the quote address is easy to forge, so that the anti-theft effect of the anti-theft method is not thorough.

At present, an authentication method for a hotlink is urgently needed to improve the hotlink difficulty.

Disclosure of Invention

The application provides an authentication method of an anti-theft chain, a related device and equipment, which are used for solving the problem of poor anti-theft effect of the anti-theft chain in the prior art.

The first aspect of the present application provides an authentication method for a hotlink, including: the authentication device generates a secret key based on a preset encryption algorithm; acquiring a request instruction sent by the pull flow terminal, and issuing a secret key to the pull flow terminal based on the request instruction; acquiring anti-theft information sent by a pull stream terminal, and combining the anti-theft information and a secret key into standard authentication information; the anti-theft information is generated by the stream pulling terminal based on the secret key; acquiring authentication information to be verified transmitted by a pull flow terminal; authenticating the authentication information to be verified based on the standard authentication information to obtain an authentication result; and executing the authentication result.

The step of issuing the key to the pull stream terminal based on the request instruction comprises the following steps: based on the request instruction, the key and the effective stream pulling time are issued to the stream pulling terminal through an authentication server of the authentication device; the steps of obtaining the anti-theft information sent by the pull stream terminal and combining the anti-theft information and the secret key into standard authentication information comprise: acquiring a unique authentication code sent by a pull stream terminal based on a preset protocol and a network address of the pull stream terminal through an authentication server; and establishing a corresponding relation among the unique authentication code, the effective stream pulling time, the network address and the secret key, and obtaining standard authentication information by utilizing the corresponding relation.

The method for acquiring the authentication information to be verified transmitted by the pull stream terminal comprises the following steps: acquiring authentication information to be verified transmitted by a stream pulling terminal through a stream server of an authentication device, wherein the authentication information to be verified comprises an authentication code to be verified, a network address to be verified, a timestamp, a key to be verified and an encryption string; and transmitting the authentication information to be verified to an authentication server of the authentication device through the streaming server so that the authentication server acquires the authentication information to be verified.

The authentication of the authentication information to be verified based on the standard authentication information to obtain an authentication result comprises the following steps: encrypting the authentication code to be verified, the timestamp and the key to be verified through the authentication server to obtain an encryption string to be verified; and respectively comparing and authenticating the authentication code to be verified and the unique authentication code, the timestamp and the effective pull time, the network address to be verified and the network address, the key and the secret key to be verified and the encryption string to be verified to obtain an authentication result.

Wherein, the step of obtaining the authentication result comprises: when consistency exists between the authentication code to be verified and the unique authentication code, between the network address to be verified and the network address, between the key to be verified and the secret key, and between the encryption string to be verified and the encryption string, and the timestamp is within the effective stream pulling time, the authentication result is determined to be successful; and when the authentication code to be verified is not consistent with the unique authentication code, the network address to be verified is not consistent with the network address, the key to be verified is not consistent with the secret key, the encryption string to be verified is inconsistent with the encryption string, or the time stamp exceeds the effective stream pulling time, determining that the authentication result is authentication failure.

Wherein, the step of executing the authentication result comprises: and sending the authentication result to a stream server of the authentication device through the authentication server of the authentication device so as to execute the authentication result by using the stream server.

The step of acquiring the authentication information to be verified transmitted by the streaming terminal further comprises: receiving authentication information to be verified through a streaming server, and transmitting streaming data to a streaming terminal; the step of performing the authentication result using the streaming server includes: when the authentication result is successful, continuously transmitting pull stream data to the pull stream terminal through the stream server; and when the authentication result is failure, stopping transmitting the pull stream data to the pull stream terminal through the stream server.

Wherein, the step of generating the key based on the preset encryption algorithm further comprises: and updating the secret key according to the preset frequency through an authentication server of the authentication device.

A second aspect to be verified of the present application provides an authentication method for a hotlink, including: the stream pulling terminal sends a request instruction to the authentication device and acquires a secret key issued by the authentication device; the secret key is generated by the authentication device based on a preset encryption algorithm; acquiring anti-theft information based on the secret key, and reporting the anti-theft information to the authentication device so that the authentication device combines standard authentication information based on the anti-theft information and the secret key; and sending authentication information to be verified to an authentication device so that the authentication device obtains the authentication information to be verified and authenticates the standard authentication information based on the authentication information to be verified, and executing an authentication result after obtaining the authentication result.

The step of obtaining the key issued by the authentication device further comprises: obtaining effective pull flow time issued by an authentication server of an authentication device; before the step of sending the authentication information to be verified to the authentication device, the method further comprises the following steps: generating authentication information to be verified, wherein the authentication information to be verified comprises anti-theft information to be verified and a key to be verified; generating a pull address by using authentication information to be verified; the step of sending authentication information to be verified to the authentication device includes: and sending the stream pulling address to a stream server of the authentication device within the effective time so that the authentication server of the authentication device obtains authentication information to be verified.

The step of generating the authentication information to be verified comprises the following steps: generating an authentication code to be verified based on a key to be verified, and taking the authentication code to be verified and a network address to be verified of the pull-stream terminal as anti-theft information to be verified; encrypting a key to be verified, an authentication code to be verified and a timestamp of the pull stream terminal to obtain an encryption string; and determining the key to be verified, the authentication code to be verified, the network address to be verified, the timestamp and the encryption string as authentication information to be verified.

A third aspect of the present application provides an authentication apparatus for a hotlink, including: the encryption module is used for generating a secret key based on a preset encryption algorithm; the first acquisition module is used for acquiring a request instruction sent by the pull stream terminal and issuing a secret key to the pull stream terminal based on the request instruction; the second acquisition module is used for acquiring the anti-theft information sent by the pull stream terminal and combining the anti-theft information and the secret key into standard authentication information; the anti-theft information is generated by the stream pulling terminal based on the secret key; the third acquisition module is used for acquiring the authentication information to be verified transmitted by the streaming terminal; the authentication module is used for authenticating the authentication information to be verified based on the standard authentication information to obtain an authentication result; and the execution module is used for executing the authentication result.

A fourth aspect of the present application provides an authentication apparatus for a hotlink, including: the first communication module is used for sending a request instruction to the authentication device and acquiring a secret key issued by the authentication device; the key is generated by the authentication device based on a preset encryption algorithm; the reporting module is used for obtaining the anti-theft information based on the secret key and reporting the anti-theft information to the authentication device so that the authentication device combines standard authentication information based on the anti-theft information and the secret key; and the second communication module is used for sending the authentication information to be verified to the authentication device so that the authentication device acquires the authentication information to be verified, authenticates the standard authentication information based on the authentication information to be verified, and executes the authentication result after the authentication result is obtained.

The fifth aspect of the present application further provides an electronic device, which includes a memory and a processor coupled to each other, where the processor is configured to execute program instructions stored in the memory to implement the anti-hotlink authentication method of any one of the above aspects.

The sixth aspect of the present application further provides a computer-readable storage medium, on which program instructions are stored, and the program instructions, when executed by a processor, implement the method for authenticating a hotlink according to any one of the above aspects.

According to the scheme, the encrypted secret key is issued to the pull stream terminal, so that the data confidentiality is improved through the encrypted secret key in the data transmission process, the anti-theft information and the secret key are combined into the standard authentication information, and the authentication information to be verified sent by the pull stream terminal is authenticated based on the standard authentication information, so that the closed loop degree of the authentication information can be greatly improved, the stealing link difficulty is improved, and the anti-theft link effect is improved.

Drawings

FIG. 1 is a schematic flow chart of a first embodiment of the authentication method for hotlink protection of the present application;

FIG. 2 is a flowchart illustrating a second embodiment of the method for authenticating a hotlink according to the present invention;

FIG. 3 is a flow chart illustrating a third embodiment of the authentication method for hotlink protection of the present application;

FIG. 4 is a schematic diagram of a transport network of an application scenario in FIG. 3;

fig. 5 is a data flow diagram of data transmission performed by each terminal in the transmission network in the application scenario of fig. 4;

FIG. 6 is a flowchart illustrating a fourth embodiment of the authentication method for hotlink protection of the present application;

FIG. 7 is a schematic diagram of a transport network of an application scenario of FIG. 6;

fig. 8 is a data flow diagram of data transmission performed by each terminal in the transmission network in the application scenario of fig. 7;

FIG. 9 is a block diagram of an embodiment of an authentication device of the anti-hotlink of the present application;

FIG. 10 is a block diagram of an embodiment of an authentication device for a hotlink protection system according to the present application;

FIG. 11 is a block diagram of an embodiment of an electronic device of the present application;

FIG. 12 is a block diagram of an embodiment of a computer-readable storage medium of the present application.

Detailed Description

The following describes in detail the embodiments of the present application with reference to the drawings attached hereto.

In the following description, for purposes of explanation and not limitation, specific details are set forth such as particular system structures, interfaces, techniques, etc. in order to provide a thorough understanding of the present application.

The terms "system" and "network" are often used interchangeably herein. The term "and/or" herein is merely an association describing an associated object, and there may be three relationships, e.g., a and/or B, and: a exists alone, A and B exist simultaneously, and B exists alone. In addition, in this document, the character "/", generally, the former and latter related objects are in an "or" relationship. Further, herein, "more" than two or more than two.

Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a first embodiment of an authentication method for a hotlink according to the present application. The authentication method of the anti-theft chain of the embodiment is applied to an authentication device, and specifically, may include the following steps:

step S11: the authentication device generates a secret key based on a preset encryption algorithm.

The authentication device generates a key based on a preset Encryption Algorithm, wherein the preset Encryption Algorithm may include an MD5 Message Digest Algorithm (MD 5 Message-Digest Algorithm) or an Advanced Encryption Standard (AES, also called Rijndael Encryption method) or other Encryption algorithms for Encryption to obtain the key.

In a specific application scenario, the authentication device automatically and independently generates a secret key based on a preset encryption algorithm, which does not affect whether the pull terminal requests the pull.

In a specific application scenario, the authentication device may include a server, a computer, a terminal, and the like, which is not limited herein.

Step S12: and acquiring a request instruction sent by the pull stream terminal, and issuing the secret key to the pull stream terminal based on the request instruction.

The authentication device acquires a request instruction sent by the pull flow terminal and issues the encrypted secret key to the pull flow terminal based on the request instruction. The request instruction may include an instruction that the streaming terminal requests the authentication device to issue the key.

And after receiving the secret key, the pull flow terminal generates anti-theft information based on the secret key and sends the anti-theft information to the authentication device.

Step S13: acquiring anti-theft information sent by a pull stream terminal, and combining the anti-theft information and a secret key into standard authentication information; wherein, the anti-theft information is generated by the stream pulling terminal based on the secret key.

The authentication device acquires the anti-theft information sent by the pull flow terminal. The anti-theft information may be a network address of the streaming terminal, information with uniqueness generated by the streaming terminal based on a key, other encryption information, and the like, and may be specifically set based on an actual situation, which is not limited herein.

The authentication device combines the anti-theft information and the secret key into standard authentication information.

Step S14: and acquiring authentication information to be verified transmitted by the pull stream terminal.

And the pull flow terminal requests the authentication device for pull flow, and specifically, sends authentication information to be verified to the authentication device so that the authentication device obtains the authentication information to be verified.

In a specific application scenario, the information type included in the authentication information to be verified may correspond to the information type included in the standard authentication information one to one, so as to facilitate comparison authentication. For example: when the standard authentication information includes the anti-theft information and the key, the information type included in the authentication information to be verified may include the anti-theft information to be verified and the key to be verified.

Step S15: and authenticating the authentication information to be verified based on the standard authentication information to obtain an authentication result.

In a specific application scene, the authentication device authenticates the authentication information to be verified based on the standard authentication information, judges whether the authentication information to be verified and the standard authentication information have consistency, and if the authentication information to be verified and the standard authentication information have consistency, the authentication result is successful; and if the authentication information to be verified is not consistent with the standard authentication information, the authentication result is authentication failure.

In a specific application scenario, the authentication device authenticates the authentication information to be verified based on the standard authentication information, judges whether the difference between the authentication information to be verified and the standard authentication information meets a preset range, and if the difference between the authentication information to be verified and the standard authentication information meets the preset range, the authentication result is authentication success; and if the difference between the authentication information to be verified and the standard authentication information does not meet the preset range, the authentication result is authentication failure. The preset range may be set according to practical applications, and is not limited herein.

Step S16: and executing the authentication result.

And the authentication device executes the authentication result after obtaining the authentication result. Specifically, when the authentication result is that the authentication is successful, the authentication device agrees to the pull request of the pull terminal; and when the authentication result is authentication failure, the authentication device refuses the pull flow request of the pull flow terminal.

Through the above steps, the authentication method of the anti-theft chain of the embodiment first enables the authentication device to generate the secret key based on the preset encryption algorithm, and then, after the request instruction sent by the pull stream terminal is obtained, the secret key is issued to the pull stream terminal, so that the pull stream terminal can generate the anti-theft information through the secret key. And the authentication device acquires the anti-theft information sent by the streaming terminal, combines the anti-theft information and the secret key into standard authentication information, authenticates the authentication information to be verified by the standard authentication information after acquiring the authentication information to be verified transmitted by the streaming server to obtain an authentication result, and finally executes the authentication result. The authentication method of the anti-theft chain of the embodiment firstly issues the encrypted secret key to the pull flow terminal, so that the data confidentiality is improved through the encrypted secret key in the data transmission process, the anti-theft information and the secret key are combined into the standard authentication information, and the authentication device authenticates the authentication information to be verified based on the standard authentication information, so that the closed loop degree of the authentication information can be greatly improved, the anti-theft chain difficulty is further improved, and the anti-theft chain effect is improved.

Referring to fig. 2, fig. 2 is a flowchart illustrating a method for authenticating a hotlink according to a second embodiment of the present invention. The authentication method of the anti-theft chain of the embodiment is applied to an authentication device, and specifically, may include the following steps:

step S21: the authentication device generates a secret key based on a preset encryption algorithm.

The authentication device of the embodiment includes an authentication server and a streaming server, wherein the authentication server is in communication connection with the streaming server, and in a specific application scenario, the authentication server and the streaming server may be in communication connection through a preset protocol.

In this step, the authentication server of the authentication device generates a key based on a preset Encryption Algorithm, and updates the key according to a preset frequency, where the preset Encryption Algorithm may include an MD5 Message Digest Algorithm (MD 5 Message-Digest Algorithm), an Advanced Encryption Standard (AES, also called Rijndael Encryption method), or other Encryption algorithms for Encryption to obtain the key. The preset frequency may be once a day, once an hour, and the like, and may be specifically set according to practical applications, which is not limited herein.

In this embodiment, the key is generated by the preset encryption algorithm, so that the pull terminal can decrypt the key only based on the same preset encryption algorithm, and even if the illegal terminal steals the key to a certain extent, the illegal terminal cannot decrypt the key by using the key without knowing the preset encryption algorithm, and the hotlink is implemented, so that the hotlink difficulty is improved to a certain extent by the setting of this step. And the secret key of the step can be updated based on the preset frequency, so that timeliness is set for the secret key, and the difficulty of stealing the link is further improved. The streaming terminal and the authentication server may determine a specific preset encryption algorithm in advance based on communication of a preset protocol.

Step S22: and acquiring a request instruction sent by the pull stream terminal, and issuing the secret key and the effective pull stream time to the pull stream terminal through an authentication server of the authentication device based on the request instruction.

The authentication server of the authentication device obtains the request instruction sent by the pull stream terminal through a preset Protocol, where the preset Protocol is a communication Protocol that the authentication server and the pull stream terminal need to follow for communication, and the preset Protocol may include rtmp (Real Time Messaging Protocol), flv (Flash Video), m3u8 Protocol, or a proprietary custom Protocol or other communication protocols, and is not limited herein.

In the step, the authentication server acquires the request instruction sent by the pull stream terminal by setting the preset protocol, so that the closed-loop performance of authentication is further improved by setting the preset protocol, and the communication content between the authentication server and the legal pull stream terminal cannot be cracked by an illegal terminal on the basis of not knowing the preset protocol. In addition, the embodiment also issues the encrypted key, so as to avoid plaintext communication, and even if an illegal terminal steals the communication content, the key cannot be decrypted, and thus the link stealing is performed.

In a specific application scenario, the request instruction is an instruction that the pull terminal first sends a request key to an authentication server of the authentication device in order to perform pull. And the authentication server receives the request instruction and then issues a secret key and effective stream pulling time to the stream pulling terminal based on the request instruction.

Step S23: acquiring a unique authentication code sent by a pull stream terminal based on a preset protocol and a network address of the pull stream terminal through an authentication server; and establishing a corresponding relation among the unique authentication code, the effective stream pulling time, the network address and the secret key, and obtaining standard authentication information by utilizing the corresponding relation.

The authentication device issues the secret key and the effective stream pulling time to the stream pulling terminal through the authentication server based on a preset protocol so that the stream pulling terminal generates a unique authentication code based on the secret key after receiving the secret key and the effective stream pulling time, and then sends the unique authentication code and the network address of the stream pulling terminal to the authentication server. The method comprises the steps that a unique authentication code sent by a pull flow terminal based on a preset protocol and a network address of the pull flow terminal are obtained through an authentication server, the corresponding relation of the unique authentication code, effective pull flow time, the network address and a secret key is established, and standard authentication information is obtained through the corresponding relation.

In this embodiment, the network address of the pull terminal may be an IP address of the pull terminal, and the IP address has an unforgeability, so that the difficulty of the anti-theft link may be further increased by the unforgeable IP address in this embodiment.

In a specific application scenario, the authentication server establishes a corresponding relationship between the unique authentication code sent by the pull terminal, the effective pull time, the IP address of the pull terminal and the secret key, and combines the unique authentication code, the IP address, the effective pull time and the secret key by using the corresponding relationship to obtain standard authentication information.

The unique authentication code in this step is generated by the pull stream terminal based on the key, and after the corresponding relationship is established, the unique authentication code has uniqueness associated with the key. The pull terminal can be effectively combined with the unique authentication code by binding the unique authentication code and the IP address of the pull terminal. The unique authentication code is unique when the pull stream terminal performs the pull stream each time.

In a specific application scenario, when the authentication device does not receive the unique authentication code reported by the pull stream terminal, the authentication fails.

Step S24: and the stream server of the authentication device is used for obtaining authentication information to be verified transmitted by the stream pulling terminal, wherein the authentication information to be verified comprises an authentication code to be verified, a network address to be verified, a timestamp, a key to be verified and an encryption string, and the authentication information to be verified is transmitted to the authentication server of the authentication device through the stream server so that the authentication server can obtain the authentication information to be verified.

And the stream server of the authentication device acquires the authentication code to be verified, the IP address to be verified, the timestamp, the key to be verified and the encryption string transmitted by the stream pulling terminal. The authentication code to be verified, the IP address to be verified, the timestamp, the key to be verified and the encryption string are authentication information to be verified which is sent to the streaming server when the streaming terminal requests streaming to the streaming server, and the timestamp is a local timestamp of the streaming terminal when the streaming terminal requests streaming.

And after receiving the authentication information to be verified, the stream server transparently transmits the authentication information to be verified to an authentication server of the authentication device so that the authentication server can acquire the authentication code to be verified, the IP address to be verified, the timestamp, the key to be verified and the encryption string.

Step S25: encrypting the authentication code to be verified, the timestamp and the key to be verified through the authentication server to obtain an encrypted string to be verified; and respectively comparing and authenticating the authentication code to be verified and the unique authentication code, the timestamp and the effective pull time, the network address to be verified and the network address, the key and the secret key to be verified and the encryption string to be verified to obtain an authentication result.

After the authentication server acquires the authentication code to be verified, the IP address to be verified, the timestamp, the key to be verified and the encryption string transmitted by the streaming server, encryption is performed on the basis of the authentication code to be verified, the timestamp and the key to be verified to obtain the encryption string to be verified, and then the authentication code to be verified, the unique authentication code, the timestamp, the effective streaming time, the IP address to be verified and the IP address, the key to be verified, the key and the encryption string to be verified are compared and authenticated to obtain an authentication result.

Specifically, the authentication server judges whether consistency exists between the authentication code to be verified and the unique authentication code, between the IP address to be verified and the IP address, between the key to be verified and the secret key, between the encryption string to be verified and the encryption string, and whether the timestamp is within the valid time, if consistency exists between the authentication code to be verified and the unique authentication code, between the IP address to be verified and the IP address, between the key to be verified and the secret key, and between the encryption string to be verified and the encryption string, and the timestamp is within the valid pull-stream time, the authentication result is determined to be successful.

If at least one group of four groups of comparison data of the authentication code to be verified and the unique authentication code, the IP address to be verified and the IP address, the key to be verified and the secret key, the encryption string to be verified and the encryption string is different, the authentication result is determined to be authentication failure, and when the timestamp is not in the effective stream pulling time, even if the information is consistent, the authentication result of the authentication is also determined to be authentication failure. Therefore, the standard authentication information and the unique authentication code of the embodiment have timeliness, and when the timestamp in the authentication information to be verified is not within the valid time, even if other authentication information to be verified of the pull flow terminal is consistent with the corresponding standard authentication information, the authentication result is still authentication failure.

The authentication server encrypts the authentication code to be verified, the timestamp and the key to be verified by adopting a set encryption algorithm to obtain an encrypted string to be verified. And the stream pulling terminal also adopts a set encryption algorithm to encrypt the unique authentication code, the timestamp and the secret key to obtain an encrypted string. That is, when the encryption string to be verified and the encryption string do not have consistency, it is described that the encryption algorithm of the encryption string obtained by the pull stream terminal and the authentication device do not have consistency, or the authentication code, the timestamp, and the key data to be verified are different from the corresponding standard authentication information, at this time, it is also possible to determine that the pull stream terminal is an illegal terminal and the authentication fails.

Step S26: and sending the authentication result to a stream server of the authentication device through the authentication server of the authentication device so as to execute the authentication result by using the stream server.

And the authentication server compares and authenticates the standard authentication information and the authentication information to be verified to obtain an authentication result, and then the authentication result is sent to a stream server of the authentication device through the authentication server of the authentication device so as to execute the authentication result by utilizing the stream server.

When the authentication result is successful, transmitting pull stream data to the pull stream terminal through the stream server, wherein the pull stream is successful; and when the authentication result is failure, refusing to transmit the pull stream data to the pull stream terminal through the stream server, wherein the pull stream fails.

In a specific application scenario, after receiving the pull stream request, the authentication server may temporarily release the pull stream to the pull stream terminal first, and transmit the pull stream data to the pull stream terminal, so that the pull stream terminal acquires the pull stream data first. Meanwhile, the authentication device carries out authentication asynchronously, and then determines whether to continuously release pull stream according to the authentication result, so that the pull stream can be responded quickly when a legal pull stream terminal requests to pull stream, and the user experience is improved. When the authentication result of the authentication server is successful, the stream server continues to transmit stream pulling data to the stream pulling terminal, and the stream pulling is successful; and when the authentication result of the authentication device is failure, the stream server stops transmitting the stream pulling data to the stream pulling terminal, and the stream pulling is failed.

In a specific application scenario, after authentication is successful, the streaming server will cache the authentication result within the effective streaming time. When the stream server receives the same stream pulling address within the effective stream pulling time, stream pulling communication is directly carried out without re-authentication. And when the effective flow pulling time is exceeded, the flow pulling terminal needs to completely go through the authentication flow once again. The embodiment ensures that the authentication device can quickly respond when the pull terminal requests to pull the stream again after the authentication is successful and the network is unstable or the equipment performance fluctuates by setting the effective pull time, thereby avoiding the authentication waste and saving the pull time. The effective flow pulling time may be 5 minutes, 10 minutes, and the like, and may be specifically set based on practical applications, which is not limited herein.

Through the steps, the authentication method of the anti-theft chain of the embodiment dynamically generates the secret key according to the preset frequency by the authentication server based on the preset encryption algorithm, and then sends the secret key and the effective stream pulling time to the stream pulling terminal based on the preset protocol after acquiring the request instruction sent by the stream pulling terminal based on the preset protocol. Through the setting, the closed-loop performance of each encrypted message in the pulling process can be greatly improved, and the stealing link difficulty is improved. And the authentication server acquires the unique authentication code sent by the pull stream terminal and the network address of the pull stream terminal, establishes the corresponding relation among the unique authentication code, the effective pull stream time, the network address and the secret key, acquires standard authentication information by utilizing the corresponding relation, compares the authentication information to be verified with the standard authentication information one by one after acquiring the authentication code to be verified, the network address to be verified, the timestamp, the secret key to be verified and the encryption string transmitted by the pull stream terminal to acquire an authentication result, and finally executes the authentication result through the stream server. According to the authentication method of the anti-theft chain, the secret key is set, the unique authentication code, the network address of the pull terminal and the secret key are combined into the standard authentication information, the closed loop degree of the authentication information can be greatly improved when the authentication information to be verified transmitted by the flow server is compared, the anti-theft chain difficulty is further improved, the anti-theft chain effect is improved, in addition, the effective time range is set to limit the timeliness of the authentication information of the pull terminal, and the anti-theft chain difficulty is further improved.

Referring to fig. 3, fig. 3 is a flowchart illustrating a third embodiment of the authentication method for a hotlink according to the present application. The authentication method of the anti-stealing link of the embodiment is applied to the pull stream terminal, and specifically, may include the following steps:

step S31: the stream pulling terminal sends a request instruction to the authentication device and acquires a secret key issued by the authentication device; wherein the secret key is generated by the authentication device based on a preset encryption algorithm.

The pull terminal in this embodiment is a legal terminal, which may be a mobile terminal, a PC terminal, or the like, and is not limited herein.

The method comprises the steps that a flow pulling terminal firstly sends a request instruction to an authentication device to request the authentication device to issue a secret key, and the secret key and effective flow pulling time sent by the authentication device are obtained; wherein the secret key is generated by the authentication device based on a preset encryption algorithm.

Step S32: and obtaining the anti-theft information based on the secret key, and reporting the anti-theft information to the authentication device so that the authentication device combines standard authentication information based on the anti-theft information and the secret key.

And the stream pulling terminal decrypts the secret key based on a preset encryption algorithm which is the same as that of the authentication device after obtaining the secret key, and obtains the anti-theft information based on the decrypted secret key. The stream pulling terminal obtains the anti-theft information based on the key generated by the authentication device, and the relation between the stream pulling terminal and the authentication device can be increased, so that the closed-loop performance of the stream pulling process is increased.

The authentication device and the pull stream terminal can determine the specific category of the preset encryption algorithm based on the connection of the preset protocol, so as to realize the encryption and decryption of the secret key.

In a specific application scenario, the pull terminal may generate a pull address using the anti-theft information and the key, so as to pull the stream to the streaming server through the pull address.

After the stream pulling terminal obtains the anti-theft information, the anti-theft information is reported to the authentication device, so that the authentication device can combine standard authentication information based on the anti-theft information and the secret key, and the authentication device can conveniently perform authentication based on the standard authentication information.

In a specific application scenario, the streaming terminal may send the anti-theft information to the authentication device in a heartbeat manner.

Step S33: and sending authentication information to be verified to an authentication device so that the authentication device can obtain the authentication information to be verified and authenticate the standard authentication information based on the authentication information to be verified, and executing the authentication result after obtaining the authentication result.

And after the stream pulling terminal sends the anti-theft information to the authentication device, the authentication information to be verified is sent to the authentication device, so that the authentication device obtains the authentication information to be verified, authenticates the standard authentication information based on the authentication information to be verified, and executes the authentication result after obtaining the authentication result. The authentication information to be verified comprises the anti-theft information to be verified and a secret key to be verified.

In a specific application scenario, the pull terminal may request a pull from the authentication device in an http/https manner.

If the embodiment is applied to a legal stream pulling terminal, the authentication result is that the authentication is successful, and the stream pulling terminal receives stream pulling data transmitted by the stream server to complete stream pulling of data.

In other embodiments, when the pull stream terminal is an illegal terminal and the authentication result is authentication failure, the illegal terminal cannot receive the pull stream data transmitted by the stream server.

Through the steps, the authentication method of the anti-theft chain of the embodiment sends a request instruction to the authentication device, obtains the key and the effective stream pulling time sent by the authentication device, obtains the anti-theft information based on the key, and generates the stream pulling address by using the anti-theft information and the key; sending the anti-theft information to an authentication device so that the authentication device obtains standard authentication information based on the anti-theft information; the method for authenticating the anti-theft chain comprises the steps of sending a pull request comprising anti-theft information and a secret key to a stream server in effective pull time, sending authentication information to be verified to an authentication device through the stream server, enabling the authentication device to obtain the authentication information to be verified, enabling the authentication device to authenticate the authentication information to be verified based on standard authentication information, and obtaining an authentication result.

Referring to fig. 4-5, fig. 4 is a schematic structural diagram of a transmission network of an application scenario in fig. 3, and fig. 5 is a data flow diagram of data transmission performed by each terminal in the transmission network of the application scenario in fig. 4. The present application scenario is applicable to the authentication method of the anti-stealing link of the first embodiment and the third embodiment.

The transmission network 40 of the present embodiment includes a pull terminal 41 and an authentication device 42. The streaming terminal 41 and the authentication device 42 are connected in communication. In a specific application scenario, the pull terminal 41 may also be communicatively connected with the authentication device 42 based on a preset protocol.

The authentication device 42 first dynamically generates a secret key at a predetermined frequency based on a predetermined encryption algorithm. When the streaming terminal 41 is to perform streaming, the streaming terminal sends a request instruction to the authentication device 42, and the authentication device 42 receives the request instruction and then sends the key to the streaming terminal 41.

The streaming terminal 41 generates the theft prevention information based on the key, and reports the theft prevention information to the authentication device 42. After acquiring the theft prevention information, the authentication device 42 combines the theft prevention information and the secret key into standard authentication information.

The streaming terminal 41 sends authentication information to be verified to the authentication device 42, where the authentication information to be verified includes a key to be verified and theft-proof information to be verified. After obtaining the authentication information to be verified, the authentication device 42 authenticates the authentication information to be verified based on the standard authentication information to obtain an authentication result.

In this embodiment, if the authentication result is successful, the authentication device 42 opens the pull flow and transmits the pull flow data to the pull flow terminal 41. The pull terminal 41 acquires pull data and successfully completes pull.

In other embodiments, when the authentication result is failure, the authentication device 42 does not open the pull flow, and the pull flow terminal 41 fails to pull the flow.

By the method, the function that only the authentication device generates the anti-theft link is eliminated, and the anti-theft information is generated by the pull flow terminal by sending the key encrypted by the preset encryption algorithm to the pull flow terminal, so that the interaction protocol between the authentication device and the pull flow terminal is cracked under extreme conditions, and the information acquired by the anti-theft link party cannot be directly assembled into the pull flow address. After the pull stream terminal needs to support the dynamic key issued by the authentication device, the function of reporting the anti-theft information through a preset protocol is needed, which directly results in that the pull stream can not be played normally even if the pull stream terminal acquires the pull stream address, like vlc/ffplay/potplay (acquiring the pull stream request through the packet capture).

In conclusion, each streaming playing of the embodiment simultaneously relates to various encryption algorithms, private communication protocols and the like, and the difficulty of stealing the link is greatly improved.

Referring to fig. 6, fig. 6 is a flowchart illustrating an authentication method for a hotlink according to a fourth embodiment of the present invention. The authentication method of the hotlink is applied to the pull stream terminal, and specifically, may include the following steps:

step S61: and the stream pulling terminal sends a request instruction to the authentication device and acquires a secret key issued by the authentication device and effective stream pulling time.

The pull stream terminal sends a request instruction to an authentication server of the authentication device through a preset protocol, wherein the request instruction may include a request of the pull stream terminal for requesting a secret key from the authentication server.

And the authentication server generates a secret key according to a preset frequency based on a preset encryption algorithm, and issues the encrypted secret key and the effective stream pulling time to the stream pulling terminal. And the stream pulling terminal acquires the encrypted secret key and the effective stream pulling time sent by the authentication server based on a preset protocol.

In the step, a preset protocol is set between the pull stream terminal and the authentication device, and the secret key is encrypted to ensure the confidentiality of communication between the pull stream terminal and the authentication device.

Step S62: and generating authentication information to be verified, wherein the authentication information to be verified comprises the anti-theft information to be verified and a key to be verified, and generating a pull flow address by using the authentication information to be verified.

And after the stream pulling terminal acquires the secret key, decrypting the secret key based on a preset encryption algorithm, and generating a unique authentication code based on the decrypted secret key. Specifically, a unique authentication code is generated based on the secret key, the unique authentication code and the network address of the pull stream terminal are used as anti-theft information, and the anti-theft information is reported to the authentication device, so that the authentication device combines standard authentication information based on the anti-theft information and the secret key. The network address of the pull terminal can be an IP address of the pull terminal, and the IP address has the characteristics of non-forgery and uniqueness. The unique authentication code and the IP address of the pull flow terminal are determined as the anti-theft information, so that the counterfeiting difficulty of the anti-theft information can be improved.

And after the stream pulling terminal obtains the anti-theft information, the anti-theft information is sent to the authentication server through a preset protocol, so that the authentication server obtains standard authentication information based on the anti-theft information. The anti-theft information comprises a unique authentication code and an IP address, wherein the authentication server can acquire the IP address of the pull terminal after the pull terminal and the authentication server successfully establish connection based on a preset protocol. And the stream pulling terminal reports the anti-theft information to the authentication device based on a preset protocol so that the authentication device combines standard authentication information based on the unique authentication code, the IP address and the secret key in the anti-theft information.

And the stream pulling terminal also generates authentication information to be verified based on the decrypted key. Specifically, the pull stream terminal generates an authentication code to be verified based on a key to be verified, and uses the authentication code to be verified and a network address to be verified of the pull stream terminal as the anti-theft information to be verified, where the pull stream terminal of this embodiment is a legal terminal, and the step of generating the authentication code to be verified and the anti-theft information to be verified in this step may be the same step as the step of generating the unique authentication code based on the decrypted key and using the unique authentication code and the network address of the pull stream terminal as the anti-theft information by the pull stream terminal in the above.

And the stream pulling terminal encrypts the key to be verified, the authentication code to be verified and the timestamp of the stream pulling terminal to obtain an encrypted string. And the stream pulling terminal encrypts the key to be verified, the authentication code to be verified and the timestamp of the stream pulling terminal by adopting a set encryption algorithm to obtain an encryption string. The time stamp is the local time stamp information when the pull terminal sends the pull address to the authentication device.

The encryption algorithm set in this embodiment is an encryption algorithm that the pull stream terminal and the authentication server are communicated through a preset protocol or other methods, so as to be agreed in advance. In a specific application scenario, the pull terminal may also encrypt the key to be verified, the authentication code to be verified, the timestamp, and other service information to obtain an encrypted string, and the pull terminal may also send other service information to the authentication device through the pull address, so that the authentication device performs encryption comparison based on the same set encryption algorithm.

And the stream pulling terminal further determines the key to be verified, the authentication code to be verified, the network address to be verified, the timestamp and the encryption string as authentication information to be verified.

And the pull flow terminal generates a pull flow address by using the authentication information to be verified so as to be beneficial to the pull flow address to pull flow to the flow server.

Step S63: and sending the stream pulling address to a stream server of the authentication device within the effective time so that the authentication server of the authentication device obtains authentication information to be verified.

The stream pulling terminal sends the authentication information to be verified to the stream server through the stream pulling address within the effective time, so that the stream server transmits the authentication information to be verified to the authentication server, and the authentication server obtains the authentication information to be verified.

And the stream pulling terminal pulls the stream to the stream server through the stream pulling address, and sends the key, the unique authentication code, the timestamp and the encryption string to the stream server through the stream pulling address. The stream address of the embodiment has uniqueness and certain degree of encryption, and even if the stream address is illegally stolen in the transmission process, after information contained in the stream address is encrypted to a certain degree, the stealing end cannot realize stream based on the stream address and cannot decrypt the stream.

In a specific application scenario, a stream pulling terminal requests a stream pulling from a stream server based on a stream pulling address within an effective stream pulling time, and sends a stream pulling request including a key, a unique authentication code, a timestamp and an encryption string to the stream server, wherein when the stream pulling terminal requests the stream pulling from the stream server and establishes a connection successfully through a TCP protocol (network transport protocol), the stream server can obtain an IP address of the stream pulling terminal. And the stream server transparently transmits the authentication information to be verified, including the authentication code to be verified, the IP address to be verified, the timestamp, the key to be verified and the encryption string, to the authentication server, so that the authentication server obtains the authentication information to be verified, and the authentication server compares the authentication information to be verified with the standard authentication information to obtain an authentication result.

When the authentication information to be verified completely accords with the standard authentication information, determining that the authentication result is successful; and when the authentication information to be verified does not completely accord with the standard authentication information, determining that the authentication result is authentication failure.

And after the authentication of the authentication server is successful, receiving pull stream data transmitted by the stream server, wherein the pull stream is successful.

When the authentication of the pull stream terminal is successful but other conditions occur to cause the connection failure. The pull terminal may request a pull again based on the same pull address during the active pull time. However, when the effective stream pulling time is exceeded, the stream pulling terminal needs to execute the steps of obtaining the secret key again to generate the unique authentication code, and reporting the unique authentication code to the authentication server and the like. That is to say, the complete flow of completely generating the unique stream pulling address and reporting the unique authentication code needs to be performed once for each stream pulling playing of the stream pulling terminal, and various encryption algorithms, private communication protocols and the like are involved in the stream pulling terminal, so that the link stealing difficulty can be greatly improved.

Through the steps, the authentication method of the anti-theft chain of the embodiment ensures the confidentiality of the secret key through the preset protocol and the preset encryption algorithm, encrypts the secret key, the unique authentication code and the time stamp by adopting the set encryption algorithm to obtain the encryption string, generates the stream pulling address based on the secret key, the unique authentication code, the time stamp and the encryption string, and requests stream pulling based on the stream pulling address with the encryption information. The data transmission of the pull terminal of the embodiment avoids plaintext transmission to a certain extent, and encryption of key information is realized, so that the difficulty of a hotlink is improved, the closed loop degree of communication between the pull terminal and each server is increased, the difficulty of the hotlink is improved, and the effect of the hotlink is improved.

Referring to fig. 7, fig. 7 is a schematic structural diagram of a transmission network of an application scenario in fig. 6. Fig. 8 is a data flow diagram of data transmission performed by each terminal in the transmission network in the application scenario of fig. 7. The application scenario is applicable to the authentication method of the anti-stealing link of the second embodiment and the fourth embodiment.

The transmission network 70 of the present embodiment includes a pull streaming terminal 71, an authentication server 72, and a streaming server 73. The authentication server 72 and the streaming server 73 together form an authentication device 74 or a streaming media system.

The pull terminal 71 and the authentication server 72 are in communication connection based on a preset protocol. The authentication server 72 is communicatively connected to the streaming server 73, and the streaming terminal 71 is communicatively connected to the streaming server 73. In a specific application scenario, the stream pulling terminal 71 may also be communicatively connected to the stream server 73 based on a preset protocol.

The authentication server 72 first dynamically generates a secret key at a predetermined frequency based on a predetermined encryption algorithm. When the pull stream terminal 71 is to perform pull stream, the pull stream terminal 71 sends a request instruction to the authentication server 72, and the authentication server 72 then issues the key and the valid pull stream time to the pull stream terminal 71. The pull stream terminal 71 acquires the key and the pull stream information, generates a unique authentication code based on the key, encrypts the key, the unique authentication code, and the time stamp of the pull stream terminal to obtain an encrypted string, and generates a pull stream address based on the key, the unique authentication code, the time stamp, and the encrypted string.

Subsequently, the pull terminal 71 sends the unique authentication code and the IP address of the pull terminal to the authentication server 72 through a preset protocol. After obtaining the unique authentication code and the IP address of the pull terminal, the authentication server 72 establishes a correspondence between the unique authentication code, the IP address, the valid pull time, and the secret key, and obtains standard authentication information using the correspondence.

The pull stream terminal 71 requests a pull stream from the stream server 73 based on a pull stream address including a secret key, a unique authentication code, a time stamp and an encryption string within the effective pull stream time, so that the stream server 73 obtains authentication information to be verified.

The streaming server 73 sends the authentication information to be verified to the authentication server 72, so that the authentication server 72 obtains the authentication code to be verified, the IP address to be verified, the timestamp, the key to be verified, and the encryption string. The authentication server 72 firstly encrypts the authentication code to be verified, the timestamp and the key to be verified to obtain an encrypted string to be verified, and then compares the authentication code to be verified with the unique authentication code, the timestamp and the effective pull-stream time, the IP address and the IP address to be verified, the key to be verified and the key, and the encrypted string to be verified and the encrypted string respectively to obtain an authentication result. Specifically, if the consistency exists between the authentication code to be verified and the unique authentication code, between the IP address to be verified and the IP address, between the secret key to be verified and the secret key, and between the encryption string to be verified and the encryption string, and the timestamp is within the effective stream pulling time, the authentication result is determined to be successful. If at least one of the authentication code to be verified and the unique authentication code, the IP address to be verified and the IP address, the secret key to be verified and the secret key and the encryption string to be verified does not have consistency, the authentication result is determined to be authentication failure, and when the timestamp is not in the effective stream pulling time, even if the information is consistent, the authentication result of the authentication is also determined to be authentication failure.

The authentication server 72 sends the authentication result to the streaming server 73, and since the targeted streaming terminal 71 in this embodiment is a legal terminal, the authentication result in this embodiment is successful, the streaming server 73 opens the streaming, and transmits streaming data to the streaming terminal 71, thereby completing the streaming.

By the method, the function that only the server generates the anti-theft link is eliminated, and the key encrypted by the preset encryption algorithm is issued to the pull stream terminal, so that the pull stream terminal generates the unique authentication code, and therefore, the interaction protocol between the server and the pull stream terminal is cracked under extreme conditions, and the pull stream address cannot be directly assembled by the information acquired by the anti-theft link. After the stream pulling terminal needs to support the dynamic key issued by the authentication device, the stream pulling terminal re-encrypts the generated unique authentication code to generate a unique stream pulling address and reports the unique authentication code function through a preset protocol, which directly results in that similar vlc/ffplay/potplay (acquiring a stream combining request through a packet capturing) can not normally play the stream even if the stream combining address is acquired.

In summary, in this embodiment, each time of streaming playing needs to go through a complete process of completely generating a unique streaming address + reporting a unique authentication code, and various encryption algorithms, private communication protocols, and the like are involved therein, so that the difficulty of stealing the link is greatly improved.

The embodiment greatly improves the hotlink threshold based on the IP address of the unforgeable streaming terminal and the characteristic that the specific streaming terminal needs to be customized (generating the unique streaming address and reporting the unique authentication code) to normally pull the streaming, and meanwhile, even if the farlink address is distributed in batch, the hotlink can not be pulled by the hotlink, the bandwidth of the hotlink of the streaming media system can be directly and effectively reduced, and the system resources are protected.

Referring to fig. 9, fig. 9 is a schematic diagram of an embodiment of an authentication device for a hotlink protection of the present application. The authentication device 90 of the anti-hotlink comprises an encryption module 91 for generating a key based on a preset encryption algorithm; the first obtaining module 92 is configured to obtain a request instruction sent by the streaming terminal, and send the key to the streaming terminal based on the request instruction; a second obtaining module 93, configured to obtain the anti-theft information sent by the pull stream terminal, and combine the anti-theft information and the secret key into standard authentication information; the anti-theft information is generated by the stream pulling terminal based on the secret key; a third obtaining module 94, configured to obtain authentication information to be verified transmitted by the streaming terminal; the authentication module 95 is configured to authenticate the authentication information to be verified based on the standard authentication information to obtain an authentication result; and the execution module 96 is used for executing the authentication result.

The first obtaining module 92 is further configured to issue the key and the valid flow pulling time to the flow pulling terminal through an authentication server of the authentication apparatus based on the request instruction.

The second obtaining module 93 is further configured to obtain, by the authentication server, a unique authentication code sent by the pull stream terminal based on a preset protocol and a network address of the pull stream terminal; and establishing a corresponding relation among the unique authentication code, the effective stream pulling time, the network address and the secret key, and obtaining standard authentication information by utilizing the corresponding relation.

The third obtaining module 94 is further configured to obtain, by the stream server of the authentication apparatus, to-be-verified authentication information transmitted by the stream pulling terminal, where the to-be-verified authentication information includes an authentication code to be verified, a network address to be verified, a timestamp, a key to be verified, and an encryption string; and transmitting the authentication information to be verified to an authentication server of the authentication device through the streaming server so that the authentication server acquires the authentication information to be verified.

The authentication module 95 is further configured to encrypt the authentication code to be verified, the timestamp, and the key to be verified by the authentication server, so as to obtain an encrypted string to be verified; and respectively comparing and authenticating the authentication code to be verified and the unique authentication code, the timestamp and the effective pull time, the network address to be verified and the network address, the key and the secret key to be verified and the encryption string to be verified to obtain an authentication result. When consistency exists between the authentication code to be verified and the unique authentication code, between the network address to be verified and the network address, between the key to be verified and the secret key, and between the encryption string to be verified and the encryption string, and the timestamp is within the effective stream pulling time, the authentication result is determined to be successful; and when the authentication code to be verified is not consistent with the unique authentication code, the network address to be verified is not consistent with the network address, the key to be verified is not consistent with the secret key, the encryption string to be verified is inconsistent with the encryption string, or the time stamp exceeds the effective stream pulling time, determining that the authentication result is authentication failure.

The execution module 96 is further configured to send the authentication result to the streaming server of the authentication apparatus through the authentication server of the authentication apparatus, so as to execute the authentication result using the streaming server. When the authentication result is successful, continuously transmitting pull stream data to the pull stream terminal through the stream server; and when the authentication result is failure, stopping transmitting the pull stream data to the pull stream terminal through the stream server.

According to the scheme, the difficulty of the stealing chain can be improved, and the condition that the stealing chain is pulled is effectively reduced.

Referring to fig. 10, fig. 10 is a schematic diagram of an embodiment of an authentication device for a hotlink protection of the present application. The authentication device 100 of the anti-theft chain comprises a first communication module 101, which is used for sending a request instruction to the authentication device and obtaining a secret key issued by the authentication device; the secret key is generated by the authentication device based on a preset encryption algorithm; a reporting module 102, configured to obtain anti-theft information based on the secret key, and report the anti-theft information to the authentication device, so that the authentication device combines standard authentication information based on the anti-theft information and the secret key;

the second communication module 103 is configured to send authentication information to be verified to the authentication device, so that the authentication device obtains the authentication information to be verified and authenticates the standard authentication information based on the authentication information to be verified, and after an authentication result is obtained, executes the authentication result. The generating module 102 is further configured to generate authentication information to be verified, where the authentication information to be verified includes theft-proof information to be verified and a secret key to be verified; generating a pull address by using authentication information to be verified;

the generation module 102 is further configured to generate an authentication code to be verified based on the key to be verified, and use the authentication code to be verified and a network address to be verified of the pull-stream terminal as the anti-theft information to be verified; encrypting a key to be verified, an authentication code to be verified and a timestamp of the pull stream terminal to obtain an encryption string; and determining the key to be verified, the authentication code to be verified, the network address to be verified, the timestamp and the encryption string as authentication information to be verified.

The second communication module 103 is configured to send the pull stream address to the stream server of the authentication device within the valid time, so that the authentication server of the authentication device obtains authentication information to be verified.

The first communication module 101 is further configured to obtain an effective pull time issued by an authentication server of the authentication apparatus.

According to the scheme, the difficulty of the stealing link can be improved, and the condition that the stealing link is pulled is effectively reduced.

Referring to fig. 11, fig. 11 is a schematic frame diagram of an electronic device according to an embodiment of the present application. The electronic device 110 comprises a memory 111 and a processor 112 coupled to each other, and the processor 112 is configured to execute program instructions stored in the memory 111 to implement the steps of any of the above-mentioned embodiments of the anti-stealing-chain authentication method. In one particular implementation scenario, the electronic device 110 may include, but is not limited to: a microcomputer, a server, and in addition, the electronic device 110 may further include a mobile device such as a notebook computer, a tablet computer, and the like, which is not limited herein.

In particular, the processor 112 is configured to control itself and the memory 111 to implement the steps of any of the above described anti-stealing-link authentication method embodiments. Processor 112 may also be referred to as a CPU (Central Processing Unit). Processor 112 may be an integrated circuit chip having signal processing capabilities. The Processor 112 may also be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. In addition, the processor 112 may be commonly implemented by integrated circuit chips.

Referring to fig. 12, fig. 12 is a block diagram illustrating an embodiment of a computer-readable storage medium according to the present application. Computer readable storage medium 120 stores program instructions 1201 executable by the processor, and program instructions 1201 are configured to implement the steps of any of the above described anti-hotlink authentication method embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed method and apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of a module or a unit is merely one type of logical division, and an actual implementation may have another division, for example, a unit or a component may be combined or integrated with another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some interfaces, and may be in an electrical, mechanical or other form.

Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on network elements. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Claims

1. An authentication method for a hotlink, the authentication method comprising:

the authentication device generates a secret key based on a preset encryption algorithm; and

acquiring a request instruction sent by a pull stream terminal, and issuing the secret key to the pull stream terminal based on the request instruction;

acquiring anti-theft information sent by the pull stream terminal, and combining the anti-theft information and the secret key into standard authentication information; the anti-theft information is unique information generated by the pull flow terminal based on the secret key;

acquiring authentication information to be verified transmitted by a pull flow terminal; the authentication information to be verified comprises anti-theft information to be verified and a key to be verified;

authenticating the authentication information to be verified based on the standard authentication information to judge whether the authentication information to be verified and the standard authentication information have consistency or not to obtain an authentication result;

and executing the authentication result.

2. The authentication method of the hotlink according to claim 1, wherein the step of issuing the secret key to the pull terminal based on the request command comprises:

based on the request instruction, the secret key and the effective stream pulling time are issued to the stream pulling terminal through an authentication server of the authentication device;

the step of obtaining the anti-theft information sent by the pull stream terminal and combining the anti-theft information and the secret key into standard authentication information comprises the following steps:

acquiring a unique authentication code sent by the pull stream terminal based on a preset protocol and a network address of the pull stream terminal through the authentication server; and

and establishing a corresponding relation among the unique authentication code, the effective stream pulling time, the network address and the secret key, and obtaining the standard authentication information by utilizing the corresponding relation.

3. The authentication method of the hotlink according to claim 2, wherein the step of obtaining the authentication information to be verified transmitted by the streaming terminal comprises:

acquiring authentication information to be verified transmitted by the streaming terminal through a streaming server of the authentication device, wherein the authentication information to be verified comprises an authentication code to be verified, a network address to be verified, a timestamp, a key to be verified and an encryption string;

and transmitting the authentication information to be verified to an authentication server of the authentication device through the streaming server so that the authentication server acquires the authentication information to be verified.

4. The authentication method of the anti-theft chain according to claim 3, wherein the step of authenticating the authentication information to be verified based on the standard authentication information to determine whether the authentication information to be verified and the standard authentication information have consistency to obtain the authentication result comprises:

encrypting the authentication code to be verified, the timestamp and the key to be verified through the authentication server to obtain an encrypted string to be verified; and

and respectively comparing and authenticating the authentication code to be verified with the unique authentication code, the timestamp with the effective pull time, the network address to be verified with the network address, the key to be verified with the key and the encryption string to be verified with the encryption string to judge whether the authentication information to be verified and the standard authentication information have consistency, and obtaining the authentication result.

5. The authentication method of the anti-theft chain according to claim 4, wherein the step of obtaining the authentication result comprises:

when the consistency exists between the authentication code to be verified and the unique authentication code, between the network address to be verified and the network address, between the key to be verified and the secret key, and between the encryption string to be verified and the encryption string, and the timestamp is within the effective stream pulling time, determining that the authentication result is successful;

and when the authentication code to be verified is not consistent with the unique authentication code, the network address to be verified is not consistent with the network address, the key to be verified is not consistent with the secret key, and the encryption string to be verified is not consistent with the encryption string, or the timestamp exceeds the effective pull flow time, determining that the authentication result is authentication failure.

6. The authentication method of the anti-theft chain according to claim 4, wherein the step of performing the authentication result comprises:

and sending the authentication result to a stream server of the authentication device through the authentication server of the authentication device so as to execute the authentication result by utilizing the stream server.

7. The authentication method of the hotlink according to claim 6, wherein the step of obtaining the authentication information to be verified transmitted by the streaming terminal further comprises:

receiving the authentication information to be verified through the streaming server, and transmitting streaming data to the streaming terminal;

the step of executing the authentication result by using the streaming server includes:

when the authentication result is successful, continuously transmitting pull stream data to the pull stream terminal through the stream server;

and when the authentication result is failure, stopping transmitting the pull stream data to the pull stream terminal through the stream server.

8. The method for authenticating a hotlink according to claim 1, wherein said step of generating a key based on a predetermined encryption algorithm further comprises:

and updating the secret key according to a preset frequency through an authentication server of the authentication device.

9. An authentication method for a hotlink, the authentication method comprising:

the method comprises the steps that a pull flow terminal sends a request instruction to an authentication device and acquires a secret key issued by the authentication device; wherein the secret key is generated by the authentication device based on a preset encryption algorithm;

acquiring anti-theft information based on the secret key, and reporting the anti-theft information to the authentication device so that the authentication device combines standard authentication information based on the anti-theft information and the secret key;

sending authentication information to be verified to the authentication device so that the authentication device obtains the authentication information to be verified and authenticates the standard authentication information based on the authentication information to be verified to judge whether the authentication information to be verified and the standard authentication information have consistency or not, and executing the authentication result after obtaining the authentication result; the authentication information to be verified comprises anti-theft information to be verified and a key to be verified.

10. The authentication method of the anti-theft chain according to claim 9, wherein the step of obtaining the secret key issued by the authentication device further comprises:

obtaining effective pull flow time issued by an authentication server of the authentication device;

the step of sending the authentication information to be verified to the authentication device further comprises the following steps:

generating the authentication information to be verified, wherein the authentication information to be verified comprises the anti-theft information to be verified and a key to be verified;

generating a pull flow address by using the authentication information to be verified;

the step of sending authentication information to be verified to the authentication device includes:

and sending the flow pulling address to a flow server of the authentication device within the effective flow pulling time so that the authentication server of the authentication device obtains the authentication information to be verified.

11. The authentication method of the anti-theft chain according to claim 10, wherein the step of generating the authentication information to be verified comprises:

generating an authentication code to be verified based on a key to be verified, and taking the authentication code to be verified and a network address to be verified of the pull flow terminal as the anti-theft information to be verified;

encrypting the key to be verified, the authentication code to be verified and the timestamp of the pull stream terminal to obtain an encrypted string;

and determining the key to be verified, the authentication code to be verified, the network address to be verified, the timestamp and the encryption string as the authentication information to be verified.

12. An authentication device of a burglar proof chain, characterized in that the authentication device of the burglar proof chain comprises:

the encryption module is used for generating a secret key based on a preset encryption algorithm;

the first acquisition module is used for acquiring a request instruction sent by a pull stream terminal and issuing the secret key to the pull stream terminal based on the request instruction;

the second acquisition module is used for acquiring the anti-theft information sent by the pull stream terminal and combining the anti-theft information and the secret key into standard authentication information; the anti-theft information is unique information generated by the pull flow terminal based on the secret key;

the third acquisition module is used for transmitting authentication information to be verified, which is transmitted by the streaming terminal, wherein the authentication information to be verified comprises anti-theft information to be verified and a key to be verified;

the authentication module is used for authenticating the authentication information to be verified based on the standard authentication information so as to judge whether the authentication information to be verified and the standard authentication information have consistency or not and obtain an authentication result;

and the execution module is used for executing the authentication result.

13. An authentication device of a pickproof chain, the authentication device of the pickproof chain comprising:

the first communication module is used for sending a request instruction to an authentication device and acquiring a secret key issued by the authentication device; wherein the secret key is generated by the authentication device based on a preset encryption algorithm;

the reporting module is used for obtaining anti-theft information based on the secret key and reporting the anti-theft information to the authentication device so that the authentication device combines standard authentication information based on the anti-theft information and the secret key;

the second communication module is used for sending authentication information to be verified to the authentication device so that the authentication device can obtain the authentication information to be verified and authenticate the standard authentication information based on the authentication information to be verified so as to judge whether the authentication information to be verified and the standard authentication information have consistency or not, and after an authentication result is obtained, the authentication result is executed; the authentication information to be verified comprises the anti-theft information to be verified and a key to be verified.

14. An electronic device comprising a memory and a processor coupled to each other, the processor being configured to execute program instructions stored in the memory to implement the method for authentication of a antitheft chain according to any of claims 1 to 8 or the method for authentication of an antitheft chain according to any of claims 9 to 11.

15. A computer-readable storage medium, on which program instructions are stored, which program instructions, when executed by a processor, implement the method of authentication of a burglar chain according to any of claims 1 to 8 or the method of authentication of a burglar chain according to any of claims 9 to 11.