CN110868641A - Method and system for detecting validity of live broadcast source - Google Patents
Method and system for detecting validity of live broadcast source Download PDFInfo
- Publication number
- CN110868641A CN110868641A CN201810986074.5A CN201810986074A CN110868641A CN 110868641 A CN110868641 A CN 110868641A CN 201810986074 A CN201810986074 A CN 201810986074A CN 110868641 A CN110868641 A CN 110868641A
- Authority
- CN
- China
- Prior art keywords
- live broadcast
- service information
- broadcast service
- character string
- live
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012795 verification Methods 0.000 claims abstract description 45
- 238000004806 packaging method and process Methods 0.000 claims abstract description 11
- 239000000284 extract Substances 0.000 claims abstract description 7
- 238000004422 calculation algorithm Methods 0.000 claims description 38
- 230000015654 memory Effects 0.000 claims description 21
- 238000003860 storage Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 10
- 238000010586 diagram Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000005304 joining Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/60—Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client
- H04N21/63—Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
- H04N21/643—Communication protocols
- H04N21/6437—Real-time Transport Protocol [RTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/21—Server components or server architectures
- H04N21/218—Source of audio or video content, e.g. local disk arrays
- H04N21/2187—Live feed
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/23—Processing of content or additional data; Elementary server operations; Server middleware
- H04N21/234—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
- H04N21/2347—Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides a method and system for detecting the legitimacy of a live feed. In the method, a server generates a public-private key pair, sends a public key to a terminal, and signs live broadcast service information of a live broadcast program by using the private key to generate signature information. During the process of packaging the live program content to generate RTP multicast data, the server inserts the signature information corresponding to the live program into an RTP extension packet header of the multicast data, and sends the multicast data to the terminal. The terminal extracts the signature information from the RTP extension packet header, decrypts the signature information by using the public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information obtained from the service platform. And determining that the live broadcast source is legal and allowing to play the multicast data under the condition that the verification is passed, and determining that the live broadcast source is illegal and stopping playing the multicast data under the condition that the verification is not passed. The present disclosure enables verification of the legitimacy of live broadcast sources.
Description
Technical Field
The present disclosure relates to the field of network video application technologies, and in particular, to a method and a system for detecting validity of a live source.
Background
With the increasing of broadband and the convergence of three networks of network operators, the network mode of IPTV (Internet protocol television) service is shifting from private network to Internet. The internet brings rich content and application to the IPTV service, and also brings a risk of secure playing.
The live broadcast service is that a user continuously receives live broadcast code stream transmitted by a network through a personal terminal and then continuously decodes and plays the live broadcast code stream, so that the effect of watching real-time video is achieved. However, in the current network environment, the media server exposed on the public network for providing the live broadcast service for the user and the live broadcast code stream sent by the media server have higher network environment security risk. Since the live code stream is transmitted over the public network, there is a possibility that an attacker illegally inserts or tampers with the content of the live code stream, and therefore, a service provider needs to prevent the risk.
Multicast can effectively utilize network resources to distribute Content, and greatly reduces the construction investment of a Content Delivery Network (CDN), so video operators with multicast conditions generally adopt multicast to carry live broadcast services. However, due to the limitation of the standard multicast protocol, protection and verification of the live broadcast content can only achieve the purpose of defending against illegal tampering of the live broadcast code stream by deploying a DRM (Digital Rights Management) system. However, the DRM system is complex to deploy and has a large investment, so that the deployment difficulty and the cost are high.
Disclosure of Invention
One technical problem that this disclosed embodiment solved is: a method for detecting legitimacy of a live feed is provided.
According to an aspect of an embodiment of the present disclosure, there is provided a method for detecting validity of a live source, including: the server generates a public-private key pair, sends a public key of the public-private key pair to the terminal, and signs the live broadcast service information of the live broadcast program by using a private key of the public-private key pair to generate signature information; the server inserts signature information corresponding to the live program into an RTP extension packet header of multicast data and sends the multicast data to a terminal in the process of packaging the live program content to generate real-time transport protocol (RTP) multicast data; the terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using the public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; and when the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
In some embodiments, the live service information includes at least one of a multicast address, a multicast port number, a channel name, and a channel number of the live program.
In some embodiments, the step of the server signing the live service information by using the private key to generate the signature information comprises: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, and encrypts the characteristic character string by using the private key to generate signature information.
In some embodiments, the live service information obtained by the terminal decrypting the signature information by using the public key comprises the characteristic character string; the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps: and the terminal compares and verifies the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
In some embodiments, the step of the server signing the live service information by using the private key to generate the signature information comprises: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processes the characteristic character string by using a Hash algorithm, and encrypts the processed characteristic character string by using the private key to generate signature information.
In some embodiments, the live broadcast service information obtained by the terminal decrypting the signature information by using the public key includes a characteristic character string processed by the hash algorithm; the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps: the terminal processes the live broadcast service information acquired from the service platform by using the hash algorithm; and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information obtained from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the feature character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the feature character string and the live broadcast service information are inconsistent.
In some embodiments, the terminal periodically compares and verifies the live service information obtained by decryption with the live service information obtained from the service platform.
According to another aspect of an embodiment of the present disclosure, there is provided a system for detecting validity of a live source, including: the server is used for generating a public-private key pair, sending a public key in the public-private key pair to the terminal, signing live broadcast service information of a live broadcast program by using a private key in the public-private key pair to generate signature information, inserting the signature information corresponding to the live broadcast program into an RTP (real-time transport protocol) extension packet header of multicast data in the process of packaging the live broadcast program content to generate RTP multicast data, and sending the multicast data to the terminal; the terminal is used for extracting the signature information from the RTP extension packet header of the multicast data, decrypting the signature information by using the public key to obtain the live broadcast service information, and comparing and verifying the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; and when the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
In some embodiments, the live service information includes at least one of a multicast address, a multicast port number, a channel name, and a channel number of the live program.
In some embodiments, the server is configured to generate a characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number, and encrypt the characteristic string using the private key to generate the signature information.
In some embodiments, the live service information obtained by the terminal decrypting the signature information by using the public key comprises the characteristic character string; and the terminal is used for comparing and verifying the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
In some embodiments, the server is configured to generate a characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number, process the characteristic string using a hash algorithm, and encrypt the processed characteristic string using the private key to generate the signature information.
In some embodiments, the live broadcast service information obtained by the terminal decrypting the signature information by using the public key includes a characteristic character string processed by the hash algorithm; the terminal is used for processing the live broadcast service information acquired from the service platform by using the hash algorithm, and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information acquired from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the two are consistent, and the verification is determined not to be passed under the condition that the two are inconsistent.
In some embodiments, the terminal is configured to periodically compare and verify the live service information obtained by decryption with the live service information obtained from the service platform.
According to another aspect of an embodiment of the present disclosure, there is provided a system for detecting validity of a live source, including: a memory; and a processor coupled to the memory, the processor configured to perform the method as previously described based on instructions stored in the memory.
According to another aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method as previously described.
In the method, the server generates a public-private key pair, sends the public key to the terminal, and signs the live broadcast service information of the live broadcast program by using the private key to generate signature information. The server inserts the signature information corresponding to the live program into an RTP extension packet header of the multicast data and sends the multicast data to the terminal in the process of packaging the live program content to generate RTP multicast data. The terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using a public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from the service platform. And determining that the live broadcast source is legal and allowing to play the multicast data under the condition that the verification is passed, and determining that the live broadcast source is illegal and stopping playing the multicast data under the condition that the verification is not passed. The method realizes the verification of the legality of the live broadcast source, thereby avoiding broadcasting illegal inter-cut or tampered content sources.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
FIG. 1 is a flow diagram illustrating a method for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure;
FIG. 2 is a block diagram illustrating a system for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure;
FIG. 3 is a block diagram illustrating a system for detecting the legitimacy of a live source according to further embodiments of the present disclosure;
fig. 4 is a block diagram illustrating a system for detecting the legitimacy of a live source according to further embodiments of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 is a flow diagram illustrating a method for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure. As shown in fig. 1, the method includes steps S102 to S106.
In step S102, the server generates a public-private key pair, sends a public key of the public-private key pair to the terminal, and signs the live broadcast service information of the live broadcast program with a private key of the public-private key pair to generate signature information.
In some embodiments, the server may generate the public-private key pair based on an asymmetric key algorithm.
In some embodiments, the live traffic information may include at least one of a multicast address, a multicast port number, and a channel number of the live program.
In some embodiments, the step of the server signing the live service information with the private key to generate the signature information may include: the server generates a characteristic string from the multicast address, the multicast port number, the channel name, and the channel number, and encrypts (i.e., signs) the characteristic string with a private key to generate signature information.
For example, the server generates a PKI (Public key infrastructure) Public-private key pair for the live broadcast service based on an asymmetric key algorithm, sends the Public key to the terminal (e.g., a set-top box) so that the terminal stores the Public key, and stores the private key at the server side. The server uses a private key to sign live broadcast service information such as a multicast IP (Internet Protocol) address, a multicast port number, a channel name, a channel number and the like used by each live broadcast program to generate signature information. For example, the server generates a characteristic string for each live program channel according to the rule of "multicast address + '$' + multicast port number + '$' + channel name + '$' + channel number". Assuming that the IPTV service provider provides a "center one" live broadcast service of 100 channel number, the assigned multicast address is 239.0.0.1, and the multicast port number is 12345, the signature string of the 100 channel is "239.0.0.1 $12345$ center one $ 100". The server encrypts the characteristic string using a private key to generate signature information. The signature information may also be referred to as a signature information string.
It should be noted that the above regular sequence "multicast address + '$' + multicast port number + '$' + channel name + '$' + channel number" is merely exemplary, and the scope of the present disclosure is not limited thereto. For example, the server may generate a characteristic character string for each live program channel according to a rule sequence such as "multicast port number + '$' + multicast address + '$' + channel name + '$' + channel number" or "multicast port number + '$' + channel number + '$' + multicast address + '$' + channel name".
It should be noted that, as described above, the server may generate the characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number. The scope of the disclosure is not limited in this respect. The server may generate the characteristic string based on one or more of a multicast address, a multicast port number, a channel name, and a channel number. For example, the server may generate a characteristic string for each live program channel according to the rule of "multicast address + '$' + multicast port number + '$' + channel number".
In other embodiments, the step of the server signing the live service information by using the private key to generate the signature information may include: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processes the characteristic character string by using a hash (hash) algorithm, and encrypts the processed characteristic character string by using a private key to generate signature information.
In step S104, the server inserts signature information corresponding to the live program into an RTP (Real-time transport Protocol) extension header of the multicast data during the process of packaging the live program content to generate RTP multicast data, and transmits the multicast data to the terminal.
In some embodiments, the server may also encode the live program content before packaging the live program content. For example, during the process of encoding and packaging the broadcast program content to generate RTP multicast data (e.g., multicast stream), the server inserts the signature information of the corresponding program into the RTP extension packet header, and distributes the RTP multicast data to the terminal.
For example, the live encoding server may encapsulate the video encoding using RTP, and insert the signature information of the corresponding program into the RTP extension packet header before the media streaming server sends the multicast stream. Thus, for example, signature information of channel number 100 is distributed to the terminals in a multicast transmission with the multicast stream.
In step S106, the terminal extracts signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using the public key to obtain live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with live broadcast service information of a live broadcast program obtained from the service platform. And if the verification fails, determining that the live broadcast source is illegal and stopping playing the multicast data.
In some embodiments, the live service information obtained by the terminal decrypting the signature information by using the public key comprises the characteristic character string. The characteristic string is a characteristic string that has not been processed by the hash algorithm. In this case, the step of comparing and verifying the decrypted live service information with the live service information acquired from the service platform by the terminal may include: and the terminal compares and verifies the characteristic character string with the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined to be not passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
For example, when the user wants to watch channel number 100 by operating a remote controller and an EPG (Electronic Program Guide) interface, the EPG interface notifies the terminal to initiate joining of the multicast group corresponding to channel number 100. The terminal receives live broadcast service information such as a multicast address, a multicast port number, a channel name and a channel number of a live broadcast (for example, a live broadcast of a 100-channel number) from the service platform. After receiving the multicast data, the terminal extracts the signature information in the RTP extension packet header, decrypts the signature information by using a public key to obtain a characteristic character string, compares and verifies the characteristic character string and the live broadcast service information of the live broadcast program obtained from the service platform, and judges whether the characteristic character string is consistent with the live broadcast service information obtained from the service platform. If the data is consistent with the data, the live broadcast source is determined to be legal, and RTP payload data is continuously extracted for subsequent decoding and playing. If not, the live broadcast source is determined to be illegal, and the multicast data is stopped playing.
In the above embodiment, if the signature character string is not processed by the hash algorithm before signature, the terminal decrypts the signature information by using the public key to obtain the signature character string, and compares the signature character string with the data obtained from the service platform, and if the signature character string and the data are consistent, it may be determined that the verification passes, otherwise, the verification fails.
For example, if an attacker inserts an illegal video stream during multicast streaming, the terminal will refuse to play if the terminal fails to verify the signature because the signature information is not inserted into the RTP extension packet header. If the attacker guides the terminal to access other content source addresses, the terminal will also fail to verify the signature, and the playing will be refused.
In other embodiments, if the server processes the characteristic character string by using a hash algorithm, the live broadcast service information obtained by decrypting the signature information by using the public key by the terminal includes the characteristic character string processed by the hash algorithm.
In this case, the step of comparing and verifying the decrypted live service information with the live service information acquired from the service platform by the terminal may include: the terminal processes the live broadcast service information acquired from the service platform by using the hash algorithm; and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information obtained from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the feature character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the feature character string and the live broadcast service information are inconsistent.
In this embodiment, if the characteristic character string is processed by using the hash algorithm before signing, the terminal first performs calculation processing on the live broadcast service information acquired from the service platform by using the same hash algorithm, and compares the calculation result with the decryption result, and if the calculation result is consistent with the decryption result, the verification is passed, otherwise, the verification is not passed.
To this end, a method for detecting legitimacy of a live source according to some embodiments of the present disclosure is provided. In the method, a server generates a public-private key pair, sends a public key to a terminal, and signs live broadcast service information of a live broadcast program by using the private key to generate signature information. The server inserts the signature information corresponding to the live program into an RTP extension packet header of the multicast data and sends the multicast data to the terminal in the process of packaging the live program content to generate RTP multicast data. The terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using a public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from the service platform. And determining that the live broadcast source is legal and allowing to play the multicast data under the condition that the verification is passed, and determining that the live broadcast source is illegal and stopping playing the multicast data under the condition that the verification is not passed. The method realizes the verification of the legality of the live broadcast source, thereby avoiding broadcasting illegal inter-cut or tampered content sources.
In addition, the method can realize the effects of preventing illegal inter cut and tampering videos under the condition of little modification on the existing live broadcast system without constructing a DRM system. Thus, the method is simple and easy to implement.
In some embodiments, the terminal may periodically compare and verify the decrypted live service information with the live service information acquired from the service platform. In this embodiment, the terminal does not need to check each RTP extension packet header, for example, it may only need to check the first RTP packet when the terminal is just added to the multicast, and then periodically sample and check the packet, where the sampling frequency may depend on the service security level. Therefore, the terminal consumption can be reduced and the efficiency can be improved.
In some embodiments, the RTP packet header may be composed of two parts, namely a standard packet header and an extension packet header, and the length and content of the extension packet header may be customized. For some receivers that do not use the above method of the embodiments of the present disclosure, the meaning of the extension header data may be omitted, so as not to affect the acquisition and use of the RTP payload data.
Fig. 2 is a block diagram illustrating a system for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure. As shown in fig. 2, the system may include a server 202 and a terminal 204.
The server 202 may be configured to generate a public-private key pair, send a public key in the public-private key pair to the terminal 204, sign live broadcast service information of a live broadcast program by using a private key in the public-private key pair to generate signature information, insert signature information corresponding to the live broadcast program into an RTP extension header of multicast data in a process of packaging live broadcast program content to generate RTP multicast data, and send the multicast data to the terminal 204.
The terminal 204 may be configured to extract signature information from an RTP extension packet header of the multicast data, decrypt the signature information with a public key to obtain live broadcast service information, and compare and verify the live broadcast service information obtained by decryption with live broadcast service information of a live broadcast program obtained from a service platform. And if the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
To this end, a system for detecting legitimacy of a live source in accordance with some embodiments of the present disclosure is provided. The system realizes the verification of the legality of the broadcast source, thereby avoiding broadcasting illegal inter-cut or tampered content sources. In addition, the system does not need to build a DRM system, and can realize the effects of preventing illegal inter cut and tampering with videos under the condition of little modification on the existing live broadcast system. Thus, the system is simple and easy to implement.
In some embodiments, the live traffic information may include at least one of a multicast address, a multicast port number, a channel name, and a channel number of the live program.
In some embodiments, the server 202 may be configured to generate a characteristic string from the multicast address, the multicast port number, the channel name, and the channel number, and encrypt the characteristic string with a private key to generate the signature information.
In some embodiments, the live service information obtained by decrypting the signature information by the terminal 204 using the public key includes the characteristic string. The characteristic string is a characteristic string that has not been processed by the hash algorithm. In such a case, the terminal 204 may be configured to compare and verify the characteristic string with the live service information obtained from the service platform, where the verification is determined to pass if the characteristic string and the live service information are consistent, and the verification is determined not to pass if the characteristic string and the live service information are inconsistent.
In other embodiments, the server 202 may be configured to generate a characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number, process the characteristic string using a hash algorithm, and encrypt the processed characteristic string using a private key to generate the signature information.
In other embodiments, the live service information obtained by decrypting the signature information by the terminal 204 using the public key includes a characteristic string processed by a hash algorithm. The terminal 204 may be configured to process live broadcast service information acquired from a service platform by using the hash algorithm, and compare the decrypted feature character string processed by the hash algorithm with the live broadcast service information acquired from the service platform processed by the hash algorithm, where the verification is determined to be passed when the two are consistent, and the verification is determined to be not passed when the two are inconsistent.
In some embodiments, the terminal 204 may be configured to periodically compare and verify the decrypted live service information with the live service information acquired from the service platform.
Fig. 3 is a block diagram illustrating a system for detecting the legitimacy of a live source according to further embodiments of the present disclosure. The system includes a memory 310 and a processor 320. Wherein:
the memory 310 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used for storing instructions in the embodiment corresponding to fig. 1.
It should be noted that there may be a plurality of memories 310 and processors 320, respectively, in the embodiment of the present disclosure, so that these memories 310 and processors 320 may be set in different locations as constituent components of a terminal, a server, and the like.
In some embodiments, as also shown in FIG. 4, the system 400 includes a memory 410 and a processor 420. Processor 420 is coupled to memory 410 by a BUS 430. The system 400 may also be coupled to an external storage device 450 via a storage interface 440 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 460, which will not be described in detail herein.
In this embodiment, the data instruction is stored in the memory, and the processor processes the instruction, so as to verify the validity of the broadcast source, thereby preventing the broadcast of an illegal inter-cut or tampered content source.
It should be noted that the memory 410, the processor 420, the BUS 430, the storage interface 440, the external storage device 450, and the network interface 460 according to the embodiment of the present disclosure may be provided in plural numbers, respectively, so that the memory 410, the processor 420, the BUS 430, the storage interface 440, the external storage device 450, and the network interface 460 may be provided in different locations as a set to serve as a component of a terminal, a server, or the like.
In other embodiments, the present disclosure also provides a computer-readable storage medium on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of the method in the corresponding embodiment of fig. 1. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (16)
1. A method for detecting legitimacy of a live source, comprising:
the server generates a public-private key pair, sends a public key of the public-private key pair to the terminal, and signs the live broadcast service information of the live broadcast program by using a private key of the public-private key pair to generate signature information;
the server inserts signature information corresponding to the live program into an RTP extension packet header of multicast data and sends the multicast data to a terminal in the process of packaging the live program content to generate real-time transport protocol (RTP) multicast data; and
the terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using the public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; and when the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
2. The method of claim 1, wherein,
the live broadcast service information comprises at least one of a multicast address, a multicast port number, a channel name and a channel number of the live broadcast program.
3. The method of claim 2, wherein the step of the server signing the live traffic information with the private key to generate signature information comprises:
the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, and encrypts the characteristic character string by using the private key to generate signature information.
4. The method of claim 3, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises the characteristic character string;
the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps:
and the terminal compares and verifies the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
5. The method of claim 2, wherein the step of the server signing the live traffic information with the private key to generate signature information comprises:
the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processes the characteristic character string by using a Hash algorithm, and encrypts the processed characteristic character string by using the private key to generate signature information.
6. The method of claim 5, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises a characteristic character string processed by the Hash algorithm;
the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps:
the terminal processes the live broadcast service information acquired from the service platform by using the hash algorithm; and
and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information obtained from the service platform after the hash algorithm processing, wherein the feature character string is determined to pass the verification under the condition that the feature character string and the live broadcast service information are consistent, and the feature character string is determined to not pass the verification under the condition that the feature character string and the live broadcast service information are inconsistent.
7. The method of claim 1, wherein,
and the terminal periodically compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information obtained from the service platform.
8. A system for detecting the legitimacy of a live source, comprising:
the server is used for generating a public-private key pair, sending a public key in the public-private key pair to the terminal, signing live broadcast service information of a live broadcast program by using a private key in the public-private key pair to generate signature information, inserting the signature information corresponding to the live broadcast program into an RTP (real-time transport protocol) extension packet header of multicast data in the process of packaging the live broadcast program content to generate RTP multicast data, and sending the multicast data to the terminal; and
the terminal is used for extracting the signature information from the RTP extension packet header of the multicast data, decrypting the signature information by using the public key to obtain the live broadcast service information, and comparing and verifying the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; and when the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
9. The system of claim 8, wherein,
the live broadcast service information comprises at least one of a multicast address, a multicast port number, a channel name and a channel number of the live broadcast program.
10. The system of claim 9, wherein,
the server is used for generating a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, and encrypting the characteristic character string by using the private key to generate signature information.
11. The system of claim 10, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises the characteristic character string;
and the terminal is used for comparing and verifying the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
12. The system of claim 9, wherein,
the server is used for generating a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processing the characteristic character string by using a Hash algorithm, and encrypting the processed characteristic character string by using the private key to generate signature information.
13. The system of claim 12, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises a characteristic character string processed by the Hash algorithm;
the terminal is used for processing the live broadcast service information acquired from the service platform by using the hash algorithm, and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information acquired from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the two are consistent, and the verification is determined not to be passed under the condition that the two are inconsistent.
14. The system of claim 8, wherein,
and the terminal is used for periodically comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform.
15. A system for detecting the legitimacy of a live source, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-7 based on instructions stored in the memory.
16. A computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810986074.5A CN110868641B (en) | 2018-08-28 | 2018-08-28 | Method and system for detecting validity of live broadcast source |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810986074.5A CN110868641B (en) | 2018-08-28 | 2018-08-28 | Method and system for detecting validity of live broadcast source |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110868641A true CN110868641A (en) | 2020-03-06 |
CN110868641B CN110868641B (en) | 2021-12-07 |
Family
ID=69651598
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810986074.5A Active CN110868641B (en) | 2018-08-28 | 2018-08-28 | Method and system for detecting validity of live broadcast source |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110868641B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111711863A (en) * | 2020-06-29 | 2020-09-25 | 北京数码视讯科技股份有限公司 | Method and device for preventing program insertion, electronic equipment and storage medium |
CN112202725A (en) * | 2020-09-10 | 2021-01-08 | 中国联合网络通信集团有限公司 | Service verification method and device |
CN114205643A (en) * | 2021-11-15 | 2022-03-18 | 杭州当虹科技股份有限公司 | Advertisement insertion identification method and device based on IP live stream |
Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040170398A1 (en) * | 2003-02-10 | 2004-09-02 | Hiroshi Nishigaki | Television receiver with optical disk reproducing function |
CN1972433A (en) * | 2005-11-25 | 2007-05-30 | 中国科学院研究生院 | Real-time authentication apparatus for digital TV transmission stream and television device with same |
CN101072334A (en) * | 2006-05-09 | 2007-11-14 | 中国科学院研究生院 | Scrambling non-scrambling transmission flow real-time authenticating device and television device with same |
CN101494655A (en) * | 2009-03-12 | 2009-07-29 | 中国电信股份有限公司 | RTP distributed stream media service system and method |
CN102231863A (en) * | 2011-06-02 | 2011-11-02 | 南京中兴力维软件有限公司 | Transmission method of multichannel video streams and system thereof |
CN102263959A (en) * | 2011-08-08 | 2011-11-30 | 中国电信股份有限公司 | Direct broadcast transfer method and system |
CN103731679A (en) * | 2013-12-30 | 2014-04-16 | 世纪龙信息网络有限责任公司 | Mobile video display system and achieving method thereof |
CN104244026A (en) * | 2014-09-04 | 2014-12-24 | 浙江宇视科技有限公司 | Secret key distribution device in video monitoring system |
CN104602038A (en) * | 2013-10-30 | 2015-05-06 | 中国电信股份有限公司 | Method and system for controlling port |
CN106034242A (en) * | 2015-03-09 | 2016-10-19 | 杭州施强网络科技有限公司 | Audio/video live broadcast streaming media data transmission method in P2P system |
US20160337342A1 (en) * | 2009-06-02 | 2016-11-17 | Google Technology Holdings LLC | System and method for securing the life-cycle of user domain rights objects |
CN106789999A (en) * | 2016-12-12 | 2017-05-31 | 浙江宇视科技有限公司 | Follow the trail of the method and device of video source |
US20170293753A1 (en) * | 2016-04-07 | 2017-10-12 | Renesas Electronics Corporation | Electronic device and system |
CN107370712A (en) * | 2016-05-11 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of code stream distorts monitoring method, device and communication system |
CN107547918A (en) * | 2016-06-28 | 2018-01-05 | 中兴通讯股份有限公司 | The methods, devices and systems that a kind of IPTV channel plays safely |
-
2018
- 2018-08-28 CN CN201810986074.5A patent/CN110868641B/en active Active
Patent Citations (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040170398A1 (en) * | 2003-02-10 | 2004-09-02 | Hiroshi Nishigaki | Television receiver with optical disk reproducing function |
CN1972433A (en) * | 2005-11-25 | 2007-05-30 | 中国科学院研究生院 | Real-time authentication apparatus for digital TV transmission stream and television device with same |
CN101072334A (en) * | 2006-05-09 | 2007-11-14 | 中国科学院研究生院 | Scrambling non-scrambling transmission flow real-time authenticating device and television device with same |
CN101494655A (en) * | 2009-03-12 | 2009-07-29 | 中国电信股份有限公司 | RTP distributed stream media service system and method |
US20160337342A1 (en) * | 2009-06-02 | 2016-11-17 | Google Technology Holdings LLC | System and method for securing the life-cycle of user domain rights objects |
CN102231863A (en) * | 2011-06-02 | 2011-11-02 | 南京中兴力维软件有限公司 | Transmission method of multichannel video streams and system thereof |
CN102263959A (en) * | 2011-08-08 | 2011-11-30 | 中国电信股份有限公司 | Direct broadcast transfer method and system |
CN104602038A (en) * | 2013-10-30 | 2015-05-06 | 中国电信股份有限公司 | Method and system for controlling port |
CN103731679A (en) * | 2013-12-30 | 2014-04-16 | 世纪龙信息网络有限责任公司 | Mobile video display system and achieving method thereof |
CN104244026A (en) * | 2014-09-04 | 2014-12-24 | 浙江宇视科技有限公司 | Secret key distribution device in video monitoring system |
CN106034242A (en) * | 2015-03-09 | 2016-10-19 | 杭州施强网络科技有限公司 | Audio/video live broadcast streaming media data transmission method in P2P system |
US20170293753A1 (en) * | 2016-04-07 | 2017-10-12 | Renesas Electronics Corporation | Electronic device and system |
CN107370712A (en) * | 2016-05-11 | 2017-11-21 | 中兴通讯股份有限公司 | A kind of code stream distorts monitoring method, device and communication system |
CN107547918A (en) * | 2016-06-28 | 2018-01-05 | 中兴通讯股份有限公司 | The methods, devices and systems that a kind of IPTV channel plays safely |
CN106789999A (en) * | 2016-12-12 | 2017-05-31 | 浙江宇视科技有限公司 | Follow the trail of the method and device of video source |
Non-Patent Citations (1)
Title |
---|
徐慧博等: "网络视频监控系统技术研究与应用", 《技术与市场》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111711863A (en) * | 2020-06-29 | 2020-09-25 | 北京数码视讯科技股份有限公司 | Method and device for preventing program insertion, electronic equipment and storage medium |
CN112202725A (en) * | 2020-09-10 | 2021-01-08 | 中国联合网络通信集团有限公司 | Service verification method and device |
CN112202725B (en) * | 2020-09-10 | 2023-04-07 | 中国联合网络通信集团有限公司 | Service verification method and device |
CN114205643A (en) * | 2021-11-15 | 2022-03-18 | 杭州当虹科技股份有限公司 | Advertisement insertion identification method and device based on IP live stream |
Also Published As
Publication number | Publication date |
---|---|
CN110868641B (en) | 2021-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10212486B2 (en) | Elementary bitstream cryptographic material transport systems and methods | |
US12045325B2 (en) | Reception device, transmission device, and data processing method | |
CN101534433B (en) | Streaming media encryption method | |
WO2018001193A1 (en) | Method, device and system for secure playback on internet protocol television channel | |
US20080065548A1 (en) | Method of Providing Conditional Access | |
EP2772062B1 (en) | Constructing a transport stream | |
KR101355057B1 (en) | Enforcing softwate updates in an electronic device | |
US8218772B2 (en) | Secure multicast content delivery | |
CN104854894A (en) | Content url authentication for dash | |
Hartung et al. | Drm protected dynamic adaptive http streaming | |
CN110868641B (en) | Method and system for detecting validity of live broadcast source | |
CN107787493B (en) | Method and apparatus for enabling content protection over a broadcast channel | |
US9641910B2 (en) | Compression and decompression techniques for DRM license information delivery | |
KR101833214B1 (en) | Validation and fast cahnnel change for broadcast system | |
KR20060064469A (en) | Apparatus and method for protecting multicast streamed motion picture files | |
US7865723B2 (en) | Method and apparatus for multicast delivery of program information | |
CN102843335B (en) | The processing method of streaming medium content and equipment | |
US9609279B2 (en) | Method and system for providing secure CODECS | |
CN114189706B (en) | Media playing method, system, device, computer equipment and storage medium | |
KR100860003B1 (en) | Apparatus and method for protection of ts broadcast program with the h.264 form | |
KR102190886B1 (en) | Protection of Control Words in Conditional Access System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |