CN113329242A - Resource management method and device - Google Patents

Resource management method and device Download PDF

Info

Publication number
CN113329242A
CN113329242A CN202110584061.7A CN202110584061A CN113329242A CN 113329242 A CN113329242 A CN 113329242A CN 202110584061 A CN202110584061 A CN 202110584061A CN 113329242 A CN113329242 A CN 113329242A
Authority
CN
China
Prior art keywords
client
play string
authentication
identifier
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110584061.7A
Other languages
Chinese (zh)
Inventor
李雪松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202110584061.7A priority Critical patent/CN113329242A/en
Publication of CN113329242A publication Critical patent/CN113329242A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/239Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests
    • H04N21/2393Interfacing the upstream path of the transmission network, e.g. prioritizing client content requests involving handling client requests
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26606Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing entitlement messages, e.g. Entitlement Control Message [ECM] or Entitlement Management Message [EMM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/437Interfacing the upstream path of the transmission network, e.g. for transmitting client requests to a VOD server
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/441Acquiring end-user identification, e.g. using personal code sent by the remote control or by inserting a card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4623Processing of entitlement messages, e.g. ECM [Entitlement Control Message] or EMM [Entitlement Management Message]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/45Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies, resolving scheduling conflicts
    • H04N21/462Content or additional data management, e.g. creating a master electronic program guide from data received from the Internet and a Head-end, controlling the complexity of a video stream by scaling the resolution or bit-rate based on the client capabilities
    • H04N21/4627Rights management associated to the content

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Graphics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a device for resource management, and relates to the technical field of computers. One embodiment of the method comprises: receiving an authentication request aiming at a target resource, and analyzing a client identifier from the authentication request; authenticating the authentication request, and generating a theft-proof chain play string corresponding to the client identifier when the authentication is successful; the anti-theft chain play string comprises a client identifier; sending the anti-theft chain play string to a client corresponding to the client identification, and receiving a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string; and verifying the play string in the reading request, and returning the target resource to the client when the verification is successful. The embodiment of the invention increases the anti-stealing link mechanism, so that the resource returned by the server is only supplied to one client for use, thereby increasing the difficulty of stealing the link, reducing the economic loss of legal suppliers and improving the resource service capability.

Description

Resource management method and device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for resource management.
Background
With The development of OTT (Over The Top, internet television) terminal services, a chain stealing phenomenon is more and more common, which seriously damages The benefits of legal operators and affects The video service experience of legal users.
The existing anti-theft link method cannot ensure that a video resource requested to be returned can only be returned to one OTT terminal for use, for example, a referrer mode is added in an HTTP protocol and a fixed parameter transmitted in a URL is encrypted or the validity period of the video resource is increased, the anti-theft link security mechanisms are easy to crack, and each video resource can be used for all OTT terminals.
Disclosure of Invention
In view of this, embodiments of the present invention provide a resource management method and apparatus, so that returned target resources can correspond to clients one to one, occurrence of large-area hotlinking is prevented, benefit loss of a legal operator is reduced, and a resource service level is improved.
To achieve the above object, according to a first aspect of the embodiments of the present invention, there is provided a method for resource management, including:
receiving an authentication request aiming at a target resource, and analyzing a client identifier from the authentication request;
authenticating the authentication request, and generating a pickproof chain play string corresponding to the client identifier when the authentication is successful, wherein the pickproof chain play string comprises the client identifier;
sending the anti-theft chain play string to a client corresponding to the client identification, and receiving a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string;
and checking the play string in the reading request, and returning the target resource to the client when the check is successful.
Optionally, the receiving an authentication request for a target resource includes:
the authentication request is received over an encrypted channel.
Optionally, generating a hotlink play string corresponding to the client identifier includes:
encrypting the first parameter to obtain a second parameter, and generating the anti-theft chain play string according to the second parameter;
the first parameter comprises a client identifier, a target resource identifier, a user identifier, a timestamp and an encryption key identifier.
Optionally, sending the hotlink protection play string to a client corresponding to the client identifier includes:
and sending the access address identifier and the protocol identifier corresponding to the client and the anti-theft chain play string to the client corresponding to the client identifier so that the client accesses and analyzes the anti-theft chain play string.
Optionally, the verifying the play string in the read request includes:
analyzing the play string to obtain a third parameter, and encrypting the third parameter according to the encryption processing mode to obtain a fourth parameter;
and judging whether the fourth parameter is the same as the second parameter, if so, checking successfully, otherwise, checking fails.
A second aspect of the embodiments of the present invention provides a method for resource management, including:
sending an authentication request aiming at a target resource to a server so that the server authenticates the authentication request, and analyzing a client identifier from the authentication request by the server;
receiving a hotlink play string corresponding to the client identifier returned when the server is successfully authenticated, wherein the hotlink play string comprises the client identifier;
and generating a reading request according to the playing string obtained by analyzing the anti-theft chain playing string, and sending the reading request to the server so that the server checks the playing string in the reading request and receives the target resource returned when the server checks successfully.
Optionally, sending an authentication request for the target resource to the server includes:
and sending the authentication request to the server through an encryption channel.
Optionally, before generating a read request according to the play string obtained by parsing the anti-theft chain play string, the method further includes:
analyzing a client identifier from the anti-theft chain play string;
judging whether the analyzed client identifier is the same as the stored client identifier or not;
and if the two are the same, generating a reading request according to the play string.
A third aspect of the embodiments of the present invention provides an apparatus for resource management, including:
the authentication service module receives an authentication request aiming at a target resource, analyzes a client identifier from the authentication request, authenticates the authentication request and generates a hotlink play string corresponding to the client identifier when the authentication is successful; the anti-theft chain play string comprises the client identification, and is sent to the client corresponding to the client identification;
the streaming media service module receives a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string; and checking the play string in the reading request, and returning the target resource to the client when the check is successful.
A fourth aspect of the present invention provides an apparatus for resource management, including:
the authentication module is used for sending an authentication request aiming at a target resource to a server so that the server authenticates the authentication request, and the server analyzes a client identifier from the authentication request;
the acquisition module is used for receiving a theft-proof chain play string corresponding to the client identifier, which is returned when the server is successfully authenticated, wherein the theft-proof chain play string comprises the client identifier; receiving the target resource returned when the server verification is successful;
and the agent module generates a reading request according to the play string obtained after the analysis of the anti-theft chain play string and sends the reading request to the server so that the server checks the play string in the reading request.
Still another aspect of the embodiments of the present invention provides an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for resource management of the first aspect or the second aspect of the embodiments of the present invention.
A further aspect of embodiments of the present invention provides a computer readable medium having stored thereon a computer program which, when executed by a processor, performs a method of resource management of the first or second aspect of embodiments of the present invention.
One embodiment of the above invention has the following advantages or benefits: and returning the anti-theft chain play string corresponding to the client identification according to the successful authentication result of the authentication request, receiving a reading request generated by the play string obtained after the analysis of the anti-theft chain play string, and returning the target resource after the verification of the play string is successful so as to realize the play of the target resource. The embodiment of the invention carries out anti-theft chain processing on the anti-theft chain play string, so that the anti-theft chain play string can only be accessed, analyzed and requested by a corresponding client, judges whether the client identifier analyzed from the anti-theft chain play string is consistent with the stored identifier, then carries out verification on the play string, further confirms the client identifier, further enables the returned target resource to be in one-to-one correspondence with the client sending the authentication request, strengthens the anti-theft chain safety mechanism through authentication, judgment and verification, and simultaneously transmits the parameters through a private protocol, thereby further strengthening the protection mechanism of the anti-theft chain. The method of the embodiment of the invention can avoid the occurrence of a large-area chain stealing phenomenon, reduce the benefit loss of legal operators and improve the capability of video service.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of a main flow of a method of resource management according to an embodiment of the invention;
FIG. 2 is a schematic diagram of the main flow of another method of resource management according to an embodiment of the invention;
fig. 3 is a schematic flowchart of determining a client identifier according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of the main modules of a resource management device according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of the main modules of another resource management apparatus according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a connection method of a device applied to resource management of a server and a device applied to resource management of a client according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of the main steps of a method for managing MP4 format video resources according to an embodiment of the present invention;
fig. 8 is a schematic diagram illustrating the main steps of a method for managing M3U8 format video resources according to an embodiment of the present invention;
fig. 9 is a flowchart illustrating a method for managing MP4 format video resources according to an embodiment of the present invention;
fig. 10 is a flowchart illustrating a method for managing M3U8 format video resources according to an embodiment of the present invention;
FIG. 11 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 12 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a method for resource management according to an embodiment of the present invention, applied to a server, as shown in fig. 1, the method includes the following steps:
step S101: receiving an authentication request aiming at a target resource, and analyzing a client identifier from the authentication request;
step S102: authenticating the authentication request, and generating a pickproof chain play string corresponding to the client identifier when the authentication is successful, wherein the pickproof chain play string comprises the client identifier;
step S103: sending the anti-theft chain play string to a client corresponding to the client identification, and receiving a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string;
step S104: and verifying the play string in the reading request, and returning the target resource to the client when the verification is successful.
The link stealing means that a user accesses the video resources of the legal operator through the webpage or the APP of the link thief without passing through the specified page or the application of the legal operator by linking the network resources of the legal operator through self-constructed webpage or the application, so that the legal operator providing the video service suffers huge loss including the server, the bandwidth, the concurrency number of the legal user and the like, and the video service experience of the legal user is also influenced. The purpose of the anti-stealing link is to prevent the anti-stealing link from accessing the video resource of the legal operator, so as to reduce the loss of interest of the legal operator. In the HLS (HTTP live streaming) technology, a WEB server provides a near-real-time audio and video stream for a client, on-demand and live broadcast can be directly provided on a common HTTP application, if a user embeds an M3U8 file (an M3U file in a UTF-8 encoding format) or an MP4 resource address into a self-constructed webpage or an application program, and the M3U8 file or the MP4 resource address is downloaded in an HTTP mode, anti-theft chain control cannot be performed on the HTTP server, so that a chain thief can successfully realize the anti-theft chain of the video stream.
In the embodiment of the present invention, the target resource is an audio or video resource indicated by the play request of the user, and may be an audio or video resource in an MP4 or M3U8 file format.
In an embodiment of the present invention, receiving an authentication request for a target resource comprises: an authentication request is received over an encrypted channel.
The authentication request indicates the target resource, and the target resource is determined to be returned by authenticating the authentication request (user authentication). Optionally, the authentication request includes the encrypted client identifier, the encrypted target resource identifier, and the encrypted user identifier, and the authentication request may be received through a socket encryption channel, and the encryption mode may be implemented by using an encryption algorithm, where the encryption algorithm is not particularly limited. Further, the authentication request is received through a private protocol (or a custom protocol), for example, the client generates the authentication request according to the encrypted client identifier, the target resource identifier and the user identifier, and sends the authentication request to the server through a TCP encrypted communication protocol.
The client identifier is a unique identifier of the client, and can be a wired network card (MAC) address and the like, the target resource identifier is a unique identifier of a target video or audio resource, the user identifier is a unique identifier of a terminal device provided with the client, and can be a unique identifier of an OTT television, an OTT box, a mobile phone, a computer and the like, and the client identifier and the user identifier are in one-to-one correspondence.
In the embodiment of the present invention, authenticating the authentication request includes:
analyzing a client identifier, a target resource identifier and a user identifier from the authentication request, and judging whether the client identifier, the target resource identifier and the user identifier meet a preset rule or not;
if so, the authentication is successful; if not, the authentication fails, the information of the authentication failure is returned, and the process is ended.
In the embodiment of the present invention, a decryption algorithm corresponding to the encryption algorithm may be adopted, the client identifier, the target resource identifier, and the user identifier may be analyzed from the authentication request, and whether a preset rule is satisfied is determined, so as to authenticate the authentication request, where the preset rule may be: and judging whether the client identifier, the target resource identifier and the user identifier analyzed from the authentication request are the same as the stored client identifier, target resource identifier and user identifier, if so, passing the authentication, and if not, failing the authentication. The preset rule may also be: calculating an authentication value (or a secret key) of the client identifier, the target resource identifier and the user identifier which are analyzed from the authentication request according to a preset algorithm, judging whether the authentication value is the same as the stored authentication value, if so, passing the authentication, and if not, failing the authentication; whether the authentication value is within the preset authentication value range can be judged, if yes, the authentication is passed, and if not, the authentication is failed.
And when the authentication of the authentication request is successful, generating a theft-proof chain play string corresponding to the client identifier, namely the generated theft-proof chain play string is in one-to-one correspondence with the client identifier, wherein the theft-proof chain play string comprises the client identifier.
In the embodiment of the invention, the generation of the anti-theft chain play string corresponding to the client identifier comprises the following steps:
and encrypting the first parameter to obtain a second parameter, and generating an anti-theft chain play string according to the second parameter, wherein the first parameter comprises a client identifier, a target resource identifier, a user identifier, a timestamp and an encryption key identifier. The timestamp may be a timestamp when the user initiates a play request, such as a timestamp when the user clicks a play button, the encryption key identifier is a key number in the key table, and the key table may be queried for the encryption rule and the decryption rule according to the encryption key identifier. After the encryption key identification is revealed, the key information can be replaced at any time by updating the key table so as to enhance the difficulty of cracking.
When the first parameter is encrypted by using the hotlink Algorithm to obtain the second parameter, the hotlink Algorithm may be encrypted by at least two encryption algorithms, for example, two-layer encryption may be performed by DES (Data encryption Standard) and MD5(Message-Digest Algorithm5, information-Digest Algorithm 5) encryption algorithms to enhance the hotlink security mechanism.
In the embodiment of the present invention, sending the anti-stealing link play string to the client corresponding to the client identifier includes:
and after the protocol identification and the access address identification corresponding to the client are assembled with the anti-theft chain play string, sending the anti-theft chain play string to the client corresponding to the client identification.
The access address identification indicates a client side for accessing the anti-theft chain play string, and the protocol identification indicates a client side for analyzing and requesting the anti-theft chain play string, so that the client side accesses, analyzes and requests the anti-theft chain play string. Further, the access address identifier and the protocol identifier both correspond to the proxy module of the client.
The anti-theft chain playing string is generated by adopting the anti-theft chain algorithm encryption, and the protocol identification, the access address identification and the anti-theft chain playing string are assembled to form the anti-theft chain strategy, so that the anti-theft chain safety mechanism is enhanced, and the anti-theft chain difficulty is improved.
The play string is obtained by analyzing the anti-theft chain play string, the anti-theft chain play string and the play string both comprise parameters and a download address of the target resource, the parameters comprise a client identifier, the anti-theft chain play string can be the download address of the target resource comprising the encrypted client identifier, and the play string obtained by analyzing the anti-theft chain play string can be the download address of the target resource comprising the unencrypted client identifier.
Optionally, for target resources with different formats, the anti-stealing link play string may be a download address or a virtual file download address or an index file address of the target resource, where the download address or the virtual file download address or the index file address contains the second parameter, that is, a file download address or a virtual file download address or an index file address of the anti-stealing link. For example, the file download address of the MP4 format file or the virtual M3U8 file download address or the M3U8 index file address containing the second parameter may be used. The play string obtained by analyzing the anti-theft chain play string can be a download address containing a third parameter of the target resource, or a virtual file download address or an index file address. Alternatively, when no pickproof chain is present, the third parameter may be the same as the first parameter and the second parameter may be the same as the fourth parameter.
After receiving the anti-theft chain play string, the client analyzes the anti-theft chain play string to obtain the play string, replaces the analyzed play string with a server address, generates a read request aiming at a target resource, sends the read request to the server through an encrypted communication protocol or a private protocol, and can obtain the play string from the read request. Wherein, according to the analytic broadcast string that obtains of theftproof chain broadcast string, include: and decrypting the second parameter to obtain a third parameter, and obtaining the play string according to the third parameter. The decryption process corresponds to the encryption process, and the rules of the encryption and decryption processes can be obtained by the encryption key. When the client returned by the anti-theft chain play string is the same as the client identifier in the anti-theft chain play string, the agent module can decrypt the second parameter according to the decryption rule to obtain a third parameter, so that the third parameter in the play string is verified subsequently.
In the embodiment of the present invention, verifying the play string in the read request includes:
analyzing the play string to obtain a third parameter, and encrypting the third parameter according to an encryption processing mode to obtain a fourth parameter;
and judging whether the fourth parameter is the same as the second parameter, if so, successfully verifying, and otherwise, failing to verify.
After receiving the read request, analyzing the play string in the read request to obtain a third parameter, obtaining an encryption key identifier according to the third parameter, further obtaining an encryption rule, namely an encryption processing mode, namely encrypting the first parameter into an encryption processing mode of the second parameter, encrypting the third parameter according to the encryption rule to obtain a fourth parameter, comparing the fourth parameter with the second parameter, if the second parameter is the same as the fourth parameter, passing the verification, and if the second parameter is different from the fourth parameter, failing the verification.
And after the verification is successful, returning the target resource to the client so that the client plays the target resource, wherein the target resource returned to the client can be video stream information or audio stream information, such as video stream information in an MP4 format or an M3U8 format.
Aiming at the possible stealing link conditions such as the environment of the analog OTT client and the unique identifier of the forged client, the method also comprises the following steps: and recording the received reading request into a log every time, analyzing the log, and judging the illegal request source of the stealing link through the operation processing of big data, so that the illegal authentication request can be filtered, and the stealing link behavior can be avoided. As if one client initiates multiple requests to the same resource at the same time point, the situation may be a stealing link or an attack behavior.
And returning the anti-theft chain play string corresponding to the client identification according to the successful authentication result of the authentication request, receiving the play string obtained after the analysis of the anti-theft chain play string, and returning the target resource after the verification of the play string is successful so as to realize the play of the target resource. The embodiment of the invention carries out anti-theft chain processing on the anti-theft chain play string, so that the anti-theft chain play string can only be accessed, analyzed and requested by a corresponding client, judges whether the client identifier analyzed from the anti-theft chain play string is consistent with the stored identifier, then carries out verification on the play string, further confirms the client identifier, further enables the returned target resource to be in one-to-one correspondence with the client sending the authentication request, strengthens the anti-theft chain safety mechanism through authentication, judgment and verification, and simultaneously transmits the parameters through a private protocol, thereby further strengthening the protection mechanism of the anti-theft chain. The method of the embodiment of the invention can avoid the occurrence of a large-area chain stealing phenomenon, reduce the benefit loss of legal operators and improve the capability of video service.
Fig. 2 is another resource management method according to an embodiment of the present invention, applied to a client, as shown in fig. 2, the resource management method includes the following steps:
step S201: sending an authentication request aiming at the target resource to a server so that the server authenticates the authentication request, and analyzing a client identifier from the authentication request by the server;
step S202: receiving a hotlink play string corresponding to the client identification returned when the server is successfully authenticated, wherein the hotlink play string comprises the client identification;
step S203: and generating a reading request according to the play string obtained after the analysis of the anti-theft chain play string, and sending the reading request to the server so that the server checks the play string in the reading request and receives the target resource returned when the server checks successfully.
In the embodiment of the present invention, before sending the authentication request for the target resource to the server, the method includes: and receiving a playing request of a user for the target resource, and generating an authentication request according to the playing request. The playing request indicates a target resource identifier, the target resource identifier is obtained from the playing request, and the authentication request is generated by encrypting the target resource identifier, the stored user identifier and the stored client identifier.
In an embodiment of the present invention, sending an authentication request for a target resource to a server includes: and sending the authentication request to the server through an encrypted channel. That is, after the target resource identifier, the stored user identifier, and the client identifier are encrypted, an authentication request is generated, and the authentication request is sent to the server through the encrypted communication protocol, so that the server authenticates the authentication request.
After the authentication is passed, the method also comprises the steps of receiving an access address identifier and a protocol identifier corresponding to the client identifier while receiving the anti-theft chain play string corresponding to the client identifier, accessing and analyzing the anti-theft chain play string according to the access address identifier and the protocol identifier and requesting, analyzing the play string by the client, decrypting the second parameter to obtain a third parameter, and obtaining a string according to the third parameter, wherein the third parameter in the play string is a parameter which is not subjected to encryption processing. And then generating a read request according to the play string to acquire the target resource from the server, wherein the generating of the read request according to the wave equation may be to replace the address of the play string with the address of the server to generate the read request.
In this embodiment of the present invention, as shown in fig. 3, before generating a read request according to a play string, the method further includes:
analyzing a client identifier from the anti-theft chain play string;
judging whether the analyzed client identifier is the same as the stored client identifier or not; and if the two are the same, generating a reading request according to the play string.
That is to say, after receiving the anti-theft chain play string returned by the server, it is determined whether the client identifier analyzed from the anti-theft chain play string is consistent with the stored client identifier, if so, it is indicated as the same client, and subsequent steps can be executed, and if not, it is indicated that the client is changed, and a read request cannot be generated.
And sending the reading request to a server through a private protocol or a user-defined protocol, verifying the play string in the reading request by the server, returning the target resource by the server if the verification is successful, and returning the information of the illegal request source without returning the target resource if the verification is failed. And after the verification is successful, the target resource returned by the server is received and played, and after the target resource is played, the whole playing process is finished.
As shown in fig. 4, a resource management apparatus 400 provided in an embodiment of the present invention is applied to a server, and includes:
the authentication service module 401 receives an authentication request for a target resource, analyzes a client identifier from the authentication request, authenticates the authentication request, and generates a hotlink play string corresponding to the client identifier when the authentication is successful; the anti-theft chain play string comprises a client identifier, and is sent to a client corresponding to the client identifier;
the streaming media service module 402 receives a reading request generated by a play string obtained by the client according to the analysis of the anti-theft chain play string; and verifying the play string in the reading request, and returning the target resource to the client when the verification is successful.
The authentication service module 401 is further configured to: an authentication request is received over an encrypted channel.
The authentication service module 401 is further configured to: encrypting the first parameter to obtain a second parameter, and generating an anti-theft chain play string according to the second parameter; the first parameter comprises a client identifier, a target resource identifier, a user identifier, a timestamp and an encryption key identifier.
The authentication service module 401 is further configured to: and sending the access address identifier and the protocol identifier corresponding to the client and the anti-theft chain play string to the client corresponding to the client identifier so that the client accesses and analyzes the anti-theft chain play string.
The streaming media service module 402 is further configured to: analyzing the play string to obtain a third parameter, and encrypting the third parameter according to an encryption processing mode to obtain a fourth parameter; and judging whether the fourth parameter is the same as the second parameter, if so, successfully verifying, and otherwise, failing to verify.
In the embodiment of the present invention, the resource management device may be a server, the authentication service module may be an authentication server, and the streaming media service module may be a streaming media server.
Another resource management apparatus 500 provided in an embodiment of the present invention is applied to a client, and includes:
the authentication module 501 sends an authentication request for a target resource to a server, so that the server authenticates the authentication request, and the server analyzes a client identifier from the authentication request;
the obtaining module 502 is configured to return a hotlink play string corresponding to the client identifier when the server authentication is successfully received, where the hotlink play string includes the client identifier; receiving a target resource returned when the server successfully verifies;
the agent module 503 generates a read request according to the play string obtained after parsing the anti-theft chain play string, and sends the read request to the server, so that the server checks the anti-theft chain play string in the read request.
In the embodiment of the present invention, the resource management apparatus may be a client, and the obtaining module, the authentication module, and the proxy module may be disposed in an APK (installation package) of the client, where the obtaining module includes a player.
In this embodiment of the present invention, the authentication module 501 is further configured to: and sending the authentication request to the server through an encrypted channel.
In this embodiment of the present invention, the agent module 503 is further configured to: analyzing a client identifier from the anti-theft chain play string; judging whether the analyzed client identifier is the same as the stored client identifier or not; and if the two are the same, generating a reading request according to the play string.
As shown in fig. 6, a schematic diagram of a connection method applied to a device for resource management of a server and a device for resource management of a client is provided. As can be seen from fig. 6, the device for resource management applied to the server and the device for resource management applied to the client interact with each other through the user authentication interface and the read video stream (video resource) interface, the device for resource management applied to the client includes an obtaining module, an authentication module and an agent module, the device for resource management applied to the server includes an authentication service module and a streaming media service module, the obtaining module processes the request of user authentication through the authentication module, the authentication module sends the user authentication request to the authentication service module through the user authentication interface so that the authentication service module performs user authentication, namely, the authentication request is authenticated, the authentication service module returns the anti-theft chain playing string through the authentication interface, and the acquisition module requests the streaming media service module to acquire the video resource for playing through the downloading video stream interface of the proxy module.
In the embodiment of the invention, the authentication module and the authentication service module can communicate based on the soket encryption channel, and the agent module and the acquisition module and the streaming media service module communicate based on the private protocol, so that safety guarantee is provided for user authentication and anti-theft chain verification through the authentication module and the agent module respectively, and the condition that illegal sources cannot pass through the authentication verification process of the authentication service module and the streaming media service module under the condition that the authentication module and the agent module are not available is ensured.
In the embodiment of the invention, the management of resources is realized through the interaction of the server and the client, specifically, the one-to-one correspondence between the client and the target resources is realized through the interaction between the acquisition module, the authentication module and the agent module as well as the authentication service module and the streaming media service module, and the security mechanism of the anti-theft chain is enhanced.
Fig. 7 is a schematic diagram illustrating main steps of a method for managing MP 4-format video resources according to an embodiment of the present invention, specifically, when a user initiates a play action, the method includes:
step S701: the acquisition module sends an HTPP protocol request to the authentication module;
step S702: the authentication module sends an authentication request to the authentication service module;
step S703: the authentication service module authenticates the authentication request;
step S704: when the authentication is successful, returning to the anti-theft chain MP4 to play the string download address;
step S705: the acquisition module starts a player, and the player sends an MP4 video acquisition request to the proxy module;
step S706: the agent module analyzes the download address of the play string of the anti-theft chain MP 4;
step S707: the proxy module requests the authentication module to obtain the client identification,
step S708: the authentication module returns a client identifier;
step S709: the agent module compares the analyzed client identification with the client identification returned by the authentication module to verify whether the client identifications are the same or not, and if so, the verification is successful;
step S710: after the client identification is successfully verified, the agent module sends a reading request to the streaming media service module, wherein the reading request comprises an MP4 play string obtained by analyzing a download address of the anti-theft link MP4 play string;
step S711: performing anti-theft chain authentication on the MP4 play string;
step S712: and when the anti-theft chain is successfully authenticated, returning the MP4 video resource information, and playing by the player.
Fig. 8 is a schematic diagram illustrating main steps of a method for managing M3U8 format video resources according to an embodiment of the present invention, specifically, when a user initiates a play action, the method includes:
step S801: the acquisition module sends an HTPP protocol request to the authentication module;
step S802: the authentication module sends an authentication request to the authentication service module;
step S803: the authentication service module authenticates the authentication request;
step S804: when the authentication is successful, returning to the virtual M3U8 download address of the anti-theft link;
step S805: the acquisition module starts a player, and the player sends an M3U8 index file acquisition request to the authentication service module;
step S806: the authentication service module returns an index file of the anti-theft chain M3U 8;
step S807: the player sends an M3U8 index file address acquisition request to the proxy module;
step S808: the agent module analyzes the index file of the anti-theft chain M3U 8;
step S809: the proxy module requests the authentication module to obtain the client identification,
step S810: the authentication module returns a client identifier;
step S811: the agent module compares the analyzed client identification with the client identification returned by the authentication module to verify whether the client identifications are the same or not, and if so, the verification is successful;
step S812: after the client identification is verified successfully, the agent module sends a reading request to the streaming media service module, wherein the reading request comprises an M3U8 index file obtained by analyzing an anti-theft chain M3U8 index file;
step S813: the streaming media service module performs anti-theft chain authentication on the M3U8 index file;
step S814: when the anti-theft chain authentication is successful, the streaming media service module returns to the M3U8 video resource fragment list,
step S815: the player sends a parent request for acquiring the M3U8 video resource to the agent module;
step S816: the agent module sends a request for reading M3U8 video resources to the streaming media service module;
step S817: the streaming media service module returns the M3U8 video resource information to be played by the player.
Fig. 9 is a flowchart illustrating a method for managing MP 4-formatted video resources according to an embodiment of the present invention, where the method includes the following steps:
a user clicks a play button aiming at the video resource, initiates a play request and stores a video resource identifier; the acquisition module sends an HTTP request to the authentication module by taking the video resource identifier as a parameter according to the playing behavior of the user for clicking the video,
the authentication module receives the HTTP request, converts the HTTP request into a TCP encryption communication protocol, acquires the MAC and UID from a memory of the authentication module, encrypts the video resource identifier, MAC and UID parameters, and sends the authentication request to the authentication service module through the TCP encryption communication protocol to verify the user authentication, and the video resource identifier, the MAC and the UID can be analyzed from the authentication request;
the authentication module transparently transmits the authentication request to the authentication service module through the secure encryption channel, and after the authentication service module receives the authentication request through the encryption channel, the authentication service module performs validity authentication or verification on the MAC, the UID and the video resource identifier according to a preset rule to judge whether the authentication is successful or not;
if the authentication fails, returning the information of the user authentication failure;
if the authentication is successful, the authentication service module returns the anti-theft chain play string in the MP4 format, and anti-theft chain processing is added in the anti-theft chain play string;
the anti-theft chain play string address is an agent module address and can only be accessed by an agent module of the client; the anti-theft chain play string is assembled by adopting a private protocol, and can only be analyzed and requested by an agent module supporting the private protocol; performing double-layer encryption processing through a DES and MD5 encryption algorithm, wherein encrypted first parameters comprise a UID, an MAC, a timestamp for initiating a play action, a video resource identifier and an encryption key identifier, and the first parameters are encrypted into second parameters; the unique client identifier of the video playing client is indicated in the anti-theft chain play string.
The player sends a video resource acquisition request to the agent module according to the address indicated by the anti-theft chain play string;
after receiving the request of the player, the agent module sends a request for acquiring a client identifier to the authentication module so as to acquire the client identifier from a memory of the authentication module and verify the client identifier;
the agent module analyzes the anti-theft chain play string, analyzes a client identifier from the anti-theft chain play string, simultaneously requests the authentication module to obtain the stored client identifier in the authentication module memory, judges whether the analyzed client identifier is the same as the stored client identifier, if not, returns information of an illegal request source, if so, replaces a wave equation obtained by analyzing the anti-theft chain play string with an address of the streaming media service module, and sends a reading request to the streaming media service module through a private protocol;
after receiving a reading request sent by an agent module through a private protocol, a streaming media service module verifies a play string in the reading request, analyzes a third parameter from an anti-theft chain, acquires an encryption rule and a decryption rule according to an encryption key identifier in the third parameter, encrypts the third parameter according to the encryption rule to acquire a fourth parameter, and judges whether the fourth parameter is the same as the second parameter; if the video resources are different, the verification fails, the information of the illegal request source is returned, if the video resources are the same, the verification succeeds, the video stream information in the MP4 format is returned to the player to be played, the player executes the playing process, and after the playing of the video resources is completed, the whole playing process is finished.
Fig. 10 is a flowchart illustrating a method for managing M3U8 format video resources according to an embodiment of the present invention, where the method includes the following steps:
the user clicks a play button aiming at the video resource, initiates a play request, stores the video resource identifier, the acquisition module sends an HTTP request to the authentication module by taking the video resource identifier as a parameter according to the play behavior of the user clicking the video,
the authentication module receives the HTTP request, converts the HTTP protocol into a TCP encryption communication protocol, acquires the MAC and UID from a memory of the authentication module, encrypts the video resource identifier, the MAC and the UID parameters, sends the authentication request to the authentication service module through the TCP encryption communication protocol, and can analyze the video resource identifier, the MAC and the UID from the authentication request;
the authentication module transparently transmits the authentication request to the authentication service module through the secure encryption channel, and after the authentication service module receives the authentication request through the encryption channel, the authentication service module performs validity authentication or verification on the MAC, the UID and the video resource identifier according to a preset rule to judge whether the authentication is successful or not;
if the authentication fails, returning the information of the user authentication failure;
if the authentication is successful, the authentication service module returns the virtual file address in the M3U8 format;
the virtual file address in the M3U8 format is obtained by performing double-layer encryption processing through DES and MD5 encryption algorithms, the encrypted first parameter comprises UID, MAC, a timestamp for initiating playing behavior, a video resource identifier and an encryption key identifier, and the encryption processing of the first parameter is a second parameter.
The player requests an authentication service module according to the virtual file address in the M3U8 format, after the authentication service module passes verification, the authentication service module returns a security chain M3U8 index file address to the player, wherein the security chain M3U8 index file address is an M3U8 index file address assembled with an access identifier and a protocol identifier, and can only be accessed, analyzed and requested by a proxy module;
after receiving the address of the index file of the anti-theft chain M3U8, the player analyzes the fragment resource list in the index file to obtain a fragment resource address, and the allocated resource address points to the agent module;
the player sends a video resource acquisition request to the proxy module according to the allocated resource address;
after receiving the request of the player, the agent module sends a request for acquiring a client identifier to the authentication module so as to acquire the client identifier from a memory of the authentication module and verify the client identifier;
the agent module analyzes the address of the M3U8 index file of the anti-theft chain, analyzes a client identifier, judges whether the analyzed client identifier is the same as the stored client identifier, if not, returns the information of an illegal request source, if so, replaces the address of the M3U8 index file obtained by analyzing the address of the M3U8 index file of the anti-theft chain with the address of a streaming media service module, and sends a reading request to the streaming media service module through a private protocol;
after receiving a reading request sent by the proxy module through a private protocol, the streaming media service module verifies an M3U8 index file address in the reading request, analyzes a third parameter from the M3U8 index file address, acquires an encryption rule and a decryption rule according to an encryption key identifier in the third parameter, encrypts the third parameter according to the encryption rule to acquire a fourth parameter, and judges whether the fourth parameter is the same as the second parameter; if the video resources are different, the verification fails, information of the illegal request source is returned, if the video resources are the same, the verification succeeds, the video stream information in the M3U8 format is returned to the player to be played, the player executes the playing process, and after the video resources are played, the whole playing process is finished.
An embodiment of the present invention further provides an electronic device, including: one or more processors; a storage device, configured to store one or more programs, which when executed by one or more processors, cause the one or more processors to implement the method for resource management of the first aspect or the second aspect of the embodiments of the present invention.
Embodiments of the present invention also provide a computer-readable medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for resource management according to the first aspect or the second aspect of the embodiments of the present invention.
Fig. 11 shows an exemplary system architecture 1100 of an apparatus for resource management or a method of resource management to which embodiments of the invention may be applied.
As shown in fig. 11, the system architecture 1100 may include terminal devices 1101, 1102, 1103, a network 1104, and a server 1105. The network 1104 is a medium to provide communication links between the terminal devices 1101, 1102, 1103 and the server 1105. Network 1104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use terminal devices 1101, 1102, 1103 to interact with a server 1105 over a network 1104 to receive or send messages or the like. Various communication client applications, such as a video playing application, a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, etc. (just examples) may be installed on the terminal devices 1101, 1102, 1103.
The terminal devices 1101, 1102, 1103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to television boxes, smart phones, tablets, laptop portable computers, desktop computers, and the like.
The server 1105 may be a server that provides various services, such as a background management server that provides support for video resources clicked by a user with the terminal devices 1101, 1102, 1103. The background management server may analyze and perform other processing on the received data such as the video resource reading request, and feed back a processing result (e.g., the video resource) to the terminal device.
It should be noted that the method for resource management provided by the first aspect of the embodiment of the present invention is generally executed by the server 1105, and accordingly, the apparatus for resource management is generally disposed in the server 1105. The method for resource management provided by the second aspect of the embodiment of the present invention is generally executed by the terminal devices 1101, 1102, 1103, and accordingly, the apparatus for resource management is generally disposed in the terminal devices 1101, 1102, 1103.
It should be understood that the number of terminal devices, networks, and servers in fig. 11 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 12, shown is a block diagram of a computer system 1200 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 12 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 12, the computer system 1000 includes a Central Processing Unit (CPU)1201, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)1202 or a program loaded from a storage section 1208 into a Random Access Memory (RAM) 1203. In the RAM 1203, various programs and data necessary for the operation of the system 1200 are also stored. The CPU 1201, ROM 1202, and RAM 1203 are connected to each other by a bus 1204. An input/output (I/O) interface 1205 is also connected to bus 1204.
The following components are connected to the I/O interface 1205: an input section 1206 including a keyboard, a mouse, and the like; an output portion 1207 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 1208 including a hard disk and the like; and a communication section 1209 including a network interface card such as a LAN card, a modem, or the like. The communication section 1209 performs communication processing via a network such as the internet. A driver 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is mounted on the drive 1210 as necessary, so that a computer program read out therefrom is mounted into the storage section 1208 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 1209, and/or installed from the removable medium 1211. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 1201.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes an authentication service module and a streaming media service module. Where the names of these modules do not in some cases constitute a limitation on the module itself, for example, an authentication service module may also be described as a "module that receives an authentication request for a target resource".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: a method of resource management, comprising: receiving an authentication request aiming at a target resource, and analyzing a client identifier from the authentication request; authenticating the authentication request, and generating a pickproof chain play string corresponding to the client identifier when the authentication is successful, wherein the pickproof chain play string comprises the client identifier; sending the anti-theft chain play string to a client corresponding to the client identification, and receiving a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string; and verifying the play string in the reading request, and returning the target resource to the client when the verification is successful.
According to the technical scheme of the embodiment of the invention, the anti-theft chain play string corresponding to the client identification is returned through the successful authentication result of the authentication request, then the play string obtained after the analysis of the anti-theft chain play string is received, and the target resource is returned after the verification of the play string is successful, so that the play of the target resource is realized. The embodiment of the invention carries out anti-theft chain processing on the anti-theft chain play string, so that the anti-theft chain play string can only be accessed, analyzed and requested by a corresponding client, judges whether the client identifier analyzed from the anti-theft chain play string is consistent with the stored identifier, then carries out verification on the play string, further confirms the client identifier, further enables the returned target resource to be in one-to-one correspondence with the client sending the authentication request, strengthens the anti-theft chain safety mechanism through authentication, judgment and verification, and simultaneously transmits the parameters through a private protocol, thereby further strengthening the protection mechanism of the anti-theft chain. The method of the embodiment of the invention can avoid the occurrence of a large-area chain stealing phenomenon, reduce the benefit loss of legal operators and improve the capability of video service.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (12)

1. A method of resource management, comprising:
receiving an authentication request aiming at a target resource, and analyzing a client identifier from the authentication request;
authenticating the authentication request, and generating a pickproof chain play string corresponding to the client identifier when the authentication is successful, wherein the pickproof chain play string comprises the client identifier;
sending the anti-theft chain play string to a client corresponding to the client identification, and receiving a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string;
and checking the play string in the reading request, and returning the target resource to the client when the check is successful.
2. The method of claim 1, wherein receiving an authentication request for a target resource comprises:
the authentication request is received over an encrypted channel.
3. The method of claim 1, wherein generating the anti-hotlinking playlist corresponding to the client identifier comprises:
encrypting the first parameter to obtain a second parameter, and generating the anti-theft chain play string according to the second parameter;
the first parameter comprises a client identifier, a target resource identifier, a user identifier, a timestamp and an encryption key identifier.
4. The method of claim 1, wherein sending the hotlink playlist to a client corresponding to the client identifier comprises:
and sending the access address identifier and the protocol identifier corresponding to the client and the anti-theft chain play string to the client corresponding to the client identifier so that the client accesses and analyzes the anti-theft chain play string.
5. The method of claim 3, wherein verifying the play string in the read request comprises:
analyzing the play string to obtain a third parameter, and encrypting the third parameter according to the encryption processing mode to obtain a fourth parameter;
and judging whether the fourth parameter is the same as the second parameter, if so, checking successfully, otherwise, checking fails.
6. A method of resource management, comprising:
sending an authentication request aiming at a target resource to a server so that the server authenticates the authentication request, and analyzing a client identifier from the authentication request by the server;
receiving a hotlink play string corresponding to the client identifier returned when the server is successfully authenticated, wherein the hotlink play string comprises the client identifier;
and generating a reading request according to the play string obtained by analyzing the anti-theft chain play string, and sending the reading request to the server so that the server checks the play string in the reading request and receives the target resource returned when the server checks successfully.
7. The method of claim 6, wherein sending an authentication request for the target resource to the server comprises:
and sending the authentication request to the server through an encryption channel.
8. The method according to claim 6, wherein before generating the read request according to the play string obtained by parsing the anti-theft chain play string, the method further comprises:
analyzing a client identifier from the anti-theft chain play string;
judging whether the analyzed client identifier is the same as the stored client identifier or not;
and if the two are the same, generating a reading request according to the play string.
9. An apparatus for resource management, comprising:
the authentication service module receives an authentication request aiming at a target resource, analyzes a client identifier from the authentication request, authenticates the authentication request, and generates a theftproof chain play string corresponding to the client identifier when the authentication is successful, wherein the theftproof chain play string comprises the client identifier; sending the anti-theft chain play string to a client corresponding to the client identifier;
the streaming media service module receives a reading request generated by the client according to the play string obtained by analyzing the anti-theft chain play string; and checking the play string in the reading request, and returning the target resource to the client when the check is successful.
10. An apparatus for resource management, comprising:
the authentication module is used for sending an authentication request aiming at a target resource to a server so that the server authenticates the authentication request, and the server analyzes a client identifier from the authentication request;
the acquisition module is used for receiving a theft-proof chain play string corresponding to the client identifier, which is returned when the server is successfully authenticated, wherein the theft-proof chain play string comprises the client identifier; receiving the target resource returned when the server verification is successful;
and the agent module generates a reading request according to the play string obtained after the analysis of the anti-theft chain play string and sends the reading request to the server so that the server checks the play string in the reading request.
11. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-5 or 6-8.
12. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-5 or 6-8.
CN202110584061.7A 2021-05-27 2021-05-27 Resource management method and device Pending CN113329242A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110584061.7A CN113329242A (en) 2021-05-27 2021-05-27 Resource management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110584061.7A CN113329242A (en) 2021-05-27 2021-05-27 Resource management method and device

Publications (1)

Publication Number Publication Date
CN113329242A true CN113329242A (en) 2021-08-31

Family

ID=77421646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110584061.7A Pending CN113329242A (en) 2021-05-27 2021-05-27 Resource management method and device

Country Status (1)

Country Link
CN (1) CN113329242A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024964A (en) * 2021-10-28 2022-02-08 苏州浪潮智能科技有限公司 Resource access method, device, equipment and computer readable storage medium
CN114979786A (en) * 2022-05-16 2022-08-30 湖南快乐阳光互动娱乐传媒有限公司 Media resource processing method and system, storage medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103986735A (en) * 2014-06-05 2014-08-13 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
WO2015184743A1 (en) * 2014-06-02 2015-12-10 合一网络技术(北京)有限公司 Method and system for conducting security chain processing on live video
WO2016184216A1 (en) * 2015-05-15 2016-11-24 乐视云计算有限公司 Link-stealing prevention method, link-stealing prevention server, and client side
CN106791986A (en) * 2017-01-10 2017-05-31 环球智达科技(北京)有限公司 A kind of live index list encrypted antitheft catenary systems of HLS and method
CN107786526A (en) * 2016-08-31 2018-03-09 北京优朋普乐科技有限公司 Anti-stealing link method, client and server system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015184743A1 (en) * 2014-06-02 2015-12-10 合一网络技术(北京)有限公司 Method and system for conducting security chain processing on live video
CN103986735A (en) * 2014-06-05 2014-08-13 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
WO2016184216A1 (en) * 2015-05-15 2016-11-24 乐视云计算有限公司 Link-stealing prevention method, link-stealing prevention server, and client side
CN107786526A (en) * 2016-08-31 2018-03-09 北京优朋普乐科技有限公司 Anti-stealing link method, client and server system
CN106791986A (en) * 2017-01-10 2017-05-31 环球智达科技(北京)有限公司 A kind of live index list encrypted antitheft catenary systems of HLS and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024964A (en) * 2021-10-28 2022-02-08 苏州浪潮智能科技有限公司 Resource access method, device, equipment and computer readable storage medium
CN114024964B (en) * 2021-10-28 2023-06-23 苏州浪潮智能科技有限公司 Resource access method, device, equipment and computer readable storage medium
CN114979786A (en) * 2022-05-16 2022-08-30 湖南快乐阳光互动娱乐传媒有限公司 Media resource processing method and system, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
CN107077541B (en) Partial URL signature system and method applied to dynamic self-adaptive streaming media
EP2334027B1 (en) Method for scalable access control decisions
US9026782B2 (en) Token-based entitlement verification for streaming media decryption
JP7520798B2 (en) SYSTEM AND METHOD FOR DISTRIBUTED VERIFICATION OF ONLINE IDENTITY - Patent application
CN103957436B (en) A kind of video anti-stealing link method based on OTT business
US10425427B2 (en) Template uniform resource locator signing
EP3055805B1 (en) System and method for signaling and verifying url signatures for both url authentication and url-based content access authorization in adaptive streaming
JP2017530484A (en) Token-based authentication and authorization information signaling and exchange for adaptive streaming
CN104980771A (en) Method and system for stream media-on-demand through internet protocol television (IPTV)
KR20120010164A (en) Method and apparatus for providing drm service
JP6546100B2 (en) Service providing method, service request method, information processing apparatus, and client apparatus
CN111258602B (en) Information updating method and device
US9008305B2 (en) Video data delivery protection
US9239911B2 (en) Replacement of security credentials for secure proxying
US10708326B2 (en) Secure media casting bypassing mobile devices
CN110011950B (en) Authentication method and device for video stream address
CN113329242A (en) Resource management method and device
CN112560003A (en) User authority management method and device
CN117579338A (en) Method for processing streaming media file and related equipment
CN111988262B (en) Authentication method, authentication device, server and storage medium
CN108235067B (en) Authentication method and device for video stream address
US20200364317A1 (en) Method and system for identifying a user terminal in order to receive streaming protected multimedia content
CN106470186B (en) A method of accessing third party's resource in a manner of jumping
CN111182010B (en) Local service providing method and device
CN114598549B (en) Customer SSL certificate verification method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210831