TWI640194B - Content delivery network audio and video service anti-theft connection method - Google Patents

Abstract

The invention relates to a video service anti-theft connection method for a content delivery network, which mainly utilizes a verification token (Token) and a periodic inspection technology to discriminate and access a client resource of a CDN (Content Delivery Network) video and audio service. Whether the request is a network hacking or not, when the user wants to access the CDN resource, the user must first generate a correct Token for the service node to verify according to the resource URL, time and UID information to be accessed, and the CDN system will be verified after the verification is passed. Delivering corresponding resources, during the verification period, the service node will deliver a Sub-Request to the resource management server for each network request, and the server counts the Token-IP corresponding information. Further, it is determined whether it is a pirate, and the Token of the pirate is updated to the blacklist, and access is prohibited; during the non-checking period, the service node searches the blacklist for the blacklist member according to the token. If true, the resource request will be directly banned.

Description

Content delivery network audio and video service anti-theft connection method

The invention relates to a method for anti-theft connection of audio and video services, in particular to a network access and content delivery network (CDN) content delivery processing technology, which utilizes verification strings and periodic inspections to analyze and identify illegal pirates. In addition, it helps the operators to find illegal connections, disable and establish blacklists, and to block the video and audio services of the content delivery network that reduces the burden of the CDN system.

It is generally believed that it is illegal to collect pirated movies, albums, music files from the Internet, or to have personal computers or pass them on to others. However, it is not known to transmit pirated video and audio networks through LINK and other social software and other channels. Linking to watch pirated video and audio, although it is illegal to not directly transfer or download the file.

However, although it is illegal for the law to transmit pirated video and audio network links or to watch pirated video and audio through links, it is not only a large number but also technically difficult to arrest illegally because of the large number of people watching and transmitting links. Imagine that the streaming video and audio transmission is a lot of broken signals. It has been temporarily stored on the netizen computer. After reading it, it will disappear. If you want to use high-tech equipment and technology to check whether a housewife has seen pirated Korean drama. The cost is extremely high.

Therefore, US Patent No. 6,941,368 "Protecting resource URLs from being served without a base web page" provides a record of user source IP, statistical duplicate capital As a basis for judging theft, however, the method provided by this patent is indistinguishable to users under the NAT service (that is, sharing the same Public IP), resulting in the resource link being used by the same NAT IP user. Pirates.

The US Patent No. US20090217354 "Controlling access of a client system to access protected remote resources supporting relative URLs" provides a means of preventing fraudulent use through user login information, but the patent is located after the user logs in. The relevant resources of the station are accessible, so the pirate can fully access the resources of the station through a legal login; It can be seen that the conventional techniques and methods are not effective in suppressing the piracy, and need to be improved. In view of the above, the present invention actively studies and improves the innovation and research and development of the audio-visual service of the content delivery network. Anti-theft connection method.

One object of the present invention is to provide a video service anti-theft connection method that can help a carrier to quickly identify an illegal pirate and remove the content delivery network from which the user continues to access the CDN system resources.

Another object of the present invention is to provide a video service anti-theft connection method for discriminating an illegal pirate's content delivery network by transmitting a verification string and an inspection stage.

Another object of the present invention is to provide an audio-visual service anti-theft device for verifying whether a verification string brought in by a user is legitimate when receiving a request for each network resource access. Even the method.

A further object of the present invention is to provide an audio-visual service anti-theft method for the content delivery network that distinguishes the corresponding verification string and the access IP in the verification phase, and then discriminates the sharing behavior of the URL.

In order to achieve the above object, the audio-visual service anti-theft connection method of the delivery network of the present invention determines whether the resource request can be made according to the verification string brought by the network request (Request), whether or not the correct algorithm is generated. The CDN network audio and video resources are normally accessed, and during the verification period, the service node delivers a Sub-Request to the resource management server according to each Request, and the server statistically analyzes whether the Request is illegally stolen, and The blacklist information is synchronized to the service node, and during the non-checking period, the service node can directly block the anti-theft method of the audio-visual service of the content communication network of the illegal pirate according to the blacklist.

S11~S16‧‧‧Step process

S21~S28‧‧‧Step process

1 is a flow chart of a method for preventing audio-visual service of a content delivery network according to the present invention; and FIG. 2 is a flow chart of determining whether a video card authentication token (legal) is legal according to the cache server of the present invention.

The specific embodiments of the present invention are described below to illustrate the embodiments of the present invention, but are not intended to limit the scope of the present invention to be protected: Referring to FIG. 1, the content of the present invention is a video service security connection method, and the steps thereof include :S11: The player is synchronized with the time server; S12: the player generates a verification UID according to the time factor; S13: the player requests to play the specified m3u8-url movie to the cache server, and includes the UID for the cache server verification; S14: the cache server verifies the UID Legitimate, delivering a playlist containing a plurality of video clips (*.ts) URLs to the player; S15: the player generates a video clip verification code (token) according to the UID and ts-url, and delivers to the cache server; S16: The cache server determines the legality according to the token, and delivers the video clip.

Step S11 is that the player synchronizes with the national time server, and the cache server also performs time synchronization. The main reason for execution is that in the step S12, both the player and the cache server generate a UID (user identifier) through the time factor. ID) and verify the legitimacy of the token (video clip verification string) through the UID in step S15.

In this embodiment, the player synchronizes time with the time server domain time.stdtime.gov.tw through NTP (Networlk Time Protocol). Before this, each service node in the CDN system has completed the time. Synchronize.

Step S12 generates a UID parameter of m3u8-url and a request playback start time (StartTime), and the formula is: Hash (M3U8+StartTime).

In this embodiment, the user wants to play a certain movie, as shown in Table 1, the website address is http://www.cht.com.tw/video/1.m3u8, and the representative is m3u8-url; the playing start time is 2016. /10/19_08:09:33.537, the format is [year/month/day_hour:minute:second.millisecond], which is represented as StartTime; so UID is Hash(m3u8-url+Start), Hash can adopt MD5, and the result is It is 32 bits. With this The case is Hash (http://www.cht.com.tw/video/1.m3u8 2016/10/19_08:09:33.537), and the hypothetical UID is: ABCDEFGHIJKLMNOPQRSTUV0123456789.

In step S13, the player requests the cache server to obtain a video clip list (play-list) of a certain movie (presented in the form of m3u8-url), and the UID is generated by S12.

In this embodiment, the m3u8-url requirement is delivered, and the parameter includes UID, StartTime, and is expressed in the form of GET: http://m3u8url? UID=XXX&StartTime=XXX, where m3u8url is www.cht.com.tw/video/1.m3u8; UID is ABCDEFGHIJKLMNOPQRSTUV0123456789; StartTime is 2016/10/19_08:09:33.537, so the last URL to be sent is GET The form is: http://www.cht.com.tw/video/1.m3u8? UID=ABCDEFGHIJKLMNOPQRSTUV0123456789& StartTime=2016/10/19_08:09:33.537

Step S14: The cache server passes the parameters of m3u8-url and StartTime, passes the UID' generated after the hash, and determines whether it is the same as the UID delivered by the player. If it is legal, the play-list is passed back to the player.

In this embodiment, the cache server obtains three parameters of m3u8-url, UID, and StartTime from S13, calculates UID' by the formula of S12, and determines whether the result is the same as the UID provided by the player. In this example, the cache server obtains: m3u8-url is http://www.cht.com.tw/video/1.m3u8 StartTime is 2016/10/19_08:09:33.537 UID (provided by the player) For ABCDEFGHIJKLMNOPQRSTUV0123456789, the verification UID' is calculated as ABCDEFGHIJKLMNOPQRSTUV0123456789 through Hash (m3u8-url+Start).

The UID is the same as the UID', so the play-list containing the video clip (*.ts) is given to the player:

Http://www.cht.com.tw/video/1.ts

Http://www.cht.com.tw/video/2.ts

Http://www.cht.com.tw/video/3.ts

Http://www.cht.com.tw/video/4.ts

Http://www.cht.com.tw/video/5.ts

...

Step S15: To obtain a certain video clip, the player needs to generate a verification token (Token) according to the parameter UID, ts-url and the current time (Time) to a precision of ten seconds, and the formula is: Hash (UID+TS+Time) ).

In this embodiment, after the player obtains the play-list from S14, the first video clip http://www.cht.com.tw/video/1.ts is obtained, and the time required for the moment is expected to be 2016/10/ 19_08:10:25.943, considering the basic time spent on network delivery, here the time parameter is only fine to ten seconds: 2016/10/19_08:10:25.943=>2016/10/19_08:10:2, and generate verification String (Token), the formula is Hash (UID + tsurl + Time), Hash can use MD5, and the result is 32 bits. Expressed in the form of GET: http://tsurl? UID=XXX& &Token=XXX

Among them, Time is not brought into this URL-GET; this is the reason why both parties need to synchronize with the time server first (S11); illegal pirates can not obtain the information of Time directly through the packet. In this example, as shown in Table 2: UID is ABCDEFGHIJKLMNOPQRSTUV0123456789 tsurl is http://www.cht.com.tw/video/1.ts Time is 2016/10/19_08:10:2 Token is Hash (UID+ Tsurl+Time), so the above parameters are: Hash (ABCDEFGHIJKLMNOPQRSLUV0123456789 http://www.cht.com.tw/video/1.ts 2016/10/19_08:10:2), its expected Token result is 0123456789VUTSRQPONMLKJIHGFEDCBA .

Therefore, the final delivery, in the form of GET: http://www.cht.com.tw/video/1.ts? UID=ABCDEFGHIJKLMNOPQRSTUV0123456789& Token=0123456789VUTSRQPONMLKJIHGFEDCBA

Step S16: After receiving the request, the cache server discriminates the legitimacy of the token according to different time periods, and if passed, delivers the video clip requested by the player. At the same time, the segment represents whether the current is the inspection phase; as shown in Fig. 2, the non-verification period is S21, S22, S23, S24, and the inspection period is S21, S25, S26, S27, S28.

Wherein, step S21 is a verification period: the cache server determines whether the current time is the inspection period, and triggers every N seconds, each time M seconds; during this period, the cache server receives a video clip of each player. When requested, sub-requets are sent to the resource manager server. The resource management server will count that each token is accessed by several different IPs (token-ip correspondence table). When the same token is accessed by more than C IP addresses, it will determine the stolen event and update the blacklist. Member to cache server. The result of the discrimination is s22 if it is not the inspection period, and s25 if it is.

In this embodiment, the cache server triggers a check period every 1800 seconds (N) for 60 seconds (M), and the cache server sends a sub-request to the resource management server. As shown in Table 3 , it is judged by the resource management server that if a Token (ex.0123456789VUTSRQPONMLKJIHGFEDCBA, refer to S15) is simultaneously accessed by 5 IPs (C): At this time, it can be judged that the Token (0123456789VUTSRQPONMLKJIHGFEDCBA) is Theft situation.

In step S22, the token is a blacklist member: the cache server verifies whether the token is a blacklist member, and the blacklist member exists in the form of a token, that is, a verification string generated by s15.

Step S23 generates token', and verifies whether the token of the player is the same. If the token is the same, the video clip is delivered: the cache server will accurately generate the token according to the parameters UID, ts-url, and time to ten seconds, such as the formula of s15. ', and verify that the token provided by the player is the same; and consider the basic time required for network delivery, and then verify that the token is generated in the previous ten seconds. If they are the same, the video clip is delivered.

In this embodiment, as shown in Table 4, two sets of Tokens are verified:

The first group: Hash (UID + tsurl + Time)

The second group: Hash (UID + tsurl + (Time-10see))

The specific Token is as follows:

The first group: Hash (ABCDEFGHIJKLMNOPQRSTUV0123456789 http://www.cht.com.tw/vidco/1.ts 2016/10/19_08:10:2)

The second group: Hash (ABCDEFGHIJKLMNOPQRSTUV0123456789 http://www.cht.com.tw/video/1.ts 2016/10/19_08:10:1)

If the Token provided by the player is the same as the first or second set of tokens generated by the cache server, any of which is the same, the video clip can be delivered.

Step S24 returns 404, prohibiting the player from accessing the pose video clip: because the verification fails, the player 404 is returned, and access to the video clip is prohibited.

Step S25 delivers a sub-request to the resource management server, asking whether to release: the cache server sends the sub-requirement to the resource management server, and the resource management server counts the corresponding number of token-ip, whether More than C's IP.

Step S26 returns 404, prohibiting the player from accessing the video clip: the resource management server returns the access prohibition, so the cache server returns the player 404 and prohibits accessing the video clip.

In step S27, the blacklist member is updated to the cache server: the blacklist member is updated to the cache server, and the basis for quickly blocking the illegal user is used as the non-checking period.

Step S28: the resource management server allows the release; the cache server delivers the video clip: the resource management server returns the access, so the cache server delivers the video clip required by the player.

As described above, the video service anti-theft connection method of the content delivery network of the present invention determines whether the resource request is determined by the correct algorithm according to the verification string carried in the network request (Request). CDN network audio and video resources can be accessed normally. Through the verification period, the service node will deliver a Sub-Request to the resource management server according to each Request, and the server statistically analyzes whether the Request is illegally stolen and synchronizes the blacklist information to the service node; During the non-examination period, the service node can directly block the illegal pirate according to the blacklist. Therefore, compared with the prior art, the present invention can more quickly identify the piracy of the illegal pirate and the shared URL.

The detailed description of the preferred embodiments of the present invention is intended to be limited to the scope of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.

Claims (6)

A video delivery service anti-theft connection method for a content delivery network, the steps comprising: a. synchronizing the player and the cache server with the time server; b. the time factor of the player and the cache server according to the time server Generating a user ID (UID); c. The player requests the cache server to obtain a video-player list (play-list); d. the cache server transmits the video clip list after verifying that the user ID is legal ( Play-list) to the player; e. the player generates a video clip verification token (token) according to the user ID, the video clip URL and the current time (Time), and transmits to the cache server; f. the cache server determines the video clip After the verification token (legal) is legal, the video clip is transmitted to the player for access, wherein the step of the cache server determining the legitimacy of the video clip verification token includes: a1. The cache server determines whether the current time is During the inspection period, if it enters step b1, if not, it proceeds to step e1; b1. The cache server delivers sub-requets to a resource management server, and the resource management server counts the video segment verification token (token). whether If a plurality of different IPs are accessed, if the process proceeds to step c1, if not, the process proceeds to step d1; c1. The resource management server adds the audio and video segment verification token (token) to the blacklist, and simultaneously transmits an error message to the cache server and prohibits Dial the player to access the video clip; d1. The user ID is legal, and the cache server delivers the video clip to the player for access; E1. The cache server checks whether the video clip verification token (token) is in the blacklist, if it enters step f1, if not, it enters step g1; f1. the cache server is based on the user ID, the video clip URL and the current time (Time) ) generating a video clip verification string '(token'), if the video clip verification string '(token') is the same as the video clip verification token (token) generated by the dial player, the cache server delivers the video clip to the play Access; g1. The cache server prohibits the player from accessing the video clip. The video service security connection method of the content delivery network according to claim 1, wherein the player synchronizes time with the time server domain through a Network Time Protocol (NTP). The video service anti-theft connection method of the content delivery network according to claim 1, wherein the parameter for generating the user ID is m3u8-url and the request playback start time (StartTime), and the formula is Hash (M3U8+StartTime). The video service security connection method of the content delivery network according to claim 1, wherein the movie is presented in the form of m3u8-url. The video service security connection method of the content delivery network according to claim 1, wherein when the player requests the cache server to obtain a video-play-list of the movie, the request includes a user identifier (user identifier, UID) is used by the cache server to verify the validity of the user ID. The audio-visual service anti-theft connection method of the content delivery network according to claim 1, wherein the cache server generates the user ID after hashing the URL of the video clip and the start time of the request start time (StartTime). '(UID') is compared with the user ID delivered by the player, if the user ID' Same as the user ID, the user ID is valid, and the cache server transmits the play-list to the player.