CN114374862A - EPG webpage security access system and method based on IPTV - Google Patents

EPG webpage security access system and method based on IPTV Download PDF

Info

Publication number
CN114374862A
CN114374862A CN202110919996.6A CN202110919996A CN114374862A CN 114374862 A CN114374862 A CN 114374862A CN 202110919996 A CN202110919996 A CN 202110919996A CN 114374862 A CN114374862 A CN 114374862A
Authority
CN
China
Prior art keywords
client
key
server
access token
epg
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110919996.6A
Other languages
Chinese (zh)
Inventor
陈维流
陈嘉伟
孟繁智
吴晓涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Paco Video Technology Hangzhou Co ltd
Original Assignee
Paco Video Technology Hangzhou Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Paco Video Technology Hangzhou Co ltd filed Critical Paco Video Technology Hangzhou Co ltd
Priority to CN202110919996.6A priority Critical patent/CN114374862A/en
Publication of CN114374862A publication Critical patent/CN114374862A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/262Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission, generating play-lists
    • H04N21/26283Content or additional data distribution scheduling, e.g. sending additional data at off-peak times, updating software modules, calculating the carousel transmission frequency, delaying a video stream transmission, generating play-lists for associating distribution time parameters to content, e.g. to generate electronic program guide data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general

Abstract

The invention discloses an EPG webpage security access system and method based on IPTV. The method specifically comprises the following steps: (1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP; (2) the client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP; (3) the client encrypts the EPG web page request parameter using the encrypted public key and accesses the EPG web page. The invention has the beneficial effects that: when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, and therefore the safety of accessing the EPG webpage is improved.

Description

EPG webpage security access system and method based on IPTV
Technical Field
The invention relates to the technical field of IPTV, in particular to an EPG webpage security access system and method based on IPTV.
Background
The traditional EPG webpage access has a plurality of defects: the parameters are requested to be transmitted in the clear text, so that an illegal visitor can easily intercept and tamper the data; the identity of the visitor is not identified, and an illegal visitor can be easily disguised as a legal visitor; the identity of the accessed target is not identified, and the EPG webpage is easily forged by illegal visitors to be made into a phishing webpage.
Disclosure of Invention
The invention provides an EPG webpage security access system and method based on IPTV, which can improve the security in order to overcome the defects in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
an EPG webpage security access system based on IPTV comprises a client, a gateway server, an authentication server, a key server and an EPG webpage server, wherein the client accesses the gateway server through an IPTV private network; the client encrypts the EPG webpage request parameters and accesses the EPG webpage; the gateway server accesses the authentication server, the key server and the EPG webpage server through the local area network; the gateway server provides routing service of the access request and content decryption service of the access request for the client, and provides request proxy service for the authentication server, the key server and the EPG webpage server; the authentication server provides access token generation, issuance and verification services for the client; the key server provides access key generation and distribution service for the client; the EPG webpage server provides EPG webpage deployment and access service for the client.
According to the system, when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, and therefore the safety of accessing the EPG webpage is improved.
Preferably, the client is routed through the gateway server, acquires the access token from the authentication server and binds the access token with the client IP, acquires the encrypted public key from the key server and binds the encrypted public key with the client IP, encrypts the request parameter according to the encrypted public key, decrypts the request parameter through the gateway server and routes the request parameter through the gateway server, and accesses the webpage from the EPG webpage server.
The invention also provides an EPG webpage security access method based on IPTV, which comprises the following steps:
(1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP;
(2) the client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP;
(3) the client encrypts the EPG web page request parameter using the encrypted public key and accesses the EPG web page.
The method protects the EPG webpage from illegal access by using the identity authentication technology, namely access token verification, asymmetric encryption algorithm encryption and decryption client request parameters, gateway technology to access request interception routing, network technology isolation of specific application servers and the like. Namely, the asymmetric encryption algorithm, gateway technology, network technology and identity authentication technology of security level are adopted to seamlessly protect the EPG webpage from illegal access.
Preferably, in the step (1), specifically: intercepting a client access token request by using a spring cloud Gateway server technology through a Url prefix path matching method, and then routing the client access token request to an authentication server, receiving the client access token request by the authentication server, firstly checking whether a key-value pair binding relationship exists between a client IP and an access token in a Redis cache database, and if so, returning the access token; and if the IP does not exist or is expired, generating a new access token, generating a key-value pair of the client IP and the access token in a Redis cache database, and returning the new access token.
Preferably, in the step (2), specifically: intercepting a request for acquiring an encrypted public key from a client by using a spring cloud Gateway server technology through an Url prefix path matching method and a user-defined check access token Filter, calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between a client IP and an access token in a Redis cache database, routing the request to a key server after the check access token passes through, receiving an encrypted public key request of the client by the key server, checking whether the key-value-pair binding relationship exists between the client IP and the encrypted secret key pair in the Redis cache database, and returning a public key of the encrypted secret key pair if the key-value-pair binding relationship exists; if the client IP does not exist or is expired, a new encryption key pair is generated by using the cryptographic algorithm SM2, a key-value pair of the client IP and the encryption key pair is generated in a Redis cache database, and a public key of the new encryption key pair is returned.
Preferably, in the step (3), specifically: the client encrypts the Url request parameter and the Body request parameter by using an encryption public key generated by a cryptographic algorithm SM2 acquired from the key server; the client initiates a request for accessing the EPG webpage by using the encrypted parameters; intercepting a request for accessing an EPG webpage by a client through an Url prefix path matching method, a user-defined check access token Filter and a user-defined parameter decryption Filter by using a SpringCloud Gateway server technology, firstly calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between an access token service check client IP and the access token in a Redis cache database, after the access token passes the check, calling a key server key inquiry service by using the parameter decryption Filter to inquire a key generated by a state cryptographic algorithm SM2 stored in the Redis cache database corresponding to the client IP, after the key is successfully obtained, decrypting an Url request parameter and a Body request parameter, generating a new request for accessing the EPG webpage, and finally routing the EPG webpage.
The invention has the beneficial effects that: when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, and therefore the safety of accessing the EPG webpage is improved.
Drawings
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a flow chart of a method of the present invention;
fig. 3 is a timing diagram of the method of the present invention.
Detailed Description
The invention is further described with reference to the following figures and detailed description.
In the embodiment shown in fig. 1, an EPG webpage security access system based on IPTV includes a client, a gateway server, an authentication server, a key server, and an EPG webpage server, where the client accesses the gateway server through an IPTV private network; the client encrypts the EPG webpage request parameters and accesses the EPG webpage; the gateway server accesses the authentication server, the key server and the EPG webpage server through the local area network; the gateway server provides routing service of the access request and content decryption service of the access request for the client, and provides request proxy service for the authentication server, the key server and the EPG webpage server; the authentication server provides access token generation, issuance and verification services for the client; the key server provides access key generation and distribution service for the client; the EPG webpage server provides EPG webpage deployment and access service for the client. The client end is routed through the gateway server, the access token is obtained from the authentication server and is bound with the client end IP, the encrypted public key is obtained from the secret key server and is bound with the client end IP, the request parameter is decrypted through the gateway server and is routed through the gateway server according to the encrypted public key encrypted request parameter, and the webpage is accessed from the EPG webpage server.
The gateway server is an entrance of the service request, and is responsible for intercepting all requests, distributing the requests to the service, providing log interception, authority control, solving the cross-domain problem, limiting current, fusing and load balancing, hiding the IP of the service end, intercepting and authorizing a black list and a white list, and the like. The method provides a routing service of the access request and a content decryption service of the access request for the client, and provides a request proxy service for an authentication server, a key server and an EPG webpage server.
As shown in fig. 2 and fig. 3, the present invention further provides an EPG webpage security access method based on IPTV, which specifically includes the following steps:
(1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP; the method specifically comprises the following steps: intercepting a client access token request by using a spring cloud Gateway server technology through a Url prefix path matching method, and then routing the client access token request to an authentication server, receiving the client access token request by the authentication server, firstly checking whether a key-value pair binding relationship exists between a client IP and an access token in a Redis cache database, and if so, returning the access token; and if the IP does not exist or is expired, generating a new access token, generating a key-value pair of the client IP and the access token in a Redis cache database, and returning the new access token.
(2) The client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP; the method specifically comprises the following steps: intercepting a request for acquiring an encrypted public key from a client by using a spring cloud Gateway server technology through an Url prefix path matching method and a user-defined check access token Filter, calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between a client IP and an access token in a Redis cache database, routing the request to a key server after the check access token passes through, receiving an encrypted public key request of the client by the key server, checking whether the key-value-pair binding relationship exists between the client IP and the encrypted secret key pair in the Redis cache database, and returning a public key of the encrypted secret key pair if the key-value-pair binding relationship exists; if the client IP does not exist or is expired, a new encryption key pair is generated by using the cryptographic algorithm SM2, a key-value pair of the client IP and the encryption key pair is generated in a Redis cache database, and a public key of the new encryption key pair is returned.
(3) The client encrypts the EPG webpage request parameters by using the encrypted public key and accesses the EPG webpage; the method specifically comprises the following steps: the client encrypts the Url request parameter and the Body request parameter by using an encryption public key generated by a cryptographic algorithm SM2 acquired from the key server; the client initiates a request for accessing the EPG webpage by using the encrypted parameters; intercepting a request for accessing an EPG webpage by a client through an Url prefix path matching method, a user-defined check access token Filter and a user-defined parameter decryption Filter by using a SpringCloud Gateway server technology, firstly calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between an access token service check client IP and the access token in a Redis cache database, after the access token passes the check, calling a key server key inquiry service by using the parameter decryption Filter to inquire a key generated by a state cryptographic algorithm SM2 stored in the Redis cache database corresponding to the client IP, after the key is successfully obtained, decrypting an Url request parameter and a Body request parameter, generating a new request for accessing the EPG webpage, and finally routing the EPG webpage.
According to the system and the method, when the client accesses the EPG webpage, the access token is firstly acquired, then the request parameter is encrypted, even if the access EPG webpage link is acquired, the identity cannot be forged and the request parameter cannot be falsified, so that the safety of accessing the EPG webpage is improved. The system and the method protect the EPG webpage from illegal access by using identity authentication technology, namely access token verification, asymmetric encryption algorithm encryption and decryption client request parameters, gateway technology to access request interception routing, network technology isolation specific application server and the like, namely, the security level asymmetric encryption algorithm, the gateway technology, the network technology and the identity authentication technology are adopted to seamlessly protect the EPG webpage from illegal access.

Claims (6)

1. An EPG webpage security access system based on IPTV is characterized by comprising a client, a gateway server, an authentication server, a key server and an EPG webpage server, wherein the client accesses the gateway server through an IPTV private network; the client encrypts the EPG webpage request parameters and accesses the EPG webpage; the gateway server accesses the authentication server, the key server and the EPG webpage server through the local area network; the gateway server provides routing service of the access request and content decryption service of the access request for the client, and provides request proxy service for the authentication server, the key server and the EPG webpage server; the authentication server provides access token generation, issuance and verification services for the client; the key server provides access key generation and distribution service for the client; the EPG webpage server provides EPG webpage deployment and access service for the client.
2. The EPG webpage security access system based on IPTV of claim 1, wherein the client is routed through the gateway server, obtains the access token from the authentication server and binds with the client IP, obtains the encrypted public key from the key server and binds with the client IP, encrypts the request parameter according to the encrypted public key, decrypts the request parameter through the gateway server and routes through the gateway server, and accesses the webpage from the EPG webpage server.
3. An EPG webpage security access method based on IPTV is characterized by comprising the following steps:
(1) the client acquires a client access token from the authentication server through the gateway server route and binds the client access token with the client IP;
(2) the client side is routed through the gateway server and verifies the access token, and after the access token passes the access token, the client side encryption public key is obtained from the key server and is bound with the client side IP;
(3) the client encrypts the EPG web page request parameter using the encrypted public key and accesses the EPG web page.
4. The EPG webpage security access method based on IPTV of claim 3, wherein in the step (1), specifically: intercepting a client access token request by using a spring cloud Gateway server technology through a Url prefix path matching method, and then routing the client access token request to an authentication server, receiving the client access token request by the authentication server, firstly checking whether a key-value pair binding relationship exists between a client IP and an access token in a Redis cache database, and if so, returning the access token; and if the IP does not exist or is expired, generating a new access token, generating a key-value pair of the client IP and the access token in a Redis cache database, and returning the new access token.
5. The EPG webpage security access method based on IPTV of claim 3, wherein in the step (2), specifically: intercepting a request for acquiring an encrypted public key from a client by using a spring cloud Gateway server technology through an Url prefix path matching method and a user-defined check access token Filter, calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between a client IP and an access token in a Redis cache database, routing the request to a key server after the check access token passes through, receiving an encrypted public key request of the client by the key server, checking whether the key-value-pair binding relationship exists between the client IP and the encrypted secret key pair in the Redis cache database, and returning a public key of the encrypted secret key pair if the key-value-pair binding relationship exists; if the client IP does not exist or is expired, a new encryption key pair is generated by using the cryptographic algorithm SM2, a key-value pair of the client IP and the encryption key pair is generated in a Redis cache database, and a public key of the new encryption key pair is returned.
6. The EPG webpage security access method based on IPTV of claim 3, wherein in the step (3), specifically: the client encrypts the Url request parameter and the Body request parameter by using an encryption public key generated by a cryptographic algorithm SM2 acquired from the key server; the client initiates a request for accessing the EPG webpage by using the encrypted parameters; intercepting a request for accessing an EPG webpage by a client through an Url prefix path matching method, a user-defined check access token Filter and a user-defined parameter decryption Filter by using a SpringCloud Gateway server technology, firstly calling an authentication server by using the check access token Filter to check whether a key-value-pair binding relationship exists between an access token service check client IP and the access token in a Redis cache database, after the access token passes the check, calling a key server key inquiry service by using the parameter decryption Filter to inquire a key generated by a state cryptographic algorithm SM2 stored in the Redis cache database corresponding to the client IP, after the key is successfully obtained, decrypting an Url request parameter and a Body request parameter, generating a new request for accessing the EPG webpage, and finally routing the EPG webpage.
CN202110919996.6A 2021-08-11 2021-08-11 EPG webpage security access system and method based on IPTV Pending CN114374862A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110919996.6A CN114374862A (en) 2021-08-11 2021-08-11 EPG webpage security access system and method based on IPTV

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110919996.6A CN114374862A (en) 2021-08-11 2021-08-11 EPG webpage security access system and method based on IPTV

Publications (1)

Publication Number Publication Date
CN114374862A true CN114374862A (en) 2022-04-19

Family

ID=81138333

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110919996.6A Pending CN114374862A (en) 2021-08-11 2021-08-11 EPG webpage security access system and method based on IPTV

Country Status (1)

Country Link
CN (1) CN114374862A (en)

Similar Documents

Publication Publication Date Title
US10848318B2 (en) System for authenticating certificate based on blockchain network, and method for authenticating certificate based on blockchain network by using same
US10069806B2 (en) Secure transfer and use of secret material in a shared environment
CN109561066B (en) Data processing method and device, terminal and access point computer
CN109327481B (en) Block chain-based unified online authentication method and system for whole network
CN109672675B (en) OAuth 2.0-based WEB authentication method of password service middleware
CN107707504B (en) Streaming media playing method and system, server and client
CN102685086A (en) File access method and system
US20140115724A1 (en) Token-Based Validation Method for Segmented Content Delivery
EP3375135A1 (en) Methods and systems for pki-based authentication
CN110933078B (en) H5 unregistered user session tracking method
US20200320178A1 (en) Digital rights management authorization token pairing
CN103248479A (en) Cloud storage safety system, data protection method and data sharing method
US10257171B2 (en) Server public key pinning by URL
CN103944900A (en) Cross-station request attack defense method and device based on encryption
JP2004509398A (en) System for establishing an audit trail for the protection of objects distributed over a network
CN106658093B (en) The exchange method and system of set-top box and server
CN109729080A (en) Access attack guarding method and system based on block chain domain name system
CN108880995B (en) Block chain-based unfamiliar social network user information and message pushing encryption method
CN109792433B (en) Method and apparatus for binding device applications to network services
CN111526161A (en) Communication method, communication equipment and proxy system
CN104683306A (en) Safe and controllable internet real-name certification mechanism
JP2012519995A (en) Method and apparatus for protecting network communications
US20170317836A1 (en) Service Processing Method and Apparatus
CN112118242A (en) Zero trust authentication system
CN110519304A (en) HTTPS mutual authentication method based on TEE

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination