技术领域technical field
本发明涉及互联网技术领域,具体涉及一种流媒体文件的防盗链方法及设备。The invention relates to the technical field of the Internet, in particular to a method and device for preventing hotlinking of streaming media files.
背景技术Background technique
随着互联网技术以及多媒体技术的快速发展,授权用户可以通过终端(如手机、笔记本等)访问多媒体服务提供商通过媒体服务器提供的流媒体文件,如视频文件等,但是,在实际应用中,一些不法商家可以通过相关技术(如抓包技术)盗取多媒体服务提供商提供的流媒体文件的URL(Uniform Resource Locator,统一资源定位符),并通过盗取到的URL使其它用户(多媒体服务提供商未授权的用户)访问多媒体服务提供商提供的流媒体文件以非法获取利益,这使得多媒体服务提供商的正当利益受到损害,因此,对于多媒体服务提供商来说,流媒体文件的防盗链显得尤为重要。With the rapid development of Internet technology and multimedia technology, authorized users can access streaming media files provided by multimedia service providers through media servers through terminals (such as mobile phones, notebooks, etc.), such as video files, etc. However, in practical applications, some Unscrupulous merchants can steal the URL (Uniform Resource Locator, Uniform Resource Locator) of the streaming media file provided by the multimedia service provider through related technologies (such as packet capture technology), and use the stolen URL to make other users (multimedia service providers) Unauthorized users) access the streaming media files provided by the multimedia service provider to illegally obtain benefits, which damages the legitimate interests of the multimedia service provider. Therefore, for multimedia service providers, the anti-leeching of streaming media files appears to be Particularly important.
现有技术中,流媒体文件的防盗链技术主要包括两种:一是在URL中加入时间戳以设置URL的有效期,该方法使得授权用户在有效期内访问流媒体文件,当URL过期后,授权用户通过终端请求新的URL,但这种方法无法防止商家通过相关技术在URL的有效期内盗取URL;二是通过IP认证,即当用户通过URL请求流媒体文件的索引文件时,媒体服务器比较用户的IP地址与媒体服务器生成的验证防盗链中的IP地址是否一致,若一致,则表明该URL没有被盗用(即该用户为授权用户),若不一致,则表明该URL被盗用(即该用户为非授权用户),但这种方法无法防止不法商家伪造与授权用户相同的IP地址以通过媒体服务器的IP认证,且在授权用户的IP地址发生变化时无法使授权用户访问媒体服务器中的流媒体文件。In the prior art, anti-hotlinking technologies for streaming media files mainly include two types: one is to add a time stamp to the URL to set the validity period of the URL. This method enables authorized users to access streaming media files within the validity period. The user requests a new URL through the terminal, but this method cannot prevent the merchant from stealing the URL within the valid period of the URL through related technologies; the second is through IP authentication, that is, when the user requests the index file of the streaming media file through the URL, the media server compares Whether the IP address of the user is consistent with the IP address in the authentication anti-leech link generated by the media server, if consistent, it shows that the URL has not been stolen (that is, the user is an authorized user), if inconsistent, it shows that the URL is stolen (that is, the The user is an unauthorized user), but this method cannot prevent unscrupulous merchants from forging the same IP address as the authorized user to pass the IP authentication of the media server, and when the IP address of the authorized user changes, the authorized user cannot access the IP address in the media server. streaming files.
因此,现有技术中流媒体文件的防盗链技术存在以下问题:防盗链的可靠性低以及准确性差。Therefore, the anti-leech technology for streaming media files in the prior art has the following problems: low reliability and poor accuracy of anti-leech.
发明内容Contents of the invention
本发明实施例公开了一种流媒体文件的防盗链方法及设备,能够提高流媒体文件的防盗链的可靠性以及准确性。The embodiment of the invention discloses a hotlink prevention method and equipment for streaming media files, which can improve the reliability and accuracy of hotlink prevention for streaming media files.
本发明实施例第一方面公开了一种流媒体文件的防盗链方法,包括:The first aspect of the embodiment of the present invention discloses a method for preventing hotlinking of streaming media files, including:
终端向中间件发送用于获取流媒体文件的URL的第一请求消息;The terminal sends the first request message for obtaining the URL of the streaming media file to the middleware;
所述终端接收所述中间件响应所述第一请求消息返回的所述流媒体文件的第一URL,所述第一URL包括字符串、所述流媒体文件的第一索引文件的文件标识以及存储所述流媒体文件的媒体服务器的服务器标识,所述字符串由所述中间件根据与所述媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成,所述目标密钥由所述终端与所述中间件约定;The terminal receives the first URL of the streaming media file returned by the middleware in response to the first request message, the first URL includes a character string, the file identifier of the first index file of the streaming media file, and Store the server identification of the media server of the streaming media file, the character string is generated by the middleware after encrypting the target key according to the encryption algorithm and the encryption key agreed with the media server, and the target key is generated by The terminal agrees with the middleware;
所述终端根据所述第一URL向所述媒体服务器发送第一索引文件请求消息;The terminal sends a first index file request message to the media server according to the first URL;
所述终端接收所述媒体服务器响应所述第一索引文件请求消息返回的第一目标文件,所述第一目标文件由所述媒体服务器根据所述目标密钥对所述第一索引文件加密后生成,所述目标密钥由所述媒体服务器根据与所述中间件约定的所述加密算法及所述加密密钥从所述第一URL包括的所述字符串中解析获得;The terminal receives the first target file returned by the media server in response to the first index file request message, where the first target file is encrypted by the media server according to the target key Generate, the target key is obtained by parsing and obtaining the target key from the character string included in the first URL according to the encryption algorithm and the encryption key agreed with the middleware by the media server;
所述终端根据所述目标密钥解析所述第一目标文件以获取所述第一索引文件;The terminal parses the first target file according to the target key to obtain the first index file;
所述终端以所述第一索引文件为依据从所述媒体服务器中获取所述流媒体文件的分片文件。The terminal acquires the segmented file of the streaming media file from the media server based on the first index file.
在本发明实施例第一方面的第一种可能的实现方式中,所述方法还包括:In a first possible implementation manner of the first aspect of the embodiments of the present invention, the method further includes:
当所述第一索引文件包括所述流媒体文件的第二索引文件的文件标识时,所述终端向所述媒体服务器发送第二URL,所述第二URL包括所述第二索引文件的文件标识、所述字符串以及所述服务器标识;When the first index file includes the file identifier of the second index file of the streaming media file, the terminal sends a second URL to the media server, and the second URL includes the file of the second index file ID, said character string, and said server ID;
所述终端接收所述媒体服务器返回的第二目标文件,所述第二目标文件由所述媒体服务器根据所述目标密钥对所述第二索引文件加密后生成,所述目标密钥由所述媒体服务器根据与所述中间件约定的所述加密算法及所述加密密钥从所述第二URL包括的所述字符串中解析获得;The terminal receives the second target file returned by the media server, the second target file is generated by the media server after encrypting the second index file according to the target key, and the target key is generated by the The media server obtains by parsing the character string included in the second URL according to the encryption algorithm and the encryption key agreed with the middleware;
所述终端根据所述目标密钥解析所述第二目标文件以获取所述第二索引文件;The terminal parses the second target file according to the target key to obtain the second index file;
所述终端以所述第二索引文件为依据从所述媒体服务器中获取所述流媒体文件的分片文件。The terminal obtains the segmented file of the streaming media file from the media server based on the second index file.
结合本发明实施例第一方面或本发明实施例第一方面的第一种可能的实现方式,在本发明实施例第一方面的第二种可能的实现方式中,所述终端向中间件发送用于获取流媒体文件的URL的第一请求消息之前,所述方法还包括:With reference to the first aspect of the embodiments of the present invention or the first possible implementation of the first aspect of the embodiments of the present invention, in the second possible implementation of the first aspect of the embodiments of the present invention, the terminal sends to the middleware Before the first request message for obtaining the URL of the streaming media file, the method also includes:
终端向中间件发送用于对用户进行身份认证的第二请求消息;The terminal sends a second request message for authenticating the user to the middleware;
所述终端接收所述中间件返回的用于指示所述用户为授权用户的用户认证响应消息;The terminal receives a user authentication response message returned by the middleware for indicating that the user is an authorized user;
所述终端确定与所述中间件约定的目标密钥。The terminal determines the target key agreed with the middleware.
结合本发明实施例第一方面的第二种可能的实现方式,在本发明实施例第一方面的第三种可能的实现方式中,所述终端确定与所述中间件约定的目标密钥包括:With reference to the second possible implementation manner of the first aspect of the embodiments of the present invention, in the third possible implementation manner of the first aspect of the embodiments of the present invention, the terminal determines that the target key agreed with the middleware includes :
所述终端根据与所述中间件约定的加密算法对目标参数进行加密,以将加密后的目标参数作为目标密钥,所述目标参数由所述终端与所述中间件约定。The terminal encrypts the target parameter according to the encryption algorithm agreed with the middleware, so as to use the encrypted target parameter as a target key, and the target parameter is agreed between the terminal and the middleware.
结合本发明实施例第一方面的第三种可能的实现方式,在本发明实施例第一方面的第四种可能的实现方式中,所述目标参数包括所述终端生成的第一随机数、所述中间件生成的第二随机数、所述终端的MAC地址以及所述中间件为所述终端分配的会话标识中的至少一个。With reference to the third possible implementation manner of the first aspect of the embodiments of the present invention, in a fourth possible implementation manner of the first aspect of the embodiments of the present invention, the target parameter includes the first random number generated by the terminal, At least one of the second random number generated by the middleware, the MAC address of the terminal, and the session identifier allocated to the terminal by the middleware.
本发明实施例第二方面公开了一种流媒体文件的防盗链方法,包括:The second aspect of the embodiment of the present invention discloses a method for preventing hotlinking of streaming media files, including:
媒体服务器接收终端根据第一URL发送的第一索引文件请求消息,所述第一URL由所述终端从中间件中获取,所述第一URL包括字符串、所述流媒体文件的第一索引文件的文件标识以及所述媒体服务器的服务器标识,所述字符串由所述中间件根据与所述媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成,所述目标密钥由所述终端与所述中间件约定,所述媒体服务器中存储有所述流媒体文件;The media server receives the first index file request message sent by the terminal according to the first URL, the first URL is acquired by the terminal from the middleware, the first URL includes a character string, the first index of the streaming media file The file identifier of the file and the server identifier of the media server, the character string is generated by the middleware after encrypting the target key according to the encryption algorithm and the encryption key agreed with the media server, and the target key is generated by The terminal agrees with the middleware that the streaming media file is stored in the media server;
所述媒体服务器以与所述中间件约定的所述加密算法以及所述加密密钥为依据解析所述第一URL包括的所述字符串;The media server parses the character string included in the first URL based on the encryption algorithm agreed with the middleware and the encryption key;
当所述媒体服务器从所述第一URL包括的所述字符串中解析出所述目标密钥时,所述媒体服务器向所述终端发送第一目标文件,所述第一目标文件由所述媒体服务器根据从所述第一URL包括的所述字符串中解析出的所述目标密钥对所述第一索引文件加密后生成;When the media server parses the target key from the character string included in the first URL, the media server sends a first target file to the terminal, and the first target file is generated by the The media server generates after encrypting the first index file according to the target key parsed from the character string included in the first URL;
所述媒体服务器接收所述终端发送的用于获取所述流媒体文件的分片文件的第一请求消息;The media server receives a first request message sent by the terminal for obtaining fragmented files of the streaming media file;
所述媒体服务器响应所述第一请求消息并向所述终端发送所述流媒体文件的分片文件。The media server responds to the first request message and sends the fragmented file of the streaming media file to the terminal.
在本发明实施例第二方面的第一种可能的实现方式中,所述方法还包括:In a first possible implementation manner of the second aspect of the embodiment of the present invention, the method further includes:
当所述第一索引文件包括所述流媒体文件的第二索引文件的文件标识时,所述媒体服务器接收所述终端发送的所述流媒体文件的第二URL,所述第二URL包括所述字符串、所述第二索引文件的文件标识以及所述服务器标识;When the first index file includes the file identifier of the second index file of the streaming media file, the media server receives the second URL of the streaming media file sent by the terminal, and the second URL includes the The character string, the file identifier of the second index file and the server identifier;
所述媒体服务器以与所述中间件约定的所述加密算法以及所述加密密钥为依据解析所述第二URL包括的所述字符串;The media server parses the character string included in the second URL based on the encryption algorithm and the encryption key agreed with the middleware;
当所述媒体服务器从所述第二URL包括的所述字符串中解析出所述目标密钥时,所述媒体服务器向所述终端发送第二目标文件,所述第二目标文件由所述媒体服务器根据从所述第二URL包括的所述字符串中解析出的所述目标密钥对所述第二索引文件加密后生成;When the media server parses the target key from the character string included in the second URL, the media server sends a second target file to the terminal, and the second target file is generated by the The media server generates after encrypting the second index file according to the target key parsed from the character string included in the second URL;
所述媒体服务器接收所述终端发送的用于获取所述流媒体文件的分片文件的第二请求消息;The media server receives a second request message sent by the terminal for obtaining a fragmented file of the streaming media file;
所述媒体服务器响应所述第二请求消息并向所述终端发送所述流媒体文件的分片文件。The media server responds to the second request message and sends the segmented file of the streaming media file to the terminal.
结合本发明实施例第二方面的第一种可能的实现方式,在本发明实施例第二方面的第二种可能的实现方式中,所述方法还包括:With reference to the first possible implementation manner of the second aspect of the embodiment of the present invention, in the second possible implementation manner of the second aspect of the embodiment of the present invention, the method further includes:
当所述媒体服务器未从所述第一URL包括的所述字符串或所述第二URL包括的所述字符串中解析出所述目标密钥时,所述媒体服务器向所述终端返回用于指示用户为非授权用户的指示消息。When the media server does not resolve the target key from the character string included in the first URL or the character string included in the second URL, the media server returns to the terminal with An indication message for indicating that the user is an unauthorized user.
本发明实施例第三方面公开了一种终端,所述终端包括输出模块、输入模块、解析模块以及获取模块,其中:The third aspect of the embodiment of the present invention discloses a terminal, the terminal includes an output module, an input module, an analysis module, and an acquisition module, wherein:
所述输出模块,用于向中间件发送用于获取流媒体文件的URL的第一请求消息;The output module is used to send the first request message for obtaining the URL of the streaming media file to the middleware;
所述输入模块,用于接收所述中间件响应所述第一请求消息返回的所述流媒体文件的第一URL,所述第一URL包括字符串、所述流媒体文件的第一索引文件的文件标识以及存储所述流媒体文件的媒体服务器的服务器标识,所述字符串由所述中间件根据与所述媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成,所述目标密钥由所述终端与所述中间件约定;The input module is configured to receive the first URL of the streaming media file returned by the middleware in response to the first request message, the first URL including a character string, a first index file of the streaming media file The file identifier of the file and the server identifier of the media server storing the streaming media file, the character string is generated by the middleware after encrypting the target key according to the encryption algorithm and the encryption key agreed with the media server, and the The target key is agreed between the terminal and the middleware;
所述输出模块,还用于根据所述第一URL向所述媒体服务器发送第一索引文件请求消息;The output module is further configured to send a first index file request message to the media server according to the first URL;
所述输入模块,还用于接收所述媒体服务器响应所述第一索引文件请求消息返回的第一目标文件,所述第一目标文件由所述媒体服务器根据所述目标密钥对所述第一索引文件加密后生成,所述目标密钥由所述媒体服务器根据与所述中间件约定的所述加密算法及所述加密密钥从所述第一URL包括的所述字符串中解析获得;The input module is further configured to receive the first target file returned by the media server in response to the first index file request message, the first target file is paired with the first target file by the media server according to the target key An index file is encrypted and generated, and the target key is obtained by parsing the character string included in the first URL by the media server according to the encryption algorithm and the encryption key agreed with the middleware ;
所述解析模块,用于根据所述目标密钥解析所述第一目标文件以获取所述第一索引文件;The parsing module is configured to parse the first target file according to the target key to obtain the first index file;
所述获取模块,用于以所述第一索引文件为依据从所述媒体服务器中获取所述流媒体文件的分片文件。The obtaining module is configured to obtain the segmented file of the streaming media file from the media server based on the first index file.
在本发明实施例第三方面的第一种可能的实现方式中,所述输出模块,还用于当所述第一索引文件包括所述流媒体文件的第二索引文件的文件标识时,向所述媒体服务器发送第二URL,所述第二URL包括所述第二索引文件的文件标识、所述字符串以及所述服务器标识;In a first possible implementation manner of the third aspect of the embodiment of the present invention, the output module is further configured to, when the first index file includes the file identifier of the second index file of the streaming media file, send The media server sends a second URL, and the second URL includes the file identifier of the second index file, the character string and the server identifier;
所述输入模块,还用于接收所述媒体服务器返回的第二目标文件,所述第二目标文件由所述媒体服务器根据所述目标密钥对所述第二索引文件加密后生成,所述目标密钥由所述媒体服务器根据与所述中间件约定的所述加密算法及所述加密密钥从所述第二URL包括的所述字符串中解析获得;The input module is further configured to receive a second target file returned by the media server, the second target file is generated by the media server after encrypting the second index file according to the target key, the The target key is obtained by parsing the character string included in the second URL according to the encryption algorithm and the encryption key agreed with the middleware by the media server;
所述解析模块,还用于根据所述目标密钥解析所述第二目标文件以获取所述第二索引文件;The parsing module is further configured to parse the second target file according to the target key to obtain the second index file;
所述获取模块,还用于以所述第二索引文件为依据从所述媒体服务器中获取所述流媒体文件的分片文件。The obtaining module is further configured to obtain the segmented file of the streaming media file from the media server based on the second index file.
结合本发明实施例第三方面或本发明实施例第三方面的第一种可能的实现方式,在本发明实施例第三方面的第二种可能的实现方式中,所述输出模块,还用于在所述输出模块向所述中间件发送用于获取所述流媒体文件的URL的第一请求消息之前,向所述中间件发送用于对用户进行身份认证的第二请求消息;In combination with the third aspect of the embodiments of the present invention or the first possible implementation of the third aspect of the embodiments of the present invention, in the second possible implementation of the third aspect of the embodiments of the present invention, the output module also uses Before the output module sends the first request message for obtaining the URL of the streaming media file to the middleware, send a second request message for authenticating the user to the middleware;
所述输入模块,还用于接收所述中间件返回的用于指示所述用户为授权用户的用户认证响应消息;The input module is further configured to receive a user authentication response message returned by the middleware to indicate that the user is an authorized user;
所述终端还包括确定模块,其中:The terminal also includes a determination module, wherein:
所述确定模块,用于确定与所述中间件约定的所述目标密钥。The determining module is configured to determine the target key agreed with the middleware.
结合本发明实施例第三方面的第二种可能的实现方式,在本发明实施例第三方面的第三种可能的实现方式中,所述确定模块确定与所述中间件约定的所述目标密钥的具体方式为:With reference to the second possible implementation of the third aspect of the embodiments of the present invention, in the third possible implementation of the third aspect of the embodiments of the present invention, the determining module determines the target agreed with the middleware The specific method of the key is:
根据与所述中间件约定的加密算法对目标参数进行加密,以将加密后的目标参数作为所述目标密钥,所述目标参数由所述终端与所述中间件约定。The target parameter is encrypted according to the encryption algorithm agreed with the middleware, so as to use the encrypted target parameter as the target key, and the target parameter is agreed between the terminal and the middleware.
结合本发明实施例第三方面的第三种可能的实现方式,在本发明实施例第三方面的第四种可能的实现方式中,所述目标参数包括所述终端生成的第一随机数、所述中间件生成的第二随机数、所述终端的MAC地址以及所述中间件为所述终端分配的会话标识中的至少一个。With reference to the third possible implementation manner of the third aspect of the embodiments of the present invention, in a fourth possible implementation manner of the third aspect of the embodiments of the present invention, the target parameter includes the first random number generated by the terminal, At least one of the second random number generated by the middleware, the MAC address of the terminal, and the session identifier allocated to the terminal by the middleware.
本发明实施例第四方面公开了一种媒体服务器,所述媒体服务器包括输入模块、解析模块以及输出模块:The fourth aspect of the embodiment of the present invention discloses a media server, the media server includes an input module, an analysis module and an output module:
所述输入模块,用于接收终端根据第一URL发送的第一索引文件请求消息,所述第一URL由所述终端从中间件中获取,所述第一URL包括字符串、所述流媒体文件的第一索引文件的文件标识以及所述媒体服务器的服务器标识,所述字符串由所述中间件根据与所述媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成,所述目标密钥由所述终端与所述中间件约定,所述媒体服务器中存储有所述流媒体文件;The input module is configured to receive a first index file request message sent by the terminal according to a first URL, the first URL is obtained by the terminal from the middleware, the first URL includes a character string, the streaming media The file identifier of the first index file of the file and the server identifier of the media server, the character string is generated by the middleware after encrypting the target key according to the encryption algorithm and the encryption key agreed with the media server, and the The target key is agreed between the terminal and the middleware, and the streaming media file is stored in the media server;
所述解析模块,用于以与所述中间件约定的所述加密算法以及所述加密密钥为依据解析所述第一URL包括的所述字符串;The parsing module is configured to parse the character string included in the first URL based on the encryption algorithm agreed with the middleware and the encryption key;
所述输出模块,用于当所述解析模块从所述第一URL包括的所述字符串中解析出所述目标密钥时,向所述终端发送第一目标文件,所述第一目标文件由所述媒体服务器根据从所述第一URL包括的所述字符串中解析出的所述目标密钥对所述第一索引文件加密后生成;The output module is configured to send a first target file to the terminal when the parsing module parses the target key from the character string included in the first URL, and the first target file generated by the media server after encrypting the first index file according to the target key parsed from the character string included in the first URL;
所述输入模块,还用于接收所述终端发送的用于获取所述流媒体文件的分片文件的第一请求消息;The input module is further configured to receive a first request message sent by the terminal for obtaining fragmented files of the streaming media file;
所述输出模块,还用于响应所述第一请求消息并向所述终端发送所述流媒体文件的分片文件。The output module is further configured to respond to the first request message and send fragmented files of the streaming media file to the terminal.
在本发明实施例第四方面的第一种可能的实现方式中,所述输入模块,还用于当所述第一索引文件包括所述流媒体文件的第二索引文件的文件标识时,接收所述终端发送的所述流媒体文件的第二URL,所述第二URL包括所述字符串、所述第二索引文件的文件标识以及所述服务器标识;In a first possible implementation manner of the fourth aspect of the embodiment of the present invention, the input module is further configured to, when the first index file includes the file identifier of the second index file of the streaming media file, receive The second URL of the streaming media file sent by the terminal, the second URL including the character string, the file identifier of the second index file and the server identifier;
所述解析模块,还用于以与所述中间件约定的所述加密算法以及所述加密密钥为依据解析所述第二URL包括的所述字符串;The parsing module is further configured to parse the character string included in the second URL based on the encryption algorithm and the encryption key agreed with the middleware;
所述输出模块,还用于当所述解析模块从所述第二URL包括的所述字符串中解析出所述目标密钥时,向所述终端发送第二目标文件,所述第二目标文件由所述媒体服务器根据从所述第二URL包括的所述字符串中解析出的所述目标密钥对所述第二索引文件加密后生成;The output module is further configured to send a second target file to the terminal when the parsing module parses the target key from the character string included in the second URL, and the second target The file is generated by the media server after encrypting the second index file according to the target key parsed from the character string included in the second URL;
所述输入模块,还用于接收所述终端发送的用于获取所述流媒体文件的分片文件的第二请求消息;The input module is further configured to receive a second request message sent by the terminal for obtaining fragmented files of the streaming media file;
所述输出模块,还用于响应所述第二请求消息并向所述终端发送所述流媒体文件的分片文件。The output module is further configured to respond to the second request message and send the fragmented file of the streaming media file to the terminal.
结合本发明实施例第四方面的第一种可能的实现方式,在本发明实施例第四方面的第二种可能的实现方式中,所述输出模块,还用于当所述解析模块未从所述第一URL包括的所述字符串或所述第二URL包括的所述字符串中解析出所述目标密钥时,向所述终端返回用于指示用户为非授权用户的指示消息。With reference to the first possible implementation of the fourth aspect of the embodiments of the present invention, in the second possible implementation of the fourth aspect of the embodiments of the present invention, the output module is further configured to be used when the parsing module is not from When the target key is resolved from the character string included in the first URL or the character string included in the second URL, an indication message for indicating that the user is an unauthorized user is returned to the terminal.
本发明实施例中,终端首先从中间件获取到流媒体文件的URL,其中,该URL包括字符串、流媒体文件的索引文件的文件标识以及存储流媒体文件的媒体服务器的服务器标识且字符串由中间件根据与媒体服务器约定的加密算法以及加密密钥对终端与中间件约定的目标密钥加密后生成,然后,终端依据该URL向媒体服务器发送索引文件请求消息并接收媒体服务器响应该索引文件请求消息返回的目标文件,其中,目标文件由媒体服务器根据目标密钥对索引文件加密后生成,最后,终端根据目标密钥解析目标文件以获取索引文件并以该索引文件为依据从媒体服务器中获取流媒体文件的分片文件。实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。In the embodiment of the present invention, the terminal first obtains the URL of the streaming media file from the middleware, wherein the URL includes a character string, the file identifier of the index file of the streaming media file, and the server identifier of the media server storing the streaming media file and the string It is generated by the middleware after encrypting the target key agreed between the terminal and the middleware according to the encryption algorithm and encryption key agreed with the media server. Then, the terminal sends an index file request message to the media server according to the URL and receives the media server’s response to the index file. The target file returned by the file request message, wherein the target file is generated by the media server after encrypting the index file according to the target key, and finally, the terminal parses the target file according to the target key to obtain the index file and obtains the index file from the media server based on the index file Get the fragmented file of the streaming media file. Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
附图说明Description of drawings
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the following will briefly introduce the accompanying drawings that need to be used in the embodiments. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For Those of ordinary skill in the art can also obtain other drawings based on these drawings without making creative efforts.
图1是本发明实施例公开的一种流媒体文件的防盗链系统的结构示意图;Fig. 1 is a schematic structural diagram of an anti-hotlinking system for streaming media files disclosed in an embodiment of the present invention;
图2是本发明实施例公开的一种终端的结构示意图;FIG. 2 is a schematic structural diagram of a terminal disclosed in an embodiment of the present invention;
图3是本发明实施例公开的一种媒体服务器的结构示意图;Fig. 3 is a schematic structural diagram of a media server disclosed by an embodiment of the present invention;
图4是本发明实施例公开的一种流媒体文件的防盗链方法的流程示意图;FIG. 4 is a schematic flow diagram of a method for preventing hotlinking of streaming media files disclosed in an embodiment of the present invention;
图5是本发明实施例公开的另一种流媒体文件的防盗链方法的流程示意图;Fig. 5 is a schematic flow diagram of another anti-hotlinking method for streaming media files disclosed in an embodiment of the present invention;
图6是本发明实施例公开的又一种流媒体文件的防盗链方法的流程示意图;6 is a schematic flow diagram of another method for preventing hotlinking of streaming media files disclosed in an embodiment of the present invention;
图7是本发明实施例公开的又一种流媒体文件的防盗链方法的流程示意图;FIG. 7 is a schematic flow diagram of another anti-hotlinking method for streaming media files disclosed in an embodiment of the present invention;
图8是本发明实施例公开的另一种终端的结构示意图;FIG. 8 is a schematic structural diagram of another terminal disclosed in an embodiment of the present invention;
图9是本发明实施例公开的又一种终端的结构示意图;FIG. 9 is a schematic structural diagram of another terminal disclosed in an embodiment of the present invention;
图10是本发明实施例公开的另一种媒体服务器的结构示意图。Fig. 10 is a schematic structural diagram of another media server disclosed by an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
本发明实施例公开了一种流媒体文件的防盗链方法及设备,能够提高流媒体文件的防盗链的可靠性以及准确性,且本发明实施例公开的流媒体文件的防盗链方法可以应用于如图1所示的系统中,图1是本发明实施例公开的一种流媒体文件的防盗链系统的结构示意图,如图1所示,该流媒体文件的防盗链系统可以包括终端101、中间件102以及媒体服务器103,媒体服务器103中存储有用户需要通过终端101访问的流媒体文件,且流媒体文件是以分片文件的形式存储在媒体服务器103中的,中间件102中存储有流媒体文件的URL以及用户身份标识(如用户名以及用户密码等)等,且终端101与中间件102约定有目标密钥,中间件102与媒体服务器103约定有加密算法以及加密密钥,其中:The embodiment of the present invention discloses a method and device for preventing hotlinking of streaming media files, which can improve the reliability and accuracy of anti-leeching of streaming media files, and the method for preventing hotlinking of streaming media files disclosed in the embodiment of the present invention can be applied to In the system shown in Figure 1, Figure 1 is a schematic structural diagram of an anti-leeching system for streaming media files disclosed in an embodiment of the present invention, as shown in Figure 1, the anti-leeching system for streaming media files may include a terminal 101, The middleware 102 and the media server 103 store the streaming media files that the user needs to access through the terminal 101 in the media server 103, and the streaming media files are stored in the media server 103 in the form of fragmented files, and the middleware 102 stores The URL of the streaming media file and the user identity (such as user name and user password, etc.), and the terminal 101 and the middleware 102 agree on a target key, and the middleware 102 and the media server 103 agree on an encryption algorithm and an encryption key, wherein :
终端101在通过中间件102的用户身份认证后,从中间件102获取用户需要访问的流媒体文件的第一URL并根据该第一URL向媒体服务器103发送第一索引文件请求消息,之后,接收媒体服务器103响应该第一索引文件请求消息返回的加密后的第一索引文件并解析该加密后的第一索引文件以获取流媒体文件的第一索引文件,当第一索引文件未包括流媒体文件的第二索引文件的文件标识时,终端101以第一索引文件为依据从媒体服务器103中获取流媒体文件的分片文件,当第一索引文件包括流媒体文件的第二索引文件的文件标识时,终端101向媒体服务器103发送包括第二索引文件的文件标识的第二URL并接收媒体服务器103返回的加密后的第二索引文件,之后,解析该加密后的第二索引文件以获取流媒体文件的第二索引文件,最后,终端101以第二索引文件为依据从媒体服务器103中获取流媒体文件的分片文件。After the terminal 101 passes through the user identity authentication of the middleware 102, it obtains the first URL of the streaming media file that the user needs to access from the middleware 102 and sends the first index file request message to the media server 103 according to the first URL, and then receives The encrypted first index file returned by the media server 103 in response to the first index file request message and parses the encrypted first index file to obtain the first index file of the streaming media file, when the first index file does not include the streaming media When the file identification of the second index file of the file, the terminal 101 obtains the segmented file of the streaming media file from the media server 103 based on the first index file, when the first index file includes the file of the second index file of the streaming media file When identifying, the terminal 101 sends to the media server 103 a second URL including the file identification of the second index file and receives the encrypted second index file returned by the media server 103, and then parses the encrypted second index file to obtain The second index file of the streaming media file. Finally, the terminal 101 obtains the fragment file of the streaming media file from the media server 103 based on the second index file.
中间件102在确认用户为授权用户后,接收终端101发送的用于获取用户需要访问的流媒体文件的URL的请求消息并向终端101发送上述第一URL。After confirming that the user is an authorized user, the middleware 102 receives the request message sent by the terminal 101 for obtaining the URL of the streaming media file that the user needs to access and sends the above-mentioned first URL to the terminal 101 .
媒体服务器103接收终端101发送的上述第一索引文件请求消息并解析上述第一URL,当确认出用户为授权用户后,媒体服务器103向终端101发送加密后的第一索引文件,当第一索引文件未包括流媒体文件的第二索引文件的文件标识时,媒体服务器103接收终端101发送的用于获取流媒体文件的请求消息并向终端101返回流媒体文件的分片文件,当第一索引文件包括流媒体文件的第二索引文件的文件标识时,媒体服务器103接收终端101发送的上述第二URL并解析该第二URL,当确认出用户为授权用户后,媒体服务器103向终端101发送加密后的第二索引文件,之后,媒体服务器103接收终端101发送的用于获取流媒体文件的请求消息并向终端101发送流媒体文件的分片文件。The media server 103 receives the above-mentioned first index file request message sent by the terminal 101 and parses the above-mentioned first URL. After confirming that the user is an authorized user, the media server 103 sends the encrypted first index file to the terminal 101. When the first index When the file does not include the file identification of the second index file of the streaming media file, the media server 103 receives the request message for obtaining the streaming media file sent by the terminal 101 and returns the segmented file of the streaming media file to the terminal 101, when the first index When the file includes the file identification of the second index file of the streaming media file, the media server 103 receives the above-mentioned second URL sent by the terminal 101 and parses the second URL. After confirming that the user is an authorized user, the media server 103 sends the terminal 101 After the encrypted second index file, the media server 103 receives the request message for acquiring the streaming media file sent by the terminal 101 and sends the fragmented file of the streaming media file to the terminal 101 .
请参阅图2,图2是本发明实施例公开的一种终端的结构示意图。如图2所示,该终端200可以包括:至少一个处理器201,如CPU,输入装置202,输出装置203,存储器204以及至少一个通信总线205,存储器204可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),如至少一个磁盘存储器,可选的,存储器204还可以是至少一个位于远离前述处理器201的存储装置。其中:Please refer to FIG. 2 . FIG. 2 is a schematic structural diagram of a terminal disclosed in an embodiment of the present invention. As shown in Figure 2, the terminal 200 may include: at least one processor 201, such as a CPU, an input device 202, an output device 203, a memory 204 and at least one communication bus 205, and the memory 204 may be a high-speed RAM memory or a Stable memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 204 may also be at least one storage device located far away from the aforementioned processor 201 . in:
通信总线205用于实现这些组件之间的连接通信。The communication bus 205 is used to realize connection communication between these components.
输出装置203用于向中间件发送用于获取流媒体文件的URL的第一请求消息。The output device 203 is configured to send a first request message for acquiring the URL of the streaming media file to the middleware.
输入装置202用于接收中间件响应第一请求消息返回的流媒体文件的第一URL,其中,第一URL包括字符串、流媒体文件的第一索引文件的文件标识以及存储流媒体文件的媒体服务器的服务器标识,字符串由中间件根据与媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成且目标密钥由终端200与中间件约定。The input device 202 is used to receive the first URL of the streaming media file returned by the middleware in response to the first request message, wherein the first URL includes a character string, the file identifier of the first index file of the streaming media file, and the media storing the streaming media file The server identifier of the server, the character string is generated by the middleware after encrypting the target key according to the encryption algorithm and encryption key agreed with the media server, and the target key is agreed between the terminal 200 and the middleware.
输出装置203还用于根据上述第一URL向媒体服务器发送第一索引文件请求消息。The output device 203 is further configured to send a first index file request message to the media server according to the first URL.
输入装置202还用于接收媒体服务器响应上述第一索引文件请求消息返回的第一目标文件,其中,第一目标文件由媒体服务器根据目标密钥对第一索引文件加密后生成,且目标密钥由媒体服务器根据与中间件约定的加密算法及加密密钥从上述第一URL包括的字符串中解析获得。The input device 202 is also used to receive the first target file returned by the media server in response to the first index file request message, wherein the first target file is generated by the media server after encrypting the first index file according to the target key, and the target key The media server obtains it by parsing the character string included in the first URL according to the encryption algorithm and encryption key agreed with the middleware.
处理器201用于调用存储器204中存储的程序代码,用于执行以下操作:The processor 201 is used to call the program code stored in the memory 204 to perform the following operations:
根据目标密钥解析第一目标文件以获取第一索引文件并以第一索引文件为依据从媒体服务器中获取流媒体文件的分片文件。The first target file is parsed according to the target key to obtain the first index file, and the segment file of the streaming media file is obtained from the media server based on the first index file.
作为一种可选的实施方式,输出装置203还可以用于当第一索引文件包括流媒体文件的第二索引文件的文件标识时,向媒体服务器发送第二URL,其中,第二URL包括第二索引文件的文件标识、字符串以及服务器标识。As an optional implementation manner, the output device 203 may also be configured to send a second URL to the media server when the first index file includes the file identifier of the second index file of the streaming media file, wherein the second URL includes the second URL of the streaming media file. The file ID, string, and server ID of the second index file.
输入装置202还可以用于接收媒体服务器返回的第二目标文件,其中,第二目标文件由媒体服务器根据目标密钥对第二索引文件加密后生成,且目标密钥由媒体服务器根据与中间件约定的加密算法及加密密钥从第二URL包括的字符串中解析获得。The input device 202 can also be used to receive the second target file returned by the media server, wherein the second target file is generated by the media server after encrypting the second index file according to the target key, and the target key is generated by the media server according to the The agreed encryption algorithm and encryption key are obtained by parsing the character string included in the second URL.
处理器201用于调用存储器204中存储的程序代码,还用于执行以下操作:The processor 201 is used to call the program code stored in the memory 204, and is also used to perform the following operations:
根据目标密钥解析第二目标文件以获取第二索引文件并以第二索引文件为依据从媒体服务器中获取流媒体文件的分片文件。The second target file is parsed according to the target key to obtain a second index file, and the segment file of the streaming media file is obtained from the media server based on the second index file.
作为一种可选的实施方式,输出装置203还可以用于在输出装置203向中间件发送用于获取流媒体文件的URL的第一请求消息之前,向中间件发送用于对用户进行身份认证的第二请求消息。As an optional implementation manner, the output device 203 can also be used to send the first request message used to authenticate the user to the middleware before the output device 203 sends the first request message for obtaining the URL of the streaming media file to the middleware. of the second request message.
输入装置202还可以用于接收中间件返回的用于指示用户为授权用户的用户认证响应消息。The input device 202 may also be used to receive a user authentication response message returned by the middleware and used to indicate that the user is an authorized user.
处理器201用于调用存储器204中存储的程序代码,还用于执行以下操作:The processor 201 is used to call the program code stored in the memory 204, and is also used to perform the following operations:
确定与中间件约定的目标密钥。Determine the target key agreed with the middleware.
作为一种可选的实施方式,处理器201确定与中间件约定的目标密钥的具体方式可以为:As an optional implementation manner, the specific manner in which the processor 201 determines the target key agreed with the middleware may be as follows:
根据与中间件约定的加密算法对目标参数进行加密,以将加密后的目标参数作为目标密钥,其中,目标参数由终端200与中间件约定。The target parameter is encrypted according to the encryption algorithm agreed with the middleware, so that the encrypted target parameter is used as the target key, wherein the target parameter is agreed between the terminal 200 and the middleware.
可选的,目标参数可以包括终端200生成的第一随机数、中间件生成的第二随机数、终端200的MAC地址以及中间件为终端200分配的会话标识中的至少一个。Optionally, the target parameter may include at least one of the first random number generated by the terminal 200, the second random number generated by the middleware, the MAC address of the terminal 200, and the session identifier assigned to the terminal 200 by the middleware.
实施本发明实施例能够提高流媒体文件的防盗链的可靠性以及准确定。Implementing the embodiments of the present invention can improve the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图3,图3是本发明实施例公开的一种媒体服务器的结构示意图。如图3所示,该媒体服务器300可以包括:至少一个处理器301,如CPU,输入装置302,输出装置303,存储器304以及至少一个通信总线305,存储器304可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),如至少一个磁盘存储器,可选的,存储器304还可以是至少一个位于远离前述处理器301的存储装置。其中:Please refer to FIG. 3 . FIG. 3 is a schematic structural diagram of a media server disclosed in an embodiment of the present invention. As shown in Figure 3, the media server 300 may include: at least one processor 301, such as a CPU, an input device 302, an output device 303, a memory 304 and at least one communication bus 305, and the memory 304 may be a high-speed RAM memory or a non- An unstable memory (non-volatile memory), such as at least one disk memory. Optionally, the memory 304 may also be at least one storage device located away from the aforementioned processor 301 . in:
通信总线305用于实现这些组件之间的连接通信。The communication bus 305 is used to realize connection communication between these components.
输入装置302用于接收终端根据第一URL发送的第一索引文件请求消息,其中,第一URL由终端从中间件中获取,第一URL包括字符串、流媒体文件的第一索引文件的文件标识以及媒体服务器300的服务器标识,字符串由中间件根据与媒体服务器300约定的加密算法以及加密密钥对目标密钥加密后生成,目标密钥由终端与中间件约定,且媒体服务器300中存储有流媒体文件。The input device 302 is configured to receive the first index file request message sent by the terminal according to the first URL, wherein the first URL is acquired by the terminal from the middleware, and the first URL includes a character string, a file of the first index file of the streaming media file ID and the server ID of the media server 300, the character string is generated by the middleware after encrypting the target key according to the encryption algorithm agreed with the media server 300 and the encryption key, the target key is agreed by the terminal and the middleware, and the media server 300 Streaming media files are stored.
处理器301用于调用存储器304中存储的程序代码,用于执行以下操作:The processor 301 is used to call the program code stored in the memory 304 to perform the following operations:
以与中间件约定加密算法以及加密密钥为依据解析第一URL包括的字符串。The character string included in the first URL is parsed based on the encryption algorithm and the encryption key agreed upon with the middleware.
输出装置303用于当处理器301从第一URL包括的字符串中解析出目标密钥时,向终端发送第一目标文件,其中,第一目标文件由媒体服务器300根据从第一URL包括的字符串中解析出的目标密钥对第一索引文件加密后生成。The output device 303 is configured to send the first target file to the terminal when the processor 301 parses the target key from the string included in the first URL, wherein the first target file is used by the media server 300 according to the string included in the first URL. The target key parsed from the character string is generated after encrypting the first index file.
输入装置302还用于接收终端发送的用于获取流媒体文件的分片文件的第一请求消息。The input device 302 is further configured to receive a first request message sent by the terminal for acquiring segment files of the streaming media file.
输出装置303还用于响应第一请求消息并向终端发送流媒体文件的分片文件。The output device 303 is also configured to respond to the first request message and send the segmented file of the streaming media file to the terminal.
作为一种可选的实施方式,输入装置302还可以用于当第一索引文件包括流媒体文件的第二索引文件的文件标识时,接收终端发送的流媒体文件的第二URL,其中,第二URL包括字符串、第二索引文件的文件标识以及服务器标识。As an optional implementation manner, the input device 302 may also be used to receive the second URL of the streaming media file sent by the terminal when the first index file includes the file identifier of the second index file of the streaming media file, where the first The second URL includes a character string, a file ID of the second index file, and a server ID.
处理器301用于调用存储器304中存储的程序代码,还用于执行以下操作:The processor 301 is used to call the program code stored in the memory 304, and is also used to perform the following operations:
以与中间件约定的加密算法以及加密密钥为依据解析第二URL包括的字符串。The character string included in the second URL is parsed based on the encryption algorithm and the encryption key agreed with the middleware.
输出装置303还可以用于当处理器301从第二URL包括的字符串中解析出目标密钥时,向终端发送第二目标文件,其中,第二目标文件由媒体服务器300根据从第二URL包括的字符串中解析出的目标密钥对第二索引文件加密后生成。The output device 303 can also be used to send the second target file to the terminal when the processor 301 parses the target key from the character string included in the second URL, wherein the second target file is generated by the media server 300 according to the The target key analyzed from the included character string is generated after encrypting the second index file.
输入装置302还可以用于接收终端发送的用于获取流媒体文件的分片文件的第二请求消息。The input device 302 may also be configured to receive a second request message sent by the terminal for obtaining a segment file of the streaming media file.
输出装置303还可以用于响应第二请求消息并向终端发送流媒体文件的分片文件。The output device 303 may also be configured to respond to the second request message and send the fragmented file of the streaming media file to the terminal.
作为一种可选的实施方式,输出装置303还可以用于当处理器301未从第一URL包括的字符串或第二URL包括的字符串中解析出目标密钥时,向终端返回用于指示用户为非授权用户的指示消息。As an optional implementation manner, the output device 303 may also be used to return to the terminal the An indication message indicating that the user is an unauthorized user.
实施本发明实施例能够提高流媒体文件的防盗链的可靠性以及准确定。Implementing the embodiments of the present invention can improve the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图4,图4是本发明实施例公开的一种流媒体文件的防盗链方法的流程示意图。其中,如图4所示的方法可以由图2所示的终端200来实现。如图4所示,该流媒体文件的防盗链方法可以包括以下步骤:Please refer to FIG. 4 . FIG. 4 is a schematic flowchart of a method for preventing hotlinking of streaming media files disclosed in an embodiment of the present invention. Wherein, the method shown in FIG. 4 may be implemented by the terminal 200 shown in FIG. 2 . As shown in Figure 4, the anti-leech method of this streaming media file can comprise the following steps:
S401、终端向中间件发送用于获取流媒体文件的URL的请求消息。S401. The terminal sends a request message for acquiring a URL of a streaming media file to the middleware.
S402、终端接收中间件响应该请求消息返回的流媒体文件的URL。S402. The terminal receives the URL of the streaming media file returned by the middleware in response to the request message.
本发明实施例中,该URL可以包括字符串、流媒体文件的索引文件的文件标识(如index.m3u8)以及存储流媒体文件的媒体服务器的服务器标识,其中,字符串由中间件根据与媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成,且目标密钥由终端与中间件约定。In the embodiment of the present invention, the URL may include a character string, the file identifier (such as index.m3u8) of the index file of the streaming media file, and the server identifier of the media server storing the streaming media file, wherein the character string is determined by the middleware according to the media The encryption algorithm and encryption key agreed by the server are generated after encrypting the target key, and the target key is agreed between the terminal and the middleware.
S403、终端根据上述URL向媒体服务器发送索引文件请求消息。S403. The terminal sends an index file request message to the media server according to the above URL.
S404、终端接收媒体服务器响应上述索引文件请求消息返回的目标文件。S404. The terminal receives the target file returned by the media server in response to the index file request message.
本发明实施例中,目标文件由媒体服务器根据目标密钥对索引文件加密后生成,且该目标密钥由媒体服务器根据与中间件约定的加密算法及加密密钥从上述URL包括的字符串中解析获得,其中,媒体服务器根据目标密钥对索引文件进行加密的加密算法可以由媒体服务器与终端预先约定。In the embodiment of the present invention, the target file is generated by the media server after encrypting the index file according to the target key, and the target key is obtained from the character string included in the above URL by the media server according to the encryption algorithm and encryption key agreed with the middleware Obtained by analyzing, wherein, the encryption algorithm for the media server to encrypt the index file according to the target key may be pre-agreed between the media server and the terminal.
S405、终端根据目标密钥解析上述目标文件以获取索引文件。S405. The terminal parses the above target file according to the target key to obtain the index file.
S406、终端以上述索引文件为依据从媒体服务器中获取流媒体文件的分片文件。S406. The terminal obtains the fragmented file of the streaming media file from the media server based on the above index file.
本发明实施例中,终端以索引文件为依据从媒体服务器中获取流媒体文件的分片文件的具体方式可以为:In the embodiment of the present invention, the terminal uses the index file as a basis to obtain the fragmented file of the streaming media file from the media server. The specific method can be:
终端以索引文件为依据向媒体服务器发送用于获取流媒体文件的请求消息;The terminal sends a request message for obtaining the streaming media file to the media server based on the index file;
终端接收媒体服务器响应上述用于获取流媒体文件的请求消息返回的流媒体文件的分片文件。The terminal receives the fragmented file of the streaming media file returned by the media server in response to the request message for obtaining the streaming media file.
本发明实施例中,终端首先从中间件获取到流媒体文件的URL,其中,该URL包括字符串、流媒体文件的索引文件的文件标识以及存储流媒体文件的媒体服务器的服务器标识且字符串由中间件根据与媒体服务器约定的加密算法以及加密密钥对终端与中间件约定的目标密钥加密后生成,然后,终端依据该URL向媒体服务器发送索引文件请求消息并接收媒体服务器响应该索引文件请求消息返回的目标文件,其中,目标文件由媒体服务器根据目标密钥对索引文件加密后生成,最后,终端根据目标密钥解析目标文件以获取索引文件并以该索引文件为依据从媒体服务器中获取流媒体文件的分片文件。实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。In the embodiment of the present invention, the terminal first obtains the URL of the streaming media file from the middleware, wherein the URL includes a character string, the file identifier of the index file of the streaming media file, and the server identifier of the media server storing the streaming media file and the string It is generated by the middleware after encrypting the target key agreed between the terminal and the middleware according to the encryption algorithm and encryption key agreed with the media server. Then, the terminal sends an index file request message to the media server according to the URL and receives the media server’s response to the index file. The target file returned by the file request message, wherein the target file is generated by the media server after encrypting the index file according to the target key, and finally, the terminal parses the target file according to the target key to obtain the index file and obtains the index file from the media server based on the index file Get the fragmented file of the streaming media file. Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图5,图5是本发明实施例公开的另一种流媒体文件的防盗链方法的流程示意图。其中,如图5所示的方法可以由图2所示的终端200来实现。如图5所示,该流媒体文件的防盗链方法可以包括以下步骤:Please refer to FIG. 5 . FIG. 5 is a schematic flowchart of another anti-leeching method for streaming media files disclosed in an embodiment of the present invention. Wherein, the method shown in FIG. 5 may be implemented by the terminal 200 shown in FIG. 2 . As shown in Figure 5, the anti-leech method of this streaming media file can comprise the following steps:
S501、终端向中间件发送用于对用户进行身份认证的第二请求消息。S501. The terminal sends a second request message for performing identity authentication on the user to the middleware.
本发明实施例中,第二请求消息可以包括用户身份标识,如用户名以及用户密码等,本发明实施例不做限定。In this embodiment of the present invention, the second request message may include a user identity, such as a user name and a user password, which is not limited in this embodiment of the present invention.
S502、终端接收中间件返回的用于指示用户为授权用户的用户认证响应消息。S502. The terminal receives a user authentication response message returned by the middleware and used to indicate that the user is an authorized user.
本发明实施例中,若第二请求消息包括用户名以及用户密码,则中间件在接收到上述第二请求消息后,查询中间件中是否存在上述用户名以及与上述用户名对应的上述用户密码,若查询结果为是,则确认用户为授权用户,若查询结果为否,则确认用户为非授权用户。In the embodiment of the present invention, if the second request message includes a user name and a user password, the middleware, after receiving the second request message, queries the middleware whether the above user name and the above user password corresponding to the above user name exist , if the query result is yes, then confirm that the user is an authorized user, and if the query result is no, then confirm that the user is an unauthorized user.
本发明实施例中,终端接收到用于指示用户为授权用户的用户认证响应消息后,终端与中间件之间就存在会话连接,且终端可以通过该会话连接与中间件进行信息交互。In the embodiment of the present invention, after the terminal receives the user authentication response message indicating that the user is an authorized user, there is a session connection between the terminal and the middleware, and the terminal can exchange information with the middleware through the session connection.
S503、终端确定与中间件约定的目标密钥。S503. The terminal determines the target key agreed with the middleware.
作为一种可选的实施方式,终端确定与中间件约定的目标密钥可以包括:As an optional implementation manner, the determination by the terminal of the target key agreed with the middleware may include:
终端根据与中间件约定的加密算法对目标参数进行加密,以将加密后的目标参数作为目标密钥,其中,目标参数由终端与中间件约定。The terminal encrypts the target parameter according to the encryption algorithm agreed with the middleware, and uses the encrypted target parameter as the target key, wherein the target parameter is agreed between the terminal and the middleware.
可选的,目标参数可以包括终端生成的第一随机数、中间件生成的第二随机数、终端的MAC地址以及中间件为终端分配的会话标识中的至少一个,且第一随机数为终端发送上述第二请求消息时生成的随机数,第二随机数为中间件在确认用户为授权用户后生成的随机数,本发明实施例不做限定。当目标参数包括第一随机数或终端的MAC地址时,上述第二请求消息中可以包括上述第一随机数或终端的MAC地址,本发明实施例不做限定;当目标参数包括第二随机数或上述会话标识时,上述用户认证响应消息中可以包括上述第二随机数以及上述会话标识,本发明实施例不做限定。Optionally, the target parameter may include at least one of the first random number generated by the terminal, the second random number generated by the middleware, the MAC address of the terminal, and the session identifier assigned by the middleware to the terminal, and the first random number is the terminal The random number generated when the above second request message is sent. The second random number is a random number generated by the middleware after confirming that the user is an authorized user, which is not limited in this embodiment of the present invention. When the target parameter includes the first random number or the MAC address of the terminal, the second request message may include the first random number or the MAC address of the terminal, which is not limited in this embodiment of the present invention; when the target parameter includes the second random number or the session identifier, the user authentication response message may include the second random number and the session identifier, which are not limited in this embodiment of the present invention.
举例来说,假设终端与中间件约定的加密算法为AES(Advanced EncryptionStandard,高级加密标准)且目标参数为终端生成的第一随机数Cnonce以及中间件为终端分配的会话标识v5wdrnrdl0l2htnpwvl4ii55,则终端采用AES加密算法通过Cnonce对v5wdrnrdl0l2htnpwvl4ii55加密,且加密后生成的目标密钥为U2FsdGVkX1/0A24kUHEUwMZdHUafvn1I4kdK69hn5srCVREuvYnn4encsm89aeCO。For example, assuming that the encryption algorithm agreed between the terminal and the middleware is AES (Advanced Encryption Standard, Advanced Encryption Standard) and the target parameter is the first random number Cnonce generated by the terminal and the session identifier v5wdrnrdl0l2htnpwvl4ii55 assigned by the middleware to the terminal, then the terminal uses AES The encryption algorithm encrypts v5wdrnrdl0l2htnpwvl4ii55 through Cnonce, and the target key generated after encryption is U2FsdGVkX1/0A24kUHEUwMZdHUafvn1I4kdK69hn5srCVREuvYnn4encsm89aeCO.
S504、终端向中间件发送用于获取流媒体文件的URL的第一请求消息。S504. The terminal sends a first request message for acquiring the URL of the streaming media file to the middleware.
本发明实施例中,步骤S504中的第一请求消息与图4中步骤S401中的请求消息相同。In the embodiment of the present invention, the first request message in step S504 is the same as the request message in step S401 in FIG. 4 .
S505、终端接收中间件响应第一请求消息返回的流媒体文件的第一URL。S505. The terminal receives the first URL of the streaming media file returned by the middleware in response to the first request message.
本发明实施例中,该第一URL包括字符串、流媒体文件的第一索引文件的文件标识以及存储流媒体文件的媒体服务器的服务器标识,其中,字符串由中间件根据与媒体服务器约定的加密算法以及加密密钥对目标密钥加密后生成,且目标密钥由终端与中间件约定。In the embodiment of the present invention, the first URL includes a character string, the file identifier of the first index file of the streaming media file, and the server identifier of the media server storing the streaming media file, wherein the character string is determined by the middleware according to the agreement with the media server. The encryption algorithm and encryption key are generated after encrypting the target key, and the target key is agreed between the terminal and the middleware.
本发明实施例中,举例来说,假设中间件与媒体服务器约定的加密算法为AES算法,加密密钥为mem&mediaserver2014,中间件采用AES算法通过mem&mediaserver2014对U2FsdGVkX1/0A24kUHEUwMZdHUafvn1I4kdK69hn5srCVREuvYnn4encsm89aeCO进行加密,且加密后生成的字符串为U2FsdGVkX18sqCbHaKcf7UJA2hDvDcpaGOeYVDrGabjECq+wNaJ4T0tJrr3kNYgjqTNMxgimjSuTkl10g8fSgjYHQ3aY9LEsA3P/9cgrbX2oWCwBZC+tKO46DVNKYa+f,则第一URL可以如下所示:In the embodiment of the present invention, for example, assuming that the encryption algorithm agreed between the middleware and the media server is the AES algorithm, and the encryption key is mem&mediaserver2014, the middleware uses the AES algorithm to encrypt U2FsdGVkX1/0A24kUHEUwMZdHUafvn1I4kdK69hn5srCVREuvYnn4encsm89aeCO through mem&mediaserver2014, and the encrypted character The string is U2FsdGVkX18sqCbHaKcf7UJA2hDvDcpaGOeYVDrGabjECq+wNaJ4T0tJrr3kNYgjqTNMxgimjSuTkl10g8fSgjYHQ3aY9LEsA3P/9cgrbX2oWCwBZC+tKO46DVNKYa+f, the first URL can be as follows:
http://host[:port][abs_path].index.m3u8?sessiontoken=U2FsdGVkX18sqCbHaKcf7UJA2hDvDcpaGOeYVDrGabjECq+wNaJ4T0tJrr3kNYgjqTNMxgimjSuTkl10g8fSgjYHQ3aY9LEsA3P/9cgrbX2oWCwBZC+tKO46DVNKYa+fhttp://host[:port][abs_path].index.m3u8? sessiontoken=U2FsdGVkX18sqCbHaKcf7UJA2hDvDcpaGOeYVDrGabjECq+wNaJ4T0tJrr3kNYgjqTNMxgimjSuTkl10g8fSgjYHQ3aY9LEsA3P/9cgrbX2oWCwBZC+tKO46DVNKYa+f
其中,index.m3u8为流媒体文件的第一索引文件的文件标识。Wherein, index.m3u8 is the file identifier of the first index file of the streaming media file.
S506、终端根据第一URL向媒体服务器发送第一索引文件请求消息。S506. The terminal sends a first index file request message to the media server according to the first URL.
S507、终端接收媒体服务器响应第一索引文件请求消息返回的第一目标文件。S507. The terminal receives the first target file returned by the media server in response to the first index file request message.
本发明实施例中,第一目标文件由媒体服务器根据目标密钥对第一索引文件加密后生成,且该目标密钥由媒体服务器根据与中间件约定的加密算法及加密密钥从上述第一URL包括的字符串中解析获得,其中,媒体服务器根据目标密钥对索引文件进行加密的加密算法由媒体服务器与终端预先约定。In the embodiment of the present invention, the first target file is generated by the media server after encrypting the first index file according to the target key, and the target key is obtained from the above-mentioned first index file by the media server according to the encryption algorithm and encryption key agreed with the middleware. It is obtained by parsing the string included in the URL, where the encryption algorithm for the media server to encrypt the index file according to the target key is pre-agreed between the media server and the terminal.
S508、终端根据目标密钥解析第一目标文件以获取第一索引文件。S508. The terminal parses the first target file according to the target key to obtain the first index file.
S509、终端判断第一索引文件是否包括流媒体文件的第二索引文件的文件标识。S509. The terminal judges whether the first index file includes the file identifier of the second index file of the streaming media file.
本发明实施例中,若步骤S509的判断结果为否,则执行步骤S510,若步骤S509的判断结果为是,则执行步骤S511。In the embodiment of the present invention, if the judgment result of step S509 is no, then execute step S510, and if the judgment result of step S509 is yes, then execute step S511.
S510、终端以第一索引文件为依据从媒体服务器中获取流媒体文件的分片文件。S510. The terminal obtains the fragmented file of the streaming media file from the media server based on the first index file.
S511、终端向媒体服务器发送第二URL。S511. The terminal sends the second URL to the media server.
本发明实施例中,第二URL包括流媒体文件的第二索引文件的文件标识、上述字符串以及上述服务器标识,且第二URL可以如下所示:In the embodiment of the present invention, the second URL includes the file identifier of the second index file of the streaming media file, the above-mentioned character string and the above-mentioned server identifier, and the second URL can be as follows:
http://host[:port][abs_path].01.m3u8?sessiontoken=U2FsdGVkX18sqCbHaKcf7UJA2hDvDcpaGOeYVDrGabjECq+wNaJ4T0tJrr3kNYgjqTNMxgimjSuTkl10g8fSgjYHQ3aY9LEsA3P/9cgrbX2oWCwBZC+tKO46DVNKYa+fhttp://host[:port][abs_path].01.m3u8? sessiontoken=U2FsdGVkX18sqCbHaKcf7UJA2hDvDcpaGOeYVDrGabjECq+wNaJ4T0tJrr3kNYgjqTNMxgimjSuTkl10g8fSgjYHQ3aY9LEsA3P/9cgrbX2oWCwBZC+tKO46DVNKYa+f
其中,01.m3u8为流媒体文件的第二索引文件的文件标识。Wherein, 01.m3u8 is the file identifier of the second index file of the streaming media file.
S512、终端接收媒体服务器返回的第二目标文件。S512. The terminal receives the second target file returned by the media server.
本发明实施例中,第二目标文件由为媒体服务器根据目标密钥对第二索引文件加密后生成,且该目标密钥由媒体服务器根据与中间件约定的加密算法及加密密钥从上述第二URL包括的字符串中解析获得。In the embodiment of the present invention, the second target file is generated by the media server after encrypting the second index file according to the target key, and the target key is obtained from the above-mentioned first index file by the media server according to the encryption algorithm and encryption key agreed with the middleware. Obtained by parsing the string included in the second URL.
S513、终端根据目标密钥解析第二目标文件以获取第二索引文件。S513. The terminal parses the second target file according to the target key to obtain a second index file.
S514、终端以第二索引文件为依据从媒体服务器中获取流媒体文件的分片文件。S514. The terminal acquires the fragmented file of the streaming media file from the media server based on the second index file.
本发明实施例使终端在接收到中间件的用户认证响应消息后才能够从中间件获取到流媒体文件的URL,且URL中包括中间件根据与媒体服务器约定的加密算法及加密密钥对中间件与终端约定的目标密钥加密后生成的字符串,且终端从媒体服务器中获取到的流媒体文件的索引文件为加密后的索引文件,终端从加密后的索引文件中解析出索引文件并以该索引文件为依据从媒体服务器中获取流媒体文件的分片文件。实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。The embodiment of the present invention enables the terminal to obtain the URL of the streaming media file from the middleware only after receiving the user authentication response message of the middleware, and the URL includes the encryption algorithm and the encryption key agreed by the middleware with the media server. The string generated by encrypting the target key agreed between the file and the terminal, and the index file of the streaming media file obtained by the terminal from the media server is an encrypted index file, and the terminal parses the index file from the encrypted index file and Based on the index file, the segmented file of the streaming media file is obtained from the media server. Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图6,图6是本发明实施例公开的又一种流媒体文件的防盗链方法的流程示意图。其中,如图6所示的方法可以由图3所示的媒体服务器300来实现。如图6所示,该流媒体文件的防盗链方法可以包括以下步骤:Please refer to FIG. 6 . FIG. 6 is a schematic flowchart of another anti-leeching method for streaming media files disclosed in an embodiment of the present invention. Wherein, the method shown in FIG. 6 can be implemented by the media server 300 shown in FIG. 3 . As shown in Figure 6, the anti-leech method of this streaming media file can comprise the following steps:
S601、媒体服务器接收终端根据URL发送的索引文件请求消息。S601. The media server receives the index file request message sent by the terminal according to the URL.
本发明实施例中,步骤S601中的URL与图4中步骤S402中的URL以及图5中步骤S505中的第一URL相同。In the embodiment of the present invention, the URL in step S601 is the same as the URL in step S402 in FIG. 4 and the first URL in step S505 in FIG. 5 .
S602、媒体服务器以与中间件约定的加密算法以及加密密钥为依据解析该URL包括的字符串。S602. The media server parses the character string included in the URL based on the encryption algorithm and the encryption key agreed with the middleware.
S603、当媒体服务器从该URL包括的字符串中解析出目标密钥时,媒体服务器向终端发送目标文件。S603. When the media server parses the target key from the character string included in the URL, the media server sends the target file to the terminal.
本发明实施例中,当媒体服务器从上述URL包括的字符串中解析出目标密钥时,则表明通过终端向媒体服务器请求流媒体文件的索引文件的用户为授权用户。In the embodiment of the present invention, when the media server parses the target key from the string included in the above URL, it indicates that the user who requests the index file of the streaming media file from the media server through the terminal is an authorized user.
本发明实施例中,步骤S603中的目标文件与图4中步骤S404中的目标文件以及图5中步骤S507中的第一目标文件相同。In the embodiment of the present invention, the target file in step S603 is the same as the target file in step S404 in FIG. 4 and the first target file in step S507 in FIG. 5 .
S604、媒体服务器接收终端发送的用于获取流媒体文件的分片文件的请求消息。S604. The media server receives a request message sent by the terminal for acquiring a fragmented file of the streaming media file.
S605、媒体服务器响应请求消息并向终端发送流媒体文件的分片文件。S605. The media server responds to the request message and sends the segmented file of the streaming media file to the terminal.
本发明实施例中,媒体服务器接收到终端根据从中间件获取到的URL发送的索引文件请求消息后解析该URL中包括的字符串,若媒体服务器能从该URL中解析出目标密钥,则媒体服务器向终端返回加密后的索引文件以使终端解析加密后的索引文件并以该索引文件为依据从媒体服务器中获取流媒体文件的分片文件,若媒体服务器未能从该URL中解析出目标密钥,则媒体服务器向终端发送用于指示用户为非授权用户的指示消息。实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。In the embodiment of the present invention, after the media server receives the index file request message sent by the terminal according to the URL obtained from the middleware, it parses the character string included in the URL. If the media server can parse the target key from the URL, then The media server returns the encrypted index file to the terminal so that the terminal parses the encrypted index file and obtains the fragmented file of the streaming media file from the media server based on the index file. If the media server fails to parse the encrypted index file from the URL target key, the media server sends an indication message for indicating that the user is an unauthorized user to the terminal. Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图7,图7是本发明实施例公开的又一种流媒体文件的防盗链方法的流程示意图。其中,如图7所示的方法可以由图3所示的媒体服务器来实现。如图7所示,该流媒体文件的防盗链方法可以包括以下步骤:Please refer to FIG. 7 . FIG. 7 is a schematic flowchart of another anti-leeching method for streaming media files disclosed in an embodiment of the present invention. Wherein, the method shown in FIG. 7 can be implemented by the media server shown in FIG. 3 . As shown in Figure 7, the anti-leech method of this streaming media file can comprise the following steps:
S701、媒体服务器接收终端根据第一URL发送的第一索引文件请求消息。S701. The media server receives the first index file request message sent by the terminal according to the first URL.
本发明实施例中,步骤S701中的第一URL与图4中步骤S402中的URL、图5中步骤S505中的第一URL以及图6中步骤S601中的URL相同。In the embodiment of the present invention, the first URL in step S701 is the same as the URL in step S402 in FIG. 4 , the first URL in step S505 in FIG. 5 , and the URL in step S601 in FIG. 6 .
S702、媒体服务器以与中间件约定的加密算法以及加密密钥为依据解析第一URL包括的字符串。S702. The media server parses the character string included in the first URL based on the encryption algorithm and the encryption key agreed with the middleware.
S703、媒体服务器判断是否从第一URL包括的字符串中解析出目标密钥。S703. The media server judges whether to parse out the target key from the character string included in the first URL.
本发明实施例中,若步骤S703的判断结果为是,则执行步骤S704,若步骤S703的判断结果为否,则执行步骤S714。In the embodiment of the present invention, if the judgment result of step S703 is yes, step S704 is executed, and if the judgment result of step S703 is no, step S714 is executed.
本发明实施例中,步骤S703的判断结果为否包括以下两种情况中的任意一种:一、第一URL中未包括字符串;二、第一URL中包括字符串,但媒体服务器无法从第一URL包括的字符串中解析出目标密钥。In the embodiment of the present invention, whether the judgment result of step S703 includes any of the following two situations: 1. The first URL does not include a character string; 2. The first URL includes a character string, but the media server cannot obtain The target key is parsed out from the character string included in the first URL.
S704、媒体服务器向终端发送第一目标文件。S704. The media server sends the first target file to the terminal.
S705、判断第一索引文件是否包括流媒体文件的第二索引文件的文件标识。S705. Determine whether the first index file includes the file identifier of the second index file of the streaming media file.
本发明实施例中,若步骤S705的判断结果为否,则执行步骤S706,若步骤S705的判断结果为是,则执行步骤S708。In the embodiment of the present invention, if the judgment result of step S705 is no, then step S706 is executed, and if the judgment result of step S705 is yes, then step S708 is executed.
S706、媒体服务器接收终端发送的用于获取流媒体文件的分片文件的第一请求消息。S706. The media server receives a first request message sent by the terminal and used to acquire the segmented files of the streaming media file.
S707、媒体服务器响应第一请求消息并向终端发送流媒体文件的分片文件。S707. The media server responds to the first request message and sends the fragmented file of the streaming media file to the terminal.
S708、媒体服务器接收终端发送的流媒体文件的第二URL。S708. The media server receives the second URL of the streaming media file sent by the terminal.
本发明实施例中,步骤S708中的第二URL与图5中步骤S511中的第二URL相同。In the embodiment of the present invention, the second URL in step S708 is the same as the second URL in step S511 in FIG. 5 .
S709、媒体服务器以与中间件约定的加密算法以及加密密钥为依据解析第二URL包括的字符串。S709. The media server parses the character string included in the second URL based on the encryption algorithm and the encryption key agreed with the middleware.
S710、媒体服务器判断是否从第二URL包括的字符串中解析出目标密钥。S710. The media server judges whether to parse out the target key from the character string included in the second URL.
本发明实施例中,若步骤S710的判断结果为是,则执行步骤S711,若步骤S710的判断结果为否,则执行步骤S714。In the embodiment of the present invention, if the judgment result of step S710 is yes, step S711 is executed, and if the judgment result of step S710 is no, step S714 is executed.
S711、媒体服务器向终端发送第二目标文件。S711. The media server sends the second target file to the terminal.
S712、媒体服务器接收终端发送的用于获取流媒体文件的分片文件的第二请求消息。S712. The media server receives a second request message sent by the terminal and used to acquire the segmented file of the streaming media file.
S713、媒体服务器响应第二请求消息并向终端发送流媒体文件的分片文件。S713. The media server responds to the second request message and sends the fragmented file of the streaming media file to the terminal.
S714、媒体服务器向终端返回用于指示用户为非授权用户的指示消息。S714. The media server returns an indication message for indicating that the user is an unauthorized user to the terminal.
实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图8,图8是本发明实施例公开的另一种终端的结构示意图。如图8所示,该终端800可以包括输出模块801、输入模块802、解析模块803以及获取模块804,其中:Please refer to FIG. 8 . FIG. 8 is a schematic structural diagram of another terminal disclosed by an embodiment of the present invention. As shown in FIG. 8, the terminal 800 may include an output module 801, an input module 802, an analysis module 803, and an acquisition module 804, wherein:
输出模块801用于向中间件发送用于获取流媒体文件的URL的请求消息。The output module 801 is configured to send a request message for acquiring the URL of the streaming media file to the middleware.
输入模块802用于接收中间件响应该请求消息返回的流媒体文件的URL。The input module 802 is configured to receive the URL of the streaming media file returned by the middleware in response to the request message.
本发明实施例中,该URL包括字符串、流媒体文件的索引文件的文件标识以及存储流媒体文件的媒体服务器的服务器标识。In the embodiment of the present invention, the URL includes a character string, a file identifier of an index file of the streaming media file, and a server identifier of a media server storing the streaming media file.
输出模块801还用于根据上述URL向媒体服务器发送索引文件请求消息。The output module 801 is further configured to send an index file request message to the media server according to the above URL.
输入模块802还用于接收媒体服务器响应上述索引文件请求消息返回的目标文件。The input module 802 is also configured to receive the target file returned by the media server in response to the above index file request message.
解析模块803用于根据目标密钥解析目标文件以获取索引文件。The parsing module 803 is used to parse the target file according to the target key to obtain the index file.
获取模块804用于以上述索引文件为依据从媒体服务器中获取流媒体文件的分片文件。The acquiring module 804 is configured to acquire fragmented files of streaming media files from the media server based on the aforementioned index file.
实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图9,图9是本发明实施例公开的又一种终端的结构示意图。如图9所示,该终端900可以包括输出模块901、输入模块902、确定模块903、解析模块904以及获取模块905,其中:Please refer to FIG. 9 . FIG. 9 is a schematic structural diagram of another terminal disclosed in an embodiment of the present invention. As shown in Figure 9, the terminal 900 may include an output module 901, an input module 902, a determination module 903, an analysis module 904, and an acquisition module 905, wherein:
输出模块901用于向中间件发送用于对用户进行身份认证的第二请求消息。The output module 901 is configured to send a second request message for authenticating the user to the middleware.
输入模块902用于接收中间件返回的用于指示用户为授权用户的用户认证响应消息。The input module 902 is configured to receive a user authentication response message returned by the middleware and used to indicate that the user is an authorized user.
确定模块903用于确定与中间件约定的目标密钥。The determination module 903 is used to determine the target key agreed with the middleware.
作为一种可选的实施方式,确定模块903确定与中间件约定的目标密钥的具体方式可以为:As an optional implementation manner, the specific manner in which the determining module 903 determines the target key agreed with the middleware may be as follows:
根据与中间件约定的加密算法对目标参数进行加密,以将加密后的目标参数作为目标密钥,其中,目标参数由终端900与中间件约定数。The target parameter is encrypted according to an encryption algorithm agreed with the middleware, so that the encrypted target parameter is used as a target key, wherein the target parameter is a number agreed upon by the terminal 900 and the middleware.
可选的,目标参数可以包括终端900生成的第一随机数、中间件生成的第二随机数、终端900的MAC地址以及中间件为终端900分配的会话标识中的至少一个,本发明实施例不做限定。Optionally, the target parameter may include at least one of the first random number generated by the terminal 900, the second random number generated by the middleware, the MAC address of the terminal 900, and the session identifier assigned by the middleware to the terminal 900. No limit.
输出模块901还用于向中间件发送用于获取流媒体文件的URL的第一请求消息。The output module 901 is further configured to send a first request message for acquiring the URL of the streaming media file to the middleware.
输入模块902用于接收中间件响应第一请求消息返回的流媒体文件的第一URL。The input module 902 is configured to receive the first URL of the streaming media file returned by the middleware in response to the first request message.
输出模块901还用于根据上述第一URL向媒体服务器发送第一索引文件请求消息。The output module 901 is further configured to send a first index file request message to the media server according to the first URL.
输入模块902还用于接收媒体服务器响应上述第一索引文件请求消息返回的第一目标文件。The input module 902 is also configured to receive the first target file returned by the media server in response to the first index file request message.
解析模块904用于根据目标密钥解析第一目标文件以获取第一索引文件。The parsing module 904 is configured to parse the first target file according to the target key to obtain the first index file.
获取模块905用于当第一索引文件未包括流媒体文件的第二索引文件的文件标识时,以第一索引文件为依据从媒体服务器中获取流媒体文件的分片文件。The acquiring module 905 is configured to acquire the fragmented files of the streaming media files from the media server according to the first index file when the first index file does not include the file identifier of the second index file of the streaming media files.
作为一种可选的实施方式,输出模块901还可以用于当第一索引文件包括流媒体文件的第二索引文件的文件标识时,向媒体服务器发送第二URL。As an optional implementation manner, the output module 901 may also be configured to send the second URL to the media server when the first index file includes the file identifier of the second index file of the streaming media file.
输入模块902还可以用于还用于接收媒体服务器返回的第二目标文件。The input module 902 may also be used for receiving the second target file returned by the media server.
解析模块904还可以用于根据目标密钥解析第二目标文件以获取第二索引文件。The parsing module 904 can also be used to parse the second target file according to the target key to obtain the second index file.
获取模块905还可以用于以第二索引文件为依据从媒体服务器中获取流媒体文件的分片文件。The acquiring module 905 may also be configured to acquire fragment files of the streaming media file from the media server based on the second index file.
实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
请参阅图10,图10是本发明实施例公开的另一种媒体服务器的结构示意图。如图10所示,该媒体服务器1000可以包括输入模块1001、解析模块1002以及输出模块1003,其中:Please refer to FIG. 10 . FIG. 10 is a schematic structural diagram of another media server disclosed in an embodiment of the present invention. As shown in Figure 10, the media server 1000 may include an input module 1001, an analysis module 1002 and an output module 1003, wherein:
输入模块1001用于接收终端根据从中间件获取到的第一URL发送的第一索引文件请求消息。The input module 1001 is configured to receive a first index file request message sent by the terminal according to the first URL obtained from the middleware.
解析模块1002用于以与中间件约定的加密算法以及加密密钥为依据解析第一URL包括的字符串。The parsing module 1002 is configured to parse the character string included in the first URL based on the encryption algorithm and encryption key agreed with the middleware.
输出模块1003用于当解析模块1002从第一URL包括的字符串中解析出目标密钥时,向终端发送第一目标文件。The output module 1003 is configured to send the first target file to the terminal when the parsing module 1002 parses out the target key from the string included in the first URL.
本发明实施例中,第一目标文件由媒体服务器1000根据从第一URL包括的字符串中解析出的目标密钥对第一索引文件加密后生成。In the embodiment of the present invention, the first target file is generated by the media server 1000 after encrypting the first index file according to the target key parsed from the character string included in the first URL.
输入模块1001还用于当第一索引文件未包括流媒体文件的第二索引文件的文件标识时,接收终端发送的用于获取流媒体文件的分片文件的第一请求消息。The input module 1001 is further configured to receive, when the first index file does not include the file identifier of the second index file of the streaming media file, a first request message for obtaining a segment file of the streaming media file sent by the terminal.
输出模块1003还用于响应第一请求消息并向终端发送流媒体文件的分片文件。The output module 1003 is also configured to respond to the first request message and send the fragmented file of the streaming media file to the terminal.
作为一种可选的实施方式,输入模块1001还可以用于当第一索引文件包括流媒体文件的第二索引文件的文件标识时,接收终端发送的流媒体文件的第二URL。As an optional implementation manner, the input module 1001 may also be configured to receive the second URL of the streaming media file sent by the terminal when the first index file includes the file identifier of the second index file of the streaming media file.
解析模块1002还可以用于以与中间件约定的加密算法以及加密密钥为依据解析第二URL包括的字符串。The parsing module 1002 may also be configured to parse the character string included in the second URL based on the encryption algorithm and encryption key agreed with the middleware.
输出模块1003还可以用于当解析模块1002从第二URL包括的字符串中解析出目标密钥时,向终端发送第二目标文件。The output module 1003 can also be configured to send the second target file to the terminal when the parsing module 1002 parses out the target key from the character string included in the second URL.
本发明实施例中,第二目标文件由媒体服务器根据从第二URL包括的字符串中解析出的目标密钥对第二索引文件加密后生成的目标文件。In the embodiment of the present invention, the second target file is generated by the media server after encrypting the second index file according to the target key parsed from the character string included in the second URL.
输入模块1001还可以用于接收终端发送的用于获取流媒体文件的分片文件的第二请求消息。The input module 1001 may also be configured to receive a second request message sent by the terminal for obtaining segment files of the streaming media file.
输出模块1003还可以用于响应第二请求消息并向终端发送流媒体文件的分片文件。The output module 1003 may also be configured to respond to the second request message and send the segmented file of the streaming media file to the terminal.
作为一种可选的实施方式,输出模块1003还可以用于当解析模块1002未从第一URL包括的字符串或第二URL包括的字符串中解析出目标密钥时,向终端返回用于指示用户为非授权用户的指示消息。As an optional implementation manner, the output module 1003 can also be used to return to the terminal the An indication message indicating that the user is an unauthorized user.
实施本发明实施例提高了流媒体文件的防盗链的可靠性以及准确性。Implementing the embodiments of the present invention improves the reliability and accuracy of anti-hotlinking of streaming media files.
需要说明的是,在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详细描述的部分,可以参见其他实施例的相关描述。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作以及模块并不一定是本发明所必须的。It should be noted that, in the foregoing embodiments, descriptions of each embodiment have their own emphases, and for parts that are not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments. Secondly, those skilled in the art should also know that the embodiments described in the specification belong to preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
本发明实施例方法中的步骤可以根据实际需要进行顺序调整、合并和删减。The steps in the methods of the embodiments of the present invention can be adjusted, combined and deleted according to actual needs.
本发明实施例装置中的模块可以根据实际需要进行合并、划分和删减。The modules in the device of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
本发明实施例中所述模块可以通过通用集成电路,例如CPU(Central ProcessingUnit,中央处理器),或通过ASIC(Application Specific Integrated Circuit,专用集成电路)来实现。The modules described in the embodiments of the present invention may be implemented by a general integrated circuit, such as a CPU (Central Processing Unit, central processing unit), or an ASIC (Application Specific Integrated Circuit, application specific integrated circuit).
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random AccessMemory,RAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in computer-readable storage media. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and the like.
以上对本发明实施例所提供的一种流媒体文件的防盗链方法及设备进行了详细介绍,本文中应用了具体实例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。The anti-leeching method and equipment of a streaming media file provided by the embodiments of the present invention have been described in detail above. The principles and implementation methods of the present invention have been explained by using specific examples in this paper. The description of the above embodiments is only used to help Understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and scope of application. In summary, the content of this specification is not It should be understood as a limitation of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410498191.9ACN104320377B (en) | 2014-09-25 | 2014-09-25 | The anti-stealing link method and equipment of a kind of files in stream media |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410498191.9ACN104320377B (en) | 2014-09-25 | 2014-09-25 | The anti-stealing link method and equipment of a kind of files in stream media |
| Publication Number | Publication Date |
|---|---|
| CN104320377A CN104320377A (en) | 2015-01-28 |
| CN104320377Btrue CN104320377B (en) | 2017-07-07 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410498191.9AActiveCN104320377B (en) | 2014-09-25 | 2014-09-25 | The anti-stealing link method and equipment of a kind of files in stream media |
| Country | Link |
|---|---|
| CN (1) | CN104320377B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721411A (en)* | 2015-05-15 | 2016-06-29 | 乐视云计算有限公司 | Method for preventing hotlinking, server and client terminalfor preventing hotlinking |
| CN105307052B (en)* | 2015-10-27 | 2018-09-25 | 无锡天脉聚源传媒科技有限公司 | A kind of video request processing method and processing device |
| CN105392051B (en)* | 2015-10-27 | 2019-03-19 | 无锡天脉聚源传媒科技有限公司 | A kind of video request processing method and processing device |
| CN106936770B (en)* | 2015-12-30 | 2019-06-14 | 玲珑视界科技(北京)有限公司 | A kind of HLS index list encrypted antitheft catenary system and method |
| CN107294927A (en)* | 2016-04-05 | 2017-10-24 | 北京优朋普乐科技有限公司 | Anti-stealing link method, device and system based on the network terminal |
| CN107707504B (en)* | 2016-08-08 | 2020-11-10 | 中国电信股份有限公司 | Streaming media playing method and system, server and client |
| CN107770130B (en)* | 2016-08-17 | 2020-08-21 | 杭州海康威视数字技术股份有限公司 | A kind of multimedia content acquisition method and device |
| CN107786526A (en)* | 2016-08-31 | 2018-03-09 | 北京优朋普乐科技有限公司 | Anti-stealing link method, client and server system |
| CN106788995B (en)* | 2016-12-07 | 2020-09-04 | 武汉斗鱼网络科技有限公司 | File encryption method and device |
| CN106791986A (en)* | 2017-01-10 | 2017-05-31 | 环球智达科技(北京)有限公司 | A kind of live index list encrypted antitheft catenary systems of HLS and method |
| CN108574686B (en)* | 2017-05-17 | 2021-08-06 | 北京金山云网络技术有限公司 | A kind of method and device for online preview file |
| CN107222480A (en)* | 2017-05-27 | 2017-09-29 | 中国联合网络通信集团有限公司 | A kind of flow media playing method, terminal device and CDN server |
| CN110138716B (en) | 2018-02-09 | 2020-11-27 | 网宿科技股份有限公司 | A kind of key provision, video playback method, server and client |
| CN108540481B (en)* | 2018-04-20 | 2021-03-23 | 广州市千钧网络科技有限公司 | Online playing method and device for audio file |
| CN109246127B (en)* | 2018-10-12 | 2021-05-28 | 上海哔哩哔哩科技有限公司 | Safe sharing control method and system for audio resources |
| CN109599132A (en)* | 2018-11-30 | 2019-04-09 | 成都华栖云科技有限公司 | A kind of cross-platform multiple terminals static player being adapted to media industry |
| CN109768977B (en)* | 2019-01-15 | 2021-06-29 | 杭州云毅网络科技有限公司 | Streaming media data processing method and device, related equipment and medium |
| CN109819337A (en)* | 2019-02-02 | 2019-05-28 | 湖南快乐阳光互动娱乐传媒有限公司 | Video file downloading anti-stealing link method, system and medium |
| CN109905731A (en)* | 2019-02-22 | 2019-06-18 | 湖南快乐阳光互动娱乐传媒有限公司 | Video file downloading anti-stealing link method, system and medium capable of preventing pass from being stolen |
| CN110381334B (en)* | 2019-09-02 | 2021-05-28 | 湖南快乐阳光互动娱乐传媒有限公司 | Anti-stealing-link method, device and system |
| CN112118466A (en)* | 2020-09-21 | 2020-12-22 | 北京字节跳动网络技术有限公司 | Copyright protection method, device, system, equipment and medium for multimedia information |
| TWI797748B (en)* | 2021-09-14 | 2023-04-01 | 果核數位股份有限公司 | Streaming service method and system of customized information security level |
| CN115811625B (en)* | 2021-09-14 | 2024-10-18 | 果核数位股份有限公司 | Streaming media service method and system for customizing information security level |
| CN114189706B (en)* | 2021-12-09 | 2022-10-04 | 北京航星永志科技有限公司 | Media playing method, system, device, computer equipment and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309275A (en)* | 2008-06-27 | 2008-11-19 | 武汉烽火网络有限责任公司 | File name protection method for stream media service |
| CN102025749A (en)* | 2011-01-18 | 2011-04-20 | 中国联合网络通信集团有限公司 | Anti-theft method of mobile streaming media service |
| CN103986735A (en)* | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| CN104009989A (en)* | 2014-05-22 | 2014-08-27 | Tcl集团股份有限公司 | Method, system and server for preventing hotlinking of media files |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080141110A1 (en)* | 2006-12-07 | 2008-06-12 | Picscout (Israel) Ltd. | Hot-linked images and methods and an apparatus for adapting existing images for the same |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309275A (en)* | 2008-06-27 | 2008-11-19 | 武汉烽火网络有限责任公司 | File name protection method for stream media service |
| CN102025749A (en)* | 2011-01-18 | 2011-04-20 | 中国联合网络通信集团有限公司 | Anti-theft method of mobile streaming media service |
| CN104009989A (en)* | 2014-05-22 | 2014-08-27 | Tcl集团股份有限公司 | Method, system and server for preventing hotlinking of media files |
| CN103986735A (en)* | 2014-06-05 | 2014-08-13 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
| Publication number | Publication date |
|---|---|
| CN104320377A (en) | 2015-01-28 |
| Publication | Publication Date | Title |
|---|---|---|
| CN104320377B (en) | The anti-stealing link method and equipment of a kind of files in stream media | |
| CN111556006B (en) | Third-party application system login method, device, terminal and SSO service platform | |
| CN108322469B (en) | Information processing system, method and apparatus | |
| CN105357190B (en) | The method and system of access request authentication | |
| KR102193406B1 (en) | Method and device for identifying user identity | |
| US9686344B2 (en) | Method for implementing cross-domain jump, browser, and domain name server | |
| CN103581108B (en) | Login authentication method, login authentication client, login authentication server and login authentication system | |
| CN106878265B (en) | Data processing method and device | |
| CN106878264B (en) | Data management method and server | |
| CN106797563B (en) | Certification and authorization message for adaptive stream media based on token signaling and interact | |
| CN106302308B (en) | A trusted login method and device | |
| CN113297560A (en) | Identity authentication method, device and equipment based on block chain and readable storage medium | |
| WO2018228036A1 (en) | Verification method and device, server, and readable storage medium | |
| CN101251881A (en) | Method, system and device for content identification | |
| CN113572728B (en) | Method, device, equipment and medium for authenticating Internet of things equipment | |
| CN105472052A (en) | Login method and system of cross-domain server | |
| CN114157434A (en) | Login verification method and device, electronic equipment and storage medium | |
| WO2016054990A1 (en) | Security check method, device, terminal and server | |
| US11500968B2 (en) | Method of and system for providing access to access restricted content to a user | |
| CN112149068A (en) | Access-based authorization verification method, information generation method and device, and server | |
| CN107465649A (en) | Control method of electronic device, terminal and control system | |
| CN113329242A (en) | Resource management method and device | |
| CN104618356B (en) | Auth method and device | |
| CN109460647B (en) | Multi-device secure login method | |
| CN104219626A (en) | Identity authentication method and device |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |