CN115694948A - Resource acquisition method and device - Google Patents

Resource acquisition method and device Download PDF

Info

Publication number
CN115694948A
CN115694948A CN202211316788.8A CN202211316788A CN115694948A CN 115694948 A CN115694948 A CN 115694948A CN 202211316788 A CN202211316788 A CN 202211316788A CN 115694948 A CN115694948 A CN 115694948A
Authority
CN
China
Prior art keywords
resource
character string
string
public key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211316788.8A
Other languages
Chinese (zh)
Inventor
盛骥斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Happly Sunshine Interactive Entertainment Media Co Ltd
Original Assignee
Hunan Happly Sunshine Interactive Entertainment Media Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Happly Sunshine Interactive Entertainment Media Co Ltd filed Critical Hunan Happly Sunshine Interactive Entertainment Media Co Ltd
Priority to CN202211316788.8A priority Critical patent/CN115694948A/en
Publication of CN115694948A publication Critical patent/CN115694948A/en
Pending legal-status Critical Current

Links

Images

Abstract

The embodiment of the application discloses a resource acquisition method, wherein a client receives a verification string and a key sent by a login server; decrypting the secret key to obtain a private key; sending a resource request character string to a cache server, wherein the resource request character string comprises a resource character string and a verification string which are encrypted by a private key; and receiving a resource returned by the cache server, wherein the resource is obtained by decoding the verification string by the cache server to obtain a public key, decrypting the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtaining a resource corresponding to the decrypted resource character string. Therefore, by the scheme provided by the embodiment of the application, after the user using the client is successfully authenticated, the user can continuously verify the legality of the client between the cache servers without a third-party authentication service, and the situation that a large number of hotlink connections are manufactured due to the fact that the packet capturing and intercepting requests are avoided.

Description

Resource acquisition method and device
Technical Field
The present application relates to the field of security technologies, and in particular, to a resource obtaining method and apparatus.
Background
Along with the development of internet television terminal service, the stealing link phenomenon is rampant, and the stealing link website often utilizes the formal account to acquire the resource address, then provides the broadcast to the outside on publishing the network with the resource address, and this kind of stealing link action directly leads to the video title party to need to pay a large amount of bandwidth costs but not have any income for the stealing link user, has impaired video title party's interests greatly.
In the existing anti-stealing-link method, a temporary access user name and an authentication password are written into a database by using a mode of requesting valid time, if the connection time is exceeded, the request address is invalid, for example, one video has three hours, the request valid time must support three hours, and the cached video resources in the three hours can be widely stolen by directly copying the request.
Disclosure of Invention
The embodiment of the application provides a resource acquisition method and device, which can avoid the situation that a chain is stolen due to a packet capturing and intercepting request.
A first aspect of the present application provides a resource obtaining method, applied to a client, including:
receiving a verification string and a key sent by a login server;
decrypting the secret key to obtain a private key;
sending a resource request character string to a cache server, wherein the resource request character string comprises a resource character string encrypted by the private key and the verification string;
and receiving the resource returned by the cache server, wherein the resource is the resource obtained by decoding the verification string by the cache server to obtain a public key, decrypting the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtaining the resource corresponding to the decrypted resource character string.
Optionally, before receiving the verification string and the key sent by the login server, the method further includes:
and connecting the login server to ensure that the login server authenticates the user using the client, and returning a verification string and a key to the client after the authentication is passed.
Optionally, the decrypting the secret key to obtain a private key includes:
and decrypting the key according to a decryption method corresponding to the encryption method adopted by the login server to obtain the private key.
Optionally, the resource request string further includes: and (4) time stamping.
Optionally, the resource is an index file, and the method further includes:
after receiving the index file, extracting fragment character strings from the index file;
sending a fragmentation request character string to the cache server according to the fragmentation character string, wherein the fragmentation request character string comprises a fragmentation character string encrypted by using the private key and the verification string;
and receiving a fragment file returned by the cache server, wherein the fragment file is obtained by decoding the verification string by the cache server to obtain a public key, and decrypting the encrypted fragment character string according to the public key to obtain the fragment file corresponding to the decrypted fragment character string.
A second aspect of the present application provides a resource obtaining method, which is applied to a cache server, and the method includes:
receiving a resource request character string sent by a client, wherein the resource request character string comprises a resource character string and a verification string which are encrypted by a private key;
decoding the verification string to obtain a public key and a validity period of the public key;
judging whether the user login information is overdue according to the validity period of the public key, and decrypting the encrypted resource character string according to the public key when the user login information is not overdue to obtain a decrypted resource character string;
and sending the resource corresponding to the decrypted resource character string to the client.
Optionally, after decrypting the encrypted resource string according to the public key, the method further includes:
if the decryption is successful, judging the difference value between the timestamp in the resource request character string and the timestamp in the cache server, and if the difference value is greater than the preset request validity period, refusing to return the resource;
and if the decryption fails, refusing to return the resource.
Optionally, the method further includes:
receiving a fragmentation request character string sent by a client, wherein the fragmentation request character string comprises a fragmentation character string encrypted by a private key and the verification string;
decoding the verification string to obtain a public key and a validity period of the public key;
judging whether the user login information is overdue according to the validity period of the public key, and decrypting the encrypted fragmentation character string according to the public key when the user login information is not overdue to obtain a decrypted fragmentation character string;
and sending the fragment file corresponding to the decrypted fragment character string to a client.
A third aspect of the present application provides a client, including:
the receiving unit is used for receiving the verification string and the key sent by the login server;
the decryption unit is used for decrypting the secret key to obtain a private key;
a sending unit, configured to send a resource request string to a cache server, where the resource request string includes a resource string encrypted by using the private key and the verification string;
the receiving unit is further configured to receive a resource returned by the cache server, where the resource is a public key obtained by decoding the verification string by the cache server, and the resource is obtained by decrypting the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtaining a resource corresponding to the decrypted resource character string.
A third aspect of the present application provides a cache server, including:
the system comprises a receiving unit, a verification unit and a resource request processing unit, wherein the receiving unit is used for receiving a resource request character string sent by a client, and the resource request character string comprises a resource character string and a verification string which are encrypted by a private key;
the decryption unit is used for decoding the verification string to obtain a public key and a validity period of the public key;
the resource acquisition unit is used for judging whether the user login information is overdue according to the validity period of the public key, and when the user login information is not overdue, the encrypted resource character string is decrypted according to the public key to obtain a decrypted resource character string;
and the sending unit is used for sending the resource corresponding to the decrypted resource character string to the client.
The embodiment of the application discloses a resource acquisition method, which is applied to a client and used for receiving a verification string and a key sent by a login server; decrypting the secret key to obtain a private key; sending a resource request character string to a cache server, wherein the resource request character string comprises a resource character string encrypted by the private key and the verification string; and receiving the resource returned by the cache server, wherein the resource is a public key obtained by decoding the verification string by the cache server, decrypting the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtaining the resource corresponding to the decrypted resource character string. By using the scheme provided by the embodiment of the application, after the authentication of the user using the client is successful, the user can continuously verify the legality of the client between the cache servers without a third-party authentication service, and the situation that a large amount of hotlink connections are manufactured due to the fact that the packet capturing and intercepting requests are intercepted is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the description below are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic structural diagram of a resource acquisition system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a resource obtaining method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another resource acquisition method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a client according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a cache server according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a resource acquisition method and device, which can avoid the situation that a chain is stolen due to a packet capturing and intercepting request.
In order to facilitate understanding of the technical solution of the resource obtaining method provided in the embodiments of the present application, a specific embodiment of the present application is described with reference to the resource obtaining system in fig. 1. The resource acquisition system may include at least a client, a login server, and a cache server. A group of appointed encryption/decryption method and an appointed key group US exist between the login server and the client, another group of appointed encryption/decryption method and an appointed key group SS exist between the login server and the cache server, and the client and the cache server need the private key skey and the public key pkey decoded from the respective password groups for verification to carry out encryption/decryption.
Referring to fig. 2, the figure is a schematic flowchart of a resource obtaining method provided in an embodiment of the present application, and the method is applied to a client, and may be implemented, for example, through the following S201 to S204.
S201: and receiving the authentication string and the key sent by the login server.
Specifically, the client is connected with the login server so that the login server authenticates a user using the client, and after the authentication is passed, a verification string and a secret key are returned to the client, wherein the secret key is an encrypted private key. The key is encrypted by an encryption mode and a password agreed by the client and the login server, and cannot be directly used by external interception. The content contained in the verification string is encrypted, the encryption mode is different from that of a secret key, and the verification string cannot be decrypted by external interception or a client side.
S202: and decrypting the secret key to obtain a private key.
Specifically, the secret key is decrypted according to a decryption method corresponding to the encryption method adopted by the login server, and the private key is obtained.
S203: and sending the resource request character string to a cache server.
In an embodiment of the present application, the resource request string includes a resource string and a validation string encrypted with a private key.
In an implementation manner of the embodiment of the present application, the resource request string further includes: a time stamp.
Specific examples are as follows:
when a client needs to request a Resource from a cache server, a request timestamp is attached to a Uniform Resource Locator (URL) (i.e., a Resource request string) of the requested Resource, the Resource string is encrypted by using a private key skey, a verification string sign is added, and an obtained new request string is sent to the cache server. The original request is as follows:
http://pcvideoaliyun.titan.mgtv.com/c1/2022/07/06_0/F4A8830FD5182338B3E865608D5C408E_20220706_1_1_391.m3u8v=xvy&u=sxt&ci=xxx;
the original request is time stamped with t =1657265397, resulting in the following URL:
http://pcvideoaliyun.titan.mgtv.com/c1/2022/07/06_0/F4A8830FD5182338B3E865608D5C408E_20220706_1_1_391.m3u8v=xvy&u=sxt&ci=xxx&t=1657265397;
then, the private key skey is used for encrypting the request parameter, the encrypted request parameter is put into the pm parameter, and the sign verification string is attached to the pm parameter to obtain the following URL:
http://pcvideoaliyun.titan.mgtv.com/c1/2022/07/06_0/F4A8830FD5182338B3E865608D5C408E_20220706_1_1_391.m3u8pm=2GtN0e8rUC7PYTzkjU_z~MknYQoHtXKzmkWUvswbIuFhbrA7kUdiu9mhE0ypchXCylaeRJ_M6XCvgBMA1mouQz31jqWodLlLSbd8m5JUNkcmiECdA0O~cvWaospX_giIaE8CzYgr0Ao608p61pn40KLUbNj6MzkRbqT6eW5WK6t3r_rOGlD~6yEPG_OYKiDQYgMk10Llv4j&sign=dlLtdjgiu4eiqPZN8sy7bMblJgApUwkmHuaPOAHdA。
the pm parameter is used for encapsulating and hiding the parameter of the original request, namely, the original string of all the request parameters after being directly encrypted is put into the pm, and the finally obtained URL is sent to the cache server to request resources. The unencrypted part of the URL and the verification string are plain texts in the URL, so that the request is not tampered, and a pirate is prevented from grafting the pm parameter part into other requests.
S204: and receiving the resource returned by the cache server.
Specifically, the cache server decodes the verification string to obtain a public key, decrypts the encrypted resource character string according to the public key to obtain a decrypted resource character string, obtains a resource corresponding to the decrypted resource character string, and returns the obtained resource to the client.
In an implementation manner of the embodiment of the application, after the received resource is an index file, a fragment character string is extracted from the index file; sending a fragmentation request character string to a cache server according to the fragmentation character string, wherein the fragmentation request character string comprises a fragmentation character string encrypted by a private key, a verification string and a timestamp; and receiving a fragment file returned by the cache server, wherein the fragment file is obtained by decoding the verification string by the cache server to obtain a public key, and decrypting the encrypted fragment character string according to the public key to obtain the fragment file corresponding to the decrypted fragment character string.
Specifically, the index file m3u8 is a file list containing a plurality of ts fragmentation files, the index file m3u8 is downloaded locally in the above steps, the designated fragmentation character string is extracted from the index file m3u8, the designated fragmentation character string is obtained by adding a timestamp, then the private key is used for encryption, the verification string is added, and the fragmentation request character string is sent to the cache server.
In an implementation manner of the embodiment of the present application, a key team between a client and a cache server has a time limit, and when the time limit is reached, a user needs to connect a login server through the client to perform a renewal, that is, re-authenticate.
In the embodiment of the application, after the authentication of the user using the client is successful, the user can continuously provide continuous verification of the legality of the user between the cache servers without a third-party authentication service, a group of encryption/decryption modes and keys are respectively arranged between the client and the login server, between the client and the cache servers, and between the loggers and the cache servers, and the keys in each group are different from each other, so that the situation that a large number of stealing link connections are manufactured due to the fact that a packet is grabbed and intercepted and requested is avoided.
As shown in fig. 3, an embodiment of the present application provides another resource obtaining method, which is applied to a cache server, and may be implemented, for example, through the following S301 to S304
S301: and receiving a resource request character string sent by the client.
Specifically, the resource request string includes a resource string and a validation string encrypted with a private key.
S302: the validation string is decoded.
Specifically, the verification string is decrypted according to a decryption method corresponding to the encryption method adopted by the login server, so as to obtain the public key pkey, the decryption algorithm, the validity period of the public key, the validity period of the request, and other verification information.
S303: and decrypting the encrypted resource character string according to the public key.
Specifically, whether the user login information is overdue is judged according to the validity period of the public key, and when the user login information is not overdue, the encrypted resource character string is decrypted according to the public key and a decryption algorithm to obtain the decrypted resource character string.
In an implementation manner of the embodiment of the application, if decryption fails, returning of resources is directly refused; if the decryption is successful, the difference value between the timestamp in the request and the timestamp of the server side is judged, if the difference value is higher than the validity period of the request, the resource is refused to be returned, and the overtime is prompted. If the difference is not higher than the request validity period, S304 is performed.
S304: and sending the resource corresponding to the decrypted resource character string to the client.
In an implementation manner of the embodiment of the application, a resource corresponding to a decrypted resource character string is sent to a client, and when the resource is an index file, a fragmentation request character string sent by the client is also received, wherein the fragmentation request character string comprises a fragmentation character string and a verification string encrypted by using a private key; decoding the verification string to obtain a public key and a validity period of the public key; judging whether the user login information is overdue or not according to the validity period of the public key, and decrypting the encrypted fragment character string according to the public key when the user login information is not overdue to obtain a decrypted fragment character string; if the decryption fails, directly refusing to return the fragment file; if the decryption is successful, the difference value between the timestamp in the request and the timestamp of the server side is judged, if the difference value is higher than the validity period of the request, the fragment file is refused to return, and the overtime is prompted. And if the difference is not higher than the request validity period, sending the fragment file corresponding to the decrypted fragment character string to the client.
It is understood that the implementation manner of step S301 is similar to that of step S201 in the foregoing embodiment of fig. 2, and is not described here again.
In the embodiment of the application, a group of encryption/decryption modes and keys are respectively arranged between the client and the login server, between the client and the cache server, and between the logger and the cache server, and the keys in each group are different from each other, so that the condition that a large number of hotlinking situations are manufactured due to the fact that a packet is intercepted and captured is avoided being combined.
Based on the methods provided by the above embodiments, the embodiments of the present application further provide a client, which is described below with reference to fig. 4.
The client provided by the embodiment of the application comprises: a receiving unit 401, a decryption unit 402 and a transmitting unit 403.
A receiving unit 401, configured to receive an authentication string and a key sent by a login server;
a decryption unit 402, configured to decrypt the secret key to obtain a private key;
a sending unit 403, configured to send a resource request character string to the cache server, where the resource request character string includes a resource character string and a verification string that are encrypted by using a private key;
the receiving unit 401 is further configured to receive a resource returned by the cache server, where the resource is a public key obtained by decoding the verification string by the cache server, and decrypt the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtain a resource corresponding to the decrypted resource character string.
In a possible implementation manner, the receiving unit 401 is specifically configured to:
and connecting the login server to ensure that the login server authenticates the user using the client, and returning the verification string and the key to the client after the authentication is passed.
In a possible implementation manner, the decryption unit 402 is specifically configured to:
and decrypting the key according to a decryption method corresponding to the encryption method adopted by the login server to obtain the private key.
In a possible implementation manner, the client further includes:
the extraction unit is used for extracting the fragment character strings from the index file after receiving the index file;
the sending unit 403 is further configured to send a fragmentation request string to the cache server according to the fragmentation string, where the fragmentation request string includes a fragmentation string and a verification string encrypted by using a private key;
the receiving unit 401 is further configured to receive a fragment file returned by the cache server, where the fragment file is obtained by decoding the verification string by the cache server to obtain a public key, and decrypt the encrypted fragment character string according to the public key to obtain a fragment file corresponding to the decrypted fragment character string.
Since the client is a device corresponding to the resource obtaining method provided in the foregoing method embodiment, and the specific implementation of each unit of the client is the same as that in the foregoing method embodiment, for the specific implementation of each unit of the client, reference may be made to the description part of one resource obtaining method in the foregoing method embodiment, and details are not repeated here.
Based on the methods provided in the foregoing embodiments, the embodiments of the present application further provide a cache server, which is described below with reference to fig. 5.
The cache server provided by the embodiment of the application comprises: a receiving unit 501, a decryption unit 502, a resource acquisition unit 503, and a transmitting unit 504.
A receiving unit 501, configured to receive a resource request character string sent by a client, where the resource request character string includes a resource character string and a verification string encrypted by using a private key;
a decryption unit 502, configured to decode the verification string to obtain a public key and a validity period of the public key;
a resource obtaining unit 503, configured to determine whether the user login information is expired according to the validity period of the public key, and when the user login information is not expired, decrypt the encrypted resource character string according to the public key to obtain a decrypted resource character string;
a sending unit 504, configured to send the resource corresponding to the decrypted resource character string to the client.
In a possible implementation manner, the cache server further includes:
the judging unit is used for judging the difference value between the time stamp in the resource request character string and the time stamp in the cache server if the decryption is successful, and refusing to return the resource if the difference value is greater than the preset request validity period; if the decryption fails, the resource is refused to be returned.
In one possible implementation of the method according to the invention,
the receiving unit 501 is further configured to receive a fragmentation request string sent by a client, where the fragmentation request string includes a fragmentation string and a verification string encrypted by a private key;
the decryption unit 502 is further configured to decode the verification string to obtain a public key and a validity period of the public key;
the resource obtaining unit 503 is further configured to determine whether the user login information is expired according to the validity period of the public key, and when the user login information is not expired, decrypt the encrypted fragment character string according to the public key to obtain a decrypted fragment character string;
the sending unit 504 is further configured to send the sliced file corresponding to the decrypted sliced character string to the client.
Since the cache server is a device corresponding to the another resource acquisition method provided in the above method embodiment, and the specific implementation of each unit of the cache server is the same as that in the above method embodiment, for the specific implementation of each unit of the cache server, reference may be made to the description part of the above method embodiment for the another resource acquisition method, and details are not described here.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Moreover, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is only a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, each service unit in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may be implemented in the form of a software service unit.
The integrated unit, if implemented as a software business unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application, which are essential or part of the technical solutions contributing to the prior art, or all or part of the technical solutions, may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Those skilled in the art will recognize that the services described in this disclosure may be implemented in hardware, software, firmware, or any combination thereof, in one or more of the examples described above. When implemented in software, the services may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The above embodiments are intended to explain the objects, aspects and advantages of the present invention in further detail, and it should be understood that the above embodiments are merely illustrative of the present invention.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and these modifications or substitutions do not depart from the scope of the technical solutions of the embodiments of the present application.

Claims (10)

1. A resource acquisition method is applied to a client, and the method comprises the following steps:
receiving a verification string and a key sent by a login server;
decrypting the secret key to obtain a private key;
sending a resource request character string to a cache server, wherein the resource request character string comprises a resource character string encrypted by the private key and the verification string;
and receiving the resource returned by the cache server, wherein the resource is the resource obtained by decoding the verification string by the cache server to obtain a public key, decrypting the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtaining the resource corresponding to the decrypted resource character string.
2. The method of claim 1, wherein before receiving the authentication string and the key sent by the login server, the method further comprises:
and connecting the login server to ensure that the login server authenticates the user using the client, and returning a verification string and a key to the client after the authentication is passed.
3. The method of claim 1, wherein decrypting the key to obtain a private key comprises:
and decrypting the key according to a decryption method corresponding to the encryption method adopted by the login server to obtain the private key.
4. The method of claim 1, wherein the resource request string further comprises: and (4) time stamping.
5. The method of claim 1, wherein the resource is an index file, the method further comprising:
after receiving the index file, extracting a fragment character string from the index file;
sending a fragmentation request character string to the cache server according to the fragmentation character string, wherein the fragmentation request character string comprises a fragmentation character string encrypted by the private key and the verification string;
and receiving a fragment file returned by the cache server, wherein the fragment file is obtained by decoding the verification string by the cache server to obtain a public key, and decrypting the encrypted fragment character string according to the public key to obtain the fragment file corresponding to the decrypted fragment character string.
6. A resource acquisition method is applied to a cache server, and the method comprises the following steps:
receiving a resource request character string sent by a client, wherein the resource request character string comprises a resource character string and a verification string which are encrypted by a private key;
decoding the verification string to obtain a public key and a validity period of the public key;
judging whether the user login information is overdue or not according to the validity period of the public key, and decrypting the encrypted resource character string according to the public key when the user login information is not overdue to obtain a decrypted resource character string;
and sending the resource corresponding to the decrypted resource character string to the client.
7. The method according to claim 6, wherein after decrypting the encrypted resource string according to the public key, the method further comprises:
if the decryption is successful, judging the difference value between the timestamp in the resource request character string and the timestamp in the cache server, and if the difference value is greater than the preset request validity period, refusing to return the resource;
and if the decryption fails, refusing to return the resource.
8. The method of claim 6, further comprising:
receiving a fragmentation request character string sent by a client, wherein the fragmentation request character string comprises a fragmentation character string encrypted by a private key and the verification string;
decoding the verification string to obtain a public key and a validity period of the public key;
judging whether the user login information is overdue according to the validity period of the public key, and decrypting the encrypted fragmentation character string according to the public key when the user login information is not overdue to obtain a decrypted fragmentation character string;
and sending the fragment file corresponding to the decrypted fragment character string to a client.
9. A client, the client comprising:
the receiving unit is used for receiving the verification string and the key sent by the login server;
the decryption unit is used for decrypting the secret key to obtain a private key;
a sending unit, configured to send a resource request string to a cache server, where the resource request string includes a resource string encrypted by the private key and the verification string;
the receiving unit is further configured to receive a resource returned by the cache server, where the resource is a public key obtained by decoding the verification string by the cache server, and decrypts the encrypted resource character string according to the public key to obtain a decrypted resource character string, and obtains a resource corresponding to the decrypted resource character string.
10. A cache server, the cache server comprising:
the system comprises a receiving unit, a verification unit and a resource request processing unit, wherein the receiving unit is used for receiving a resource request character string sent by a client, and the resource request character string comprises a resource character string and a verification string which are encrypted by a private key;
the decryption unit is used for decoding the verification string to obtain a public key and a validity period of the public key;
the resource acquisition unit is used for judging whether the user login information is overdue according to the validity period of the public key, and when the user login information is not overdue, decrypting the encrypted resource character string according to the public key to obtain a decrypted resource character string;
and the sending unit is used for sending the resource corresponding to the decrypted resource character string to the client.
CN202211316788.8A 2022-10-26 2022-10-26 Resource acquisition method and device Pending CN115694948A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211316788.8A CN115694948A (en) 2022-10-26 2022-10-26 Resource acquisition method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211316788.8A CN115694948A (en) 2022-10-26 2022-10-26 Resource acquisition method and device

Publications (1)

Publication Number Publication Date
CN115694948A true CN115694948A (en) 2023-02-03

Family

ID=85099796

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211316788.8A Pending CN115694948A (en) 2022-10-26 2022-10-26 Resource acquisition method and device

Country Status (1)

Country Link
CN (1) CN115694948A (en)

Similar Documents

Publication Publication Date Title
CN101431415B (en) Bidirectional authentication method
CN101222509B (en) Data protection transmission method of P2P network
CN107517179B (en) Authentication method, device and system
CN107707504B (en) Streaming media playing method and system, server and client
CN101977190B (en) Digital content encryption transmission method and server side
US20060200415A1 (en) Videonline security network architecture and methods therefor
US20080270578A1 (en) Method, Device And Data Download System For Controlling Effectiveness Of A Download Transaction
JP5626816B2 (en) Method and apparatus for partial encryption of digital content
CN100592312C (en) Digital literary property protection method, system, user equipment and multimedia server
CN109547198B (en) System for network transmission video file
CN108243176B (en) Data transmission method and device
JP2005510184A (en) Key management protocol and authentication system for secure Internet protocol rights management architecture
MXPA04007546A (en) Method and system for providing third party authentification of authorization.
US20060047976A1 (en) Method and apparatus for generating a decrpytion content key
US20030217163A1 (en) Method and system for assessing a right of access to content for a user device
CN104378379A (en) Encryption transmission method, equipment and system for digital content
CN105491073A (en) Data downloading method, device and system
CN111884811A (en) Block chain-based data evidence storing method and data evidence storing platform
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
CN103237010A (en) Server side for providing digital content in encryption mode
CN103237011B (en) Digital content encryption transmission method and server end
CN113382001B (en) Communication encryption method and related device
CN110572454A (en) Advertisement delivery system for guaranteeing safety of advertisement delivery process
CN104506530A (en) Network data processing method and device and data transmission method and device
US20200364317A1 (en) Method and system for identifying a user terminal in order to receive streaming protected multimedia content

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination