+

WO2018176816A1 - Video requesting and playing method and device - Google Patents

Video requesting and playing method and device Download PDF

Info

Publication number
WO2018176816A1
WO2018176816A1 PCT/CN2017/107056 CN2017107056W WO2018176816A1 WO 2018176816 A1 WO2018176816 A1 WO 2018176816A1 CN 2017107056 W CN2017107056 W CN 2017107056W WO 2018176816 A1 WO2018176816 A1 WO 2018176816A1
Authority
WO
WIPO (PCT)
Prior art keywords
key value
video
target video
user terminal
server
Prior art date
Application number
PCT/CN2017/107056
Other languages
French (fr)
Chinese (zh)
Inventor
周志刚
张文明
陈少杰
Original Assignee
武汉斗鱼网络科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 武汉斗鱼网络科技有限公司 filed Critical 武汉斗鱼网络科技有限公司
Publication of WO2018176816A1 publication Critical patent/WO2018176816A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/266Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel
    • H04N21/26613Channel or content management, e.g. generation and management of keys and entitlement messages in a conditional access system, merging a VOD unicast channel into a multicast channel for generating or managing keys in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25808Management of client data
    • H04N21/25816Management of client data involving client authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/258Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
    • H04N21/25866Management of end-user data
    • H04N21/25875Management of end-user data involving end-user authentication

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a video request, a video playing method, and a device.
  • the live video broadcast is performed by using the Internet and streaming media technology, and then the video content provider has the video stream address obtained by the third-party platform, so that the video can be directly viewed without going through the live website, that is, the video player bypassing the live website.
  • the video provided is also played.
  • there are some paid video content for the live website For example, the ticket room of the live website can only be viewed when the ticket is purchased.
  • the VIP member can purchase the VIP video, so If the video stream address is stolen, the user who has not purchased the ticket can directly view the ticket room, and the user who does not purchase the VIP member can directly watch the VIP video, and also brings the risk of personal information leakage to the user.
  • the prior art encrypts the video stream address to prevent the video stream address from being stolen, but only the encrypted video stream address is easily cracked, so the video stream address is low in security. Video is easily obtained illegally.
  • the embodiment of the invention solves the technical problem of low video stream address security in the prior art by providing a video request, a video playing method and a device.
  • an embodiment of the present invention provides a video playing method, which is applied to a server, where the method includes:
  • the method further includes:
  • the method further includes:
  • the received authentication key value is a terminal-side authentication key value for the target video.
  • the generating the server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group including:
  • the request identifies the identifier group, including:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user.
  • the live type identification code and the room identification code of the live network video are included in the request identification identifier group.
  • an embodiment of the present invention provides a video requesting method, which is applied to a user terminal, and includes:
  • the generating, according to the first key value and the second key value, a terminal side authentication key value for the target video and sending To the server including:
  • a terminal side authentication key value for the target video is sent to the server.
  • the generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video including:
  • the request identification identifier group carried in the video stream address request includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user.
  • the video type identification code of each webcast video and the room identification code is not limited to the video type identification code.
  • an embodiment of the present invention provides a video playback device, which is applied to a server, where the video playback device includes:
  • An address request receiving module configured to receive a video stream address request for the target video sent by the user terminal
  • a Key value sending module configured to return, to the user terminal, a first Key value for characterizing a video type of the target video and for characterization if a viewing user corresponding to the user terminal has viewing rights to the target video Viewing a second Key value of a user's permission range;
  • a video returning module configured to: when receiving, by the user terminal, a terminal-side authentication key value for the target video generated by using the first key value and the second key value, returning to the user terminal The target video.
  • the device further includes:
  • the authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
  • the device further includes:
  • An authentication key value generating module configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
  • the authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
  • the authentication key value generating module is specifically configured to:
  • the request identifies the identifier group, including:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user.
  • the live type identification code and the room identification code of the live network video are included in the request identification identifier group.
  • an embodiment of the present invention provides a video requesting apparatus, which is applied to a user terminal, where the video requesting apparatus includes:
  • An address request sending module configured to send a video stream address request for the target video to the server
  • a Key value receiving module configured to receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value for characterizing a permission range of the viewing user;
  • An authentication key value obtaining module configured to generate, according to the first key value and the second key value, a terminal side authentication key value for the target video, and send the value to the server, so that the server receives Returning the target video to the user terminal when the terminal side authenticates the Key value of the target video;
  • a video receiving module configured to receive the target video from the server.
  • the authentication key value obtaining module includes:
  • the authentication key value generating unit is configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
  • the authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
  • the authentication key value generating unit is specifically configured to:
  • the request identification identifier group carried in the video stream address request includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user.
  • the video type identification code of each webcast video and the room identification code is not limited to the video type identification code.
  • the technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal.
  • the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated.
  • the server For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available.
  • the user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Therefore, the accuracy of authenticating the video stream address is greatly enhanced, and the video stream address can be prevented from being illegally acquired, thereby improving the security of the video stream address.
  • the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and
  • the reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
  • FIG. 1 is a flowchart of a video playing method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a video request method according to an embodiment of the present invention.
  • FIG. 3 is a block diagram of a video playback apparatus according to an embodiment of the present invention.
  • FIG. 4 is a block diagram of a video requesting apparatus according to an embodiment of the present invention.
  • the embodiment of the present invention provides a video request, a video playing method, and a device.
  • the general idea is as follows:
  • the video stream address is authenticated according to the first Key value of the video type of the target video and the second Key value for characterizing the viewing range of the viewing user. Therefore, for different types of target videos and different permission ranges of the viewing users, different authentication KEY values for authenticating the video stream addresses on the server side and the terminal side are calculated, and the server is only based on the first and second servers.
  • the KEY value generates the target video of the user terminal that authenticates the KEY value, thereby greatly enhancing the accuracy of authenticating the video stream address, thereby preventing the video stream address from being illegally acquired, and improving the security of the video stream address. .
  • an embodiment of the present invention provides a video playing method, including the following steps:
  • S101 Receive a video stream address request for a target video that is sent by the user terminal.
  • the target video may be a live webcast video or a recorded video resource stored on a server.
  • the server is provided with a ticket system or a VIP authentication system for different video types.
  • Webcast video settings have different ticket types, and different video types are set for different video types.
  • the viewing user's permission range of the game ticket is all game-type live rooms, the viewing user with the game ticket has the viewing right for the game-like video; and the viewing range of the viewing user with the sports ticket
  • the viewing users who have game tickets have the right to watch sports videos; the viewing rights of the viewing users with variety tickets are the variety live rooms, and the viewing users with game tickets have watched the variety videos. Permissions.
  • the ticket system is configured to identify whether the viewing user corresponding to the user terminal that sends the video stream address request has a ticket of the video type to which the target video belongs, thereby determining whether the viewing user has viewing rights to the target video.
  • the video stream address request in order to determine whether the viewing user has the viewing right for the target video, carries the user identification information of the viewing user corresponding to the user terminal, such as a username and a password.
  • the server stores the permission range corresponding to each user identification information, so that the server determines whether the viewing user corresponding to the user terminal has the viewing right for the target video according to the correspondence between the user identification information and the permission range. If the viewing user does not have the viewing right for the target video, the server directly rejects the video stream address request of the user terminal, and does not return to the user terminal the first Key value for characterizing the video type of the target video and the permission range for characterizing the viewing user. The second key value. If the viewing user has viewing rights to the target video, the server returns to the user terminal a first Key value for characterizing the video type of the target video and a second Key value for characterizing the viewing range of the viewing user.
  • the ticket class KEY value corresponds to the video type one by one, and the ticket class KEY value may be a random string, then the first key value is A string representing the video type of the target video. For example, if the target video is a sports video, the first key value is specifically a character string indicating that the target video is a sports video. For example, if the target video is a game video, the first key value is specifically to represent the target video as a game video. String.
  • the second key value includes the live broadcast type identification code and the room identification code of each live webcast video within the scope of the user's permission.
  • the live type identification code and the room identification code of each live webcast video in the user's permission range are input into the MD5 algorithm, and the second KEY value is obtained by the operation:
  • KEY2 MD5.create(roomid+type)
  • the roomid is the room identification code of each webcast live video within the scope of the user's permission
  • the type is the live type identification code of each webcast live video within the scope of the user's permission.
  • the process proceeds to S103.
  • the target video is returned to the user terminal.
  • the terminal-side authentication key value of the target video is specifically generated by the user terminal according to the following manner:
  • the user terminal If the user terminal receives the first key value and the second key value from the server, the user terminal generates a terminal side authentication key value for the target video based on the first key value and the second key value, and sends the value to the server.
  • the video type of the target video and the permission range of the viewing user are used as the KEY value of the video stream address authentication, so that different authentication KEY values can be obtained for different video types and different permission ranges, and the same video stream address is sent.
  • Receiver The server and the user terminal can always maintain the same authentication KEY value, which can greatly improve the accuracy of video address authentication and avoid illegal acquisition.
  • the terminal side authentication key value for the target video is generated based on the first key value, the second key value, and the request identification identifier group.
  • the request identification identifier group includes a time identifier indicating a time when the user terminal sends the video stream address request, and a terminal feature of at least one type of user terminal: a token (Token) when the user logs in to the server, and a unique ID of the user terminal. (UDID, Unique Device Identifier), the current IP address of the user terminal. Therefore, the video stream address authentication is implemented depending on the time, so that the calculated video stream address is different each time, because the uniqueness of time makes a video stream address can be used only once, so when the viewing user requests the correct The video stream address is not available to others, further improving the security of the video stream address.
  • a token When the user logs in to the server, and a unique ID of the user terminal.
  • UDID Unique Device Identifier
  • the request identification identifier group carried in the video stream address request further includes the room identification code of the target network live video, thereby further improving the video stream address security of the webcast video.
  • the server side provides the following implementation process:
  • the server generates a server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, and compares the received authentication key value with the server-side authentication key value for the target video. Whether it is consistent; if it is consistent, the received authentication key value is a terminal-side authentication key value for the target video generated by the user terminal based on the first key value and the second key value, and the server returns the target to the user terminal. Video; if it is inconsistent, the received authentication key value is sent by other terminals, and the target video is rejected.
  • MD5 messages digest Algorithms for algorithm and RSA encryption algorithms
  • first Key value and the second Key value are input into the MD5 algorithm to obtain an intermediate Key value:
  • NewKey MD5.Create(KEY1+KEY2)
  • NewKey is the intermediate Key value
  • KEY1 is the first Key value
  • KEY2 is the second Key value.
  • the intermediate key value and the request identification identifier group are input into the RSA encryption algorithm to calculate the server side authentication key value for the target video:
  • KEY RSA.encrypt(Token+Roomid+ID+IP+Time, NewKey);
  • the time parameter is the time identifier of the user terminal to send the video stream address request
  • the Token parameter is the token when the user logs in to the server
  • the ID parameter is the unique ID of the user terminal (UDID, Unique Device Identifier)
  • the IP parameter is the current state of the user terminal. IP address.
  • an embodiment of the present invention provides a video requesting method, which is applied to a user terminal corresponding to the foregoing video playing method.
  • the video requesting method includes:
  • S202 Receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value used to represent a permission range of the viewing user.
  • S203 Generate a terminal-side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server returns the target video to the user terminal when receiving the terminal-side authentication key value for the target video. ;
  • S203 includes the following refinement steps:
  • an implementation manner of generating a terminal-side authentication key value for the target video is specifically:
  • the request identification identifier group carried in the video stream address request includes: a time identifier indicating a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal as follows: The token when the user logs in to the server, the unique ID of the user terminal, and the current IP address of the user terminal are viewed.
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes each part of the viewing user's permission range.
  • the video type identifier of the live webcast video and the room identification code is included in the request identification identifier group.
  • the video request method embodiment corresponds to the technical features in the implementation of the foregoing video playing method, Therefore, based on the video playing method introduced by the present invention, those skilled in the art can understand the implementation manner of the video requesting device, and thus will not be described herein.
  • an embodiment of the present invention provides a video playing device for implementing the foregoing video playing method, which is applied to a server.
  • the video playing device includes:
  • the address request receiving module 301 is configured to receive a video stream address request for the target video sent by the user terminal;
  • the Key value sending module 302 is configured to: if the viewing user corresponding to the user terminal has the viewing right to the target video, return a first Key value for characterizing the video type of the target video to the user terminal, and Characterizing a second Key value of the range of rights of the viewing user;
  • a video returning module 303 configured to receive, by the user terminal, a terminal-side authentication key value for the target video generated by the first key value and the second key value, to the user terminal Return to the target video.
  • the device further includes:
  • the authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
  • the device further includes:
  • An authentication key value generating module configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
  • the authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
  • the authentication key value generating module is specifically configured to:
  • the request identifying the identifier group includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the viewing user.
  • the live type identification code of each webcast live video within the scope of the permission And the room identification code.
  • the video playback device is a device for implementing the foregoing video playback method according to the embodiment of the present invention. Therefore, based on the video playback method introduced by the present invention, those skilled in the art can understand the specific structure and deformation of the video playback device, and thus No longer. Any device used in the video playing method of the present invention is within the scope of the present invention.
  • an embodiment of the present invention further provides a video requesting apparatus for implementing the foregoing video requesting method, which is applied to a user terminal.
  • the video requesting apparatus includes:
  • An address request sending module 401 configured to send a video stream address request for the target video to the server;
  • the Key value receiving module 402 is configured to receive a first Key value returned by the server for characterizing a video type of the target video and a second Key value used to represent a permission range of the viewing user;
  • the authentication key value obtaining module 403 is configured to generate a terminal side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server receives Returning the target video to the user terminal when the terminal side authentication key value is used for the target video;
  • the video receiving module 404 is configured to receive the target video from the server.
  • the authentication key value obtaining module 403 includes:
  • the authentication key value generating unit is configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
  • the authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
  • the authentication key value generating unit is specifically configured to:
  • the request identification identifier group carried in the video stream address request includes:
  • the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the rights of the viewing user.
  • the present video requesting device is an electronic device used in the foregoing video requesting method according to the embodiment of the present invention. Therefore, those skilled in the art can understand the specific structure and deformation of the video requesting device based on the method described in the video requesting method embodiment of the present invention. Therefore, it will not be repeated here.
  • the apparatus used in the video request method of the present invention is within the scope of the present invention.
  • the technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal.
  • the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated.
  • the server For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available.
  • the user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Therefore, the accuracy of authenticating the video stream address is greatly enhanced, and the video stream address can be prevented from being illegally acquired, thereby improving the security of the video stream address.
  • the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and
  • the reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer Graphics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The invention discloses a video playing and requesting method and device, applied to the field of communication technologies. The video playing method comprises: receiving a video stream address request sent by a user terminal for a target video; if a viewer corresponding to the user terminal has permission to view the target video, returning to the user terminal a first key value representing a type of the target video and a second key value representing a permission range of the viewer; and returning the target video to the user terminal when a terminal side authentication key value of the target video generated on the basis of the first key value and the second key value and sent by the user terminal is received. Thus, the invention solves the technical problem of low security of a video stream address in the prior art, greatly improving the accuracy of video stream address authentication, and preventing illegal acquisition of the video stream address, thereby improving the security of the video stream address.

Description

一种视频请求、视频播放方法及装置Video request, video playing method and device 技术领域Technical field
本发明涉及通信技术领域,尤其涉及一种视频请求、视频播放方法及装置。The present invention relates to the field of communications technologies, and in particular, to a video request, a video playing method, and a device.
背景技术Background technique
目前,视频直播是利用互联网及流媒体技术进行直播,然后视频内容的提供方存在视频流地址被第三方平台获取,从而可以不通过直播网站直接观看视频,即绕过了直播网站的视频播放器提供的视频播放,同时对于直播网站也会使用有一些收费视频内容,比如直播网站的门票房间,只有购买了门票才能观看;又比如类似于一些视频网站中只有购买VIP会员才能观看VIP视频,因此对于视频流地址被盗取,则使得没有购买门票的用户可以直接观看门票房间、没有购买VIP会员的用户可以直接观看VIP视频,还会给用户带来个人信息泄露的风险。At present, the live video broadcast is performed by using the Internet and streaming media technology, and then the video content provider has the video stream address obtained by the third-party platform, so that the video can be directly viewed without going through the live website, that is, the video player bypassing the live website. The video provided is also played. At the same time, there are some paid video content for the live website. For example, the ticket room of the live website can only be viewed when the ticket is purchased. For example, similar to some video websites, only the VIP member can purchase the VIP video, so If the video stream address is stolen, the user who has not purchased the ticket can directly view the ticket room, and the user who does not purchase the VIP member can directly watch the VIP video, and also brings the risk of personal information leakage to the user.
为了避免视频流地址被盗取,现有技术会对视频流地址进行加密保护以防止被盗取视频流地址,但是仅仅加密后的视频流地址容易被破解,因此视频流地址安全性低,进而视频容易被非法获取。In order to prevent the video stream address from being stolen, the prior art encrypts the video stream address to prevent the video stream address from being stolen, but only the encrypted video stream address is easily cracked, so the video stream address is low in security. Video is easily obtained illegally.
发明内容Summary of the invention
本发明实施例通过提供一种视频请求、视频播放方法及装置,解决了现有技术中视频流地址安全性低的技术问题。The embodiment of the invention solves the technical problem of low video stream address security in the prior art by providing a video request, a video playing method and a device.
第一方面,本发明实施例提供了一种视频播放方法,应用于服务器,所述方法包括:In a first aspect, an embodiment of the present invention provides a video playing method, which is applied to a server, where the method includes:
接收用户终端发送的针对目标视频的视频流地址请求;Receiving a video stream address request for the target video sent by the user terminal;
如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;Returning, to the user terminal, a first Key value for characterizing a video type of the target video and a permission range for characterizing the viewing user, if a viewing user corresponding to the user terminal has viewing rights to the target video Second key value;
接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。Receiving, by the user terminal, the terminal-side authentication key value for the target video generated by the first key value and the second key value, returning the target video to the user terminal.
可选的,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述方法还包括:Optionally, if the video stream address request carries the user identification information of the viewing user, the method further includes:
根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。 Determining whether the viewing user has viewing rights to the target video according to the correspondence between the user identification information and the permission range.
可选的,如果所述视频流地址请求中携带有请求识别标识组,在所述接收用户终端发送的针对目标视频的视频流地址请求之后,所述方法还包括:Optionally, if the video stream address request carries the request identification identifier group, after the receiving the user terminal sends the video stream address request for the target video, the method further includes:
基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;Generating a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致;Comparing the received authentication key values with the server-side authentication key values for the target video respectively;
如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。If consistent, the received authentication key value is a terminal-side authentication key value for the target video.
可选的,所述基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:Optionally, the generating the server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, including:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
可选的,所述请求识别标识组,包括:Optionally, the request identifies the identifier group, including:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user. The live type identification code and the room identification code of the live network video.
第二方面,本发明实施例提供了一种视频请求方法,应用于用户终端,包括:In a second aspect, an embodiment of the present invention provides a video requesting method, which is applied to a user terminal, and includes:
向服务器发送针对目标视频的视频流地址请求;Sending a video stream address request for the target video to the server;
接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;Receiving, by the server, a first Key value for characterizing a video type of the target video and a second Key value for characterizing a permission range of the viewing user;
根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;Generating, by the first Key value and the second Key value, a terminal side authentication key value for the target video, and sending the value to the server, so that the server receives the terminal side profile for the target video. Returning the target video to the user terminal when the weight is a value;
从所述服务器接收所述目标视频。Receiving the target video from the server.
可选的,如果所述视频流地址请求中携带有请求识别标识组,所述根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,包括: Optionally, if the video stream address request carries the request identification identifier group, the generating, according to the first key value and the second key value, a terminal side authentication key value for the target video and sending To the server, including:
基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;Generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video;
将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。A terminal side authentication key value for the target video is sent to the server.
可选的,所述基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值,包括:Optionally, the generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video, including:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
可选的,所述视频流地址请求中携带的请求识别标识组,包括:Optionally, the request identification identifier group carried in the video stream address request includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user. The video type identification code of each webcast video and the room identification code.
第三方面,本发明实施例提供了一种视频播放装置,应用于服务器,所述视频播放装置包括:In a third aspect, an embodiment of the present invention provides a video playback device, which is applied to a server, where the video playback device includes:
地址请求接收模块,用于接收用户终端发送的针对目标视频的视频流地址请求;An address request receiving module, configured to receive a video stream address request for the target video sent by the user terminal;
Key值发送模块,用于如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;a Key value sending module, configured to return, to the user terminal, a first Key value for characterizing a video type of the target video and for characterization if a viewing user corresponding to the user terminal has viewing rights to the target video Viewing a second Key value of a user's permission range;
视频返回模块,用于接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。a video returning module, configured to: when receiving, by the user terminal, a terminal-side authentication key value for the target video generated by using the first key value and the second key value, returning to the user terminal The target video.
可选的,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述装置还包括:Optionally, if the video stream address request carries the user identification information of the viewing user, the device further includes:
权限判别模块,用于根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。The authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
可选的,如果所述视频流地址请求中携带有请求识别标识组,所述装置还包括:Optionally, if the video stream address request carries the request identification identifier group, the device further includes:
鉴权Key值生成模块,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值; An authentication key value generating module, configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
鉴权Key值对比模块,用于将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致,如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。The authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
可选的,所述鉴权Key值生成模块,具体用于:Optionally, the authentication key value generating module is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
可选的,所述请求识别标识组,包括:Optionally, the request identifies the identifier group, including:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes a permission range of the viewing user. The live type identification code and the room identification code of the live network video.
第四方面,本发明实施例提供了一种视频请求装置,应用于用户终端,所述视频请求装置包括:In a fourth aspect, an embodiment of the present invention provides a video requesting apparatus, which is applied to a user terminal, where the video requesting apparatus includes:
地址请求发送模块,用于向服务器发送针对目标视频的视频流地址请求;An address request sending module, configured to send a video stream address request for the target video to the server;
Key值接收模块,用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;a Key value receiving module, configured to receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value for characterizing a permission range of the viewing user;
鉴权Key值获取模块,用于根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;An authentication key value obtaining module, configured to generate, according to the first key value and the second key value, a terminal side authentication key value for the target video, and send the value to the server, so that the server receives Returning the target video to the user terminal when the terminal side authenticates the Key value of the target video;
视频接收模块,用于从所述服务器接收所述目标视频。a video receiving module, configured to receive the target video from the server.
可选的,如果所述视频流地址请求中携带有请求识别标识组,所述鉴权Key值获取模块,包括:Optionally, if the video stream address request carries the request identification identifier group, the authentication key value obtaining module includes:
鉴权Key值生成单元,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;The authentication key value generating unit is configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
鉴权Key值发送单元,用于将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。The authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
可选的,所述鉴权Key值生成单元,具体用于:Optionally, the authentication key value generating unit is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key 值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
可选的,所述视频流地址请求中携带的请求识别标识组,包括:Optionally, the request identification identifier group carried in the video stream address request includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
可选的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。Optionally, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the permission range of the viewing user. The video type identification code of each webcast video and the room identification code.
本发明实施例中提供的一个或多个技术方案,至少具有如下技术效果或优点:One or more technical solutions provided in the embodiments of the present invention have at least the following technical effects or advantages:
通过本发明提供的技术方案:接收用户终端发送的针对目标视频的视频流地址请求时;如果用户终端对应的观看用户对所述目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值;接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时向述用户终端返回目标视频。可见是根据目标视频的视频类型、观看用户的权限范围进行视频流地址进行鉴权验证,从而对于目标视频的类型不同、观看用户的权限范围不同,都会计算出不同的服务器侧和终端侧的用于对视频流地址进行鉴权的鉴权KEY值,服务器只针对基于第一、二KEY值生成了鉴权KEY值的用户终端返回请求的目标视频,因此只有真正有对目标视频有观看权限的用户才能从服务器获取到目标视频,否则服务器会拒绝下发目标视频。从而极大加强了对视频流地址鉴权的准确性,能够避免视频流地址被非法获取,因此提高了视频流地址的安全性。The technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal. It can be seen that the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated. For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available. The user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Therefore, the accuracy of authenticating the video stream address is greatly enhanced, and the video stream address can be prevented from being illegally acquired, thereby improving the security of the video stream address.
进一步的,通过视频流地址请求中携带有请求识别标识组,包括用户终端发送视频流地址请求所在时刻的时间标识,从而生成的服务器侧和终端侧的鉴权KEY值均依赖于不具重复性和复制性的时间标识,使得进一步确保了每次计算出来的鉴权KEY值不会被模仿,所以当一个观看用户请求到正确地址后是无法给其他观看用户使用的,因为一个视频流地址只能使用一次。Further, the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and The reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.
附图说明 DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1为本发明实施例提供的视频播放方法的流程图;FIG. 1 is a flowchart of a video playing method according to an embodiment of the present invention;
图2为本发明实施例提供的视频请求方法的流程图;2 is a flowchart of a video request method according to an embodiment of the present invention;
图3为本发明实施例提供的视频播放装置的模块图;FIG. 3 is a block diagram of a video playback apparatus according to an embodiment of the present invention;
图4为本发明实施例提供的视频请求装置的模块图。FIG. 4 is a block diagram of a video requesting apparatus according to an embodiment of the present invention.
具体实施方式detailed description
鉴于现有技术中视频流地址安全性低的技术问题,本发明实施例通过提供一种视频请求、视频播放方法及装置,总体思路如下:In view of the technical problem that the video stream address security is low in the prior art, the embodiment of the present invention provides a video request, a video playing method, and a device. The general idea is as follows:
根据目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值进行视频流地址进行了鉴权验证。从而对于目标视频的类型不同、观看用户的权限范围不同,都会计算出不同的服务器侧和终端侧的用于对视频流地址进行鉴权的鉴权KEY值,服务器只针对服务器基于第一、二KEY值生成了鉴权KEY值的用户终端返回请求的目标视频,从而极大加强了对视频流地址鉴权的准确性,从而能够避免视频流地址被非法获取,提高了视频流地址的安全性。The video stream address is authenticated according to the first Key value of the video type of the target video and the second Key value for characterizing the viewing range of the viewing user. Therefore, for different types of target videos and different permission ranges of the viewing users, different authentication KEY values for authenticating the video stream addresses on the server side and the terminal side are calculated, and the server is only based on the first and second servers. The KEY value generates the target video of the user terminal that authenticates the KEY value, thereby greatly enhancing the accuracy of authenticating the video stream address, thereby preventing the video stream address from being illegally acquired, and improving the security of the video stream address. .
为了更好的理解上述技术方案,下面将结合说明书附图以及具体的实施方式对上述技术方案进行详细的说明。In order to better understand the above technical solutions, the above technical solutions will be described in detail below in conjunction with the drawings and specific embodiments.
参考图1所示,本发明实施例提供了一种视频播放方法,包括如下步骤:Referring to FIG. 1, an embodiment of the present invention provides a video playing method, including the following steps:
S101、接收用户终端发送的针对目标视频的视频流地址请求;S101. Receive a video stream address request for a target video that is sent by the user terminal.
S102、如果用户终端对应的观看用户对目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值:S102. If the viewing user corresponding to the user terminal has the viewing right to the target video, return a first Key value for characterizing the video type of the target video and a second Key value for characterizing the permission range of the viewing user to the user terminal:
S103、接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时,向用户终端返回目标视频。S103. When receiving the terminal-side authentication key value for the target video generated by the user terminal and based on the first key value and the second key value, returning the target video to the user terminal.
需要说明的是,在本发明实施例中,目标视频可以为网络直播视频,也可以为存储在服务器上的录制视频资源。It should be noted that, in the embodiment of the present invention, the target video may be a live webcast video or a recorded video resource stored on a server.
下面结合图1,对本发明实施例提供的视频播放方法的每个步骤进行详细描述:Each step of the video playing method provided by the embodiment of the present invention is described in detail below with reference to FIG. 1 :
首先,执行S101:接收用户终端发送的针对目标视频的视频流地址请求。First, executing S101: receiving a video stream address request for the target video sent by the user terminal.
具体的,服务器上设置有门票系统或VIP认证系统,针对不同视频类型的 网络直播视频设置有不同的门票类型,针对不同视频类型的录制视频设置有不同的VIP类型。具体的,以网络直播视频为例,有游戏门票的观看用户的权限范围为所有游戏类直播房间,则有游戏门票的观看用户对游戏类视频有观看权限;有体育门票的观看用户的权限范围为所有体育类直播房间,则有游戏门票的观看用户对体育类视频有观看权限;有综艺门票的观看用户的权限范围为综艺类直播房间,则有游戏门票的观看用户对综艺类视频有观看权限。Specifically, the server is provided with a ticket system or a VIP authentication system for different video types. Webcast video settings have different ticket types, and different video types are set for different video types. Specifically, taking the live webcast video as an example, if the viewing user's permission range of the game ticket is all game-type live rooms, the viewing user with the game ticket has the viewing right for the game-like video; and the viewing range of the viewing user with the sports ticket For all sports live rooms, the viewing users who have game tickets have the right to watch sports videos; the viewing rights of the viewing users with variety tickets are the variety live rooms, and the viewing users with game tickets have watched the variety videos. Permissions.
门票系统用于识别发送视频流地址请求的用户终端对应的观看用户是否有目标视频所属视频类型的门票,从而判断出观看用户是否对目标视频有观看权限。The ticket system is configured to identify whether the viewing user corresponding to the user terminal that sends the video stream address request has a ticket of the video type to which the target video belongs, thereby determining whether the viewing user has viewing rights to the target video.
接着,执行S102:如果用户终端对应的观看用户对目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值。Next, executing S102: if the viewing user corresponding to the user terminal has the viewing right to the target video, returning, to the user terminal, a first Key value for characterizing the video type of the target video and a second for characterizing the permission range of the viewing user Key value.
在一实施例中,为了判断观看用户对目标视频是否有观看权限,视频流地址请求中携带有用户终端对应的观看用户的用户识别信息,比如:用户名和密码。服务器中存储有各个用户识别信息对应的权限范围,从而服务器根据用户识别信息与权限范围的对应关系,判别用户终端对应的观看用户是否对目标视频有观看权限。如果观看用户对目标视频没有观看权限,则服务器直接拒绝用户终端的视频流地址请求,不会向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值。如果观看用户对目标视频有观看权限,则服务器向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值。In an embodiment, in order to determine whether the viewing user has the viewing right for the target video, the video stream address request carries the user identification information of the viewing user corresponding to the user terminal, such as a username and a password. The server stores the permission range corresponding to each user identification information, so that the server determines whether the viewing user corresponding to the user terminal has the viewing right for the target video according to the correspondence between the user identification information and the permission range. If the viewing user does not have the viewing right for the target video, the server directly rejects the video stream address request of the user terminal, and does not return to the user terminal the first Key value for characterizing the video type of the target video and the permission range for characterizing the viewing user. The second key value. If the viewing user has viewing rights to the target video, the server returns to the user terminal a first Key value for characterizing the video type of the target video and a second Key value for characterizing the viewing range of the viewing user.
在门票系统中有针对每个门票类型设置有一一对应的门票类KEY值,门票类KEY值与视频类型一一对应,门票类KEY值可以是一段随机的字符串,则第一Key值为一段代表目标视频的视频类型的字符串。比如,目标视频为体育类视频,则第一Key值具体为表征目标视频为体育类视频的字符串,比如,目标视频为游戏类视频,则第一Key值具体为表征目标视频为游戏类视频的字符串。In the ticket system, there is a corresponding one-to-one ticket class KEY value for each ticket type. The ticket class KEY value corresponds to the video type one by one, and the ticket class KEY value may be a random string, then the first key value is A string representing the video type of the target video. For example, if the target video is a sports video, the first key value is specifically a character string indicating that the target video is a sports video. For example, if the target video is a game video, the first key value is specifically to represent the target video as a game video. String.
针对目标视频为目标网络直播视频,则第二Key值包括观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。If the target video is the target network live video, the second key value includes the live broadcast type identification code and the room identification code of each live webcast video within the scope of the user's permission.
观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码均输入MD5算法,运算得到第二KEY值:The live type identification code and the room identification code of each live webcast video in the user's permission range are input into the MD5 algorithm, and the second KEY value is obtained by the operation:
KEY2=MD5.create(roomid+type)KEY2=MD5.create(roomid+type)
其中,roomid为观看用户的权限范围内的各个网络直播视频所在的房间标识码,type为观看用户的权限范围内的各个网络直播视频所属的直播类型识别码。 The roomid is the room identification code of each webcast live video within the scope of the user's permission, and the type is the live type identification code of each webcast live video within the scope of the user's permission.
在执行S102之后,接着,执行S103、接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时,向用户终端返回目标视频。After the execution of S102, the process proceeds to S103. When the terminal-side authentication key value for the target video generated based on the first key value and the second key value sent by the user terminal is received, the target video is returned to the user terminal.
具体的,针对目标视频的终端侧鉴权Key值,具体为用户终端根据如下方式生成:Specifically, the terminal-side authentication key value of the target video is specifically generated by the user terminal according to the following manner:
用户终端若接收到来自服务器的第一Key值和第二Key值,用户终端会基于第一Key值与第二Key值生成针对目标视频的终端侧鉴权Key值并发送给服务器。目标视频的视频类型、观看用户的权限范围作为视频流地址鉴权的KEY值,从而对于不同的视频类型、不同的权限范围都能得到不同的鉴权KEY值,而针对同一视频流地址的发送、接收方:即服务器和用户终端而言,生成的鉴权KEY值始终可以保持一致的,从而可以极大提高视频地址鉴权的准确性,避免被非法获取。If the user terminal receives the first key value and the second key value from the server, the user terminal generates a terminal side authentication key value for the target video based on the first key value and the second key value, and sends the value to the server. The video type of the target video and the permission range of the viewing user are used as the KEY value of the video stream address authentication, so that different authentication KEY values can be obtained for different video types and different permission ranges, and the same video stream address is sent. Receiver: The server and the user terminal can always maintain the same authentication KEY value, which can greatly improve the accuracy of video address authentication and avoid illegal acquisition.
进一步的,如果视频流地址请求中携带请求识别标识组,则基于第一Key值、第二Key值和请求识别标识组生成针对目标视频的终端侧鉴权Key值。Further, if the video stream address request carries the request identification identifier group, the terminal side authentication key value for the target video is generated based on the first key value, the second key value, and the request identification identifier group.
具体的,请求识别标识组包括表征用户终端发送视频流地址请求所在时刻的时间标识,以及如下至少一种用户终端的终端特征:观看用户登录服务器时的令牌(Token)、用户终端的唯一ID(UDID,Unique Device Identifier)、用户终端当前的IP地址。从而实行了视频流地址鉴权依赖于时间来计算,使得每次计算出来的视频流地址是不同的,因为时间的唯一性使得一个视频流地址只能使用一次,所以当该观看用户请求到正确的视频流地址是无法给到别人使用,进一步提高了视频流地址的安全性。Specifically, the request identification identifier group includes a time identifier indicating a time when the user terminal sends the video stream address request, and a terminal feature of at least one type of user terminal: a token (Token) when the user logs in to the server, and a unique ID of the user terminal. (UDID, Unique Device Identifier), the current IP address of the user terminal. Therefore, the video stream address authentication is implemented depending on the time, so that the calculated video stream address is different each time, because the uniqueness of time makes a video stream address can be used only once, so when the viewing user requests the correct The video stream address is not available to others, further improving the security of the video stream address.
需要说明的是,如果目标视频为目标网络直播视频,则视频流地址请求中携带的请求识别标识组还包括目标网络直播视频的房间标识码,进一步提高网络直播视频的视频流地址安全性。It should be noted that, if the target video is the target network live video, the request identification identifier group carried in the video stream address request further includes the room identification code of the target network live video, thereby further improving the video stream address security of the webcast video.
为了验证接收到的鉴权Key值是该用户终端发送的基于第一Key值与所述第二Key值生成的针对目标视频的终端侧鉴权Key值,而不是来自其他终端的鉴权Key值,服务器侧提供了如下实施过程:In order to verify that the received authentication key value is a terminal-side authentication key value for the target video generated by the user terminal based on the first key value and the second key value, instead of the authentication key value from other terminals. The server side provides the following implementation process:
服务器基于第一Key值、第二Key值和请求识别标识组生成针对目标视频的服务器侧鉴权Key值;将接收到的鉴权Key值分别与针对目标视频的服务器侧鉴权Key值进行对比是否一致;如果一致,表征接收到的鉴权Key值为该用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值,则服务器向用户终端返回目标视频;如果不一致,表征接收到的鉴权Key值为其他终端发送,则拒绝下发目标视频。The server generates a server-side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group, and compares the received authentication key value with the server-side authentication key value for the target video. Whether it is consistent; if it is consistent, the received authentication key value is a terminal-side authentication key value for the target video generated by the user terminal based on the first key value and the second key value, and the server returns the target to the user terminal. Video; if it is inconsistent, the received authentication key value is sent by other terminals, and the target video is rejected.
具体的,服务器侧执行生成服务器侧鉴权Key值的方式为结合MD5(消息摘 要算法)算法与RSA加密算法的实施方式:Specifically, the manner of generating the server-side authentication key value by the server side is combined with MD5 (message digest Algorithms for algorithm and RSA encryption algorithms:
首先,将第一Key值与第二Key值输入MD5算法,以运算得到中间Key值:First, the first Key value and the second Key value are input into the MD5 algorithm to obtain an intermediate Key value:
NewKey=MD5.Create(KEY1+KEY2)NewKey=MD5.Create(KEY1+KEY2)
其中,NewKey为中间Key值,KEY1为第一Key值,KEY2为第二Key值。Among them, NewKey is the intermediate Key value, KEY1 is the first Key value, and KEY2 is the second Key value.
接着,将中间Key值和请求识别标识组输入RSA加密算法,以运算得到针对目标视频的服务器侧鉴权Key值:Then, the intermediate key value and the request identification identifier group are input into the RSA encryption algorithm to calculate the server side authentication key value for the target video:
KEY=RSA.encrypt(Token+Roomid+ID+IP+Time,NewKey);KEY=RSA.encrypt(Token+Roomid+ID+IP+Time, NewKey);
其中,Time参数为用户终端发送视频流地址请求的时间标识,Token参数为观看用户登录服务器时的令牌、ID参数为用户终端的唯一ID(UDID,Unique Device Identifier)、IP参数为用户终端当前的IP地址。The time parameter is the time identifier of the user terminal to send the video stream address request, the Token parameter is the token when the user logs in to the server, the ID parameter is the unique ID of the user terminal (UDID, Unique Device Identifier), and the IP parameter is the current state of the user terminal. IP address.
基于同一发明构思,本发明实施例提供了一种视频请求方法,与前述视频播放方法对应,应用于用户终端,参考图2所示,该视频请求方法包括:Based on the same inventive concept, an embodiment of the present invention provides a video requesting method, which is applied to a user terminal corresponding to the foregoing video playing method. Referring to FIG. 2, the video requesting method includes:
S201、向服务器发送针对目标视频的视频流地址请求;S201. Send a video stream address request for the target video to the server.
S202、接收服务器返回的用于表征目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;S202. Receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value used to represent a permission range of the viewing user.
S203、根据第一Key值与第二Key值生成针对目标视频的终端侧鉴权Key值并发送给服务器,以使服务器接收到针对目标视频的终端侧鉴权Key值时向用户终端返回目标视频;S203. Generate a terminal-side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server returns the target video to the user terminal when receiving the terminal-side authentication key value for the target video. ;
S204、从服务器接收目标视频。S204. Receive a target video from a server.
在本发明实施例中,S203包括如下细化步骤:In the embodiment of the present invention, S203 includes the following refinement steps:
基于所述第一Key值、第二Key值和请求识别标识组生成针对所述目标视频的终端侧鉴权Key值。Generating a terminal side authentication key value for the target video based on the first Key value, the second Key value, and the request identification identifier group.
具体的,生成针对所述目标视频的终端侧鉴权Key值的实施方式,具体为:Specifically, an implementation manner of generating a terminal-side authentication key value for the target video is specifically:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
具体的,所述视频流地址请求中携带的请求识别标识组,包括:表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Specifically, the request identification identifier group carried in the video stream address request includes: a time identifier indicating a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal as follows: The token when the user logs in to the server, the unique ID of the user terminal, and the current IP address of the user terminal are viewed.
具体的,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。Specifically, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes each part of the viewing user's permission range. The video type identifier of the live webcast video and the room identification code.
由于本视频请求方法实施例与前述视频播放方法实施中的技术特征对应, 故而基于本发明所介绍的视频播放方法,本领域所属人员能够了解该视频请求装置的实现方式,故而在此不再赘述。Since the video request method embodiment corresponds to the technical features in the implementation of the foregoing video playing method, Therefore, based on the video playing method introduced by the present invention, those skilled in the art can understand the implementation manner of the video requesting device, and thus will not be described herein.
基于同一发明构思,本发明实施例提供了一种实施前述视频播放方法的视频播放装置,应用于服务器,参考图3所示,所述视频播放装置包括:Based on the same inventive concept, an embodiment of the present invention provides a video playing device for implementing the foregoing video playing method, which is applied to a server. Referring to FIG. 3, the video playing device includes:
地址请求接收模块301,用于接收用户终端发送的针对目标视频的视频流地址请求;The address request receiving module 301 is configured to receive a video stream address request for the target video sent by the user terminal;
Key值发送模块302,用于如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;The Key value sending module 302 is configured to: if the viewing user corresponding to the user terminal has the viewing right to the target video, return a first Key value for characterizing the video type of the target video to the user terminal, and Characterizing a second Key value of the range of rights of the viewing user;
视频返回模块303,用于接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。a video returning module 303, configured to receive, by the user terminal, a terminal-side authentication key value for the target video generated by the first key value and the second key value, to the user terminal Return to the target video.
在本发明实施例中,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述装置还包括:In the embodiment of the present invention, if the video stream address request carries the user identification information of the viewing user, the device further includes:
权限判别模块,用于根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。The authority discriminating module is configured to determine, according to the correspondence between the user identification information and the permission range, whether the viewing user has viewing rights to the target video.
在本发明实施例中,如果所述视频流地址请求中携带有请求识别标识组,所述装置还包括:In the embodiment of the present invention, if the video stream address request carries the request identification identifier group, the device further includes:
鉴权Key值生成模块,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;An authentication key value generating module, configured to generate a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
鉴权Key值对比模块,用于将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致,如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。The authentication key value comparison module is configured to compare the received authentication key value with the server-side authentication key value of the target video, and if yes, the received authentication key value is The terminal side authentication key value of the target video.
在本发明实施例中,所述鉴权Key值生成模块,具体用于:In the embodiment of the present invention, the authentication key value generating module is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
在本发明实施例中,所述请求识别标识组,包括:In the embodiment of the present invention, the request identifying the identifier group includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
在本发明实施例中,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码 和所在的房间标识码。In the embodiment of the present invention, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the viewing user. The live type identification code of each webcast live video within the scope of the permission And the room identification code.
由于本视频播放装置为实施本发明实施例前述视频播放方法所采用的装置,故而基于本发明所介绍的视频播放方法,本领域所属人员能够了解该视频播放装置的具体结构及变形,故而在此不再赘述。凡是本发明视频播放方法所采用的装置都属于本发明所欲保护的范围。The video playback device is a device for implementing the foregoing video playback method according to the embodiment of the present invention. Therefore, based on the video playback method introduced by the present invention, those skilled in the art can understand the specific structure and deformation of the video playback device, and thus No longer. Any device used in the video playing method of the present invention is within the scope of the present invention.
基于同一发明构思,本发明实施例还提供了一种实施前述视频请求方法的视频请求装置,应用于用户终端,参考图4所示,所述视频请求装置包括:Based on the same inventive concept, an embodiment of the present invention further provides a video requesting apparatus for implementing the foregoing video requesting method, which is applied to a user terminal. Referring to FIG. 4, the video requesting apparatus includes:
地址请求发送模块401,用于向服务器发送针对目标视频的视频流地址请求;An address request sending module 401, configured to send a video stream address request for the target video to the server;
Key值接收模块402,用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;The Key value receiving module 402 is configured to receive a first Key value returned by the server for characterizing a video type of the target video and a second Key value used to represent a permission range of the viewing user;
鉴权Key值获取模块403,用于根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;The authentication key value obtaining module 403 is configured to generate a terminal side authentication key value for the target video according to the first key value and the second key value, and send the value to the server, so that the server receives Returning the target video to the user terminal when the terminal side authentication key value is used for the target video;
视频接收模块404,用于从所述服务器接收所述目标视频。The video receiving module 404 is configured to receive the target video from the server.
在本发明实施例中,如果所述视频流地址请求中携带有请求识别标识组,所述鉴权Key值获取模块403,包括:In the embodiment of the present invention, if the video stream address request carries the request identification identifier group, the authentication key value obtaining module 403 includes:
鉴权Key值生成单元,用于基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;The authentication key value generating unit is configured to generate a terminal side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
鉴权Key值发送单元,用于将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。The authentication key value sending unit is configured to send the terminal side authentication key value for the target video to the server.
在本发明实施例中,所述鉴权Key值生成单元,具体用于:In the embodiment of the present invention, the authentication key value generating unit is specifically configured to:
将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的终端侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a terminal side authentication key value for the target video.
在本发明实施例中,所述视频流地址请求中携带的请求识别标识组,包括:In the embodiment of the present invention, the request identification identifier group carried in the video stream address request includes:
表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
在本发明实施例中,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在的房间标识码,第二Key值包括所述观看用户的权限范围内的各个网络直播视频的视频类型识别码和所在的房间标识码。 In the embodiment of the present invention, if the target video is a target network live video, the request identification identifier group further includes a room identification code where the target network live video is located, and the second key value includes the rights of the viewing user. The video type identification code and the room identification code of each webcast video in the range.
由于本视频请求装置为实施本发明实施例前述视频请求方法所采用的电子设备,故而基于本发明视频请求方法实施例所介绍的方法,本领域所属人员能够了解该视频请求装置的具体结构及变形,故而在此不再赘述。凡是本发明视频请求方法所采用的装置都属于本发明所欲保护的范围。The present video requesting device is an electronic device used in the foregoing video requesting method according to the embodiment of the present invention. Therefore, those skilled in the art can understand the specific structure and deformation of the video requesting device based on the method described in the video requesting method embodiment of the present invention. Therefore, it will not be repeated here. The apparatus used in the video request method of the present invention is within the scope of the present invention.
通过上述本发明提供的技术方案,至少具有如下技术效果或优点:The technical solution provided by the above invention has at least the following technical effects or advantages:
通过本发明提供的技术方案:接收用户终端发送的针对目标视频的视频流地址请求时;如果用户终端对应的观看用户对所述目标视频有观看权限,向用户终端返回用于表征目标视频的视频类型的第一Key值和用于表征观看用户的权限范围的第二Key值;接收到用户终端发送的基于第一Key值与第二Key值生成的针对目标视频的终端侧鉴权Key值时向述用户终端返回目标视频。可见是根据目标视频的视频类型、观看用户的权限范围进行视频流地址进行鉴权验证,从而对于目标视频的类型不同、观看用户的权限范围不同,都会计算出不同的服务器侧和终端侧的用于对视频流地址进行鉴权的鉴权KEY值,服务器只针对基于第一、二KEY值生成了鉴权KEY值的用户终端返回请求的目标视频,因此只有真正有对目标视频有观看权限的用户才能从服务器获取到目标视频,否则服务器会拒绝下发目标视频。从而极大加强了对视频流地址鉴权的准确性,能够避免视频流地址被非法获取,因此提高了视频流地址的安全性。The technical solution provided by the present invention is: receiving a video stream address request for a target video sent by a user terminal; and if the viewing user corresponding to the user terminal has viewing rights to the target video, returning a video for characterizing the target video to the user terminal a first Key value of the type and a second Key value for characterizing a permission range of the viewing user; receiving the terminal-side authentication Key value for the target video generated by the user terminal based on the first Key value and the second Key value Return the target video to the user terminal. It can be seen that the video stream address is authenticated according to the video type of the target video and the permission range of the viewing user, so that different types of the target video and different viewing rights of the viewing user are calculated, and different server side and terminal side are calculated. For the authentication KEY value for authenticating the video stream address, the server only returns the requested target video for the user terminal that generates the authentication KEY value based on the first and second KEY values, so only the viewing rights of the target video are actually available. The user can obtain the target video from the server, otherwise the server will refuse to deliver the target video. Therefore, the accuracy of authenticating the video stream address is greatly enhanced, and the video stream address can be prevented from being illegally acquired, thereby improving the security of the video stream address.
进一步的,通过视频流地址请求中携带有请求识别标识组,包括用户终端发送视频流地址请求所在时刻的时间标识,从而生成的服务器侧和终端侧的鉴权KEY值均依赖于不具重复性和复制性的时间标识,使得进一步确保了每次计算出来的鉴权KEY值不会被模仿,所以当一个观看用户请求到正确地址后是无法给其他观看用户使用的,因为一个视频流地址只能使用一次。Further, the video stream address request carries the request identification identifier group, including the time identifier of the time when the user terminal sends the video stream address request, so that the generated authentication KEY values of the server side and the terminal side are dependent on non-repetitiveness and The reproducible time identifier further ensures that the calculated authentication KEY value will not be imitated every time, so when a viewing user requests the correct address, it cannot be used by other viewing users because a video stream address can only be used. Use once.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。 The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (10)

  1. 一种视频播放方法,应用于服务器,其特征在于,所述方法包括:A video playing method is applied to a server, wherein the method includes:
    接收用户终端发送的针对目标视频的视频流地址请求;Receiving a video stream address request for the target video sent by the user terminal;
    如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;Returning, to the user terminal, a first Key value for characterizing a video type of the target video and a permission range for characterizing the viewing user, if a viewing user corresponding to the user terminal has viewing rights to the target video Second key value;
    接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。Receiving, by the user terminal, the terminal-side authentication key value for the target video generated by the first key value and the second key value, returning the target video to the user terminal.
  2. 如权利要求1所述的视频播放方法,其特征在于,如果所述视频流地址请求中携带有所述观看用户的用户识别信息,所述方法还包括:The video playing method according to claim 1, wherein if the video stream address request carries the user identification information of the viewing user, the method further includes:
    根据所述用户识别信息与所述权限范围的对应关系,判别所述观看用户是否对所述目标视频有观看权限。Determining whether the viewing user has viewing rights to the target video according to the correspondence between the user identification information and the permission range.
  3. 如权利要求1所述的视频播放方法,其特征在于,如果所述视频流地址请求中携带有请求识别标识组,在所述接收用户终端发送的针对目标视频的视频流地址请求之后,所述方法还包括:The video playing method according to claim 1, wherein if the video stream address request carries a request identification identifier group, after the receiving user terminal sends a video stream address request for the target video, the The method also includes:
    基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值;Generating a server side authentication key value for the target video based on the first key value, the second key value, and the request identification identifier group;
    将接收到的鉴权Key值分别与针对所述目标视频的服务器侧鉴权Key值进行对比是否一致;Comparing the received authentication key values with the server-side authentication key values for the target video respectively;
    如果一致,表征接收到的鉴权Key值为针对所述目标视频的终端侧鉴权Key值。If consistent, the received authentication key value is a terminal-side authentication key value for the target video.
  4. 如权利要求3所述的视频播放方法,其特征在于,所述基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的服务器侧鉴权Key值,包括:The video playing method according to claim 3, wherein the generating a server side authentication key for the target video based on the first key value, the second key value, and the request identification identifier group Values, including:
    将所述第一Key值与所述第二Key值输入MD5算法,以运算得到中间Key值;Inputting the first key value and the second key value into the MD5 algorithm to obtain an intermediate key value;
    将所述中间Key值和所述请求识别标识组输入RSA加密算法,以运算得到针对所述目标视频的服务器侧鉴权Key值。And inputting the intermediate key value and the request identification identifier group into an RSA encryption algorithm to obtain a server side authentication key value for the target video.
  5. 如权利要求3或4所述的视频播放方法,其特征在于,所述请求识别标识组,包括:The video playing method according to claim 3 or 4, wherein the requesting the identification of the identification group comprises:
    表征所述用户终端发送所述视频流地址请求所在时刻的时间标识,以及如下至少一种所述用户终端的终端特征:所述观看用户登录所述服务器时的令牌、所述用户终端的唯一ID、所述用户终端当前的IP地址。Characterizing a time identifier of a time at which the user terminal sends the video stream address request, and at least one terminal feature of the user terminal: a token when the viewing user logs in to the server, and a uniqueness of the user terminal ID, the current IP address of the user terminal.
  6. 如权利要求5所述的视频播放方法,其特征在于,如果所述目标视频为目标网络直播视频,则所述请求识别标识组还包括所述目标网络直播视频所在 的房间标识码,所述第二Key值包括所述观看用户的权限范围内的各个网络直播视频所属的直播类型识别码和所在的房间标识码。The video playing method according to claim 5, wherein if the target video is a target network live video, the request identification identifier group further includes the target web live video The room identification code, the second key value includes a live type identification code and a room identification code of each live webcast video within the scope of the viewing user.
  7. 一种视频请求方法,应用于用户终端,其特征在于,包括:A video request method is applied to a user terminal, and includes:
    向服务器发送针对目标视频的视频流地址请求;Sending a video stream address request for the target video to the server;
    接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;Receiving, by the server, a first Key value for characterizing a video type of the target video and a second Key value for characterizing a permission range of the viewing user;
    根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视频;Generating, by the first Key value and the second Key value, a terminal side authentication key value for the target video, and sending the value to the server, so that the server receives the terminal side profile for the target video. Returning the target video to the user terminal when the weight is a value;
    从所述服务器接收所述目标视频。Receiving the target video from the server.
  8. 如权利要求7所述的视频请求方法,其特征在于,如果所述视频流地址请求中携带有请求识别标识组,所述根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,包括:The video request method according to claim 7, wherein if the video stream address request carries a request identification identifier group, the generating according to the first key value and the second key value is The terminal side authentication key value of the target video is sent to the server, including:
    基于所述第一Key值、所述第二Key值和所述请求识别标识组生成针对所述目标视频的终端侧鉴权Key值;Generating, by the first key value, the second key value, and the request identification identifier group, a terminal side authentication key value for the target video;
    将针对所述目标视频的终端侧鉴权Key值发送给所述服务器。A terminal side authentication key value for the target video is sent to the server.
  9. 一种视频播放装置,应用于服务器,其特征在于,所述视频播放装置包括:A video playback device is applied to a server, wherein the video playback device comprises:
    地址请求接收模块,用于接收用户终端发送的针对目标视频的视频流地址请求;An address request receiving module, configured to receive a video stream address request for the target video sent by the user terminal;
    Key值发送模块,用于如果所述用户终端对应的观看用户对所述目标视频有观看权限,向所述用户终端返回用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;a Key value sending module, configured to return, to the user terminal, a first Key value for characterizing a video type of the target video and for characterization if a viewing user corresponding to the user terminal has viewing rights to the target video Viewing a second Key value of a user's permission range;
    视频返回模块,用于接收到所述用户终端发送的基于所述第一Key值与所述第二Key值生成的针对所述目标视频的终端侧鉴权Key值时,向所述用户终端返回所述目标视频。a video returning module, configured to: when receiving, by the user terminal, a terminal-side authentication key value for the target video generated by using the first key value and the second key value, returning to the user terminal The target video.
  10. 一种视频请求装置,应用于用户终端,其特征在于,所述视频请求装置包括:A video requesting device is applied to a user terminal, wherein the video requesting device includes:
    地址请求发送模块,用于向服务器发送针对目标视频的视频流地址请求;An address request sending module, configured to send a video stream address request for the target video to the server;
    Key值接收模块,用于接收所述服务器返回的用于表征所述目标视频的视频类型的第一Key值和用于表征所述观看用户的权限范围的第二Key值;a Key value receiving module, configured to receive a first Key value returned by the server for characterizing a video type of the target video, and a second Key value for characterizing a permission range of the viewing user;
    鉴权Key值获取模块,用于根据所述第一Key值与所述第二Key值生成针对所述目标视频的终端侧鉴权Key值并发送给所述服务器,以使所述服务器接收到针对所述目标视频的终端侧鉴权Key值时向所述用户终端返回所述目标视 频;An authentication key value obtaining module, configured to generate, according to the first key value and the second key value, a terminal side authentication key value for the target video, and send the value to the server, so that the server receives Returning the target view to the user terminal when the terminal side authenticates the Key value of the target video frequency;
    视频接收模块,用于从所述服务器接收所述目标视频。 a video receiving module, configured to receive the target video from the server.
PCT/CN2017/107056 2017-03-31 2017-10-20 Video requesting and playing method and device WO2018176816A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710206554.0A CN107426589B (en) 2017-03-31 2017-03-31 A kind of video request, video broadcasting method and device
CN201710206554.0 2017-03-31

Publications (1)

Publication Number Publication Date
WO2018176816A1 true WO2018176816A1 (en) 2018-10-04

Family

ID=60423889

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/CN2017/081237 WO2018176531A1 (en) 2017-03-31 2017-04-20 Video request and video playing method and apparatus
PCT/CN2017/107056 WO2018176816A1 (en) 2017-03-31 2017-10-20 Video requesting and playing method and device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/081237 WO2018176531A1 (en) 2017-03-31 2017-04-20 Video request and video playing method and apparatus

Country Status (2)

Country Link
CN (1) CN107426589B (en)
WO (2) WO2018176531A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110012301B (en) * 2018-01-04 2022-01-04 武汉斗鱼网络科技有限公司 Authentication method and device for video stream address
CN112770143B (en) * 2019-11-01 2022-08-02 腾讯科技(深圳)有限公司 Interactive video playing system and method
CN112600806B (en) * 2020-12-04 2023-04-28 广州酷狗计算机科技有限公司 Audio playing method, device, server and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874485A (en) * 2005-05-30 2006-12-06 Ut斯达康通讯有限公司 System for managing digital copyright, and system of operating network TV
US20070107062A1 (en) * 2005-11-09 2007-05-10 Abu-Amara Hosame H Method for managing security keys utilized by media devices in a local area network
CN102025749A (en) * 2011-01-18 2011-04-20 中国联合网络通信集团有限公司 Anti-theft method of mobile streaming media service
CN104811773A (en) * 2015-04-28 2015-07-29 天脉聚源(北京)传媒科技有限公司 Hotlinking prevention-based channel playing implementation method, system and equipment
CN105307052A (en) * 2015-10-27 2016-02-03 无锡天脉聚源传媒科技有限公司 Video request processing method and device
CN106028064A (en) * 2016-06-24 2016-10-12 武汉斗鱼网络科技有限公司 Live broadcasting video streaming playing address authorization verification method and system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9276741B2 (en) * 2012-04-10 2016-03-01 Microsoft Technology Licensing, Llc Content encryption key management
WO2015063933A1 (en) * 2013-10-31 2015-05-07 株式会社 東芝 Content playback device, content playback method, and content playback system
CN103686241A (en) * 2013-12-23 2014-03-26 珠海迈科电子科技有限公司 Method and device for anti-theft chain of set top box
US20160119438A1 (en) * 2014-10-23 2016-04-28 Google Inc. Systems and methods of sharing media and data content across devices through local proximity
CN105721903B (en) * 2014-12-26 2017-12-12 乐视网信息技术(北京)股份有限公司 The online method and system for playing video
US11997365B2 (en) * 2015-01-27 2024-05-28 Charter Communications Operating, Llc System and method of content streaming and downloading
CN105721411A (en) * 2015-05-15 2016-06-29 乐视云计算有限公司 Method for preventing hotlinking, server and client terminalfor preventing hotlinking
CN105915494A (en) * 2015-12-07 2016-08-31 乐视云计算有限公司 Anti-stealing-link method and system
CN105872626A (en) * 2015-12-15 2016-08-17 乐视网信息技术(北京)股份有限公司 Video playing method and device
CN105847881B (en) * 2016-03-31 2019-07-09 武汉斗鱼网络科技有限公司 A kind of illegal-broadcast preventing video player and server and system
CN106230860B (en) * 2016-09-06 2020-09-25 腾讯科技(深圳)有限公司 Method and device for transmitting streaming media

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874485A (en) * 2005-05-30 2006-12-06 Ut斯达康通讯有限公司 System for managing digital copyright, and system of operating network TV
US20070107062A1 (en) * 2005-11-09 2007-05-10 Abu-Amara Hosame H Method for managing security keys utilized by media devices in a local area network
CN102025749A (en) * 2011-01-18 2011-04-20 中国联合网络通信集团有限公司 Anti-theft method of mobile streaming media service
CN104811773A (en) * 2015-04-28 2015-07-29 天脉聚源(北京)传媒科技有限公司 Hotlinking prevention-based channel playing implementation method, system and equipment
CN105307052A (en) * 2015-10-27 2016-02-03 无锡天脉聚源传媒科技有限公司 Video request processing method and device
CN106028064A (en) * 2016-06-24 2016-10-12 武汉斗鱼网络科技有限公司 Live broadcasting video streaming playing address authorization verification method and system

Also Published As

Publication number Publication date
CN107426589B (en) 2018-08-10
CN107426589A (en) 2017-12-01
WO2018176531A1 (en) 2018-10-04

Similar Documents

Publication Publication Date Title
US9032497B2 (en) System and method for securing embedded media
CN105357190B (en) The method and system of access request authentication
CN108769067B (en) A kind of authentication verification method, apparatus, equipment and medium
CN112154638B (en) System and method for distributed authentication of online identities
US9774595B2 (en) Method of authentication by token
US11640448B2 (en) License confirmation via embedded confirmation challenge
KR20060101454A (en) Device certification system
CN110662091B (en) Third-party live video access method, storage medium, electronic device and system
CN101291228A (en) A method, system, and device for generating and authenticating a super password
CN107145769A (en) A kind of digital rights management method about DRM, equipment and system
CN108259183B (en) Attention method, attention device, attention electronic equipment and attention medium
US11500968B2 (en) Method of and system for providing access to access restricted content to a user
WO2018176816A1 (en) Video requesting and playing method and device
US8612771B2 (en) Verifying authenticity of playback device
CN108206961B (en) Method for calculating popularity of live broadcast platform and related equipment
TWI640194B (en) Content delivery network audio and video service anti-theft connection method
CN108235067B (en) Authentication method and device for video stream address
CN113536290A (en) Server login method, device, terminal equipment and medium
JP2014215853A (en) Authentication system and authentication method
CN112261040B (en) Online audio and video anti-theft method and system
CN109218773B (en) Authentication method and device for video stream address
CN108769748B (en) An information processing method and related equipment
EP4277203B1 (en) Method of securely streaming digital content over content delivery network
CN110012319B (en) Authentication method and device for video stream address
CN115333731B (en) Video stream playback address one-time password anti-theft method, device and equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17902615

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17902615

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载