WO2010025638A1 - Method, equipment and system of peer to peer live broadcast stream transfer - Google Patents

Method, equipment and system of peer to peer live broadcast stream transfer Download PDF

Info

Publication number
WO2010025638A1
WO2010025638A1 PCT/CN2009/072786 CN2009072786W WO2010025638A1 WO 2010025638 A1 WO2010025638 A1 WO 2010025638A1 CN 2009072786 W CN2009072786 W CN 2009072786W WO 2010025638 A1 WO2010025638 A1 WO 2010025638A1
Authority
WO
WIPO (PCT)
Prior art keywords
peer
key
live stream
information
digital signature
Prior art date
Application number
PCT/CN2009/072786
Other languages
French (fr)
Chinese (zh)
Inventor
王志兵
姜海军
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010025638A1 publication Critical patent/WO2010025638A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/60Network streaming of media packets

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A method, equipment and system of P2P live broadcast stream transfer which can prevent the P2P live broadcast stream from being juggled viciously during the transfer, and meanwhile avoid making big shock to the P2P system performance. The method in an embodiment of the present invention includes that: a digital signature equipment(401) generates a pair of public and private keys of digital signature algorithm, sends the private key to a content release server(402) and sends the public key to a resource management server(403); the content release server(402) signs to the source live broadcast stream according to the private key, slices the signed live broadcast stream and then sends the sliced live broadcast stream to a P2P client terminal(404); the resource management server(403) transmits the public key to the P2P client terminal(404), by which the public key utilized to perform signature verification to the received P2P live broadcast stream. The embodiment of the present invention applies not only in centralized P2P networking, but also in distributed P2P networking based on CDN architecture.

Description

点对点直播流传递的方法、 装置及系统 本申请要求了 2008年 9月 4日提交的、 申请号为 200810146670.9、 发明 名称为"点对点直播流传递的方法、 系统、数字签名装置及客户端"的中国申请 的优先权, 其全部内容通过引用结合在本申请中。  Method, device and system for transmitting peer-to-peer live stream This application claims China, filed on September 4, 2008, with the application number 200810146670.9, the invention titled "Peer-to-point live stream delivery method, system, digital signature device and client" Priority of the application, the entire contents of which are incorporated herein by reference.
技术领域 Technical field
本发明涉及通讯技术领域, 具体而言是涉及一种点对点 (P2P, Peer to Peer )直播流传递的方法、 装置及系统。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a peer-to-peer (P2P, Peer to Peer) live stream delivery method, apparatus, and system. Background technique
数据加密技术按作用不同, 可分为数据传输、 数据存储、 数据完整性的 鉴别以及密钥管理技术。 在网络应用中一般釆取两种加密算法: 对称密钥算 法和非对称密钥算法。  Data encryption technology can be divided into data transmission, data storage, data integrity authentication and key management technology. Two encryption algorithms are generally used in network applications: symmetric key algorithm and asymmetric key algorithm.
所谓对称密钥算法是指一个加密算法的加密密钥和解密密钥相同, 或者 虽然不相同, 但是可由其中的任意一个很容易地推导出另一个, 即密钥是双 方共享的。 所谓非对称密钥算法是指一个加密算法的加密密钥和解密密钥是 不一样的, 或者说不能由其中一个密钥推导出另一个密钥, 这两个密钥其中 一个称为公钥, 用于解密, 是公开的, 另一个称为私钥, 用于加密, 是保密 的, 由公钥计算私钥在计算上不可行的。  The so-called symmetric key algorithm means that the encryption key and the decryption key of one encryption algorithm are the same, or although they are not the same, one can easily derive another one, that is, the key is shared by both parties. The so-called asymmetric key algorithm means that the encryption key and the decryption key of one encryption algorithm are different, or another key cannot be derived from one of the keys. One of the two keys is called a public key. , used for decryption, is public, and the other is called private key, used for encryption, is confidential, and it is computationally infeasible to calculate the private key from the public key.
信息-摘要算法 (MD5 , message-digest algorithm 5 ) 是指对一段信息 ( message )产生信息摘要(message-digest ), 以防止被篡改。 MD5将整个文 件当作一个大文本信息, 通过其不可逆的字符串变换算法, 产生唯一的 MD5 信息摘要。 MD5属于一种对称密钥算法。  The message-digest algorithm (MD5) refers to generating a message-digest for a piece of information to prevent tampering. MD5 treats the entire file as a large text message, and through its irreversible string transformation algorithm, produces a unique MD5 message digest. MD5 belongs to a symmetric key algorithm.
在 Internet 中使用更多的是非对称密钥算法, 常用的非对称密钥算法是 RSA算法, 其加密强度很高, 而且并不要求通信双方事先要建立某种信任关 系或共享某种秘密, 因此十分适合 Internet网上使用。 数字签名( Digital Signature )技术是非对称密钥算法的典型应用。 所谓数 字签名 (Digital Signature ), 就是附加在数据单元上的一些数据, 或是对数据 单元所作的密码变换。 这些数据或变换允许数据单元的接收者用以确认数据 单元的来源和数据单元的完整性并保护数据, 防止被人 (例如接收者)进行伪 造。 它是对电子形式的消息进行签名的一种方法, 一个签名消息能在一个通 信网络中传输。 数字签名主要的功能是: 保证信息传输的完整性、 发送者的 身份认证、 防止交易中的抵赖发生。 More commonly used in the Internet is the asymmetric key algorithm. The commonly used asymmetric key algorithm is the RSA algorithm, which has high encryption strength and does not require the communication parties to establish some trust relationship or share some secret in advance. Very suitable for Internet use. Digital Signature technology is a typical application of asymmetric key algorithms. The so-called digital signature (Digital Signature) is some data attached to the data unit, or a password conversion to the data unit. These data or transformations allow the recipient of the data unit to confirm the integrity of the source and data unit of the data unit and to protect the data from counterfeiting by a person (e.g., a recipient). It is a method of signing messages in electronic form, a signed message can be transmitted in a communication network. The main functions of digital signature are: to ensure the integrity of information transmission, sender identity authentication, to prevent the occurrence of repudiation in transactions.
基于 MD5算法的数字签名 (例如 RSA算法)应用过程是, 将摘要信息 使用发送者的私钥加密, 与原文一起传送给接收者。 接收者只有使用发送的 公钥才能解密被加密的摘要信息, 并用 HASH函数对收到的原文产生一个摘 要信息, 与解密的摘要信息对比。 如果相同, 则说明收到的信息是完整的, 在传输过程中没有被修改, 否则说明信息被修改过, 因此基于 MD5算法的数 字签名能够验证信息的完整性。  The application of the digital signature (e.g., RSA algorithm) based on the MD5 algorithm is to encrypt the summary information using the sender's private key and transmit it to the recipient along with the original text. The receiver can decrypt the encrypted digest information only by using the transmitted public key, and use the HASH function to generate a summary information of the received original text, which is compared with the decrypted digest information. If they are the same, the received information is complete and has not been modified during the transmission. Otherwise, the information has been modified. Therefore, the digital signature based on the MD5 algorithm can verify the integrity of the information.
P2P的典型特征是用户节点(Peer ) 间内容共享, 子节点的内容数据由父 节点提供, 尤其是对于一些低码率的直播, 一个子节点可能只从一个父节点 获取内容。现有技术釆用信息-摘要算法 MD5,对于文件格式存在的 P2P下载 内容, 用户下载前通过先获取 MD5校验码, 然后在下载过程中进行校验, 这 样能够在下载过程中就及时发现内容是否被恶意篡改, 而不需要将完整内容 下载完成后再进行 MD5校验。  A typical feature of P2P is content sharing between user nodes (Peer). The content data of the child nodes is provided by the parent node. Especially for some low-rate live broadcasts, one child node may only obtain content from one parent node. The prior art uses the information-digest algorithm MD5. For the P2P download content existing in the file format, the user obtains the MD5 check code before downloading, and then performs verification during the download process, so that the content can be found in the download process in time. Whether it is maliciously tampering, and does not need to complete the MD5 verification after downloading the complete content.
在实现本发明过程中, 发明人发现现有技术中至少存在这样的问题: 由于 P2P直播流是一个实时业务, P2P服务器需要实时生成 P2P直播流 校验码提供给用户, 如果釆用所有用户都实时到服务器取校验码的方式, 将 对系统性能造成较大的冲击; 如果釆用节点传递校验码的方式, 由于 MD5釆 用对称密钥, 父节点可以在对直播流内容篡改后重新生成校验码, 从而为子 节点提供不同的内容, 这样则没有达到内容防篡改的目的。 发明内容 本发明实施例提供了一种 P2P直播流传递的方法、 装置及系统, 能够防止 P2P直播流在传递过程中被恶意篡改, 同时避免对 P2P系统性能造成较大的冲 击。 In the process of implementing the present invention, the inventor finds that at least the problem exists in the prior art: Since the P2P live stream is a real-time service, the P2P server needs to generate a P2P live stream check code in real time to provide the user, if all users are used The method of taking the check code in real time to the server will have a big impact on the system performance. If the node passes the check code, because the MD5 uses the symmetric key, the parent node can re-make the content of the live stream. The check code is generated to provide different content for the child nodes, so that the content is not tamper-proof. Summary of the invention The embodiment of the invention provides a method, a device and a system for transmitting P2P live stream, which can prevent the P2P live stream from being maliciously falsified during the transmission process, and avoids a big impact on the performance of the P2P system.
为实现上述目的, 本发明实施例是通过如下技术方案实现的:  To achieve the above objective, the embodiment of the present invention is implemented by the following technical solutions:
一种点对点直播流传递的方法, 包括:  A method for delivering a peer-to-peer live stream includes:
生成数字签名算法的公钥和私钥密钥对;  Generating a public key and a private key pair of the digital signature algorithm;
根据所述私钥对源直播流进行签名, 对签名后的源直播流进行切片, 并 将切片后的直播流下发到点对点客户端;  Signing the source live stream according to the private key, and slicing the signed live broadcast stream, and delivering the sliced live stream to the peer-to-peer client;
发送所述公钥到点对点客户端, 以便该点对点客户端使用该公钥对接收 的点对点直播流进行签名验证。  The public key is sent to the peer-to-peer client, so that the peer-to-peer client uses the public key to perform signature verification on the received peer-to-peer live stream.
一种数字签名装置, 包括:  A digital signature device comprising:
签名密钥生成单元, 用于生成数字签名算法的公钥和私钥密钥对; 签名密钥下发单元, 用于将所述私钥下发到内容发布服务器, 使得所述 内容发布服务器使用所述私钥对源直播流进行签名, 并对签名后的源直播流 进行切片; 以及将所述公钥下发到资源管理服务器, 以便点对点客户端到所 述资源管理服务器上获取所述公钥并使用该公钥对接收的点对点直播流进行 签名验证。  a signature key generating unit, configured to generate a public key and a private key pair of the digital signature algorithm; a signature key issuing unit, configured to send the private key to the content publishing server, so that the content publishing server uses The private key is used to sign the source live stream, and the signed source live stream is sliced; and the public key is sent to the resource management server, so that the point-to-point client obtains the public on the resource management server. The key uses the public key to perform signature verification on the received peer-to-peer live stream.
一种点对点直播流传递的系统, 包括:  A system for point-to-point live stream delivery, including:
数字签名装置, 用于生成数字签名算法的公钥和私钥密钥对, 并将该私 钥下发到内容发布服务器, 将该公钥下发到资源管理服务器;  a digital signature device, configured to generate a public key and a private key pair of the digital signature algorithm, and send the private key to the content distribution server, and send the public key to the resource management server;
内容发布服务器, 用于使用私钥对源直播流进行签名, 并对签名后的源 直播流进行切片;  a content publishing server, configured to sign the source live stream by using a private key, and slice the signed source live stream;
资源管理服务器, 用于点对点客户端侧密钥的维护和下发, 以便点对点 客户端获取到所述公钥并使用所述公钥对接收的点对点直播流进行签名验 证。  The resource management server is configured to maintain and deliver the peer-to-peer client-side key, so that the peer-to-peer client obtains the public key and uses the public key to perform signature verification on the received peer-to-peer live stream.
一种点对点客户端, 包括: 签名密钥获取单元, 用于获取数字签名算法公钥; A peer-to-peer client, including: a signature key obtaining unit, configured to acquire a digital signature algorithm public key;
签名验证单元, 用于使用获取的数字签名算法公钥对接收的点对点直播 流进行签名-险证。  A signature verification unit is configured to sign the received point-to-point live stream using the obtained digital signature algorithm public key.
由以上技术方案可知, 通过在 P2P架构中引入数字签名技术, 由数字签名 装置生成数字签名算法密钥对, 私钥下发到内容发布服务器, 公钥下发到资 源管理服务器, 内容发布服务器使用私钥对源直播流进行签名, 并对签名后 的源直播流进行切片, P2P客户端到资源管理服务器获取公钥并使用获取的公 钥对接收的 P2P直播流进行签名验证, 达到防止 P2P直播流被篡改的目的; 本 发明实施例釆用非对称密钥算法, 可以确保 P2P直播业务开展过程 P2P直播流 内容不会在传递过程中被恶意篡改, 同时由于 P2P客户端无需实时到内容发布 服务器获取校验码, 可以避免对 P2P系统性能造成较大的冲击。 附图说明  According to the above technical solution, by introducing a digital signature technology into the P2P architecture, the digital signature device generates a key pair of the digital signature algorithm, and the private key is sent to the content distribution server, and the public key is sent to the resource management server, and the content distribution server uses The private key signs the live broadcast stream, and slices the signed live broadcast stream. The P2P client obtains the public key from the resource management server and uses the obtained public key to perform signature verification on the received P2P live stream to prevent P2P live broadcast. The purpose of the flow is tampering; the embodiment of the present invention uses an asymmetric key algorithm to ensure that the content of the P2P live broadcast service is not maliciously falsified during the delivery process, and the P2P client does not need to go to the content publishing server in real time. Obtaining the check code can avoid a big impact on the performance of the P2P system. DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实 施例或现有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面 描述中的附图仅仅是本发明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动性的前提下, 还可以根据这些附图获得其他的附图。  In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图 1为本发明实施例提供的一种 P2P直播流传递的方法的流程图; 图 2为本发明实施例提供的另一种 P2P直播流传递的方法的流程图; 图 3为本发明实施例提供的一种数字签名装置的结构图;  FIG. 1 is a flowchart of a P2P live stream delivery method according to an embodiment of the present invention; FIG. 2 is a flowchart of another P2P live stream delivery method according to an embodiment of the present invention; A structural diagram of a digital signature device is provided;
图 4为本发明实施例提供的一种 P2P直播流传递的系统的结构图; 图 5为本发明实施例提供的一种 P2P客户端的结构图。 具体实施方式  FIG. 4 is a structural diagram of a P2P live stream delivery system according to an embodiment of the present invention; FIG. 5 is a structural diagram of a P2P client according to an embodiment of the present invention. detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行 清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而 不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有作 出创造性劳动前提下所获得的所有其他实施例 , 都属于本发明保护的范围。 参见图 1 ,图 1为本发明实施例提供的一种 P2P直播流传递的方法,包括: 步骤 101 , P2P内容管理系统生成数字签名算法的公钥和私钥密钥对。 步骤 102, P2P内容管理系统根据所述私钥对源直播流进行签名, 对签名 后的源直播流进行切片, 并将切片后的直播流下发到点对点客户端。 The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, those of ordinary skill in the art do not make All other embodiments obtained under the premise of creative labor are within the scope of the invention. Referring to FIG. 1, FIG. 1 is a schematic diagram of a P2P live stream delivery method according to an embodiment of the present invention, including: Step 101: A P2P content management system generates a public key and a private key pair of a digital signature algorithm. Step 102: The P2P content management system signs the source live stream according to the private key, and slices the signed source live stream, and sends the sliced live stream to the peer-to-peer client.
步骤 103 , P2P内容管理系统发送所述公钥到点对点客户端, 以便该点对 点客户端使用该公钥对接收的点对点直播流进行签名验证。  Step 103: The P2P content management system sends the public key to the peer-to-peer client, so that the peer-to-peer client uses the public key to perform signature verification on the received peer-to-peer live stream.
本发明实施例提供的 P2P直播流传递的方法, P2P 内容管理系统通过数 字签名密钥的生成和分发、 签名生成和签名验证来完成对 P2P直播流的数字 签名, 达到防止 P2P直播流在传递过程中被篡改的目的。 由于釆用了非对称 密钥算法的数字签名技术, 因此可以确保 P2P直播业务开展过程 P2P直播流 内容不会在传送过程中被恶意篡改, 同时由于 P2P客户端无需实时到系统中 获取校验码, 可以避免对 P2P系统性能造成较大的冲击。  The P2P live stream delivery method provided by the embodiment of the invention, the P2P content management system completes the digital signature of the P2P live stream by the generation and distribution of the digital signature key, signature generation and signature verification, and prevents the P2P live stream from being transmitted. The purpose of being tampered with. Because the digital signature technology of the asymmetric key algorithm is used, it can ensure that the P2P live broadcast content of the P2P live broadcast service process will not be maliciously falsified during the transmission process, and the P2P client does not need to obtain the check code in the system in real time. Can avoid a big impact on the performance of P2P systems.
参见图 2, 本发明实施例提供了另一种点对点直播流传递的方法, 包括: 步骤 201 ,数字签名装置生成数字签名算法密钥对,私钥下发到内容发布 服务器, 公钥下发到资源管理服务器。  Referring to FIG. 2, an embodiment of the present invention provides another method for transmitting a peer-to-peer live stream, including: Step 201: A digital signature device generates a key pair of a digital signature algorithm, and the private key is sent to a content publishing server, and the public key is sent to the public key. Resource management server.
在进行直播频道分发操作之前, 数字签名装置可以灵活配置数字签名类 型和签名方式, 其中, 数字签名的类型包括: 所有报文签名、 关键帧签名、 帧头签名或关键帧帧头签名; 数字签名的方式包括: 数字签名算法、 基于信 息-摘要算法的数字签名算法。 例如配置的数字签名类型和签名方式可以为: 数字签名类型: 0x00-不签名; 0x01-所有报文签名; 0x02-仅关键帧签名; 0x03-仅帧头签名; 0x04-仅关键帧帧头签名。  Before performing the live channel distribution operation, the digital signature device can flexibly configure the digital signature type and the signature mode, wherein the types of the digital signature include: all message signatures, key frame signatures, frame header signatures or key frame header signatures; digital signatures The methods include: digital signature algorithm, digital signature algorithm based on information-digest algorithm. For example, the configured digital signature type and signature method can be: Digital signature type: 0x00-no signature; 0x01-all message signature; 0x02-keyframe signature only; 0x03-frame header signature only; 0x04-keyframe only header signature .
签名方式: 0x01-RSA; 0x02-RSA over MD5„  Signature: 0x01-RSA; 0x02-RSA over MD5„
根据配置的数字签名类型和签名方式, 进行相应的操作:  According to the configured digital signature type and signature method, perform the corresponding operations:
如果需要签名, 则生成数字签名算法密钥对, 例如 RSA密钥对, 私钥下 发到内容发布服务器, 公钥下发到资源管理服务器。 如果配置的签名方式为基于信息-摘要算法的数字签名算法,还生成信息- 摘要算法密钥, 例如 MD5 密钥, 该信息-摘要算法密钥同时下发到内容发布 服务器和资源管理服务器。 If a signature is required, a digital signature algorithm key pair is generated, such as an RSA key pair, and the private key is sent to the content distribution server, and the public key is sent to the resource management server. If the signature method is a digital signature algorithm based on the information-digest algorithm, an information-summary algorithm key, such as an MD5 key, is generated, and the information-summary algorithm key is simultaneously delivered to the content publishing server and the resource management server.
在本发明实施例中, 内容发布服务器可以为 P2P中心媒体服务器 CS- P, 负责直播流的数字签名和切片, 如杲在分布式 P2P组网架构下, 内容发布服 务器还包括 P2P边缘内容服务器 ES~P, CS-P将签名和切片后的源直播流切片 分发到 P2P边缘内容服务器 ES-P, ES P作为 P2P组网的超级节点, 为 P2P 客户端提供服务保障。  In the embodiment of the present invention, the content publishing server may be a P2P central media server CS-P, which is responsible for digital signature and slicing of the live stream. For example, under the distributed P2P networking architecture, the content publishing server further includes a P2P edge content server ES. ~P, CS-P distributes the signed and sliced live broadcast stream to the P2P edge content server ES-P. The ES P serves as the super node of the P2P network and provides service guarantee for the P2P client.
资源管理服务器作为 P2P客户端服务管理部件, 负责整网节点 Peer的信 息维护和 P2P客户端资源的调度。  As the P2P client service management component, the resource management server is responsible for information maintenance of the Peer of the entire network node and scheduling of P2P client resources.
步骤 202, 内容发布服务器根据所述私钥对源直播流进行 ·签名,对签名后 的源直播流进行切片, 并将切片后的直播流下发到点对点客户端。  Step 202: The content distribution server performs a signature on the source live stream according to the private key, and slices the signed live broadcast stream, and delivers the sliced live stream to the peer-to-peer client.
内容发布服务器从直播源获取源直播流, 根据配置的数字签名类型和签 名方式, 对源直播流进行签名。 根据签名类型和签名方式组合可进行的签名 牙中类可^口表 1所示: 表 1签名类型和签名方式组合表  The content publishing server obtains the source live stream from the live source, and signs the source live stream according to the configured digital signature type and signature mode. Signatures that can be combined according to signature type and signature method. The class in the tooth can be shown in Table 1: Table 1 Combination of signature type and signature method
Figure imgf000008_0001
Figure imgf000008_0001
内容发布服务器对签名后的源直播流进行切片, 并将切片后的直播流下 发到点对点客户端。  The content publishing server slices the signed source live stream and sends the sliced live stream to the peer-to-peer client.
步骤 203 , Ρ2Ρ客户端到资源管理服务器获取.公销, 并使用获取的公钥对 接收的 Ρ2Ρ直播流进行签名验证。 当 P2P客户端向 P2P门户网站发起直播请求, P2P客户端向 P2P 资源管 理服务器请求 P2P资源列表, 资源管理服务器根据配置的签名类型和签名方 式, 在响应消息中携带公钥。 如果签名方式为基于信息-摘要算法的数字签名 算法时, 例如 RSA over MD5签名方式, 在响应消息中还将携带信息-摘要算 法密钥, 例如 MD5密钥。 Step 203: The client obtains the public account from the resource management server, and uses the obtained public key to perform signature verification on the received live stream. When the P2P client initiates a live broadcast request to the P2P portal, the P2P client requests the P2P resource list from the P2P resource management server, and the resource management server carries the public key in the response message according to the configured signature type and signature mode. If the signature mode is a digital signature algorithm based on the information-digest algorithm, such as the RSA over MD5 signature mode, the message-summary algorithm key, such as the MD5 key, is also carried in the response message.
P2P客户端根据返回的 P2P资源列表信息, 从 P2P边缘内容服务器 ES-P 或其它 P2P客户端接收 P2P直播流。 P2P客户端使用获取的公钥例如 RSA公 钥, 对接收的 P2P直播流进行签名验证。  The P2P client receives the P2P live stream from the P2P edge content server ES-P or other P2P client according to the returned P2P resource list information. The P2P client uses the obtained public key, such as the RSA public key, to perform signature verification on the received P2P live stream.
步骤 204,如果签名验证失败, P2P客户端记录 P2P直播流的父节点信息, 并上报到 P2P内容管理系统进行告警,并从其它父节点重新接收 P2P直播流。  Step 204: If the signature verification fails, the P2P client records the parent node information of the P2P live stream, and reports it to the P2P content management system for alarm, and re-receives the P2P live stream from other parent nodes.
本发明实施例提供的 P2P直播流传递的方法, 通过数字签名装置的数字 签名密钥的生成和分发, 由内容发布服务器根据私钥对源直播流生成数字签 名, 由 P2P客户端到资源管理服务器获取公钥, 对接收的 P2P直播流的数字 签名进行签名验证, 达到防止 P2P直播流在传递过程中被篡改的目的。 由于 釆用了非对称密钥算法的数字签名技术, 因此可以确保 P2P直播业务开展过 程 P2P直播流内容不会在传送过程中被恶意篡改, 同时由于 P2P客户端无需 实时到内容发布服务器获取校验码, 可以避免对 P2P系统性能造成较大的冲 击。  The P2P live stream delivery method provided by the embodiment of the present invention generates a digital signature by the content publishing server according to the private key to the source live stream through the generation and distribution of the digital signature key of the digital signature device, and the P2P client to the resource management server The public key is obtained, and the digital signature of the received P2P live stream is signature verified to prevent the P2P live stream from being tampered with during the delivery process. Because the digital signature technology of the asymmetric key algorithm is used, it can ensure that the P2P live broadcast content of the P2P live broadcast service process will not be maliciously falsified during the transmission process, and the P2P client does not need to obtain the verification in real time to the content publishing server. The code can avoid a big impact on the performance of the P2P system.
更进一步的,本发明实施例通过釆用基于信息-摘要算法的数字签名方式, 可先对要加密内容进行摘要再签名的方式, 减少引入签名算法对系统造成的 性能损耗。 而且, P2P客户端根据签名验证的结果, 可对签名验证失败的 P2P 直播流记录其父节点信息, 并上报到内容管理系统进行告警, 以及如果签名 验证失败, 可自动从其它父节点重新接收 P2P直播流, 以保障用户服务和体 验。  Further, in the embodiment of the present invention, by using the digital signature method based on the information-digest algorithm, the manner of digesting and re-signing the content to be encrypted may be firstly reduced, thereby reducing the performance loss caused by the introduction of the signature algorithm. Moreover, according to the result of the signature verification, the P2P client may record the parent node information of the P2P live stream whose signature verification fails, and report it to the content management system for alarm, and if the signature verification fails, the P2P may be automatically received from other parent nodes. Live stream to protect user service and experience.
本发明实施例的方法既适用于集中式的 P2P组网, 也适用于基于内容发 布网络( CDN , Content Delivery Network ) 架构的分布式的 P2P组网。 参见图 3 , 本发明实施例还提供了一种数字签名装置, 包括: 签名密钥生成单元 301 , 用于生成数字签名算法的公钥和私钥密钥对; 签名密钥下发单元 302, 用于将所述私钥下发到内容发布服务器, 以使该 内容发布服务器使用所述私钥对源直播流进行签名, 并对签名后的源直播流 进行切片; 以及将所述公钥下发到资源管理服务器, 以便 P2P客户端到资源 管理服务器上获取所述公钥并使用该公钥对接收的点对点直播流进行签名验 证。 The method in the embodiment of the present invention is applicable to a centralized P2P networking, and is also applicable to a distributed P2P networking based on a Content Delivery Network (CDN) architecture. Referring to FIG. 3, an embodiment of the present invention further provides a digital signature device, including: a signature key generation unit 301, configured to generate a public key and a private key pair of a digital signature algorithm; and a signature key issuing unit 302, And sending the private key to the content publishing server, so that the content publishing server signs the source live stream by using the private key, and slicing the signed source live stream; and placing the public key Sending to the resource management server, so that the P2P client obtains the public key from the resource management server and uses the public key to perform signature verification on the received point-to-point live stream.
如果是基于信息-摘要算法的数字签名算法:  If it is a digital signature algorithm based on the information-digest algorithm:
所述签名密钥生成单元 301 , 还用于生成信息-摘要算法密钥, 例如 MD5 密钥。  The signature key generating unit 301 is further configured to generate an information-digest algorithm key, such as an MD5 key.
所述签名密钥下发单元 302, 还用于将所述信息-摘要算法密钥下发到内 容发布服务器, 以使该内容发布服务器使用该信息 -摘要算法密钥和所述私钥 对源直播流进行签名; 以及将所述信息-摘要算法密钥同时下发到资源管理服 务器, 以便 P2P客户端到资源管理服务器上获取所述信息 -摘要算法密钥并使 用该信息-摘要算法密钥和所述公钥对接收的点对点直播流进行签名验证。  The signature key issuing unit 302 is further configured to send the information-summary algorithm key to the content publishing server, so that the content publishing server uses the information-summary algorithm key and the private key pair source The live stream is signed; and the information-summary algorithm key is simultaneously sent to the resource management server, so that the P2P client obtains the information-summary algorithm key from the resource management server and uses the information-summary algorithm key And the public key performs signature verification on the received point-to-point live stream.
所述数字签名装置还包括:  The digital signature device further includes:
签名类型配置单元 303 , 用于配置数字签名类型。  A signature type configuration unit 303 is configured to configure a digital signature type.
配置的数字签名类型包括: 所有报文签名、 关键帧签名、 帧头签名或关 键帧帧头签名。 根据签名类型和签名方式组合可进行的签名种类可参见上表 表 1所示。  The configured digital signature types include: All message signatures, key frame signatures, frame header signatures, or key frame header signatures. The types of signatures that can be performed according to the signature type and signature method can be seen in Table 1 in the above table.
该数字签名装置既可设置在 P2P建构中的内容管理系统 CMS上,也可以 独立设置。  The digital signature device can be set either on the content management system CMS in the P2P construction or independently.
参见图 4, 在以上本发明实施例方法和装置的基础上, 本发明实施例提供 了一种 P2P直播流传递的系统, 包括:  Referring to FIG. 4, based on the foregoing method and apparatus of the embodiments of the present invention, an embodiment of the present invention provides a P2P live stream delivery system, including:
数字签名装置 401 , 用于生成数字签名算法的公钥和私钥密钥对, 私钥下 发到内容发布服务器 402, 公钥下发到资源管理服务器 403 ; 内容发布服务器 402 , 用于使用私钥对源直播流进行签名, 并对签名后的 源直播流进行切片; The digital signature device 401 is configured to generate a public key and a private key pair of the digital signature algorithm, and the private key is sent to the content distribution server 402, and the public key is sent to the resource management server 403; The content publishing server 402 is configured to sign the source live stream by using a private key, and slice the signed source live stream;
资源管理服务器 403 , 用于 P2P客户端侧密钥的维护和下发, 以便 P2P 客户端到资源管理服务器 403获取到所述公钥并使用所述公钥对接收的 P2P 直播流进行签名验证。  The resource management server 403 is configured to maintain and deliver the P2P client side key, so that the P2P client obtains the public key from the resource management server 403 and uses the public key to perform signature verification on the received P2P live stream.
如果是基于信息-摘要算法的数字签名算法:  If it is a digital signature algorithm based on the information-digest algorithm:
所述数字签名装置 401还用于生成信息-摘要算法密钥,将该信息-摘要算 法密钥同时下发到内容发布服务器和资源管理服务器;  The digital signature device 401 is further configured to generate an information-summary algorithm key, and simultaneously deliver the information-summary algorithm key to the content distribution server and the resource management server;
所述内容发布服务器 402 , 还用于使用所述信息-摘要算法密钥和所述私 钥对源直播流进行签名;  The content distribution server 402 is further configured to use the information-digest algorithm key and the private key to sign the source live stream;
所述资源管理服务器 403 ,还用于 P2P客户端到资源管理服务器上获取所 述信息-摘要算法密钥并使用该信息 -摘要算法密钥与所述公钥对接收的点对 点直播流进行签名验证。  The resource management server 403 is further configured to acquire the information-digest algorithm key from the P2P client to the resource management server, and perform signature verification on the received point-to-point live stream by using the information-digest algorithm key and the public key. .
该数字签名装置 401 ,还用于配置数字签名类型; 所述配置的数字签名类 型包括: 所有报文签名、 关键帧签名、 帧头签名或关键帧帧头签名;  The digital signature device 401 is further configured to configure a digital signature type; the configured digital signature type includes: all message signature, key frame signature, frame header signature or key frame header signature;
所述内容发布服务器 402 ,还用于根据配置的数字签名类型对源直播流进 行签名。  The content distribution server 402 is further configured to sign the source live stream according to the configured digital signature type.
参见图 5 , 本发明实施例还提供了一种 P2P客户端, 包括:  Referring to FIG. 5, an embodiment of the present invention further provides a P2P client, including:
签名密钥获取单元 501 , 用于获取数字签名算法公钥;  a signature key obtaining unit 501, configured to acquire a digital signature algorithm public key;
所述获取公钥的方法可以为: P2P客户端向资源管理服务器请求 P2P资 源信息列表; 接收资源管理服务器返回的 P2P资源信息列表的请求响应消息, 在所述请求响应消息中携带公钥。  The method for obtaining the public key may be: the P2P client requests the P2P resource information list from the resource management server; and receives the request response message of the P2P resource information list returned by the resource management server, where the request response message carries the public key.
签名验证单元 502,用于使用获取的数字签名算法公钥对接收的 P2P直播 流进行签名-险证。  The signature verification unit 502 is configured to sign the received P2P live stream using the obtained digital signature algorithm public key.
如果是基于信息-摘要算法的数字签名算法, 例如基于 MD5的 RSA数字 签名算法, 所述签名密钥获取单元 501 , 还用于获取信息-摘要算法密钥; 所述签名验证单元 502, 还用于使用获取的信息-摘要算法密钥和所述数 字签名算法公钥对接收的点对点直播流进行签名验证。 If it is a digital signature algorithm based on the information-digest algorithm, such as an MD5-based RSA digital signature algorithm, the signature key acquisition unit 501 is further configured to acquire an information-digest algorithm key; The signature verification unit 502 is further configured to perform signature verification on the received point-to-point live stream by using the obtained information-summary algorithm key and the digital signature algorithm public key.
本发明实施例的 P2P客户端还包括:  The P2P client in the embodiment of the present invention further includes:
记录告警单元 503 , 用于签名验证失败时记录 P2P直播流的父节点信息, 并上报告警。 以及,  The alarm unit 503 is configured to record the parent node information of the P2P live stream when the signature verification fails, and report the alarm. as well as,
直播流重新接收单元 504 , 用于签名验证失败时从其它父节点重新接收 P2P直播流。  The live stream re-receiving unit 504 is configured to re-receive the P2P live stream from other parent nodes when the signature verification fails.
本发明实施例是在 P2P架构中引入数字签名技术, 以防止 P2P直播流被 恶意篡改, 来增强 P2P直播的安全性。 通过数字签名装置生成数字签名密钥 对, 将私钥下发到内容发布服务器, 公钥下发到资源管理服务器, 由内容发 布服务器对源直播流进行数字签名并切片, 由 P2P客户端到资源管理服务器 上获取签名公钥并对接收的 P2P直播流进行签名验证, 可以达到防止 P2P直 播流被篡改的目的。 由于釆用了非对称密钥算法的数字签名技术, 因此可以 确保 P2P直播流在传递过程中 P2P直播流内容不会被恶意篡改, 且 P2P客户 端无需实时到内容发布服务器上获取校验码, 可以避免对 P2P 系统性能造成 较大的冲击。  The embodiment of the invention introduces a digital signature technology in the P2P architecture to prevent the P2P live stream from being maliciously falsified, thereby enhancing the security of the P2P live broadcast. The digital signature key pair is generated by the digital signature device, and the private key is sent to the content distribution server, and the public key is sent to the resource management server. The content distribution server digitally signs and slices the source live stream, and the P2P client goes to the resource. Obtaining the signature public key on the management server and performing signature verification on the received P2P live stream can prevent the P2P live stream from being tampered with. Because the digital signature technology of the asymmetric key algorithm is used, it is ensured that the P2P live stream content is not maliciously falsified during the delivery process of the P2P live stream, and the P2P client does not need to obtain the check code on the content publishing server in real time. It can avoid a big impact on the performance of P2P systems.
更进一步的, 本发明实施例通过数字签名装置生成信息-摘要算法密钥, 可先对要加密内容进行摘要再签名的方式, 减少引入签名算法对系统造成的 性能损耗。 而且, P2P客户端根据签名验证的结果, 可对签名验证失败的 P2P 直播流记录其父节点信息, 并上报到内容管理系统进行告警, 以及可自动从 其它父节点重新接收 P2P直播流, 以保障用户服务和体验。  Further, in the embodiment of the present invention, the information-summary algorithm key is generated by the digital signature device, and the method for performing the abstract re-signature of the content to be encrypted may be firstly reduced to reduce the performance loss caused by the introduction of the signature algorithm. Moreover, according to the result of the signature verification, the P2P client can record the parent node information of the P2P live stream whose signature verification fails, and report it to the content management system for alarm, and can automatically receive the P2P live stream from other parent nodes to ensure User service and experience.
通过以上实施例的描述, 本领域的技术人员可以清楚地了解到, 本发明 实施例不需要引入独立的功能部件, 可借助软件加必需的通用硬件平台的方 式来实现, 因此不会对已有的 P2P系统架构造成架构上的影响。 基于这样的 理解, 本发明实施例的技术方案本质上或者说对现有技术做出贡献的部分可 以以软件产品的形式体现出来, 该计算机软件产品存储在一个存储介质中, 包括若干指令用以使得 P2P内容管理系统或 P2P客户端执行本发明各个实施 例所述的方法。 这里所称的存储介质, 如: ROM/RAM、 磁盘、 光盘等。 Through the description of the above embodiments, those skilled in the art can clearly understand that the embodiments of the present invention do not need to introduce independent functional components, and can be implemented by means of software plus a necessary general hardware platform, and thus will not be existing. The P2P system architecture has an architectural impact. Based on such understanding, the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium. A number of instructions are included to cause a P2P content management system or P2P client to perform the methods described in various embodiments of the present invention. The storage medium referred to herein is, for example, a ROM/RAM, a magnetic disk, an optical disk, or the like.
上述实施例的说明只是用于帮助理解本发明的方法及其思想; 任何熟悉 本技术领域的技术人员在本发明揭露的技术范围内, 可轻易想到变化或替换, 都应涵盖在本发明的保护范围之内。 因此, 本发明的保护范围应所述以权利 要求的保护范围为准。  The description of the above embodiments is only for the purpose of facilitating the understanding of the method and the idea of the present invention; any person skilled in the art can easily think of changes or substitutions within the technical scope of the present invention, and should cover the protection of the present invention. Within the scope. Therefore, the scope of the invention should be determined by the scope of the claims.

Claims

权 利 要 求 书 Claim
1、 一种点对点直播流传递的方法, 其特征在于, 包括:  A method for delivering a peer-to-peer live stream, comprising:
生成数字签名算法的公钥和私钥密钥对;  Generating a public key and a private key pair of the digital signature algorithm;
根据所述私钥对源直播流进行签名, 对签名后的源直播流进行切片, 并将 切片后的直播流下发到点对点客户端;  Signing the source live stream according to the private key, and slicing the signed live stream, and delivering the sliced live stream to the peer-to-peer client;
发送所述公钥到点对点客户端, 以便该点对点客户端使用该公钥对接收的 点对点直播流进行签名验证。  The public key is sent to the peer-to-peer client, so that the peer-to-peer client uses the public key to perform signature verification on the received peer-to-peer live stream.
2、 根据权利要求 1所述的方法, 其特征在于, 所述方法还包括: 生成信息-摘要算法密钥;  2. The method according to claim 1, wherein the method further comprises: generating an information-digest algorithm key;
根据所述信息 -摘要算法密钥和所述私钥对源直播流进行签名, 对签名后的 源直播流进行切片, 并将切片后的直播流下发到点对点客户端;  And signing the source live stream according to the information-summary algorithm key and the private key, and slicing the signed live broadcast stream, and sending the sliced live stream to the peer-to-peer client;
发送所述信息-摘要算法密钥到点对点客户端, 以便该点对点客户端使用该 信息-摘要算法密钥和所述公钥对接收的点对点直播流进行签名验证。  The information-digest algorithm key is sent to the peer-to-peer client, so that the peer-to-peer client uses the information-digest algorithm key and the public key to perform signature verification on the received peer-to-peer live stream.
3、 根据权利要求 1或 2所述的方法, 其特征在于, 所述方法还包括: 配置数字签名类型;  The method according to claim 1 or 2, wherein the method further comprises: configuring a digital signature type;
根据配置的数据签名类型对源直播流进行数字签名。  The source live stream is digitally signed according to the configured data signature type.
4、 根据权利要求 1或 2所述的方法, 其特征在于,  4. The method according to claim 1 or 2, characterized in that
由数字签名装置生成所述数字签名算法的公钥和私钥密钥对;  Generating a public key and a private key pair of the digital signature algorithm by a digital signature device;
并由所述数字签名装置将所述私钥下发到内容发布服务器, 将所述公钥下 发到资源管理服务器。  And the private key is sent to the content distribution server by the digital signature device, and the public key is sent to the resource management server.
5、 根据权利要求 2所述的方法, 其特征在于,  5. The method of claim 2, wherein
由数字签名装置生成所述信息-摘要算法密钥;  Generating the information-digest algorithm key by a digital signature device;
并由所述数字签名装置将所述信息 -摘要算法密钥分别下发给内容发布服务 器和资源管理服务器。  And the information-summary algorithm key is respectively sent by the digital signature device to the content distribution server and the resource management server.
6、 根据权利要求 1或 2所述的方法, 其特征在于, 所述方法还包括: 如果签名验证失败, 则点对点客户端记录点对点直播流的父节点信息, 并 上报到内容管理系统进行告警。 The method according to claim 1 or 2, wherein the method further comprises: If the signature verification fails, the peer-to-peer client records the parent node information of the peer-to-peer live stream and reports it to the content management system for alarm.
7、 根据权利要求 6所述的方法, 其特征在于, 所述方法还包括: 如果签名验证失败, 点对点客户端从其它父节点重新接收点对点直播流。 7. The method according to claim 6, wherein the method further comprises: if the signature verification fails, the peer-to-peer client re-receives the peer-to-peer live stream from the other parent node.
8、 一种数字签名装置, 其特征在于, 包括: 8. A digital signature device, comprising:
签名密钥生成单元, 用于生成数字签名算法的公钥和私钥密钥对; 签名密钥下发单元, 用于将所述私钥下发到内容发布服务器, 以使所述内 容发布服务器使用所述私钥对源直播流进行签名, 并对签名后的源直播流进行 切片; 以及将所述公钥下发到资源管理服务器, 以便点对点客户端到所述资源 管理服务器上获取所述公钥并使用该公钥对接收的点对点直播流进行签名验 证。  a signature key generating unit, configured to generate a public key and a private key pair of the digital signature algorithm; a signature key issuing unit, configured to deliver the private key to the content publishing server, so that the content publishing server Signing the source live stream using the private key, and slicing the signed source live stream; and delivering the public key to the resource management server, so that the peer-to-peer client obtains the The public key uses the public key to perform signature verification on the received peer-to-peer live stream.
9、 根据权利要求 8所述的装置, 其特征在于,  9. Apparatus according to claim 8 wherein:
所述签名密钥生成单元, 还用于生成信息-摘要算法密钥;  The signature key generating unit is further configured to generate an information-digest algorithm key;
所述签名密钥下发单元, 还用于将所述信息-摘要算法密钥下发到内容发布 服务器, 使得所述内容发布服务器使用该信息 -摘要算法密钥和所述私钥对源直 播流进行签名; 以及将所述信息-摘要算法密钥同时下发到资源管理服务器, 以 便点对点客户端到资源管理服务器上获取所述信息-摘要算法密钥, 并使用该信 息-摘要算法密钥和所述公钥对接收的点对点直播流进行签名验证。  The signing key issuing unit is further configured to send the information-summary algorithm key to the content publishing server, so that the content publishing server uses the information-summary algorithm key and the private key pair source to broadcast The stream is signed; and the information-summary algorithm key is simultaneously sent to the resource management server, so that the peer-to-peer client obtains the information-digest algorithm key from the resource management server, and uses the information-summary algorithm key And the public key performs signature verification on the received point-to-point live stream.
10、 根据权利要求 8或 9所述的装置, 其特征在于, 所述装置还包括: 签名类型配置单元, 用于配置数字签名类型。  The device according to claim 8 or 9, wherein the device further comprises: a signature type configuration unit, configured to configure a digital signature type.
11、 一种点对点直播流传递的系统, 其特征在于, 包括:  11. A system for point-to-point live stream delivery, comprising:
数字签名装置, 用于生成数字签名算法的公钥和私钥密钥对, 并将该私钥 下发到内容发布服务器, 将该公钥下发到资源管理服务器;  a digital signature device, configured to generate a public key and a private key pair of the digital signature algorithm, and send the private key to the content distribution server, and send the public key to the resource management server;
内容发布服务器, 用于使用所述私钥对源直播流进行签名, 并对签名后的 源直播流进行切片;  a content publishing server, configured to sign the source live stream by using the private key, and slice the signed source live stream;
资源管理服务器, 用于点对点客户端侧密钥的维护和下发, 以便点对点客 户端获取到所述公钥并使用所述公钥对接收的点对点直播流进行签名验证。Resource management server, used for maintenance and delivery of peer-to-peer client-side keys for point-to-point customers The client obtains the public key and uses the public key to perform signature verification on the received peer-to-peer live stream.
12、 根据权利要求 11所述的系统, 其特征在于, 12. The system of claim 11 wherein:
所述数字签名装置, 还用于生成信息-摘要算法密钥, 将该信息 -摘要算法密 钥同时下发到内容发布服务器和资源管理服务器;  The digital signature device is further configured to generate an information-digest algorithm key, and send the information-summary algorithm key to the content publishing server and the resource management server at the same time;
所述内容发布服务器, 还用于使用所述信息-摘要算法密钥和所述私钥对源 直播流进行签名;  The content distribution server is further configured to sign the source live stream by using the information-summary algorithm key and the private key;
所述资源管理服务器, 还用于点对点客户端获取所述信息-摘要算法密钥, 并使用该信息-摘要算法密钥与所述公钥对接收的点对点直播流进行签名验证。  The resource management server is further configured to obtain the information-digest algorithm key by the peer-to-peer client, and perform signature verification on the received point-to-point live stream by using the information-summary algorithm key and the public key.
13、 根据权利要求 11或 12所述的系统, 其特征在于,  13. A system according to claim 11 or 12, characterized in that
所述数字签名装置, 还用于配置数字签名类型;  The digital signature device is further configured to configure a digital signature type;
所述内容发布服务器, 还用于根据配置的数字签名类型对源直播流进行签 名。  The content publishing server is further configured to sign the source live stream according to the configured digital signature type.
14、 一种点对点客户端, 其特征在于, 包括:  14. A peer-to-peer client, comprising:
签名密钥获取单元, 用于获取数字签名算法公钥;  a signature key obtaining unit, configured to acquire a digital signature algorithm public key;
签名验证单元, 用于使用获取的数字签名算法公钥对接收的点对点直播流 进行签名验证。  The signature verification unit is configured to perform signature verification on the received point-to-point live stream by using the obtained digital signature algorithm public key.
15、 根据权利要求 14所述的点对点客户端, 其特征在于,  15. The point-to-point client of claim 14 wherein:
所述签名密钥获取单元, 还用于获取信息-摘要算法密钥;  The signature key obtaining unit is further configured to acquire an information-digest algorithm key;
所述签名验证单元, 还用于根据获取的信息-摘要算法密钥和所述数字签名 算法公钥对接收的点对点直播流进行签名验证。  The signature verification unit is further configured to perform signature verification on the received point-to-point live stream according to the acquired information-summary algorithm key and the digital signature algorithm public key.
16、 根据权利要求 14或 15所述的客户端, 其特征在于, 所述点对点客户 端还包括:  The client according to claim 14 or 15, wherein the point-to-point client further comprises:
记录告警单元, 用于签名验证失败时记录点对点直播流的父节点信息, 并 上报告警; 以及,  Recording an alarm unit, used to record the parent node information of the point-to-point live stream when the signature verification fails, and report the alarm; and,
直播流重新接收单元, 用于签名验证失败时从其它父节点重新接收点对点 直播流。  The live stream re-receiving unit is configured to re-receive the peer-to-peer live stream from other parent nodes when the signature verification fails.
PCT/CN2009/072786 2008-09-04 2009-07-16 Method, equipment and system of peer to peer live broadcast stream transfer WO2010025638A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810146670.9 2008-09-04
CN 200810146670 CN101667999B (en) 2008-09-04 2008-09-04 Method and system for transmitting peer-to-peer broadcast stream, data signature device and client

Publications (1)

Publication Number Publication Date
WO2010025638A1 true WO2010025638A1 (en) 2010-03-11

Family

ID=41796733

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/072786 WO2010025638A1 (en) 2008-09-04 2009-07-16 Method, equipment and system of peer to peer live broadcast stream transfer

Country Status (2)

Country Link
CN (1) CN101667999B (en)
WO (1) WO2010025638A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600776A (en) * 2017-09-15 2018-09-28 杭州趣看科技有限公司 The system and method for safe Broadcast Control
CN112672192A (en) * 2020-12-28 2021-04-16 上海成思信息科技有限公司 IPTV supervision method
CN114584798A (en) * 2022-03-02 2022-06-03 深圳禾苗通信科技有限公司 Private customized live broadcast method and device, computer equipment and storage medium

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101980500B (en) * 2010-11-08 2013-11-13 中国电信股份有限公司 Digital signature-based point-to-point flow control method and system
CN102868912A (en) * 2012-08-16 2013-01-09 北京视博数字电视科技有限公司 Method and system for media content transmission based on CDN (Content Distribution Network) and P2P (Peer to Peer) converged infrastructure
CN105429960A (en) * 2015-10-29 2016-03-23 东莞酷派软件技术有限公司 Method and device for intelligent household terminal authentication
CN107370712A (en) * 2016-05-11 2017-11-21 中兴通讯股份有限公司 A kind of code stream distorts monitoring method, device and communication system
CN110427781A (en) * 2019-07-16 2019-11-08 浙江大华技术股份有限公司 Tamper resistant method, terminal device and the storage medium of media data
CN113453038B (en) * 2021-06-25 2022-03-29 桂林电子科技大学 Effectiveness optimal collaborative cache management method under CDN-P2P hybrid architecture

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633068A (en) * 2004-12-31 2005-06-29 北京中星微电子有限公司 A method of media stream transmission in point-to-point communication
CN1791215A (en) * 2005-12-29 2006-06-21 清华大学 Network television content safety monitoring and managing method
CN101018129A (en) * 2006-12-31 2007-08-15 华东师范大学 Public security broadcast control media management and authentication method for recognizing non tampering integrity
CN101247409A (en) * 2008-03-21 2008-08-20 中国科学院电工研究所 Live broadcast stream media authentication method based on P2P network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2357407A (en) * 1999-12-17 2001-06-20 Int Computers Ltd Cryptographic key replacement using key lifetimes

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1633068A (en) * 2004-12-31 2005-06-29 北京中星微电子有限公司 A method of media stream transmission in point-to-point communication
CN1791215A (en) * 2005-12-29 2006-06-21 清华大学 Network television content safety monitoring and managing method
CN101018129A (en) * 2006-12-31 2007-08-15 华东师范大学 Public security broadcast control media management and authentication method for recognizing non tampering integrity
CN101247409A (en) * 2008-03-21 2008-08-20 中国科学院电工研究所 Live broadcast stream media authentication method based on P2P network

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108600776A (en) * 2017-09-15 2018-09-28 杭州趣看科技有限公司 The system and method for safe Broadcast Control
CN108600776B (en) * 2017-09-15 2021-09-03 杭州趣看科技有限公司 System and method for safe broadcast control
CN112672192A (en) * 2020-12-28 2021-04-16 上海成思信息科技有限公司 IPTV supervision method
CN114584798A (en) * 2022-03-02 2022-06-03 深圳禾苗通信科技有限公司 Private customized live broadcast method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN101667999A (en) 2010-03-10
CN101667999B (en) 2012-09-05

Similar Documents

Publication Publication Date Title
US10313135B2 (en) Secure instant messaging system
WO2010025638A1 (en) Method, equipment and system of peer to peer live broadcast stream transfer
EP2372947A1 (en) Secure and traceable digital transmission method and envelope
US20240064143A1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN106713338A (en) Long connection tunnel establishment method based on server hardware information
US11743035B2 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
US11658955B1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN113918971A (en) Block chain based message transmission method, device, equipment and readable storage medium
Ramsdell RFC 3851: Secure/multipurpose internet mail extensions (S/MIME) version 3.1 message specification
CN114301612A (en) Information processing method, communication apparatus, and encryption apparatus
CN111865972B (en) Anonymous communication method and system
CN115776390B (en) MQTT protocol identity authentication and data encryption method based on national secret
US11843636B1 (en) Methods, mediums, and systems for verifying devices in an encrypted messaging system
CN116743512B (en) Network autonomy and isolation method and device, electronic equipment and readable storage medium
CN113691495B (en) Network account sharing and distributing system and method based on asymmetric encryption
CN115567299A (en) Message transmission method and system based on end-to-end encryption
KR20220128615A (en) Transmission of Security Information in Content Distribution Networks
Kaighobadi et al. A Pattern for the Secure Shell Protocol
WO2016078024A1 (en) Information providing method, data transmission method and apparatuses
Liao Securing e-mail communication with XML technology
JP2006081225A (en) Communications system and contents-certified site apparatus to conduct contents certification
Arnedo-Moreno et al. XML-based security for JXTA core protocols
Muthuselvi et al. Authentication of Online Digitized Content Using Trapdoor Hash Function Method
JP2001155011A (en) Time identifying method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09811013

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09811013

Country of ref document: EP

Kind code of ref document: A1