CN114374862A - EPG webpage security access system and method based on IPTV - Google Patents
EPG webpage security access system and method based on IPTV Download PDFInfo
- Publication number
- CN114374862A CN114374862A CN202110919996.6A CN202110919996A CN114374862A CN 114374862 A CN114374862 A CN 114374862A CN 202110919996 A CN202110919996 A CN 202110919996A CN 114374862 A CN114374862 A CN 114374862A
- Authority
- CN
- China
- Prior art keywords
- client
- key
- server
- access token
- epg
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012795 verification Methods 0.000 claims description 5
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25808—Management of client data
- H04N21/25816—Management of client data involving client authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/262—Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission, generating play-lists
- H04N21/26283—Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission, generating play-lists for associating distribution time parameters to content, e.g. to generate electronic program guide data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/266—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
- H04N21/26613—Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
Abstract
The invention discloses an EPG webpage security access system and method based on IPTV. The method specifically comprises the following steps: (1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP; (2) the client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP; (3) the client encrypts the EPG web page request parameter using the encrypted public key and accesses the EPG web page. The invention has the beneficial effects that: when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, and therefore the safety of accessing the EPG webpage is improved.
Description
Technical Field
The invention relates to the technical field of IPTV, in particular to an EPG webpage security access system and method based on IPTV.
Background
The traditional EPG webpage access has a plurality of defects: the parameters are requested to be transmitted in the clear text, so that an illegal visitor can easily intercept and tamper the data; the identity of the visitor is not identified, and an illegal visitor can be easily disguised as a legal visitor; the identity of the accessed target is not identified, and the EPG webpage is easily forged by illegal visitors to be made into a phishing webpage.
Disclosure of Invention
The invention provides an EPG webpage security access system and method based on IPTV, which can improve the security in order to overcome the defects in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
an EPG webpage security access system based on IPTV comprises a client, a gateway server, an authentication server, a key server and an EPG webpage server, wherein the client accesses the gateway server through an IPTV private network; the client encrypts the EPG webpage request parameters and accesses the EPG webpage; the gateway server accesses the authentication server, the key server and the EPG webpage server through the local area network; the gateway server provides routing service of the access request and content decryption service of the access request for the client, and provides request proxy service for the authentication server, the key server and the EPG webpage server; the authentication server provides access token generation, issuance and verification services for the client; the key server provides access key generation and distribution service for the client; the EPG webpage server provides EPG webpage deployment and access service for the client.
According to the system, when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, and therefore the safety of accessing the EPG webpage is improved.
Preferably, the client is routed through the gateway server, acquires the access token from the authentication server and binds the access token with the client IP, acquires the encrypted public key from the key server and binds the encrypted public key with the client IP, encrypts the request parameter according to the encrypted public key, decrypts the request parameter through the gateway server and routes the request parameter through the gateway server, and accesses the webpage from the EPG webpage server.
The invention also provides an EPG webpage security access method based on IPTV, which comprises the following steps:
(1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP;
(2) the client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP;
(3) the client encrypts the EPG web page request parameter using the encrypted public key and accesses the EPG web page.
The method protects the EPG webpage from illegal access by using the identity authentication technology, namely access token verification, asymmetric encryption algorithm encryption and decryption client request parameters, gateway technology to access request interception routing, network technology isolation of specific application servers and the like. Namely, the asymmetric encryption algorithm, gateway technology, network technology and identity authentication technology of security level are adopted to seamlessly protect the EPG webpage from illegal access.
Preferably, in the step (1), specifically: intercepting a client access token request by using a spring cloud Gateway server technology through a Url prefix path matching method, and then routing the client access token request to an authentication server, receiving the client access token request by the authentication server, firstly checking whether a key-value pair binding relationship exists between a client IP and an access token in a Redis cache database, and if so, returning the access token; and if the IP does not exist or is expired, generating a new access token, generating a key-value pair of the client IP and the access token in a Redis cache database, and returning the new access token.
Preferably, in the step (2), specifically: intercepting a request for acquiring an encrypted public key from a client by using a spring cloud Gateway server technology through an Url prefix path matching method and a user-defined check access token Filter, calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between a client IP and an access token in a Redis cache database, routing the request to a key server after the check access token passes through, receiving an encrypted public key request of the client by the key server, checking whether the key-value-pair binding relationship exists between the client IP and the encrypted secret key pair in the Redis cache database, and returning a public key of the encrypted secret key pair if the key-value-pair binding relationship exists; if the client IP does not exist or is expired, a new encryption key pair is generated by using the cryptographic algorithm SM2, a key-value pair of the client IP and the encryption key pair is generated in a Redis cache database, and a public key of the new encryption key pair is returned.
Preferably, in the step (3), specifically: the client encrypts the Url request parameter and the Body request parameter by using an encryption public key generated by a cryptographic algorithm SM2 acquired from the key server; the client initiates a request for accessing the EPG webpage by using the encrypted parameters; intercepting a request for accessing an EPG webpage by a client through an Url prefix path matching method, a user-defined check access token Filter and a user-defined parameter decryption Filter by using a SpringCloud Gateway server technology, firstly calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between an access token service check client IP and the access token in a Redis cache database, after the access token passes the check, calling a key server key inquiry service by using the parameter decryption Filter to inquire a key generated by a state cryptographic algorithm SM2 stored in the Redis cache database corresponding to the client IP, after the key is successfully obtained, decrypting an Url request parameter and a Body request parameter, generating a new request for accessing the EPG webpage, and finally routing the EPG webpage.
The invention has the beneficial effects that: when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, and therefore the safety of accessing the EPG webpage is improved.
Drawings
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a flow chart of a method of the present invention;
fig. 3 is a timing diagram of the method of the present invention.
Detailed Description
The invention is further described with reference to the following figures and detailed description.
In the embodiment shown in fig. 1, an EPG webpage security access system based on IPTV includes a client, a gateway server, an authentication server, a key server, and an EPG webpage server, where the client accesses the gateway server through an IPTV private network; the client encrypts the EPG webpage request parameters and accesses the EPG webpage; the gateway server accesses the authentication server, the key server and the EPG webpage server through the local area network; the gateway server provides routing service of the access request and content decryption service of the access request for the client, and provides request proxy service for the authentication server, the key server and the EPG webpage server; the authentication server provides access token generation, issuance and verification services for the client; the key server provides access key generation and distribution service for the client; the EPG webpage server provides EPG webpage deployment and access service for the client. The client end is routed through the gateway server, the access token is obtained from the authentication server and is bound with the client end IP, the encrypted public key is obtained from the secret key server and is bound with the client end IP, the request parameter is decrypted through the gateway server and is routed through the gateway server according to the encrypted public key encrypted request parameter, and the webpage is accessed from the EPG webpage server.
The gateway server is an entrance of the service request, and is responsible for intercepting all requests, distributing the requests to the service, providing log interception, authority control, solving the cross-domain problem, limiting current, fusing and load balancing, hiding the IP of the service end, intercepting and authorizing a black list and a white list, and the like. The method provides a routing service of the access request and a content decryption service of the access request for the client, and provides a request proxy service for an authentication server, a key server and an EPG webpage server.
As shown in fig. 2 and fig. 3, the present invention further provides an EPG webpage security access method based on IPTV, which specifically includes the following steps:
(1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP; the method specifically comprises the following steps: intercepting a client access token request by using a spring cloud Gateway server technology through a Url prefix path matching method, and then routing the client access token request to an authentication server, receiving the client access token request by the authentication server, firstly checking whether a key-value pair binding relationship exists between a client IP and an access token in a Redis cache database, and if so, returning the access token; and if the IP does not exist or is expired, generating a new access token, generating a key-value pair of the client IP and the access token in a Redis cache database, and returning the new access token.
(2) The client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP; the method specifically comprises the following steps: intercepting a request for acquiring an encrypted public key from a client by using a spring cloud Gateway server technology through an Url prefix path matching method and a user-defined check access token Filter, calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between a client IP and an access token in a Redis cache database, routing the request to a key server after the check access token passes through, receiving an encrypted public key request of the client by the key server, checking whether the key-value-pair binding relationship exists between the client IP and the encrypted secret key pair in the Redis cache database, and returning a public key of the encrypted secret key pair if the key-value-pair binding relationship exists; if the client IP does not exist or is expired, a new encryption key pair is generated by using the cryptographic algorithm SM2, a key-value pair of the client IP and the encryption key pair is generated in a Redis cache database, and a public key of the new encryption key pair is returned.
(3) The client encrypts the EPG webpage request parameters by using the encrypted public key and accesses the EPG webpage; the method specifically comprises the following steps: the client encrypts the Url request parameter and the Body request parameter by using an encryption public key generated by a cryptographic algorithm SM2 acquired from the key server; the client initiates a request for accessing the EPG webpage by using the encrypted parameters; intercepting a request for accessing an EPG webpage by a client through an Url prefix path matching method, a user-defined check access token Filter and a user-defined parameter decryption Filter by using a SpringCloud Gateway server technology, firstly calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between an access token service check client IP and the access token in a Redis cache database, after the access token passes the check, calling a key server key inquiry service by using the parameter decryption Filter to inquire a key generated by a state cryptographic algorithm SM2 stored in the Redis cache database corresponding to the client IP, after the key is successfully obtained, decrypting an Url request parameter and a Body request parameter, generating a new request for accessing the EPG webpage, and finally routing the EPG webpage.
According to the system and the method, when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, so that the safety of accessing the EPG webpage is improved. The system and the method protect the EPG webpage from illegal access by using identity authentication technology, namely access token verification, asymmetric encryption algorithm encryption and decryption client request parameters, gateway technology to access request interception routing, network technology isolation specific application server and the like, namely, the security level asymmetric encryption algorithm, the gateway technology, the network technology and the identity authentication technology are adopted to seamlessly protect the EPG webpage from illegal access.
Claims (6)
1. An EPG webpage security access system based on IPTV is characterized by comprising a client, a gateway server, an authentication server, a key server and an EPG webpage server, wherein the client accesses the gateway server through an IPTV private network; the client encrypts the EPG webpage request parameters and accesses the EPG webpage; the gateway server accesses the authentication server, the key server and the EPG webpage server through the local area network; the gateway server provides routing service of the access request and content decryption service of the access request for the client, and provides request proxy service for the authentication server, the key server and the EPG webpage server; the authentication server provides access token generation, issuance and verification services for the client; the key server provides access key generation and distribution service for the client; the EPG webpage server provides EPG webpage deployment and access service for the client.
2. The EPG webpage security access system based on IPTV of claim 1, wherein the client is routed through the gateway server, obtains the access token from the authentication server and binds with the client IP, obtains the encrypted public key from the key server and binds with the client IP, encrypts the request parameter according to the encrypted public key, decrypts the request parameter through the gateway server and routes through the gateway server, and accesses the webpage from the EPG webpage server.
3. An EPG webpage security access method based on IPTV is characterized by comprising the following steps:
(1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP;
(2) the client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP;
(3) the client encrypts the EPG web page request parameter using the encrypted public key and accesses the EPG web page.
4. The EPG webpage security access method based on IPTV of claim 3, wherein in the step (1), specifically: intercepting a client access token request by using a spring cloud Gateway server technology through a Url prefix path matching method, and then routing the client access token request to an authentication server, receiving the client access token request by the authentication server, firstly checking whether a key-value pair binding relationship exists between a client IP and an access token in a Redis cache database, and if so, returning the access token; and if the IP does not exist or is expired, generating a new access token, generating a key-value pair of the client IP and the access token in a Redis cache database, and returning the new access token.
5. The EPG webpage security access method based on IPTV of claim 3, wherein in the step (2), specifically: intercepting a request for acquiring an encrypted public key from a client by using a spring cloud Gateway server technology through an Url prefix path matching method and a user-defined check access token Filter, calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between a client IP and an access token in a Redis cache database, routing the request to a key server after the check access token passes through, receiving an encrypted public key request of the client by the key server, checking whether the key-value-pair binding relationship exists between the client IP and the encrypted secret key pair in the Redis cache database, and returning a public key of the encrypted secret key pair if the key-value-pair binding relationship exists; if the client IP does not exist or is expired, a new encryption key pair is generated by using the cryptographic algorithm SM2, a key-value pair of the client IP and the encryption key pair is generated in a Redis cache database, and a public key of the new encryption key pair is returned.
6. The EPG webpage security access method based on IPTV of claim 3, wherein in the step (3), specifically: the client encrypts the Url request parameter and the Body request parameter by using an encryption public key generated by a cryptographic algorithm SM2 acquired from the key server; the client initiates a request for accessing the EPG webpage by using the encrypted parameters; intercepting a request for accessing an EPG webpage by a client through an Url prefix path matching method, a user-defined check access token Filter and a user-defined parameter decryption Filter by using a SpringCloud Gateway server technology, firstly calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between an access token service check client IP and the access token in a Redis cache database, after the access token passes the check, calling a key server key inquiry service by using the parameter decryption Filter to inquire a key generated by a state cryptographic algorithm SM2 stored in the Redis cache database corresponding to the client IP, after the key is successfully obtained, decrypting an Url request parameter and a Body request parameter, generating a new request for accessing the EPG webpage, and finally routing the EPG webpage.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110919996.6A CN114374862A (en) | 2021-08-11 | 2021-08-11 | EPG webpage security access system and method based on IPTV |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110919996.6A CN114374862A (en) | 2021-08-11 | 2021-08-11 | EPG webpage security access system and method based on IPTV |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114374862A true CN114374862A (en) | 2022-04-19 |
Family
ID=81138333
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110919996.6A Pending CN114374862A (en) | 2021-08-11 | 2021-08-11 | EPG webpage security access system and method based on IPTV |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114374862A (en) |
-
2021
- 2021-08-11 CN CN202110919996.6A patent/CN114374862A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10848318B2 (en) | System for authenticating certificate based on blockchain network, and method for authenticating certificate based on blockchain network by using same | |
US10069806B2 (en) | Secure transfer and use of secret material in a shared environment | |
CN109561066B (en) | Data processing method and device, terminal and access point computer | |
CN109327481B (en) | Block chain-based unified online authentication method and system for whole network | |
CN109672675B (en) | OAuth 2.0-based WEB authentication method of password service middleware | |
CN107707504B (en) | Streaming media playing method and system, server and client | |
CN102685086A (en) | File access method and system | |
US20140115724A1 (en) | Token-Based Validation Method for Segmented Content Delivery | |
EP3375135A1 (en) | Methods and systems for pki-based authentication | |
CN110933078B (en) | H5 unregistered user session tracking method | |
US20200320178A1 (en) | Digital rights management authorization token pairing | |
CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
US10257171B2 (en) | Server public key pinning by URL | |
CN103944900A (en) | Cross-station request attack defense method and device based on encryption | |
JP2004509398A (en) | System for establishing an audit trail for the protection of objects distributed over a network | |
CN106658093B (en) | The exchange method and system of set-top box and server | |
CN109729080A (en) | Access attack guarding method and system based on block chain domain name system | |
CN108880995B (en) | Block chain-based unfamiliar social network user information and message pushing encryption method | |
CN109792433B (en) | Method and apparatus for binding device applications to network services | |
CN111526161A (en) | Communication method, communication equipment and proxy system | |
CN104683306A (en) | Safe and controllable internet real-name certification mechanism | |
JP2012519995A (en) | Method and apparatus for protecting network communications | |
US20170317836A1 (en) | Service Processing Method and Apparatus | |
CN112118242A (en) | Zero trust authentication system | |
CN110519304A (en) | HTTPS mutual authentication method based on TEE |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |