CN110868641B - Method and system for detecting validity of live broadcast source - Google Patents

Method and system for detecting validity of live broadcast source Download PDF

Info

Publication number
CN110868641B
CN110868641B CN201810986074.5A CN201810986074A CN110868641B CN 110868641 B CN110868641 B CN 110868641B CN 201810986074 A CN201810986074 A CN 201810986074A CN 110868641 B CN110868641 B CN 110868641B
Authority
CN
China
Prior art keywords
live broadcast
service information
broadcast service
character string
live
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810986074.5A
Other languages
Chinese (zh)
Other versions
CN110868641A (en
Inventor
吕冠中
施唯佳
奚溪
黄颂尧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201810986074.5A priority Critical patent/CN110868641B/en
Publication of CN110868641A publication Critical patent/CN110868641A/en
Application granted granted Critical
Publication of CN110868641B publication Critical patent/CN110868641B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/60Network structure or processes for video distribution between server and client or between remote clients; Control signalling between clients, server and network components; Transmission of management data between server and client, e.g. sending from server to client commands for recording incoming content stream; Communication details between server and client 
    • H04N21/63Control signaling related to video distribution between client, server and network components; Network processes for video distribution between server and clients or between remote clients, e.g. transmitting basic layer and enhancement layers over different transmission paths, setting up a peer-to-peer communication via Internet between remote STB's; Communication protocols; Addressing
    • H04N21/643Communication protocols
    • H04N21/6437Real-time Transport Protocol [RTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/21Server components or server architectures
    • H04N21/218Source of audio or video content, e.g. local disk arrays
    • H04N21/2187Live feed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2347Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving video stream encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/25Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
    • H04N21/254Management at additional data server, e.g. shopping server, rights management server
    • H04N21/2541Rights Management

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a method and system for detecting the legitimacy of a live feed. In the method, a server generates a public-private key pair, sends a public key to a terminal, and signs live broadcast service information of a live broadcast program by using the private key to generate signature information. During the process of packaging the live program content to generate RTP multicast data, the server inserts the signature information corresponding to the live program into an RTP extension packet header of the multicast data, and sends the multicast data to the terminal. The terminal extracts the signature information from the RTP extension packet header, decrypts the signature information by using the public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information obtained from the service platform. And determining that the live broadcast source is legal and allowing to play the multicast data under the condition that the verification is passed, and determining that the live broadcast source is illegal and stopping playing the multicast data under the condition that the verification is not passed. The present disclosure enables verification of the legitimacy of live broadcast sources.

Description

Method and system for detecting validity of live broadcast source
Technical Field
The present disclosure relates to the field of network video application technologies, and in particular, to a method and a system for detecting validity of a live source.
Background
With the increasing of broadband and the convergence of three networks of network operators, the network mode of IPTV (Internet Protocol Television) service is changing from private network to Internet. The internet brings rich content and application to the IPTV service, and also brings a risk of secure playing.
The live broadcast service is that a user continuously receives live broadcast code stream transmitted by a network through a personal terminal and then continuously decodes and plays the live broadcast code stream, so that the effect of watching real-time video is achieved. However, in the current network environment, the media server exposed on the public network for providing the live broadcast service for the user and the live broadcast code stream sent by the media server have higher network environment security risk. Since the live code stream is transmitted over the public network, there is a possibility that an attacker illegally inserts or tampers with the content of the live code stream, and therefore, a service provider needs to prevent the risk.
Multicast can effectively utilize Network resources to distribute Content, and greatly reduces the construction investment of a Content Delivery Network (CDN), so video operators with multicast conditions generally use multicast to carry live broadcast services. However, due to the limitation of the standard multicast protocol, protection and verification of the live broadcast content can only achieve the purpose of defending against illegal tampering of the live broadcast code stream by deploying a DRM (Digital Rights Management) system. However, the DRM system is complex to deploy and has a large investment, so that the deployment difficulty and the cost are high.
Disclosure of Invention
One technical problem that this disclosed embodiment solved is: a method for detecting legitimacy of a live feed is provided.
According to an aspect of an embodiment of the present disclosure, there is provided a method for detecting validity of a live source, including: the server generates a public-private key pair, sends a public key of the public-private key pair to the terminal, and signs the live broadcast service information of the live broadcast program by using a private key of the public-private key pair to generate signature information; the server inserts signature information corresponding to the live program into an RTP extension packet header of multicast data and sends the multicast data to a terminal in the process of packaging the live program content to generate real-time transport protocol (RTP) multicast data; the terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using the public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; and when the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
In some embodiments, the live service information includes at least one of a multicast address, a multicast port number, a channel name, and a channel number of the live program.
In some embodiments, the step of the server signing the live service information by using the private key to generate the signature information comprises: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, and encrypts the characteristic character string by using the private key to generate signature information.
In some embodiments, the live service information obtained by the terminal decrypting the signature information by using the public key comprises the characteristic character string; the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps: and the terminal compares and verifies the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
In some embodiments, the step of the server signing the live service information by using the private key to generate the signature information comprises: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processes the characteristic character string by using a Hash algorithm, and encrypts the processed characteristic character string by using the private key to generate signature information.
In some embodiments, the live broadcast service information obtained by the terminal decrypting the signature information by using the public key includes a characteristic character string processed by the hash algorithm; the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps: the terminal processes the live broadcast service information acquired from the service platform by using the hash algorithm; and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information obtained from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the feature character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the feature character string and the live broadcast service information are inconsistent.
In some embodiments, the terminal periodically compares and verifies the live service information obtained by decryption with the live service information obtained from the service platform.
According to another aspect of an embodiment of the present disclosure, there is provided a system for detecting validity of a live source, including: the server is used for generating a public-private key pair, sending a public key in the public-private key pair to the terminal, signing live broadcast service information of a live broadcast program by using a private key in the public-private key pair to generate signature information, inserting the signature information corresponding to the live broadcast program into an RTP (real-time transport protocol) extension packet header of multicast data in the process of packaging the live broadcast program content to generate RTP multicast data, and sending the multicast data to the terminal; the terminal is used for extracting the signature information from the RTP extension packet header of the multicast data, decrypting the signature information by using the public key to obtain the live broadcast service information, and comparing and verifying the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; and when the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
In some embodiments, the live service information includes at least one of a multicast address, a multicast port number, a channel name, and a channel number of the live program.
In some embodiments, the server is configured to generate a characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number, and encrypt the characteristic string using the private key to generate the signature information.
In some embodiments, the live service information obtained by the terminal decrypting the signature information by using the public key comprises the characteristic character string; and the terminal is used for comparing and verifying the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
In some embodiments, the server is configured to generate a characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number, process the characteristic string using a hash algorithm, and encrypt the processed characteristic string using the private key to generate the signature information.
In some embodiments, the live broadcast service information obtained by the terminal decrypting the signature information by using the public key includes a characteristic character string processed by the hash algorithm; the terminal is used for processing the live broadcast service information acquired from the service platform by using the hash algorithm, and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information acquired from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the two are consistent, and the verification is determined not to be passed under the condition that the two are inconsistent.
In some embodiments, the terminal is configured to periodically compare and verify the live service information obtained by decryption with the live service information obtained from the service platform.
According to another aspect of an embodiment of the present disclosure, there is provided a system for detecting validity of a live source, including: a memory; and a processor coupled to the memory, the processor configured to perform the method as previously described based on instructions stored in the memory.
According to another aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method as previously described.
In the method, the server generates a public-private key pair, sends the public key to the terminal, and signs the live broadcast service information of the live broadcast program by using the private key to generate signature information. The server inserts the signature information corresponding to the live program into an RTP extension packet header of the multicast data and sends the multicast data to the terminal in the process of packaging the live program content to generate RTP multicast data. The terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using a public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from the service platform. And determining that the live broadcast source is legal and allowing to play the multicast data under the condition that the verification is passed, and determining that the live broadcast source is illegal and stopping playing the multicast data under the condition that the verification is not passed. The method realizes the verification of the legality of the live broadcast source, thereby avoiding broadcasting illegal inter-cut or tampered content sources.
Other features of the present disclosure and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The present disclosure may be more clearly understood from the following detailed description, taken with reference to the accompanying drawings, in which:
FIG. 1 is a flow diagram illustrating a method for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure;
FIG. 2 is a block diagram illustrating a system for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure;
FIG. 3 is a block diagram illustrating a system for detecting the legitimacy of a live source according to further embodiments of the present disclosure;
fig. 4 is a block diagram illustrating a system for detecting the legitimacy of a live source according to further embodiments of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 is a flow diagram illustrating a method for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure. As shown in fig. 1, the method includes steps S102 to S106.
In step S102, the server generates a public-private key pair, sends a public key of the public-private key pair to the terminal, and signs the live broadcast service information of the live broadcast program with a private key of the public-private key pair to generate signature information.
In some embodiments, the server may generate the public-private key pair based on an asymmetric key algorithm.
In some embodiments, the live traffic information may include at least one of a multicast address, a multicast port number, and a channel number of the live program.
In some embodiments, the step of the server signing the live service information with the private key to generate the signature information may include: the server generates a characteristic string from the multicast address, the multicast port number, the channel name, and the channel number, and encrypts (i.e., signs) the characteristic string with a private key to generate signature information.
For example, the server generates a PKI (Public Key Infrastructure) Public-private Key pair for the live broadcast service based on an asymmetric Key algorithm, sends the Public Key to the terminal (e.g., a set-top box) so that the terminal stores the Public Key, and stores the private Key at the server side. The server uses a private key to sign live broadcast service information such as a multicast IP (Internet Protocol) address, a multicast port number, a channel name, a channel number and the like used by each live broadcast program to generate signature information. For example, the server generates a characteristic string for each live program channel according to the rule of "multicast address + '$' + multicast port number + '$' + channel name + '$' + channel number". Assuming that the IPTV service provider provides a "center one" live broadcast service of 100 channel number, the assigned multicast address is 239.0.0.1, and the multicast port number is 12345, the signature string of the 100 channel is "239.0.0.1 $12345$ center one $ 100". The server encrypts the characteristic string using a private key to generate signature information. The signature information may also be referred to as a signature information string.
It should be noted that the above regular sequence "multicast address + '$' + multicast port number + '$' + channel name + '$' + channel number" is merely exemplary, and the scope of the present disclosure is not limited thereto. For example, the server may generate a characteristic character string for each live program channel according to a rule sequence such as "multicast port number + '$' + multicast address + '$' + channel name + '$' + channel number" or "multicast port number + '$' + channel number + '$' + multicast address + '$' + channel name".
It should be noted that, as described above, the server may generate the characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number. The scope of the disclosure is not limited in this respect. The server may generate the characteristic string based on one or more of a multicast address, a multicast port number, a channel name, and a channel number. For example, the server may generate a characteristic string for each live program channel according to the rule of "multicast address + '$' + multicast port number + '$' + channel number".
In other embodiments, the step of the server signing the live service information by using the private key to generate the signature information may include: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processes the characteristic character string by using a hash (hash) algorithm, and encrypts the processed characteristic character string by using a private key to generate signature information.
In step S104, the server inserts signature information corresponding to the live program into an RTP (Real-time Transport Protocol) extension header of the multicast data during the process of packaging the live program content to generate RTP multicast data, and transmits the multicast data to the terminal.
In some embodiments, the server may also encode the live program content before packaging the live program content. For example, during the process of encoding and packaging the broadcast program content to generate RTP multicast data (e.g., multicast stream), the server inserts the signature information of the corresponding program into the RTP extension packet header, and distributes the RTP multicast data to the terminal.
For example, the live encoding server may encapsulate the video encoding using RTP, and insert the signature information of the corresponding program into the RTP extension packet header before the media streaming server sends the multicast stream. Thus, for example, signature information of channel number 100 is distributed to the terminals in a multicast transmission with the multicast stream.
In step S106, the terminal extracts signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using the public key to obtain live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with live broadcast service information of a live broadcast program obtained from the service platform. And if the verification fails, determining that the live broadcast source is illegal and stopping playing the multicast data.
In some embodiments, the live service information obtained by the terminal decrypting the signature information by using the public key comprises the characteristic character string. The characteristic string is a characteristic string that has not been processed by the hash algorithm. In this case, the step of comparing and verifying the decrypted live service information with the live service information acquired from the service platform by the terminal may include: and the terminal compares and verifies the characteristic character string with the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined to be not passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
For example, when the user wants to watch channel number 100 by operating a remote controller and an EPG (Electronic Program Guide) interface, the EPG interface notifies the terminal to initiate joining of the multicast group corresponding to channel number 100. The terminal receives live broadcast service information such as a multicast address, a multicast port number, a channel name and a channel number of a live broadcast (for example, a live broadcast of a 100-channel number) from the service platform. After receiving the multicast data, the terminal extracts the signature information in the RTP extension packet header, decrypts the signature information by using a public key to obtain a characteristic character string, compares and verifies the characteristic character string and the live broadcast service information of the live broadcast program obtained from the service platform, and judges whether the characteristic character string is consistent with the live broadcast service information obtained from the service platform. If the data is consistent with the data, the live broadcast source is determined to be legal, and RTP payload data is continuously extracted for subsequent decoding and playing. If not, the live broadcast source is determined to be illegal, and the multicast data is stopped playing.
In the above embodiment, if the signature character string is not processed by the hash algorithm before signature, the terminal decrypts the signature information by using the public key to obtain the signature character string, and compares the signature character string with the data obtained from the service platform, and if the signature character string and the data are consistent, it may be determined that the verification passes, otherwise, the verification fails.
For example, if an attacker inserts an illegal video stream during multicast streaming, the terminal will refuse to play if the terminal fails to verify the signature because the signature information is not inserted into the RTP extension packet header. If the attacker guides the terminal to access other content source addresses, the terminal will also fail to verify the signature, and the playing will be refused.
In other embodiments, if the server processes the characteristic character string by using a hash algorithm, the live broadcast service information obtained by decrypting the signature information by using the public key by the terminal includes the characteristic character string processed by the hash algorithm.
In this case, the step of comparing and verifying the decrypted live service information with the live service information acquired from the service platform by the terminal may include: the terminal processes the live broadcast service information acquired from the service platform by using the hash algorithm; and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information obtained from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the feature character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the feature character string and the live broadcast service information are inconsistent.
In this embodiment, if the characteristic character string is processed by using the hash algorithm before signing, the terminal first performs calculation processing on the live broadcast service information acquired from the service platform by using the same hash algorithm, and compares the calculation result with the decryption result, and if the calculation result is consistent with the decryption result, the verification is passed, otherwise, the verification is not passed.
To this end, a method for detecting legitimacy of a live source according to some embodiments of the present disclosure is provided. In the method, a server generates a public-private key pair, sends a public key to a terminal, and signs live broadcast service information of a live broadcast program by using the private key to generate signature information. The server inserts the signature information corresponding to the live program into an RTP extension packet header of the multicast data and sends the multicast data to the terminal in the process of packaging the live program content to generate RTP multicast data. The terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using a public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from the service platform. And determining that the live broadcast source is legal and allowing to play the multicast data under the condition that the verification is passed, and determining that the live broadcast source is illegal and stopping playing the multicast data under the condition that the verification is not passed. The method realizes the verification of the legality of the live broadcast source, thereby avoiding broadcasting illegal inter-cut or tampered content sources.
In addition, the method can realize the effects of preventing illegal inter cut and tampering videos under the condition of little modification on the existing live broadcast system without constructing a DRM system. Thus, the method is simple and easy to implement.
In some embodiments, the terminal may periodically compare and verify the decrypted live service information with the live service information acquired from the service platform. In this embodiment, the terminal does not need to check each RTP extension packet header, for example, it may only need to check the first RTP packet when the terminal is just added to the multicast, and then periodically sample and check the packet, where the sampling frequency may depend on the service security level. Therefore, the terminal consumption can be reduced and the efficiency can be improved.
In some embodiments, the RTP packet header may be composed of two parts, namely a standard packet header and an extension packet header, and the length and content of the extension packet header may be customized. For some receivers that do not use the above method of the embodiments of the present disclosure, the meaning of the extension header data may be omitted, so as not to affect the acquisition and use of the RTP payload data.
Fig. 2 is a block diagram illustrating a system for detecting the legitimacy of a live source in accordance with some embodiments of the present disclosure. As shown in fig. 2, the system may include a server 202 and a terminal 204.
The server 202 may be configured to generate a public-private key pair, send a public key in the public-private key pair to the terminal 204, sign live broadcast service information of a live broadcast program by using a private key in the public-private key pair to generate signature information, insert signature information corresponding to the live broadcast program into an RTP extension header of multicast data in a process of packaging live broadcast program content to generate RTP multicast data, and send the multicast data to the terminal 204.
The terminal 204 may be configured to extract signature information from an RTP extension packet header of the multicast data, decrypt the signature information with a public key to obtain live broadcast service information, and compare and verify the live broadcast service information obtained by decryption with live broadcast service information of a live broadcast program obtained from a service platform. And if the verification is not passed, the live broadcast source is determined to be illegal and the multicast data is stopped playing.
To this end, a system for detecting legitimacy of a live source in accordance with some embodiments of the present disclosure is provided. The system realizes the verification of the legality of the broadcast source, thereby avoiding broadcasting illegal inter-cut or tampered content sources. In addition, the system does not need to build a DRM system, and can realize the effects of preventing illegal inter cut and tampering with videos under the condition of little modification on the existing live broadcast system. Thus, the system is simple and easy to implement.
In some embodiments, the live traffic information may include at least one of a multicast address, a multicast port number, a channel name, and a channel number of the live program.
In some embodiments, the server 202 may be configured to generate a characteristic string from the multicast address, the multicast port number, the channel name, and the channel number, and encrypt the characteristic string with a private key to generate the signature information.
In some embodiments, the live service information obtained by decrypting the signature information by the terminal 204 using the public key includes the characteristic string. The characteristic string is a characteristic string that has not been processed by the hash algorithm. In such a case, the terminal 204 may be configured to compare and verify the characteristic string with the live service information obtained from the service platform, where the verification is determined to pass if the characteristic string and the live service information are consistent, and the verification is determined not to pass if the characteristic string and the live service information are inconsistent.
In other embodiments, the server 202 may be configured to generate a characteristic string according to the multicast address, the multicast port number, the channel name, and the channel number, process the characteristic string using a hash algorithm, and encrypt the processed characteristic string using a private key to generate the signature information.
In other embodiments, the live service information obtained by decrypting the signature information by the terminal 204 using the public key includes a characteristic string processed by a hash algorithm. The terminal 204 may be configured to process live broadcast service information acquired from a service platform by using the hash algorithm, and compare the decrypted feature character string processed by the hash algorithm with the live broadcast service information acquired from the service platform processed by the hash algorithm, where the verification is determined to be passed when the two are consistent, and the verification is determined to be not passed when the two are inconsistent.
In some embodiments, the terminal 204 may be configured to periodically compare and verify the decrypted live service information with the live service information acquired from the service platform.
Fig. 3 is a block diagram illustrating a system for detecting the legitimacy of a live source according to further embodiments of the present disclosure. The system includes a memory 310 and a processor 320. Wherein:
the memory 310 may be a magnetic disk, flash memory, or any other non-volatile storage medium. The memory is used for storing instructions in the embodiment corresponding to fig. 1.
Processor 320 is coupled to memory 310 and may be implemented as one or more integrated circuits, such as a microprocessor or microcontroller. The processor 320 is configured to execute instructions stored in the memory to enable validation of the legitimacy of the broadcast source, thereby preventing broadcast of illegal spot or tampered content sources.
It should be noted that there may be a plurality of memories 310 and processors 320, respectively, in the embodiment of the present disclosure, so that these memories 310 and processors 320 may be set in different locations as constituent components of a terminal, a server, and the like.
In some embodiments, as also shown in FIG. 4, the system 400 includes a memory 410 and a processor 420. Processor 420 is coupled to memory 410 by a BUS 430. The system 400 may also be coupled to an external storage device 450 via a storage interface 440 for facilitating retrieval of external data, and may also be coupled to a network or another computer system (not shown) via a network interface 460, which will not be described in detail herein.
In this embodiment, the data instruction is stored in the memory, and the processor processes the instruction, so as to verify the validity of the broadcast source, thereby preventing the broadcast of an illegal inter-cut or tampered content source.
It should be noted that the memory 410, the processor 420, the BUS 430, the storage interface 440, the external storage device 450, and the network interface 460 according to the embodiment of the present disclosure may be provided in plural numbers, respectively, so that the memory 410, the processor 420, the BUS 430, the storage interface 440, the external storage device 450, and the network interface 460 may be provided in different locations as a set to serve as a component of a terminal, a server, or the like.
In other embodiments, the present disclosure also provides a computer-readable storage medium on which computer program instructions are stored, which instructions, when executed by a processor, implement the steps of the method in the corresponding embodiment of fig. 1. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
The method and system of the present disclosure may be implemented in a number of ways. For example, the methods and systems of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the foregoing examples are for purposes of illustration only and are not intended to limit the scope of the present disclosure. It will be appreciated by those skilled in the art that modifications may be made to the above embodiments without departing from the scope and spirit of the present disclosure. The scope of the present disclosure is defined by the appended claims.

Claims (12)

1. A method for detecting legitimacy of a live source, comprising:
the server generates a public-private key pair, sends a public key of the public-private key pair to the terminal, and signs the live broadcast service information of the live broadcast program by using a private key of the public-private key pair to generate signature information;
the server inserts signature information corresponding to the live program into an RTP extension packet header of multicast data and sends the multicast data to a terminal in the process of packaging the live program content to generate real-time transport protocol (RTP) multicast data; and
the terminal extracts the signature information from the RTP extension packet header of the multicast data, decrypts the signature information by using the public key to obtain the live broadcast service information, and compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; the method comprises the steps that a live broadcast source is determined to be legal and the multicast data are allowed to be played under the condition that verification is passed, and the live broadcast source is determined to be illegal and the multicast data are stopped to be played under the condition that verification is not passed;
the live broadcast service information comprises at least one of a multicast address, a multicast port number, a channel name and a channel number of the live broadcast program; the server signs the live broadcast service information by using the private key to generate signature information, and the steps comprise: the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, and encrypts the characteristic character string by using the private key to generate signature information.
2. The method of claim 1, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises the characteristic character string;
the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps:
and the terminal compares and verifies the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
3. The method of claim 1, wherein the step of the server signing the live traffic information with the private key to generate signature information comprises:
the server generates a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processes the characteristic character string by using a Hash algorithm, and encrypts the processed characteristic character string by using the private key to generate signature information.
4. The method of claim 3, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises a characteristic character string processed by the Hash algorithm;
the step of comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform by the terminal comprises the following steps:
the terminal processes the live broadcast service information acquired from the service platform by using the hash algorithm; and
and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information obtained from the service platform after the hash algorithm processing, wherein the feature character string is determined to pass the verification under the condition that the feature character string and the live broadcast service information are consistent, and the feature character string is determined to not pass the verification under the condition that the feature character string and the live broadcast service information are inconsistent.
5. The method of claim 1, wherein,
and the terminal periodically compares and verifies the live broadcast service information obtained by decryption with the live broadcast service information obtained from the service platform.
6. A system for detecting the legitimacy of a live source, comprising:
the server is used for generating a public-private key pair, sending a public key in the public-private key pair to the terminal, signing live broadcast service information of a live broadcast program by using a private key in the public-private key pair to generate signature information, inserting the signature information corresponding to the live broadcast program into an RTP (real-time transport protocol) extension packet header of multicast data in the process of packaging the live broadcast program content to generate RTP multicast data, and sending the multicast data to the terminal; and
the terminal is used for extracting the signature information from the RTP extension packet header of the multicast data, decrypting the signature information by using the public key to obtain the live broadcast service information, and comparing and verifying the live broadcast service information obtained by decryption with the live broadcast service information of the live broadcast program obtained from a service platform; the method comprises the steps that a live broadcast source is determined to be legal and the multicast data are allowed to be played under the condition that verification is passed, and the live broadcast source is determined to be illegal and the multicast data are stopped to be played under the condition that verification is not passed;
the live broadcast service information comprises at least one of a multicast address, a multicast port number, a channel name and a channel number of the live broadcast program; the server is used for generating a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, and encrypting the characteristic character string by using the private key to generate signature information.
7. The system of claim 6, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises the characteristic character string;
and the terminal is used for comparing and verifying the characteristic character string and the live broadcast service information acquired from the service platform, wherein the verification is determined to be passed under the condition that the characteristic character string and the live broadcast service information are consistent, and the verification is determined not to be passed under the condition that the characteristic character string and the live broadcast service information are inconsistent.
8. The system of claim 6, wherein,
the server is used for generating a characteristic character string according to the multicast address, the multicast port number, the channel name and the channel number, processing the characteristic character string by using a Hash algorithm, and encrypting the processed characteristic character string by using the private key to generate signature information.
9. The system of claim 8, wherein,
the terminal decrypts the signature information by using the public key to obtain live broadcast service information which comprises a characteristic character string processed by the Hash algorithm;
the terminal is used for processing the live broadcast service information acquired from the service platform by using the hash algorithm, and comparing the feature character string obtained by decryption after the hash algorithm processing with the live broadcast service information acquired from the service platform after the hash algorithm processing, wherein the verification is determined to be passed under the condition that the two are consistent, and the verification is determined not to be passed under the condition that the two are inconsistent.
10. The system of claim 6, wherein,
and the terminal is used for periodically comparing and verifying the live broadcast service information obtained by decryption and the live broadcast service information obtained from the service platform.
11. A system for detecting the legitimacy of a live source, comprising:
a memory; and
a processor coupled to the memory, the processor configured to perform the method of any of claims 1-5 based on instructions stored in the memory.
12. A computer-readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any one of claims 1 to 5.
CN201810986074.5A 2018-08-28 2018-08-28 Method and system for detecting validity of live broadcast source Active CN110868641B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810986074.5A CN110868641B (en) 2018-08-28 2018-08-28 Method and system for detecting validity of live broadcast source

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810986074.5A CN110868641B (en) 2018-08-28 2018-08-28 Method and system for detecting validity of live broadcast source

Publications (2)

Publication Number Publication Date
CN110868641A CN110868641A (en) 2020-03-06
CN110868641B true CN110868641B (en) 2021-12-07

Family

ID=69651598

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810986074.5A Active CN110868641B (en) 2018-08-28 2018-08-28 Method and system for detecting validity of live broadcast source

Country Status (1)

Country Link
CN (1) CN110868641B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111711863A (en) * 2020-06-29 2020-09-25 北京数码视讯科技股份有限公司 Method and device for preventing program insertion, electronic equipment and storage medium
CN112202725B (en) * 2020-09-10 2023-04-07 中国联合网络通信集团有限公司 Service verification method and device
CN114205643A (en) * 2021-11-15 2022-03-18 杭州当虹科技股份有限公司 Advertisement insertion identification method and device based on IP live stream

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1972433A (en) * 2005-11-25 2007-05-30 中国科学院研究生院 Real-time authentication apparatus for digital TV transmission stream and television device with same
CN101072334A (en) * 2006-05-09 2007-11-14 中国科学院研究生院 Scrambling non-scrambling transmission flow real-time authenticating device and television device with same
CN101494655A (en) * 2009-03-12 2009-07-29 中国电信股份有限公司 RTP distributed stream media service system and method
CN102231863A (en) * 2011-06-02 2011-11-02 南京中兴力维软件有限公司 Transmission method of multichannel video streams and system thereof
CN102263959A (en) * 2011-08-08 2011-11-30 中国电信股份有限公司 Direct broadcast transfer method and system
CN103731679A (en) * 2013-12-30 2014-04-16 世纪龙信息网络有限责任公司 Mobile video display system and achieving method thereof
CN104244026A (en) * 2014-09-04 2014-12-24 浙江宇视科技有限公司 Secret key distribution device in video monitoring system
CN104602038A (en) * 2013-10-30 2015-05-06 中国电信股份有限公司 Method and system for controlling port
CN106034242A (en) * 2015-03-09 2016-10-19 杭州施强网络科技有限公司 Audio/video live broadcast streaming media data transmission method in P2P system
CN106789999A (en) * 2016-12-12 2017-05-31 浙江宇视科技有限公司 Follow the trail of the method and device of video source
CN107370712A (en) * 2016-05-11 2017-11-21 中兴通讯股份有限公司 A kind of code stream distorts monitoring method, device and communication system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3095808U (en) * 2003-02-10 2003-08-22 船井電機株式会社 Television receiver with optical disc playback function
US8925096B2 (en) * 2009-06-02 2014-12-30 Google Technology Holdings LLC System and method for securing the life-cycle of user domain rights objects
JP2017187963A (en) * 2016-04-07 2017-10-12 ルネサスエレクトロニクス株式会社 Electronic apparatus and system
CN107547918A (en) * 2016-06-28 2018-01-05 中兴通讯股份有限公司 The methods, devices and systems that a kind of IPTV channel plays safely

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1972433A (en) * 2005-11-25 2007-05-30 中国科学院研究生院 Real-time authentication apparatus for digital TV transmission stream and television device with same
CN101072334A (en) * 2006-05-09 2007-11-14 中国科学院研究生院 Scrambling non-scrambling transmission flow real-time authenticating device and television device with same
CN101494655A (en) * 2009-03-12 2009-07-29 中国电信股份有限公司 RTP distributed stream media service system and method
CN102231863A (en) * 2011-06-02 2011-11-02 南京中兴力维软件有限公司 Transmission method of multichannel video streams and system thereof
CN102263959A (en) * 2011-08-08 2011-11-30 中国电信股份有限公司 Direct broadcast transfer method and system
CN104602038A (en) * 2013-10-30 2015-05-06 中国电信股份有限公司 Method and system for controlling port
CN103731679A (en) * 2013-12-30 2014-04-16 世纪龙信息网络有限责任公司 Mobile video display system and achieving method thereof
CN104244026A (en) * 2014-09-04 2014-12-24 浙江宇视科技有限公司 Secret key distribution device in video monitoring system
CN106034242A (en) * 2015-03-09 2016-10-19 杭州施强网络科技有限公司 Audio/video live broadcast streaming media data transmission method in P2P system
CN107370712A (en) * 2016-05-11 2017-11-21 中兴通讯股份有限公司 A kind of code stream distorts monitoring method, device and communication system
CN106789999A (en) * 2016-12-12 2017-05-31 浙江宇视科技有限公司 Follow the trail of the method and device of video source

Also Published As

Publication number Publication date
CN110868641A (en) 2020-03-06

Similar Documents

Publication Publication Date Title
US10212486B2 (en) Elementary bitstream cryptographic material transport systems and methods
CN101534433B (en) Streaming media encryption method
WO2018001193A1 (en) Method, device and system for secure playback on internet protocol television channel
EP2772062B1 (en) Constructing a transport stream
US8218772B2 (en) Secure multicast content delivery
US7865723B2 (en) Method and apparatus for multicast delivery of program information
US11449583B2 (en) Reception device, transmission device, and data processing method
US8824685B2 (en) Method for detection of a hacked decoder
CN105939484A (en) Audio/video encrypted playing method and system thereof
CN104854894A (en) Content url authentication for dash
CN110868641B (en) Method and system for detecting validity of live broadcast source
WO2006027749A1 (en) Method of providing conditional access
KR20060064469A (en) Apparatus and method for protecting multicast streamed motion picture files
CN107787493B (en) Method and apparatus for enabling content protection over a broadcast channel
KR101833214B1 (en) Validation and fast cahnnel change for broadcast system
US9641910B2 (en) Compression and decompression techniques for DRM license information delivery
US9609279B2 (en) Method and system for providing secure CODECS
CN110912941A (en) Transmission processing method and device for multicast data
US20140156997A1 (en) System and method for authenticating an encoded multimedia stream using digital signatures
CN114189706B (en) Media playing method, system, device, computer equipment and storage medium
KR100860003B1 (en) Apparatus and method for protection of ts broadcast program with the h.264 form
KR102190886B1 (en) Protection of Control Words in Conditional Access System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant