CN117651161A

CN117651161A - Streaming play control method and device, electronic equipment, server and storage medium

Info

Publication number: CN117651161A
Application number: CN202311374637.2A
Authority: CN
Inventors: 肖斌; 胥斌; 范立春
Original assignee: China Film Equipment Co ltd
Current assignee: China Film Equipment Co ltd
Priority date: 2023-10-23
Filing date: 2023-10-23
Publication date: 2024-03-05

Abstract

The disclosure relates to a method and a device for controlling streaming play, an electronic device, a server and a storage medium, wherein the method comprises the following steps: transmitting first confirmation information to an authentication server, wherein the first confirmation information comprises identification information of the control end and identification information of the playing end; if binding confirmation information returned by the authentication server is received, carrying out key negotiation with the playing end to obtain a negotiation key, wherein the binding confirmation information indicates that the control end and the playing end have completed binding; and communicating with the playing end by using the negotiation key. According to the embodiment of the disclosure, under the condition that the control end and the playing end are bound, the control end and the playing end perform key negotiation to obtain the negotiation key, so that the method and the device are used for end-to-end communication, and the security of mobile showing can be improved.

Description

Streaming play control method and device, electronic equipment, server and storage medium

Technical Field

The disclosure relates to the field of computer technology, and in particular, to a method and device for controlling streaming play, an electronic device, a server and a storage medium.

Background

With the development of mobile showing, mobile movies gradually enter communities, schools and the like, are applied to various scenes, show public, show various modes of mobile showing, such as remote playing in different places, local playing and local playing, have higher safety requirements on playing content and playing control, and strictly control identity authentication and communication encryption of a control end, however, at present, great potential safety hazards exist in playing control, and the situation that the mobile showing is illegally controlled remotely occurs.

Disclosure of Invention

According to an aspect of the present disclosure, there is provided a method for controlling a streaming play, where the method is applied to a control terminal that controls a play terminal, and the method includes:

transmitting first confirmation information to an authentication server, wherein the first confirmation information comprises identification information of the control end and identification information of the playing end;

if binding confirmation information returned by the authentication server is received, carrying out key negotiation with the playing end to obtain a negotiation key, wherein the binding confirmation information indicates that the control end and the playing end have completed binding;

and communicating with the playing end by using the negotiation key.

In a possible implementation manner, the performing key negotiation with the playing end to obtain a negotiation key includes:

encrypting the first random key by using the identification information of the control terminal to obtain and send first control terminal encryption information to the playing terminal;

decrypting the first playing end encryption information transmitted by the playing end by utilizing the first control end encryption information to obtain a second random key, encrypting the first random character string by utilizing the second random key to obtain and transmitting second control end encryption information to the playing end;

decrypting the encrypted information of the second playing end transmitted by the playing end by using the first random character string to obtain a second random character string, encrypting the second random character string by using the first random key to obtain and transmitting encrypted information of a third control end to the playing end;

and if the negotiation key confirmation information sent by the playing end is received, confirming that the negotiation key consists of the first random key and the second random key.

In one possible embodiment, the method further comprises:

transmitting the asymmetric encryption public key of the control end and the identification information of the control end to the authentication server;

Sending a connection request to the playing end, wherein the connection request is used for establishing connection between a control end and the playing end;

under the condition that third playing end encryption information transmitted by the playing end is received, the identification information of the control end and the third playing end encryption information are encrypted by utilizing the asymmetric encryption private key of the control end, so that fourth control end encryption information is obtained and transmitted to the authentication server;

and receiving successful binding information transmitted by the authentication server, wherein the successful binding information comprises the identification information of the playing end.

In one possible embodiment, the method further comprises:

sending an unbinding request to the playing end, wherein the unbinding request is obtained by encrypting the identification information of the control end and the asymmetric encryption private key of the control end;

and receiving unbinding command information transmitted by the authentication server, and unbinding the unbinding command information from the playing end.

According to an aspect of the present disclosure, there is provided a method for controlling streaming play, where the method is applied to a playing end, and the method includes:

transmitting second confirmation information to an authentication server, wherein the second confirmation information comprises identification information of the control end and identification information of the playing end;

If binding confirmation information returned by the authentication server is received, carrying out key negotiation with the control terminal to obtain a negotiation key, wherein the binding confirmation information indicates that the control terminal and the playing terminal have completed binding equipment pairs;

and communicating with the control end by using the negotiation key.

In a possible implementation manner, the performing key negotiation with the control terminal to obtain a negotiation key includes:

decrypting the first control end encryption information from the control end by using the identification information of the control end to obtain a first random key, encrypting the first control end encryption information by using a second random key to obtain and send first play end encryption information to the control end;

decrypting the received encrypted information of the second control end by using the second random key to obtain a first random character string, encrypting the first random character string by using the second random character string to obtain and send encrypted information of the second playing end to the control end;

decrypting the received encrypted information of the third control end by using the first random key to obtain a decryption character string, and if the decryption character string is identical to the second random character string, confirming that the negotiation key consists of the first random key and the second random key, and sending negotiation key confirmation information to the control end.

In one possible embodiment, the method further comprises:

transmitting the asymmetric encryption public key of the playing end and the identification information of the playing end to the authentication server;

under the condition that a connection request transmitted by a control end is received, encrypting the identification information of the play end by using an asymmetric encryption private key of the play end to obtain and send third play end encryption information to the control end;

and receiving successful binding information transmitted by the authentication server, wherein the successful binding information comprises identification information of the control terminal.

In one possible embodiment, the method further comprises:

under the condition that an unbinding request of the control end is received, encrypting the unbinding request and the identification information of the playing end by utilizing the asymmetric encryption private key of the playing end to obtain and send fourth playing end encryption information to an authentication server;

and receiving unbinding command information transmitted by the authentication server, and unbinding the unbinding command information from the control terminal.

According to an aspect of the present disclosure, there is provided a streaming play control method applied to an authentication server, the method including:

under the condition that first confirmation information transmitted by the control end and second confirmation information transmitted by the playing end are received, determining identification information carried by the first confirmation information and the second confirmation information;

If the control end and the playing end are determined to be bound according to the identification information carried by the first confirmation information and the second confirmation information, binding confirmation information is sent to the control end and the playing end, and the binding confirmation information indicates that the control end and the playing end are bound.

In one possible embodiment, the method further comprises:

receiving the asymmetric encryption public key of the control end, the identification information of the control end and the asymmetric encryption public key of the play end, which are sent by the play end, from the control end;

under the condition that the fourth control end encryption information transmitted by the control end is received, decrypting the fourth control end encryption information by using the control end asymmetric encryption public key to obtain first decryption identification information and third playing end encryption information, and decrypting the third playing end encryption information by using the playing end asymmetric encryption public key to obtain second decryption identification information;

and under the condition that the first decryption identification information and the second decryption identification information are respectively identical with the identification information of the control end and the identification information of the playing end, sending binding success information to the playing end and the control end, wherein the binding success information comprises the identification information of the control end and the playing end.

In one possible embodiment, the method further comprises:

respectively sending an unbinding command to the control end and the playing end; or (b)

And under the condition that the fourth playing end encryption information transmitted by the playing end is received, decrypting the fourth playing end encryption information by utilizing the control end asymmetric encryption public key and the playing end asymmetric encryption public key, and if the identification information obtained by decryption is the identification information of the control end and the encryption information of the playing end, respectively transmitting an unbinding command to the control end and the playing end.

According to an aspect of the present disclosure, there is provided a streaming play control device applied to a control terminal that controls a play terminal, the device including:

the first sending module is used for sending first confirmation information to the authentication server, wherein the first confirmation information comprises the identification information of the control end and the identification information of the playing end;

the first negotiation module is used for carrying out key negotiation with the playing end to obtain a negotiation key if binding confirmation information returned by the authentication server is received, wherein the binding confirmation information indicates that the control end and the playing end have completed binding;

And the first communication module is used for communicating with the playing end by utilizing the negotiation secret key.

According to an aspect of the present disclosure, there is provided a streaming play control device, which is applied to a play end, the device including:

the second sending module is used for sending second confirmation information to the authentication server, wherein the second confirmation information comprises the identification information of the control end and the identification information of the playing end;

the second negotiation module performs key negotiation with the control terminal to obtain a negotiation key if binding confirmation information returned by the authentication server is received, wherein the binding confirmation information indicates that the control terminal and the playing terminal have completed binding equipment pairs;

and the second communication module is used for communicating with the control terminal by utilizing the negotiation key.

According to an aspect of the present disclosure, there is provided a streaming play control apparatus applied to an authentication server, the apparatus including:

the determining module is used for determining the identification information carried by the first confirmation information and the second confirmation information under the condition that the first confirmation information transmitted by the control end and the second confirmation information transmitted by the playing end are received;

And the third sending module is used for sending binding confirmation information to the control end and the playing end if the control end and the playing end are determined to be bound according to the identification information carried by the first confirmation information and the second confirmation information, wherein the binding confirmation information indicates that the control end and the playing end are bound.

According to an aspect of the present disclosure, there is provided an electronic apparatus including:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to invoke the instructions stored in the memory to execute the streaming control method.

According to an aspect of the present disclosure, there is provided a server, including:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to invoke the instructions stored in the memory to perform the method.

According to an aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions, characterized in that the computer program instructions, when executed by a processor, implement the method.

According to the method and the device for achieving the mobile projection, under the condition that the control end and the playing end are bound, the control end and the playing end conduct key negotiation to obtain a negotiation key, the negotiation key is used for end-to-end communication, and therefore safety of mobile projection can be improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure. Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the technical aspects of the disclosure.

Fig. 1 shows a schematic diagram of a streaming play control system according to an embodiment of the present disclosure.

Fig. 2 shows a flowchart of a streaming play control method according to an embodiment of the present disclosure.

Fig. 3 shows a flowchart of a streaming play control method according to an embodiment of the present disclosure.

Fig. 4 shows a flowchart of a streaming play control method according to an embodiment of the present disclosure.

Fig. 5 shows a block diagram of a streaming play control device according to an embodiment of the present disclosure.

Fig. 6 shows a block diagram of a streaming play control device according to an embodiment of the present disclosure.

Fig. 7 shows a block diagram of a streaming play control device according to an embodiment of the present disclosure.

Fig. 8 shows a block diagram of an electronic device according to an embodiment of the disclosure.

Fig. 9 shows a block diagram of a server according to an embodiment of the present disclosure.

Detailed Description

Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated.

In the description of the present disclosure, it should be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientation or positional relationships shown in the drawings, merely to facilitate description of the present disclosure and simplify the description, and do not indicate or imply that the devices or elements referred to must have a particular orientation, be configured and operated in a particular orientation, and thus should not be construed as limiting the present disclosure.

Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present disclosure, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.

In the present disclosure, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "secured," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communicated with the inside of two elements or the interaction relationship of the two elements. The specific meaning of the terms in this disclosure will be understood by those of ordinary skill in the art as the case may be.

The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.

Furthermore, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements, and circuits well known to those skilled in the art have not been described in detail in order not to obscure the present disclosure.

Referring to fig. 1, fig. 1 shows a schematic diagram of a streaming play control system according to an embodiment of the disclosure.

In one example, as shown in fig. 1, the system includes a control end, a playing end, and an authentication server, where the control end and the playing end may be connected in a wired or wireless manner, the control end is used to control the operation of the playing end, for example, control the playing end to play, and the authentication server is used to perform security management on the control end and the playing end, so as to improve the security of the mobile playing.

For example, the control side may include a processing component or an electronic device including a processing component, which in one example includes, but is not limited to, a separate processor, or a discrete component, or a combination of a processor and a discrete component. The processor may include a controller in an electronic device having the functionality to execute instructions, and may be implemented in any suitable manner, for example, by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements. Within the processor, the executable instructions may be executed by hardware circuits such as logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers.

In one example, the electronic device may be a User Equipment (UE), a mobile device, a User terminal, a handheld device, a computing device, or an in-vehicle device, etc., and examples of some terminals are: a Mobile Phone, a tablet, a notebook, a palm, a Mobile internet device (Mobile Internetdevice, MID), a wearable device, a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless terminal in industrial control (Industrial Control), a wireless terminal in unmanned driving (Selfdriving), a wireless terminal in teleoperation (Remote medical Surgery), a wireless terminal in Smart Grid (Smart Grid), a wireless terminal in transportation security (Transportation Safety), a wireless terminal in Smart City (Smart City), a wireless terminal in Smart Home (Smart Home), a wireless terminal in the internet of vehicles, and the like.

In one example, the authentication server may be a cloud server.

In one example, a security chip can be arranged in the control end and the playing end, the security chip is a trusted platform module and is a device capable of independently generating and encrypting and decrypting keys, and the device is internally provided with an independent processor and a storage unit and can store keys and characteristic data to provide encryption and security authentication services. Of course, the embodiment of the disclosure does not limit the specific type or implementation manner of the security chip, and a person skilled in the art can select a proper security chip architecture according to actual situations and needs, and the encryption algorithm adopted by the security chip is also optional, so that the security chip supports the symmetric cryptographic algorithm, the asymmetric cryptographic algorithm and the hash algorithm specified by the national cryptographic administration, and simultaneously supports the characteristics of other international cryptographic algorithms; such as symmetric cryptographic algorithms: SM1, etc.; asymmetric cryptographic algorithm: SM2/RSA, etc.; hashing algorithm and hashing algorithm: SM3, etc.

The control end, the playing end and the authentication server in the system can execute the corresponding flow playing control methods provided by the embodiment of the disclosure, and the method is described below.

Referring to fig. 2, fig. 2 shows a flowchart of a streaming play control method according to an embodiment of the present disclosure.

As shown in fig. 2, the method is applied to a control end for controlling a playing end, and the method includes:

step S11, first confirmation information is sent to an authentication server, wherein the first confirmation information comprises identification information of the control end and identification information of the playing end;

step S12, if binding confirmation information returned by the authentication server is received, performing key negotiation with the playing end to obtain a negotiation key, wherein the binding confirmation information indicates that the control end and the playing end have completed binding;

and step S13, communicating with the playing end by using the negotiation key.

Referring to fig. 3, fig. 3 shows a flowchart of a streaming play control method according to an embodiment of the present disclosure.

As shown in fig. 3, the method is applied to a playing end, and includes:

step S21, sending second confirmation information to the authentication server, wherein the second confirmation information comprises the identification information of the control end and the identification information of the playing end;

step S22, if binding confirmation information returned by the authentication server is received, carrying out key negotiation with the control terminal to obtain a negotiation key, wherein the binding confirmation information indicates that the control terminal and the playing terminal have completed binding equipment pairs;

And step S23, communicating with the control terminal by using the negotiation key.

Referring to fig. 4, fig. 4 shows a flowchart of a streaming play control method according to an embodiment of the present disclosure.

As shown in the figure 3 of the drawings,

as shown in fig. 4, the method is applied to an authentication server, and comprises the following steps:

step S31, under the condition that the first confirmation information transmitted by the control end and the second confirmation information transmitted by the playing end are received, determining the identification information carried by the first confirmation information and the second confirmation information;

step S32, if it is determined that the control end and the playing end have completed binding according to the identification information carried by the first acknowledgement information and the second acknowledgement information, the binding acknowledgement information is sent to the control end and the playing end, where the binding acknowledgement information indicates that the control end and the playing end have completed binding.

Illustratively, when the control end and the control playing end are to communicate, the control end sends first confirmation information to the authentication server, where the first confirmation information includes identification information of the control end and identification information of the playing end (step S11); the playing end sends second confirmation information to the authentication server, wherein the second confirmation information comprises the identification information of the control end and the identification information of the playing end (step S21), the authentication server determines the identification information carried by the first confirmation information and the second confirmation information under the condition that the authentication server receives the first confirmation information transmitted by the control end and the second confirmation information transmitted by the playing end (step S31), if the authentication server determines that the control end and the playing end have completed binding according to the identification information carried by the first confirmation information and the second confirmation information, the authentication server sends binding confirmation information to the control end and the playing end, the binding confirmation information indicates that the control end and the playing end have completed binding (step S32), if the control end and the playing end receive the binding confirmation information returned by the authentication server, the control end and the playing end carry out key negotiation to obtain a negotiation key (step S12 and step S22), and carry out communication by using the negotiation key (step S13 and step S23). Through the mode, the embodiment of the disclosure carries out binding verification of the control end and the playing end through the authentication server, obtains the negotiation key through key negotiation to carry out communication encryption, mutual authentication of the control end and the playing end can prevent identity impersonation, and uses the negotiation key to encrypt and check data in the communication process, so that the data is prevented from being tampered and stolen, and double guarantee of flow projection control safety can be realized.

The embodiment of the disclosure does not limit specific forms of the first confirmation information, the second confirmation information and the binding confirmation information, and does not limit specific forms of the identification information of the control end and the identification information of the playing end, so that a person skilled in the art can select a proper implementation mode according to actual situations and needs.

The specific implementation manner of the key negotiation between the control end and the playing end is not limited in the embodiment of the disclosure, the specific form of the negotiation key is not limited, and a person skilled in the art can set the key negotiation manner between the playing end and the control end according to actual situations and needs.

The embodiment of the disclosure does not limit the specific content of the end-to-end communication between the playing end and the control end by using the negotiation key.

In a possible implementation manner, the control end performs key negotiation with the playing end to obtain a negotiation key, which may include:

step S101, a control terminal encrypts a first random key by using identification information of the control terminal to obtain and send first control terminal encryption information to the play terminal;

for example, the security chip of the control terminal may randomly generate a public/key pair K 'as the first random key, and may perform an encryption operation by using a symmetric key algorithm, so as to encrypt the first random key by using the identification information of the control terminal, to obtain and send first control terminal encryption information (assumed to be Ep (K')) to the play terminal.

Step S201, a playing end decrypts the first control end encryption information from the control end by using the identification information of the control end to obtain a first random key, encrypts the first control end encryption information by using a second random key to obtain and send first playing end encryption information to the control end;

illustratively, since the identification information of the control end is already bound before and stored in the memory of the play end, after receiving the first control end encryption information Ep (K '), the play end decrypts the first control end encryption information Ep (K ') of the control end by using the identification information of the control end to obtain a first random key K ', and the play end can generate a random session key K by using its own security chip as a second random key and perform encryption operation by using a symmetric encryption algorithm, encrypts the first control end encryption information Ep (K ') by using the second random key K to obtain and send the first play end encryption information Ep (E K ' (K)) to the control end.

Step S102, the control end decrypts the first playing end encryption information transmitted by the playing end by utilizing the first control end encryption information to obtain a second random key, encrypts the first random character string by utilizing the second random key to obtain and send second control end encryption information to the playing end;

Illustratively, after receiving the first play-end encryption information Ep (E K ' (K)), the control end decrypts and decomposes the second random key K from the first play-end encryption information Ep (E K ' (K)) by using the existing first control-end encryption information Ep (K '), then generates a first random string RA, encrypts the first random string RA by using the second random key K to obtain second control-end encryption information Ek (RA), and sends the second control-end encryption information Ek (RA) to the player.

Step S202, the playing end decrypts the received encrypted information of the second control end by using the second random key to obtain a first random character string, encrypts the first random character string by using the second random character string to obtain and send encrypted information of the second playing end to the control end;

for example, after receiving the second control end encryption information Ek (RA), the player may decrypt the second control end encryption information Ek (RA) with the second random key K to obtain a first random string RA, generate a second random string RB with the self-security chip, encrypt the second control end encryption information RA and the second random string RB with an encryption algorithm, and obtain and send the second play end encryption information Ek (RA, RB) to the control end.

Step S103, the control end decrypts the encrypted information of the second playing end transmitted by the playing end by using the first random character string to obtain a second random character string, encrypts the second random character string by using the first random key to obtain and transmits encrypted information of the third control end to the playing end;

illustratively, after receiving the second player encryption information Ek (RA, RB), the control end may decrypt the second player encryption information Ek (RA, RB) with the first random string RA to obtain a second random string RB, and encrypt the second random string RB with the first random key K' to obtain the third control end encryption information Ek (RB), and send the third control end encryption information Ek (RB) to the player.

Step S203, the playing end decrypts the received encrypted information of the third control end by using the first random key to obtain a decrypted string, and if the decrypted string is the same as the second random string, confirms that the negotiation key is composed of the first random key and the second random key, and sends negotiation key confirmation information to the control end.

Illustratively, after receiving the third control end encryption information Ek (RB), the player decrypts the third control end encryption information Ek (RB) by using the first random key K ', and obtains a decrypted string, if the obtained decrypted string is the same as the second random string RB stored by itself, the keys exchange and authentication of the two parties succeed, and the negotiation key is confirmed to be composed of the first random key K' and the second random key K, and the negotiation key confirmation information is sent to the control end.

Step S104, if the control end receives the negotiation key confirmation information sent by the playing end, confirming that the negotiation key consists of the first random key and the second random key.

By the mode, the control end and the playing end of the embodiment of the disclosure can quickly realize key negotiation. And then the session communication of the two parties adopts the negotiation key to communicate, and the data is encrypted by the negotiation key so as to further improve the security of the mobile showing.

Of course, the above description of the implementation of key agreement at the control end, the playback end is exemplary and should not be taken as limiting the embodiments of the present disclosure.

In one possible implementation, the playing end and the control end may communicate with the authentication server before communication, so as to implement device binding, which is described in the following exemplary manner.

In one possible embodiment, the method may further comprise:

step S105, the control end sends the asymmetric encryption public key of the control end and the identification information of the control end to the authentication server;

step S204, the playing end sends the playing end asymmetric encryption public key and the identification information of the playing end to the authentication server;

for example, the control end and the security chip of the playing end may generate respective asymmetric encryption key pairs by using an asymmetric encryption algorithm, for example, the key pair of the control end includes a control end asymmetric encryption public key pkey1 and a control end asymmetric encryption private key PrivateKEY1, the key pair of the playing end includes a playing end asymmetric encryption public key pkey2 and a playing end asymmetric encryption private key PrivateKEY2, when the device binding is required, the control end sends the control end asymmetric encryption public key pkey1 and identification information of the control end to the authentication server, and the playing end sends the playing end asymmetric encryption public key pkey2 and the identification information of the playing end to the authentication server.

Step 301, the authentication server receives the asymmetric encryption public key of the control end sent by the control end, the identification information of the control end, the asymmetric encryption public key of the play end sent by the play end, and the identification information of the play end;

the authentication server may store the control end asymmetric encryption public key pkey1, the identification information of the control end, the asymmetric encryption public key pkey2 of the play end, and the identification information of the play end into the memory after receiving the control end asymmetric encryption public key pkey1, the identification information of the control end, and the identification information of the play end sent by the control end and the play end asymmetric encryption public key pkey2 sent by the play end.

Step S106, the control end sends a connection request to the playing end, wherein the connection request is used for establishing connection between the control end and the playing end;

step S205, under the condition that the playing end receives a connection request transmitted by the control end, the playing end asymmetric encryption private key is utilized to encrypt the identification information of the playing end, and third playing end encryption information is obtained and sent to the control end;

for example, after receiving the connection request, the playing end may obtain the unique identification number ID2 from the playing end security chip as the identification information of the playing end, encrypt (e.g. adopt RSA encryption algorithm) the identification information ID2 of the playing end by using the playing end private key PrivateKEY2 to obtain the third playing end encrypted information EK2 (ID 2), and send the ID2+ek2 (ID 2) to the control end.

Step S107, when receiving the third playing end encryption information transmitted from the playing end, the control end encrypts the identification information of the control end and the third playing end encryption information by using the asymmetric encryption private key of the control end to obtain and send fourth control end encryption information to the authentication server;

for example, the control end may record the identification information of the play end, obtain the unique identification number ID1 of the own security chip as the identification information of the control end, encrypt the ID1+ek2 (ID 2) with the private key PrivateKEY1 to obtain the fourth control end encryption information ek1 (ID 1+ek2 (ID 2)), and send the fourth control end encryption information ek1 (ID 1+ek12 (ID 2)) to the cloud authentication server.

Step S302, under the condition that the authentication server receives the encryption information of the fourth control end transmitted by the control end, the authentication server decrypts the encryption information of the fourth control end by using the asymmetric encryption public key of the control end to obtain first decryption identification information and encryption information of the third playing end, and decrypts the encryption information of the third playing end by using the asymmetric encryption public key of the playing end to obtain second decryption identification information;

illustratively, the authentication server decrypts the fourth control-side encrypted information EK1 (id1+ek2 (ID 2)) by the stored control-side public key pkey1, and then obtains the first decryption identification information ID1, and decrypts the third play-side encrypted information EK2 (ID 2) by the play-side public key pkey2 to obtain the second decryption identification information ID2.

Step S303, the authentication server sends binding success information to the playing end and to the control end when the first decryption identification information and the second decryption identification information are respectively the same as the identification information of the control end and the identification information of the playing end, where the binding success information includes the identification information of the control end and the playing end.

By way of example, if the authentication server determines that the first decryption identification information ID1 is the same as the identification information of the control end and the second decryption identification information ID2 is the same as the identification information of the play end, the authentication server records the binding relationship between the control end and the play end, and sends binding success information to the play end and to the control end, where the binding success information includes the identification information of the control end and the play end.

Step S206, the playing end receives the successful binding information transmitted by the authentication server, wherein the successful binding information comprises the identification information of the control end.

Step S108, the control end receives the successful binding information transmitted by the authentication server, wherein the successful binding information comprises the identification information of the playing end.

For example, the playing end and the control end may record the binding relationship between the playing end and the control end according to the binding success information.

In one possible implementation, the embodiments of the present disclosure may control the control end, the play end to unbind upon completion of the streaming presentation, or for other reasons, as exemplarily described below.

In one possible embodiment, the method may further comprise:

step S109, a control end sends an unbinding request to the playing end, wherein the unbinding request is obtained by encrypting the identification information of the control end and the asymmetric encryption private key of the control end;

the control terminal may encrypt the identification information of the control terminal by using the asymmetric encryption private key of the control terminal to obtain an unbinding request, and send the unbinding request to the unbinding object, where the unbinding request includes an unbinding request instruction, and the embodiment of the disclosure is not limited to a specific form.

Step S207, when receiving the unbinding request of the control end, the playing end encrypts the unbinding request and the identification information of the playing end by using the asymmetric encryption private key of the playing end to obtain and send fourth playing end encryption information to the authentication server;

Step S304, under the condition that the authentication server receives the fourth playing end encryption information transmitted by the playing end, the fourth playing end encryption information is decrypted by utilizing the control end asymmetric encryption public key and the playing end asymmetric encryption public key, and if the identification information obtained by decryption is the identification information of the control end and the encryption information of the playing end, a binding-removing command is respectively sent to the control end and the playing end.

Step S110, the control end receives the unbinding command information transmitted by the authentication server and unbinding with the playing end.

Step S208, the playing end receives the unbinding command information transmitted by the authentication server and unbinding the unbinding command information from the control end.

For example, after receiving the unbinding command information, the control end and the play end may delete the information of the other party.

Of course, the unbinding command may be directly sent by the authentication server, for example, the authentication server directly sends the unbinding command to the control end and the play end respectively.

It will be appreciated that the above-mentioned method embodiments of the present disclosure may be combined with each other to form a combined embodiment without departing from the principle logic, and are limited to the description of the present disclosure. It will be appreciated by those skilled in the art that in the above-described methods of the embodiments, the particular order of execution of the steps should be determined by their function and possible inherent logic.

Referring to fig. 5, fig. 5 shows a block diagram of a streaming play control device according to an embodiment of the present disclosure.

As shown in fig. 5, the apparatus is applied to a control terminal for controlling a playing terminal, and the apparatus includes:

a first sending module 13, configured to send first acknowledgement information to an authentication server, where the first acknowledgement information includes identification information of the control end and identification information of the play end;

the first negotiation module 11 is configured to perform key negotiation with the playing end to obtain a negotiation key if binding confirmation information returned by the authentication server is received, where the binding confirmation information indicates that the control end and the playing end have completed binding;

a first communication module 12, configured to communicate with the playing end using the negotiation key.

In one possible implementation manner, the apparatus further includes a first binding module configured to:

In a possible implementation manner, the apparatus further includes a first unbinding module, configured to:

Referring to fig. 6, fig. 6 shows a block diagram of a streaming play control device according to an embodiment of the present disclosure.

The device is applied to a playing end, as shown in fig. 6, and the device includes:

a second sending module 23, configured to send second confirmation information to the authentication server, where the second confirmation information includes identification information of the control end and identification information of the play end;

the second negotiation module 21 performs key negotiation with the control terminal to obtain a negotiation key if binding confirmation information returned by the authentication server is received, wherein the binding confirmation information indicates that the control terminal and the play terminal have completed binding equipment pairs;

the second communication module 22 communicates with the control terminal using the negotiation key.

In a possible implementation manner, the apparatus further includes a second binding module, configured to:

In a possible implementation manner, the apparatus further includes a second unbinding module, configured to:

Referring to fig. 7, fig. 7 shows a block diagram of a streaming play control device according to an embodiment of the present disclosure.

The apparatus is applied to an authentication server, as shown in fig. 7, and includes:

a determining module 32, configured to determine, when receiving the first acknowledgement information sent by the control end and the second acknowledgement information sent by the play end, identification information carried by the first acknowledgement information and the second acknowledgement information;

And a third sending module 31, configured to send binding confirmation information to the control end and the play end if it is determined that the control end and the play end have completed binding according to the identification information carried by the first confirmation information and the second confirmation information, where the binding confirmation information indicates that the control end and the play end have completed binding.

In a possible implementation manner, the apparatus further includes a third binding module, configured to:

In a possible implementation manner, the apparatus further includes a third unbinding module, configured to:

According to the flow playing control device in various aspects of the embodiment of the disclosure, under the condition that the control end and the playing end are determined to be bound, the control end and the playing end perform key negotiation to obtain a negotiation key, and the negotiation key is used for end-to-end communication, so that the security of flow showing can be improved.

For example, when the control end and the control playing end are to communicate, the control end sends first confirmation information to the authentication server, wherein the first confirmation information comprises identification information of the control end and identification information of the playing end; the playing end sends second confirmation information to the authentication server, the second confirmation information comprises the identification information of the control end and the identification information of the playing end, the authentication server determines the identification information carried by the first confirmation information and the second confirmation information under the condition that the authentication server receives the first confirmation information transmitted by the control end and the second confirmation information transmitted by the playing end, if the authentication server determines that the control end and the playing end are bound according to the identification information carried by the first confirmation information and the second confirmation information, the authentication server sends binding confirmation information to the control end and the playing end, the binding confirmation information indicates that the control end and the playing end are bound, if the control end and the playing end receive the binding confirmation information returned by the authentication server, the control end and the playing end conduct key negotiation to obtain a negotiation key, and communication is conducted by using the negotiation key. Through the mode, the embodiment of the disclosure carries out binding verification of the control end and the playing end through the authentication server, obtains the negotiation key through key negotiation to carry out communication encryption, mutual authentication of the control end and the playing end can prevent identity impersonation, and uses the negotiation key to encrypt and check data in the communication process, so that the data is prevented from being tampered and stolen, and double guarantee of flow projection control safety can be realized.

In some embodiments, functions or modules included in an apparatus provided by the embodiments of the present disclosure may be used to perform a method described in the foregoing method embodiments, and specific implementations thereof may refer to descriptions of the foregoing method embodiments, which are not repeated herein for brevity.

The disclosed embodiments also provide a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the above-described method. The computer readable storage medium may be a non-volatile computer readable storage medium.

The embodiment of the disclosure also provides an electronic device, which comprises: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to invoke the instructions stored in the memory to perform the above method.

Embodiments of the present disclosure also provide a computer program product comprising computer readable code, or a non-transitory computer readable storage medium carrying computer readable code, which when run in a processor of an electronic device, performs the above method.

Referring to fig. 8, fig. 8 illustrates a block diagram of an electronic device according to an embodiment of the present disclosure.

For example, electronic device 800 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, exercise device, personal digital assistant, or the like.

Referring to fig. 8, an electronic device 800 may include one or more of the following components: a processing component 802, a memory 804, a power component 806, a multimedia component 808, an audio component 810, an input/output (I/O) interface 812, a sensor component 814, and a communication component 816.

The processing component 802 generally controls overall operation of the electronic device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 802 may include one or more processors 820 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interactions between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.

The memory 804 is configured to store various types of data to support operations at the electronic device 800. Examples of such data include instructions for any application or method operating on the electronic device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

The power supply component 806 provides power to the various components of the electronic device 800. The power components 806 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the electronic device 800.

The multimedia component 808 includes a screen between the electronic device 800 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front camera and/or a rear camera. When the electronic device 800 is in an operational mode, such as a shooting mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the electronic device 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 further includes a speaker for outputting audio signals.

The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be a keyboard, click wheel, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

The sensor assembly 814 includes one or more sensors for providing status assessment of various aspects of the electronic device 800. For example, the sensor assembly 814 may detect an on/off state of the electronic device 800, a relative positioning of the components, such as a display and keypad of the electronic device 800, the sensor assembly 814 may also detect a change in position of the electronic device 800 or a component of the electronic device 800, the presence or absence of a user's contact with the electronic device 800, an orientation or acceleration/deceleration of the electronic device 800, and a change in temperature of the electronic device 800. The sensor assembly 814 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact. The sensor assembly 814 may also include a photosensor, such as a Complementary Metal Oxide Semiconductor (CMOS) or Charge Coupled Device (CCD) image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 816 is configured to facilitate communication between the electronic device 800 and other devices, either wired or wireless. The electronic device 800 may access a wireless network based on a communication standard, such as a wireless network (WiFi), a second generation mobile communication technology (2G) or a third generation mobile communication technology (3G), or a combination thereof. In one exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the electronic device 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for executing the methods described above.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 804 including computer program instructions executable by processor 820 of electronic device 800 to perform the above-described methods.

Referring to fig. 9, fig. 9 shows a block diagram of a server according to an embodiment of the present disclosure.

For example, electronic device 1900 may be provided as a server. Referring to FIG. 9, electronic device 1900 includes a processing component 1922 that further includes one or more processors and memory resources represented by memory 1932 for storing instructions, such as application programs, that can be executed by processing component 1922. The application programs stored in memory 1932 may include one or more modules each corresponding to a set of instructions. Further, processing component 1922 is configured to execute instructions to perform the methods described above.

The electronic device 1900 may also include a power component 1926 configured to perform power management of the electronic device 1900, a wired or wireless network interface 1950 configured to connect the electronic device 1900 to a network, and an input/output (I/O) interface 1958. Electronic device 1900 may operate an operating system based on memory 1932, such as the Microsoft Server operating system (Windows Server) ^TM ) Apple Inc. developed graphical user interface based operating System (Mac OS X ^TM ) Multi-user multi-process computer operating system (Unix) ^TM ) Unix-like operating system (Linux) of free and open source code ^TM ) Unix-like operating system (FreeBSD) with open source code ^TM ) Or the like.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 1932, including computer program instructions executable by processing component 1922 of electronic device 1900 to perform the methods described above.

The present disclosure may be a system, method, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to implement aspects of the present disclosure.

The computer readable storage medium may be a tangible device that can hold and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: portable computer disks, hard disks, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static Random Access Memory (SRAM), portable compact disk read-only memory (CD-ROM), digital Versatile Disks (DVD), memory sticks, floppy disks, mechanical coding devices, punch cards or in-groove structures such as punch cards or grooves having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.

The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network interface card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in the respective computing/processing device.

Computer program instructions for performing the operations of the present disclosure can be assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, c++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may be executed entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present disclosure are implemented by personalizing electronic circuitry, such as programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), with state information of computer readable program instructions, which can execute the computer readable program instructions.

Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The computer program product may be realized in particular by means of hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied as a computer storage medium, and in another alternative embodiment, the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.

The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the improvement of technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. A method for controlling streaming play, wherein the method is applied to a control end for controlling a play end, and the method comprises the following steps:

and communicating with the playing end by using the negotiation key.

2. The method of claim 1, wherein the performing key negotiation with the playing end to obtain a negotiation key includes:

3. The method according to claim 1, wherein the method further comprises:

4. The method according to claim 1, wherein the method further comprises:

5. A method for controlling streaming play, wherein the method is applied to a playing end, and the method comprises the following steps:

and communicating with the control end by using the negotiation key.

6. The method of claim 5, wherein performing key negotiation with the control terminal to obtain a negotiation key comprises:

7. The method of claim 6, wherein the method further comprises:

8. The method of claim 5, wherein the method further comprises:

9. A streaming play control method, wherein the method is applied to an authentication server, and the method comprises:

10. The method according to claim 9, wherein the method further comprises:

11. The method according to claim 9, wherein the method further comprises:

12. A streaming play control device, wherein the device is applied to a control terminal for controlling a play terminal, and the device comprises:

13. A streaming play control device, wherein the device is applied to a play end, and the device comprises:

14. A streaming control device, wherein the device is applied to an authentication server, and the device comprises:

15. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to invoke the instructions stored in the memory to perform the method of any of claims 1 to 4, or the method of any of claims 5 to 8.

16. A server, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to invoke the instructions stored in the memory to perform the method of any of claims 9 to 11.

17. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the method of any one of claims 1 to 4, or the method of any one of claims 5 to 8, or the method of any one of claims 9 to 11.