[go: up one dir, main page]

CN105357190A - Method and system for performing authentication on access request - Google Patents

Method and system for performing authentication on access request Download PDF

Info

Publication number
CN105357190A
CN105357190A CN201510703837.7A CN201510703837A CN105357190A CN 105357190 A CN105357190 A CN 105357190A CN 201510703837 A CN201510703837 A CN 201510703837A CN 105357190 A CN105357190 A CN 105357190A
Authority
CN
China
Prior art keywords
access request
authentication
server
request
cdn server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510703837.7A
Other languages
Chinese (zh)
Other versions
CN105357190B (en
Inventor
洪珂
林基宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN201510703837.7A priority Critical patent/CN105357190B/en
Publication of CN105357190A publication Critical patent/CN105357190A/en
Application granted granted Critical
Publication of CN105357190B publication Critical patent/CN105357190B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种访问请求鉴权的方法及系统。其中,该方法包括:CDN服务器接收访问终端的访问请求,其中,访问请求至少包括用于标识访问请求的第一标识;如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,其中,鉴权用于确定访问请求的合法性;如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权。本发明解决了现有的回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大的技术问题。

The invention discloses a method and system for access request authentication. Wherein, the method includes: the CDN server receives the access request of the access terminal, wherein the access request includes at least a first identifier for identifying the access request; if the first identifier is found in the local cache of the CDN server, the CDN server locally The access request is authenticated, wherein the authentication is used to determine the legitimacy of the access request; if the first identifier is not found in the local cache of the CDN server, the CDN server sends the access request to the authentication server for authentication. The invention solves the technical problem that the existing back-to-source authentication anti-hotlinking method only relies on the authentication server to identify hotlinking requests in any case, resulting in excessive load on the authentication server.

Description

访问请求鉴权的方法及系统Method and system for access request authentication

技术领域technical field

本发明涉及计算机领域,具体而言,涉及一种访问请求鉴权的方法及系统。The present invention relates to the computer field, in particular to a method and system for access request authentication.

背景技术Background technique

随着流媒体技术的发展,流媒体的盗链行为也日益猖獗,手段日益高明。盗链者通过在自己网站放置其他流媒体厂商的视频资源,盗用正规厂商的视频版权,这种行为不仅会带来版权侵犯,同时还会带来带宽资源枯竭,服务器崩溃等问题,视频服务商往往采取回源鉴权、在播放器中嵌入处理模块等方式来识别盗链请求,然后对盗链请求进行拒绝访问。With the development of streaming media technology, hotlinking behavior of streaming media is becoming more and more rampant, and the means are becoming more and more sophisticated. Hotlinkers place video resources of other streaming media manufacturers on their own websites to steal video copyrights of regular manufacturers. This behavior will not only cause copyright infringement, but also cause problems such as bandwidth resource exhaustion and server crashes. Video service providers Often methods such as back-to-source authentication and embedding processing modules in the player are used to identify hotlinking requests, and then deny access to hotlinking requests.

需要说明的是,上述现有的防盗链的方案往往存在如下问题:It should be noted that the above-mentioned existing anti-leech solutions often have the following problems:

(1)回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大。(1) The anti-leeching method of back-to-source authentication only relies on the authentication server to identify the hotlinking request in any case, resulting in an excessive load on the authentication server.

(2)利用在播放器中嵌入处理模块对视频进行加密的方案需要对播放器进行重新开发,耗费资源,而且随着算法的复杂,对硬件的依赖程度也比较大。(2) The scheme of encrypting video by embedding a processing module in the player needs to redevelop the player, which consumes resources, and with the complexity of the algorithm, the degree of dependence on hardware is also relatively large.

(3)上述防盗链的方案在识别到盗链请求都是直接对盗链请求进行拒绝,这样的后果是盗链者很快知道他的盗链行为是不合理的,然后就会很快做出重新盗链策略。(3) The above-mentioned anti-leeching scheme will directly reject the hotlinking request when it recognizes the hotlinking request. The consequence of this is that the hotlinking person will soon know that his hotlinking behavior is unreasonable, and then he will do it quickly Out of re hotlinking strategy.

(4)现有的访问请求鉴权的方案准确率低,容易导致将合法访问请求误判为非法访问请求。(4) The accuracy rate of the existing access request authentication scheme is low, which easily leads to misjudgment of a legitimate access request as an illegal access request.

针对上述现有的回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大的技术问题,目前尚未提出有效的解决方案。For the above-mentioned existing back-to-source authentication anti-hotlinking methods, in any case, only rely on the authentication server to identify the hotlinking request, resulting in the technical problem of excessive load on the authentication server, and no effective solution has been proposed yet.

发明内容Contents of the invention

本发明实施例提供了一种访问请求鉴权的方法及系统,以至少解决现有的回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大的技术问题。The embodiment of the present invention provides a method and system for access request authentication, to at least solve the problem that the existing back-to-source authentication anti-leech method only relies on the authentication server to identify the hotlink request in any case, resulting in A technical problem with the overload of the authentication server.

根据本发明实施例的一个方面,提供了一种访问请求鉴权的方法,该方法包括:CDN服务器接收访问终端的访问请求,其中,访问请求至少包括用于标识访问请求的第一标识;如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,其中,鉴权用于确定访问请求的合法性;如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权。According to an aspect of an embodiment of the present invention, a method for authenticating an access request is provided, the method including: a CDN server receiving an access request from an access terminal, where the access request includes at least a first identifier for identifying the access request; if When the first identifier is found in the local cache of the CDN server, the CDN server authenticates the access request locally, wherein the authentication is used to determine the legitimacy of the access request; if the first identifier is not found in the local cache of the CDN server ID, the CDN server sends the access request to the authentication server for authentication.

根据本发明实施例的另一方面,还提供了一种访问请求鉴权的系统,该系统包括:客户端,用于发送访问终端的访问请求,其中,访问请求至少用于标识访问请求的第一标识;CDN服务器,用于接收访问请求,如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求进行转发,其中,鉴权用于确定访问请求的合法性;鉴权服务器,与CDN服务器建立通信关系,对CDN服务器转发的访问请求进行鉴权。According to another aspect of the embodiments of the present invention, there is also provided an access request authentication system, the system includes: a client, configured to send an access request of an access terminal, wherein the access request is at least used to identify the first One identifier; the CDN server is used to receive the access request. If the first identifier is found in the local cache of the CDN server, the CDN server will authenticate the access request locally. If the first identifier is not found in the local cache of the CDN server ID, the CDN server forwards the access request, where authentication is used to determine the legitimacy of the access request; the authentication server establishes a communication relationship with the CDN server, and authenticates the access request forwarded by the CDN server.

在本发明实施例中,采用CDN服务器接收访问终端的访问请求,其中,访问请求至少包括用于标识访问请求的第一标识;如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,其中,鉴权用于确定访问请求的合法性;如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权。解决了现有的回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大的技术问题。In this embodiment of the present invention, a CDN server is used to receive an access request from an access terminal, wherein the access request includes at least a first identifier used to identify the access request; if the first identifier is found in the local cache of the CDN server, the CDN server will Locally authenticate the access request, where the authentication is used to determine the legitimacy of the access request; if the first identifier is not found in the local cache of the CDN server, the CDN server sends the access request to the authentication server for authentication. It solves the technical problem that the existing back-to-source authentication anti-leeching method only relies on the authentication server to identify the hotlinking request in any case, resulting in an excessive load on the authentication server.

附图说明Description of drawings

此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The accompanying drawings described here are used to provide a further understanding of the present invention and constitute a part of the application. The schematic embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute improper limitations to the present invention. In the attached picture:

图1是根据本发明实施例一的访问请求鉴权的方法的流程图;FIG. 1 is a flowchart of a method for access request authentication according to Embodiment 1 of the present invention;

图2是根据本发明实施例一的可选地访问请求鉴权的方法的流程图;FIG. 2 is a flow chart of an optional access request authentication method according to Embodiment 1 of the present invention;

图3是根据本发明实施例一的可选地访问请求鉴权的方法的流程图;以及FIG. 3 is a flow chart of an optional access request authentication method according to Embodiment 1 of the present invention; and

图4是根据本发明实施例二的访问请求鉴权系统的示意图。Fig. 4 is a schematic diagram of an access request authentication system according to Embodiment 2 of the present invention.

具体实施方式detailed description

为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only It is an embodiment of a part of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.

需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first" and "second" in the description and claims of the present invention and the above drawings are used to distinguish similar objects, but not necessarily used to describe a specific sequence or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances such that the embodiments of the invention described herein can be practiced in sequences other than those illustrated or described herein. Furthermore, the terms "comprising" and "having", as well as any variations thereof, are intended to cover a non-exclusive inclusion, for example, a process, method, system, product or device comprising a sequence of steps or elements is not necessarily limited to the expressly listed instead, may include other steps or elements not explicitly listed or inherent to the process, method, product or apparatus.

实施例一Embodiment one

根据本发明实施例,提供了一种访问请求鉴权的方法的实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。According to an embodiment of the present invention, an embodiment of a method for access request authentication is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

图1是根据本发明实施例的一种访问请求鉴权的方法的流程图,如图1所示,该方法包括如下步骤:Fig. 1 is a flow chart of a method for access request authentication according to an embodiment of the present invention. As shown in Fig. 1, the method includes the following steps:

步骤S12,CDN服务器接收访问终端的访问请求,其中,访问请求至少包括用于标识访问请求的第一标识。In step S12, the CDN server receives the access request from the access terminal, where the access request includes at least a first identifier for identifying the access request.

具体地,在本方案中,上述访问请求可以为URL请求,上述第一标识可以为包含在URL请求中的一个ID,该ID用于标识用户的每次访问请求,该ID可以通过如下方案生成:用户在通过客户端访问CDN服务器时,上述客户端可以将用户访问请求的URI、时间戳、随机数串以及KEY四者使用不可逆加密算法加密,生成用于标识上述URL请求的ID,然后将上述ID、明文的时间戳和随机数串插在URL域名后面,生成一个具有唯一性的资源请求URL,然后客户端将上述包含了的ID的资源请求URL发送至CDN服务器,需要说明的是,本申请中的CDN服务器可以为CDN节点服务器,也可以为CDN边缘服务器。Specifically, in this solution, the above-mentioned access request may be a URL request, and the above-mentioned first identifier may be an ID contained in the URL request, and the ID is used to identify each access request of the user, and the ID may be generated through the following scheme : When the user accesses the CDN server through the client, the above client can encrypt the URI, timestamp, random number string and KEY of the user's access request using an irreversible encryption algorithm to generate an ID for identifying the above URL request, and then send the The above ID, the timestamp of the plain text and the random number string are inserted behind the URL domain name to generate a unique resource request URL, and then the client sends the resource request URL containing the above ID to the CDN server. It should be noted that, The CDN server in this application may be a CDN node server or a CDN edge server.

需要说明的是,URL请求的ID的生成方法不限于上述方式,ID的生成方案只要能达到ID的唯一性即可。It should be noted that the method for generating the ID of the URL request is not limited to the above method, and the ID generation scheme only needs to achieve the uniqueness of the ID.

例如,用户A通过客户端(合法客户端或非法客户端)访问CDN服务器,在CDN服务器接收到的用户A的访问请求的URL中,包含着标识访问请求的ID,时间戳、随机数串。用户A的访问请求URL可以为如下示例:http://wstest.com.cn/a.flv?k=68b329da9893e34099c7d8ad5cb9c940&t=554afcb4&UID=11111111;k为唯一ID,其中t为时间戳,UID为随机串)。这里需要说明的是,如果用户A通过一个合法的客户端(例如门户网站)访问CDN服务器时,CDN服务器所接收到的URL请求为上述合法的客户端针对用户的访问请求生成,如果用户A通过一个非法的客户端(第三方盗链网站)访问CDN服务器时,CDN服务器所接收到的URL请求为上述非法的客户端盗取或伪造的。For example, user A accesses the CDN server through a client (legal client or illegal client), and the URL of user A's access request received by the CDN server includes ID, timestamp, and random number string identifying the access request. User A's access request URL can be the following example: http://wstest.com.cn/a.flv? k=68b329da9893e34099c7d8ad5cb9c940&t=554afcb4&UID=11111111; k is a unique ID, where t is a timestamp, and UID is a random string). What needs to be explained here is that if user A accesses the CDN server through a legal client (such as a portal website), the URL request received by the CDN server is generated by the above-mentioned legal client for the user's access request. When an illegal client (third-party hotlink website) accesses the CDN server, the URL request received by the CDN server is stolen or forged by the illegal client.

需要说明的是,本申请的方案,只需要对系统客户端进行轻量级的开发,对CDN源服务器中的代码结构以及业务逻辑无需做任何改变,客户端中的播放器端可以发起使用md5sum(时间戳+随机数串+KEY)作为随机目录的请求,因此在本方案中,播放器端只需做轻量级开发,节省了开发人员的资源。It should be noted that the solution of this application only needs to carry out lightweight development on the system client, and does not need to make any changes to the code structure and business logic in the CDN source server. The player in the client can initiate the use of md5sum (time stamp + random number string + KEY) is used as a request for a random directory, so in this solution, the player only needs to do lightweight development, which saves resources for developers.

步骤S14,如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,其中,鉴权用于确定访问请求的合法性。Step S14, if the first identifier is found in the local cache of the CDN server, the CDN server locally authenticates the access request, where the authentication is used to determine the legitimacy of the access request.

具体地,在本方案中,上述CDN服务器可以先从本地缓存进行查询,在本地缓存中查询到包含上述ID情况下,则由上述CDN服务器按照预设的鉴权策略对用户的本次访问请求进行鉴权,即确定上述用户的访问请求为合法访问请求还是盗链的访问请求。Specifically, in this solution, the above-mentioned CDN server can first query from the local cache, and if the above-mentioned ID is found in the local cache, the above-mentioned CDN server will follow the preset authentication strategy for the user's current access request Perform authentication, that is, determine whether the above-mentioned user's access request is a legal access request or a hotlink access request.

需要说明的是,如果任意用户之前通过正常的客户端(例如门户网站)访问了CDN服务器,那么在CDN服务器中则会缓存着合法用户的访问请求的ID以及合法用户的访问请求的ID对应的访问终端的IP地址,所以在上述步骤S14中,如果CDN服务器的本地缓存中保存有合法用户的访问请求的ID,那么CDN服务器可以用于鉴定本次访问请求的合法性。It should be noted that if any user has accessed the CDN server through a normal client (such as a portal website) before, the ID of the legitimate user's access request and the ID corresponding to the ID of the legitimate user's access request will be cached in the CDN server. The IP address of the access terminal, so in the above step S14, if the ID of the access request of the legal user is stored in the local cache of the CDN server, the CDN server can be used to identify the legitimacy of the access request.

步骤S16,如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权。Step S16, if the first identifier is not found in the local cache of the CDN server, the CDN server sends the access request to the authentication server for authentication.

具体地,在本方案中,如果CDN服务器的本地缓存中没有第一标识,CDN服务器将向鉴权服务器发起鉴权请求,由鉴权服务器对上述访问请求进行鉴权。Specifically, in this solution, if there is no first identifier in the local cache of the CDN server, the CDN server will initiate an authentication request to the authentication server, and the authentication server will authenticate the access request.

本实施例首先通过CDN服务器接收访问终端的访问请求,其中,访问请求至少包括用于标识访问请求的第一标识;如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,其中,鉴权用于确定访问请求的合法性;如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权,解决了现有的回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大的问题。In this embodiment, the access request of the access terminal is first received by the CDN server, wherein the access request includes at least a first identifier used to identify the access request; if the first identifier is found in the local cache of the CDN server, the CDN server locally performs the access Request for authentication, where the authentication is used to determine the legitimacy of the access request; if the first identifier is not found in the local cache of the CDN server, the CDN server sends the access request to the authentication server for authentication, which solves the problem Some anti-leeching methods for back-to-source authentication only rely on the authentication server to identify the hotlinking request under any circumstances, causing the problem of excessive load on the authentication server.

需要说明的是,本方案采用本地CDN节点服务器判断+鉴权服务器判断的模式,能有效的减小鉴权服务器的压力。It should be noted that this solution adopts the mode of local CDN node server judgment + authentication server judgment, which can effectively reduce the pressure on the authentication server.

可选地,上述访问请求中还可以包括访问终端的IP地址,步骤S14,如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权的步骤可以包括:Optionally, the above-mentioned access request may also include the IP address of the access terminal. In step S14, if the first identifier is found in the local cache of the CDN server, the step of the CDN server authenticating the access request locally may include:

步骤S141,CDN服务器判断本地缓存的至少一个IP地址是否包括访问终端的IP地址,其中,至少一个IP地址与第一标识具有对应关系。In step S141, the CDN server determines whether at least one IP address cached locally includes the IP address of the access terminal, where at least one IP address has a corresponding relationship with the first identifier.

步骤S142,在包括的情况下,CDN服务器确定访问请求为合法请求。Step S142, in the case of including, the CDN server determines that the access request is a legitimate request.

步骤S143,在不包括的情况下,CDN服务器确定访问请求为盗链请求。Step S143, if not included, the CDN server determines that the access request is a hotlink request.

具体地,在本方案中,上述步骤S141中的至少一个IP地址为之前合法用户通过合法的客户端向CDN服务器发送资源请求后,CDN服务器中所缓存的多个IP地址,需要说明的是,CDN服务器中缓存的至少一个IP地址与上述第一标识(ID)具有对应关系。在CDN服务器的缓存中,多个IP地址与多个IP地址对应的第一标识(ID)都是合法的,因此,CDN服务器接收到当前用户的本次访问请求后,先判断用户的访问请求的ID与CDN服务器中缓存的ID是否相同,在相同的情况下,CDN服务器则可以判断当前用户的本次访问请求的IP地址是否与缓存的IP地址相同,在相同的情况下,则鉴权通过说明该当前访问请求为合法请求,如果IP地址不同,则说明该当前的访问请求为非法的盗链请求,鉴权不通过,需要说明的是,在CDN服务器的缓存中,一个合法ID可以对应多个IP地址,只要用户的本次访问请求的IP地址包含在上述多个IP地址中,则说明用户的本次访问请求为合法的请求,可以避免因为多出口IP导致访问请求的误判。Specifically, in this solution, at least one IP address in the above step S141 is a plurality of IP addresses cached in the CDN server after the legal user sends a resource request to the CDN server through a legal client before. It should be noted that, At least one IP address cached in the CDN server has a corresponding relationship with the first identification (ID). In the cache of the CDN server, multiple IP addresses and the first identifiers (IDs) corresponding to multiple IP addresses are legal. Therefore, after receiving the current user's access request, the CDN server first judges the user's access request ID is the same as the ID cached in the CDN server. In the same case, the CDN server can determine whether the IP address of the current user's access request is the same as the cached IP address. In the same case, the authentication By stating that the current access request is a legitimate request, if the IP address is different, it means that the current access request is an illegal hotlinking request, and the authentication fails. It should be noted that in the cache of the CDN server, a legal ID can Corresponding to multiple IP addresses, as long as the IP address of the user's current access request is included in the above multiple IP addresses, it means that the user's current access request is a legal request, which can avoid misjudgment of the access request due to multiple exit IPs .

这里需要说明的是,在CDN服务器中缓存有当前访问请求的ID时,并不一定说明的该当前访问请求一定为合法的访问请求,因为ID有可能为当前的访问用户的客户端伪造或盗取的,CDN服务器中所缓存的ID与对应的多个IP地址为合法的访问请求,因此,CDN服务器可以进一步判断当前访问请求的实际的IP地址是否属于上述多个IP地址。What needs to be explained here is that when the ID of the current access request is cached in the CDN server, it does not necessarily mean that the current access request must be a legitimate access request, because the ID may be forged or stolen by the client of the current access user. Preferably, the ID cached in the CDN server and the corresponding multiple IP addresses are legal access requests, therefore, the CDN server can further determine whether the actual IP address of the current access request belongs to the above-mentioned multiple IP addresses.

可选地,步骤S16,如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权的步骤可以包括:Optionally, in step S16, if the first identifier is not found in the local cache of the CDN server, the step of the CDN server sending the access request to the authentication server for authentication may include:

步骤S161,如果在鉴权服务器的本地缓存中没有查询到第一标识,鉴权服务器确定访问请求为合法请求,并缓存第一标识与访问终端的IP地址之间的对应关系。Step S161, if the first identifier is not found in the local cache of the authentication server, the authentication server determines that the access request is a legitimate request, and caches the correspondence between the first identifier and the IP address of the access terminal.

具体地,在本方案中,CDN服务器可以将当前访问请求(本次访问请求)发送至鉴权服务器,由鉴权服务器对该当前访问请求进行鉴权,如果在鉴权服务器的本地缓存中没有查询到当前访问请求的ID,则说明,该当前访问请求为首次访问,首次访问请求不会为盗链请求,因此,鉴权服务器则确定该首次访问非合法请求,并缓存该首次访问的ID以及访问终端的IP地址之间的对应关系。Specifically, in this solution, the CDN server can send the current access request (this access request) to the authentication server, and the authentication server will authenticate the current access request. If there is no If the ID of the current access request is found, it means that the current access request is the first access, and the first access request will not be a hotlink request. Therefore, the authentication server determines that the first access request is not a legal request, and caches the ID of the first access And the corresponding relationship between the IP addresses of the access terminals.

步骤S162,如果在鉴权服务器的本地缓存中查询到包含第一标识,鉴权服务器判断本地缓存的至少一个IP地址是否包括访问终端的IP地址,其中,至少一个IP地址与第一标识具有对应关系;在包括的情况下,鉴权服务器确定访问请求为合法请求;在不包括的情况下,鉴权服务器确定访问请求为盗链请求。Step S162, if the first identifier is found in the local cache of the authentication server, the authentication server judges whether at least one IP address in the local cache includes the IP address of the access terminal, wherein at least one IP address has a correspondence with the first identifier relationship; in the case of including, the authentication server determines that the access request is a legitimate request; in the case of not including, the authentication server determines that the access request is a hotlinking request.

具体地,在本方案中,上述步骤S162中的至少一个IP地址可以为合法用户通过合法的客户端向CDN分布网络的其他的CDN服务器发送资源请求后,其他CDN服务器中所缓存的合法IP地址,然后其他CDN服务器将合法访问请求的ID以及ID对应的至少一个IP地址发送至鉴权服务器的缓存中,需要说明的是,鉴权服务器中缓存的ID与至少一个具有对应关系。在鉴权服务器的缓存中,ID与对应的至少一个IP地址都是合法的,因此,鉴权服务器接收到当前CDN服务器转发的当前访问请求后,先判断用户的当前访问请求的ID与鉴权服务器中缓存的ID是否相同,在相同的情况下,鉴权服务器则可以判断当前用户的访问请求的IP地址是否与缓存的IP地址相同,在相同的情况下,则鉴权通过,说明该当前访问请求为合法请求,如果IP地址不同,则说明该当前的访问请求为非法的盗链请求,鉴权不通过。需要说明的是,在鉴权服务器的缓存中,一个合法ID可以对应多个IP地址,只要用户的本次访问请求的IP地址包含在上述多个IP地址中,则说明用户的本次访问请求为合法的请求。Specifically, in this solution, at least one IP address in the above step S162 may be the legal IP address cached in other CDN servers after the legal user sends a resource request to other CDN servers in the CDN distribution network through a legal client. , and then other CDN servers send the ID of the legal access request and at least one IP address corresponding to the ID to the cache of the authentication server. It should be noted that the ID cached in the authentication server has a corresponding relationship with at least one IP address. In the cache of the authentication server, the ID and at least one corresponding IP address are legal. Therefore, after receiving the current access request forwarded by the current CDN server, the authentication server first judges the ID and authentication of the user's current access request. Whether the ID cached in the server is the same, in the same case, the authentication server can judge whether the IP address of the current user's access request is the same as the cached IP address, in the same case, the authentication passes, indicating that the current The access request is a legal request. If the IP addresses are different, it means that the current access request is an illegal hotlinking request, and the authentication fails. It should be noted that in the cache of the authentication server, a legal ID can correspond to multiple IP addresses. As long as the IP address of the user's current access request is included in the above-mentioned multiple IP addresses, it means that the user's current access request for legitimate requests.

可选地,步骤S16,如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权之后,本实施例提供的方法还可以包括:Optionally, in step S16, if the first identifier is not found in the local cache of the CDN server, after the CDN server sends the access request to the authentication server for authentication, the method provided in this embodiment may further include:

步骤S17,鉴权服务器将鉴权结果发送至CDN服务器,其中,鉴权结果至少包括:盗链请求的访问终端的IP地址以及合法请求的访问终端的IP地址。Step S17, the authentication server sends the authentication result to the CDN server, wherein the authentication result at least includes: the IP address of the access terminal requesting hotlinking and the IP address of the access terminal requesting legally.

具体地,在本方案中,如果鉴权服务器对当前访问请求鉴权不通过的情况下,则将盗链请求的访问终端的IP地址发送至CDN服务器,如果鉴权服务器对当前访问请求鉴权通过的情况下,鉴权服务器也将合法请求的访问终端的IP地址发送至CDN服务器,由CDN服务器对当前的访问请求进行处理。Specifically, in this solution, if the authentication server fails to authenticate the current access request, the IP address of the access terminal requested by hotlinking is sent to the CDN server. If the authentication server authenticates the current access request In the case of passing, the authentication server will also send the IP address of the legally requested access terminal to the CDN server, and the CDN server will process the current access request.

可选地,在步骤S17,鉴权服务器将鉴权结果发送至CDN服务器之后,本实施例提供的方法还可以包括:Optionally, after the authentication server sends the authentication result to the CDN server in step S17, the method provided in this embodiment may further include:

步骤S18,CDN服务器对盗链请求的访问终端的IP地址进行限速或拒绝访问。In step S18, the CDN server limits the speed or denies access to the IP address of the access terminal requesting hotlinking.

具体地,在本方案中,CDN服务器可以对合法请求的IP地址正常反馈资源,对非法的盗链请求以拒绝。Specifically, in this solution, the CDN server can normally feed back resources to legally requested IP addresses, and reject illegal hotlinking requests.

在一种优选的实施例中,CDN服务器不直接对盗链请求的IP地址进行拒绝访问,而是限速,这样可以起到迷惑盗链者的作用,让盗链者以为盗链成功,可以直接打击盗链者的网站用户体验。In a preferred embodiment, the CDN server does not directly deny access to the IP address of the hotlinking request, but limits the speed, which can play a role in confusing the hotlinking person, making the hotlinking person think that the hotlinking is successful, and can Directly combat hotlinkers' website user experience.

下面本申请结合图2至图3,在一种实际的应用场景下描述本方案:Below this application combines Figure 2 to Figure 3 to describe this solution in a practical application scenario:

本方案可以应用于防止非法盗链的系统,在该防止非法盗链的系统中可以包括客户端,CDN服务器,鉴权服务器。客户端向CDN节点服务器发送访问请求,CDN服务器可以自己对访问请求进行鉴权并响应客户端,客户端也可以将访问请求转发至鉴权服务器,由鉴权服务器进行鉴权,鉴权服务器对该访问请求进行鉴权,并将鉴权结果反馈至CDN服务器,CDN服务器根据鉴权结果响应客户端。This scheme can be applied to a system for preventing illegal hotlinking, and the system for preventing illegal hotlinking may include a client, a CDN server, and an authentication server. The client sends an access request to the CDN node server. The CDN server can authenticate the access request and respond to the client. The client can also forward the access request to the authentication server. The authentication server performs authentication. The access request is authenticated, and the authentication result is fed back to the CDN server, and the CDN server responds to the client according to the authentication result.

具体地,客户端可以发起带有唯一ID(将URI+时间戳+随机数串+KEY四者使用不可逆加密算法加密生成的ID)、明文的时间戳和随机数串作为目录的URL请求。CDN服务器是在CDN分发功能的基础上,实现边缘服务器在本地对URL进行判断和处理,以及发起鉴权并对鉴权结果进行处理。鉴权服务器主要是负责对CDN边缘服务器模块发起的鉴权请求进行判断,并下发判断结果。Specifically, the client can initiate a URL request with a unique ID (an ID generated by encrypting URI+time stamp+random number string+KEY using an irreversible encryption algorithm), a plaintext timestamp, and a random number string as a directory. On the basis of the CDN distribution function, the CDN server realizes that the edge server locally judges and processes the URL, initiates authentication and processes the authentication result. The authentication server is mainly responsible for judging the authentication request initiated by the CDN edge server module, and delivering the judgment result.

结合图2,CDN服务器对访问请求进行鉴权的步骤为如下:Referring to Figure 2, the steps for the CDN server to authenticate the access request are as follows:

步骤S30,CDN服务器接收客户端的访问请求。Step S30, the CDN server receives the client's access request.

步骤S31,CDN服务器判断访问请求中URL中的加密格式是否正确,时间戳是否有效,在加密不正确或者时间戳无效的情况下,执行步骤S32,在加密格式正确、时间戳有效的请求下,执行步骤S33。Step S31, the CDN server judges whether the encryption format in the URL in the access request is correct and whether the timestamp is valid, and if the encryption is incorrect or the timestamp is invalid, execute step S32, and if the encryption format is correct and the timestamp is valid, Execute step S33.

具体地,上述步骤S31对访问请求的URL进行时间错防盗链校验,主要包括唯一ID加密串正确性和时间戳是否过期校验。Specifically, the above step S31 performs a time error anti-leeching check on the URL of the access request, mainly including checking whether the encrypted string of the unique ID is correct and whether the time stamp is expired.

步骤S32,拒绝客户端的访问,需要说明的是,如果访问请求的URL的加密格式或是时间戳不正确的话,则说明盗链者的盗链方式不高明,CDN服务器则直接拒绝客户端的访问请求。Step S32, rejecting the client's access. It should be noted that if the encrypted format or time stamp of the URL of the access request is incorrect, it means that the hotlinking method of the hotlinker is not clever, and the CDN server directly rejects the client's access request .

步骤S33,CDN服务器判断本地缓存是否缓存ID与IP地址的对应关系,在是的情况下,执行步骤S34,在否的情况下,执行步骤S35。Step S33, the CDN server judges whether the local cache caches the correspondence between the ID and the IP address, if yes, execute step S34, and if no, execute step S35.

需要说明的是,上述ID为用户的访问请求URL所携带的ID。It should be noted that the above-mentioned ID is the ID carried in the URL of the user's access request.

步骤S34,CDN服务器判断本地缓存的ID与IP地址与访问请求的URL携带的ID与IP地址是否相同,在相同的情况下,执行步骤S341,在不相同的情况下,执行步骤S342。Step S34, the CDN server judges whether the ID and IP address in the local cache are the same as the ID and IP address carried in the URL of the access request, if they are the same, execute step S341, and if not, execute step S342.

步骤S341,鉴权通过,正常响应客户端。Step S341, the authentication passes, and the client responds normally.

步骤S342,鉴权不通过,对客户端进行限速Step S342, if the authentication fails, limit the speed of the client

步骤S35,CDN服务器将访问请求发送至鉴权服务器,由鉴权服务器对该访问请求进行鉴权。Step S35, the CDN server sends the access request to the authentication server, and the authentication server authenticates the access request.

具体地,若该访问请求的URL携带的ID和IP之间的对应关系没有在CDN服务器本地缓存,则CDN服务器则向鉴权服务器发起鉴权请求,并对URL携带的ID和IP的对应关系在CDN边缘节点做本地缓存处理。Specifically, if the correspondence between the ID and IP carried by the URL of the access request is not locally cached in the CDN server, the CDN server initiates an authentication request to the authentication server, and checks the correspondence between the ID and IP carried by the URL. Do local cache processing at the CDN edge node.

步骤S36,CDN服务器接收鉴权服务器反馈的鉴权结果,根据鉴权结果响应客户端。Step S36, the CDN server receives the authentication result fed back by the authentication server, and responds to the client according to the authentication result.

具体地,若鉴权服务器响应的鉴权结果是鉴权未通过,则CDN边缘节点对响应给客户端的内容做限速处理。具体地,若鉴权服务器响应的鉴权结果是鉴权通过,则CDN服务器正常响应内容给客户端。Specifically, if the authentication result responded by the authentication server is that the authentication fails, the CDN edge node performs rate-limiting processing on the content responded to the client. Specifically, if the authentication result responded by the authentication server is that the authentication is passed, the CDN server normally responds with content to the client.

如图3所示,鉴权服务器对访问请求进行鉴权的步骤可以为如下:As shown in Figure 3, the steps for the authentication server to authenticate the access request may be as follows:

步骤S40,鉴权服务器接收CDN服务器发送的鉴权请求。Step S40, the authentication server receives the authentication request sent by the CDN server.

步骤S41,鉴权服务器判断本地是否缓存访问请求的ID与IP的对应关系,在是的情况下,执行步骤S42,在否的情况下,执行步骤S43。In step S41, the authentication server judges whether the corresponding relationship between the ID and the IP of the access request is cached locally, if yes, execute step S42, and if no, execute step S43.

需要说明的是,上述ID为用户的访问请求URL所携带的ID。It should be noted that the above-mentioned ID is the ID carried in the URL of the user's access request.

步骤S42,在鉴权服务器中缓存的ID与IP地址与访问请求的URL携带的ID与IP地址相同的情况下,执行步骤S421,在不同的情况下,执行步骤S422。Step S42, if the ID and IP address cached in the authentication server are the same as the ID and IP address carried in the URL of the access request, execute step S421, and if they are different, execute step S422.

步骤S421,鉴权通过,鉴权服务器将鉴权结果发送至CDN服务器。In step S421, the authentication passes, and the authentication server sends the authentication result to the CDN server.

步骤S422,鉴权不通过,鉴权服务器将鉴权结果发送至CDN服务器。Step S422, the authentication fails, and the authentication server sends the authentication result to the CDN server.

步骤S43,鉴权通过,鉴权服务器将访问请求的URL携带的ID与IP地址之间的对应关系进行缓存。Step S43, when the authentication is passed, the authentication server caches the correspondence between the ID carried in the URL of the access request and the IP address.

步骤S44,鉴权服务器将鉴权结果发送至CDN服务器。Step S44, the authentication server sends the authentication result to the CDN server.

实施例二Embodiment two

本发明实施例还提供了一种访问请求鉴权的系统,该系统可以用于执行上述实施例一的方法,如图4所示,该系统可以包括:客户端20、CDN服务器22和鉴权服务器24。The embodiment of the present invention also provides a system for access request authentication, the system can be used to implement the method of the first embodiment above, as shown in Figure 4, the system can include: a client 20, a CDN server 22 and an authentication server 24.

客户端20,用于发送访问终端的访问请求,其中,访问请求至少用于标识访问请求的第一标识。The client 20 is configured to send an access request of the access terminal, where the access request is at least used to identify a first identifier of the access request.

CDN服务器22,用于接收访问请求,如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求进行转发,其中,鉴权用于确定访问请求的合法性。The CDN server 22 is used to receive the access request. If the first identifier is found in the local cache of the CDN server, the CDN server locally authenticates the access request. If the first identifier is not found in the local cache of the CDN server, The CDN server forwards the access request, wherein the authentication is used to determine the legitimacy of the access request.

具体地,在本方案中,上述访问请求可以为URL请求,上述第一标识可以为包含在URL请求中的一个ID,该ID用于标识用户的每次访问请求,该ID可以通过如下方案生成:用户在通过客户端访问CDN服务器时,上述客户端可以将用户访问请求的URI、时间戳、随机数串以及KEY四者使用不可逆加密算法加密,生成用于标识上述URL请求的ID,然后将上述ID、明文的时间戳和随机数串插在URL域名后面,生成一个具有唯一性的资源请求URL,然后客户端将上述包含了的ID的资源请求URL发送至CDN服务器,需要说明的是,本申请中的CDN服务器可以为CDN节点服务器,也可以为CDN边缘服务器。Specifically, in this solution, the above-mentioned access request may be a URL request, and the above-mentioned first identifier may be an ID contained in the URL request, and the ID is used to identify each access request of the user, and the ID may be generated through the following scheme : When the user accesses the CDN server through the client, the above client can encrypt the URI, timestamp, random number string and KEY of the user's access request using an irreversible encryption algorithm to generate an ID for identifying the above URL request, and then send the The above ID, the timestamp of the plain text and the random number string are inserted behind the URL domain name to generate a unique resource request URL, and then the client sends the resource request URL containing the above ID to the CDN server. It should be noted that, The CDN server in this application may be a CDN node server or a CDN edge server.

需要说明的是,URL请求的ID的生成方法不限于上述方式,ID的生成方案只要能达到ID的唯一性即可。It should be noted that the method for generating the ID of the URL request is not limited to the above method, and the ID generation scheme only needs to achieve the uniqueness of the ID.

例如,用户A通过客户端(合法客户端或非法客户端)访问CDN服务器,在CDN服务器接收到的用户A的访问请求的URL中,包含着标识访问请求的ID,时间戳、随机数串。用户A的访问请求URL可以为如下示例:http://wstest.com.cn/a.flv?k=68b329da9893e34099c7d8ad5cb9c940&t=554afcb4&UID=11111111;k为唯一ID,其中t为时间戳,UID为随机串)。这里需要说明的是,如果用户A通过一个合法的客户端(例如门户网站)访问CDN服务器时,CDN服务器所接收到的URL请求为上述合法的客户端针对用户的访问请求生成,如果用户A通过一个非法的客户端(第三方盗链网站)访问CDN服务器时,CDN服务器所接收到的URL请求为上述非法的客户端盗取或伪造的。For example, user A accesses the CDN server through a client (legal client or illegal client), and the URL of user A's access request received by the CDN server includes ID, timestamp, and random number string identifying the access request. User A's access request URL can be the following example: http://wstest.com.cn/a.flv? k=68b329da9893e34099c7d8ad5cb9c940&t=554afcb4&UID=11111111; k is a unique ID, where t is a timestamp, and UID is a random string). What needs to be explained here is that if user A accesses the CDN server through a legal client (such as a portal website), the URL request received by the CDN server is generated by the above-mentioned legal client for the user's access request. When an illegal client (third-party hotlink website) accesses the CDN server, the URL request received by the CDN server is stolen or forged by the illegal client.

需要说明的是,本申请的方案,只需要对系统客户端进行轻量级的开发,对CDN源服务器中的代码结构以及业务逻辑无需做任何改变,客户端中的播放器端可以发起使用md5sum(时间戳+随机数串+KEY)作为随机目录的请求,因此在本方案中,播放器端只需做轻量级开发,节省了开发人员的资源。It should be noted that the solution of this application only needs to carry out lightweight development on the system client, and does not need to make any changes to the code structure and business logic in the CDN source server. The player in the client can initiate the use of md5sum (time stamp + random number string + KEY) is used as a request for a random directory, so in this solution, the player only needs to do lightweight development, which saves resources for developers.

可选的,在本方案中,上述CDN服务器可以先从本地缓存进行查询,在本地缓存中查询到包含上述ID情况下,则由上述CDN服务器按照预设的鉴权策略对用户的本次访问请求进行鉴权,即确定上述用户的访问请求为合法访问请求还是盗链的访问请求。Optionally, in this solution, the above-mentioned CDN server can first query from the local cache, and if the above-mentioned ID is found in the local cache, the above-mentioned CDN server will follow the preset authentication strategy for the user's current visit Request authentication, that is, to determine whether the above-mentioned user's access request is a legal access request or a hotlink access request.

需要说明的是,如果任意用户之前通过正常的客户端(例如门户网站)访问了CDN服务器,那么在CDN服务器中则会缓存着合法用户的访问请求的ID以及合法用户的访问请求的ID对应的访问终端的IP地址,所以在上述步骤S14中,如果CDN服务器的本地缓存中保存有合法用户的访问请求的ID,那么CDN服务器可以用于鉴定本次访问请求的合法性,如果CDN服务器的本地缓存中保存有合法用户的访问请求的ID,CDN服务器将访问请求进行转发。It should be noted that if any user has accessed the CDN server through a normal client (such as a portal website) before, the ID of the legitimate user's access request and the ID corresponding to the ID of the legitimate user's access request will be cached in the CDN server. The IP address of the access terminal, so in the above step S14, if the ID of the access request of the legitimate user is stored in the local cache of the CDN server, the CDN server can be used to identify the legitimacy of the access request. If the local cache of the CDN server The ID of the access request of the legitimate user is stored in the cache, and the CDN server forwards the access request.

鉴权服务器24,与CDN服务器建立通信关系,对CDN服务器转发的访问请求进行鉴权。The authentication server 24 establishes a communication relationship with the CDN server, and authenticates the access request forwarded by the CDN server.

具体地,在本方案中,如果CDN服务器的本地缓存中没有第一标识,CDN服务器将向鉴权服务器发起鉴权请求,由鉴权服务器对上述访问请求进行鉴权。Specifically, in this solution, if there is no first identifier in the local cache of the CDN server, the CDN server will initiate an authentication request to the authentication server, and the authentication server will authenticate the access request.

本实施例首先通过CDN服务器接收访问终端的访问请求,其中,访问请求至少包括用于标识访问请求的第一标识;如果在CDN服务器的本地缓存中查询到第一标识,CDN服务器在本地对访问请求进行鉴权,其中,鉴权用于确定访问请求的合法性;如果在CDN服务器的本地缓存中没有查询到第一标识,CDN服务器将访问请求发送至鉴权服务器进行鉴权,解决了现有的回源鉴权的防盗链方法在任何情况下都只依靠鉴权服务器来对盗链请求进行识别,造成鉴权服务器负荷过大的问题。In this embodiment, the access request of the access terminal is first received by the CDN server, wherein the access request includes at least a first identifier used to identify the access request; if the first identifier is found in the local cache of the CDN server, the CDN server locally performs the access Request for authentication, where the authentication is used to determine the legitimacy of the access request; if the first identifier is not found in the local cache of the CDN server, the CDN server sends the access request to the authentication server for authentication, which solves the problem Some anti-leeching methods for back-to-source authentication only rely on the authentication server to identify the hotlinking request under any circumstances, causing the problem of excessive load on the authentication server.

可选地,访问请求还包括访问终端的IP地址,其中,上述CDN服务器22可以包括:第一处理器,用于判断本地缓存的至少一个IP地址是否包括访问终端的IP地址,其中,至少一个IP地址与第一标识具有对应关系;在包括的情况下,CDN服务器确定访问请求为合法请求;在不包括的情况下,CDN服务器确定访问请求为盗链请求。Optionally, the access request further includes the IP address of the access terminal, wherein the CDN server 22 may include: a first processor configured to determine whether at least one IP address cached locally includes the IP address of the access terminal, wherein at least one The IP address has a corresponding relationship with the first identifier; if it is included, the CDN server determines that the access request is a legal request; if it is not included, the CDN server determines that the access request is a hotlinking request.

可选地,上述鉴权服务器还可以包括:第二处理器,如果在鉴权服务器的本地缓存中没有查询到第一标识,鉴权服务器确定访问请求为合法请求,并缓存第一标识与访问终端的IP地址之间的对应关系;如果在鉴权服务器的本地缓存中查询到包含第一标识,鉴权服务器判断本地缓存的至少一个IP地址是否包括访问终端的IP地址,其中,至少一个IP地址与第一标识具有对应关系;在包括的情况下,鉴权服务器确定访问请求为合法请求;在不包括的情况下,鉴权服务器确定访问请求为盗链请求。Optionally, the authentication server may further include: a second processor, if the first identifier is not found in the local cache of the authentication server, the authentication server determines that the access request is a legal request, and caches the first identifier and the access request. The corresponding relationship between the IP addresses of the terminals; if the first identifier is found in the local cache of the authentication server, the authentication server judges whether at least one IP address in the local cache includes the IP address of the access terminal, wherein at least one IP The address has a corresponding relationship with the first identifier; if it is included, the authentication server determines that the access request is a legitimate request; if it is not included, the authentication server determines that the access request is a hotlinking request.

可选地,上述鉴权服务器还可以包括:通信装置,用于将鉴权结果发送至CDN服务器,其中,鉴权结果至少包括:盗链请求的访问终端的IP地址以及合法请求的访问终端的IP地址。Optionally, the authentication server may further include: a communication device, configured to send the authentication result to the CDN server, wherein the authentication result includes at least: the IP address of the access terminal requesting hotlinking and the IP address of the access terminal legally requesting IP address.

可选地,上述第一处理器还可以用于对盗链请求的访问终端的IP地址进行限速或拒绝访问。Optionally, the above-mentioned first processor may also be used to limit the speed or deny access to the IP address of the access terminal requesting hotlinking.

上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above embodiments of the present invention are for description only, and do not represent the advantages and disadvantages of the embodiments.

在本发明的上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments of the present invention, the descriptions of each embodiment have their own emphases, and for parts not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments.

在本申请所提供的几个实施例中,应该理解到,所揭露的技术内容,可通过其它的方式实现。其中,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,可以为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,单元或模块的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed technical content can be realized in other ways. Wherein, the device embodiments described above are only illustrative. For example, the division of the units may be a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or may be Integrate into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of units or modules may be in electrical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,RandomAccessMemory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: various media capable of storing program codes such as U disk, read-only memory (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), mobile hard disk, magnetic disk or optical disk.

以上所述仅是本发明的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本发明的保护范围。The above is only a preferred embodiment of the present invention, it should be pointed out that, for those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications can also be made. It should be regarded as the protection scope of the present invention.

Claims (10)

1.一种访问请求鉴权的方法,其特征在于,包括:1. A method for access request authentication, comprising: CDN服务器接收访问终端的访问请求,其中,所述访问请求至少包括用于标识所述访问请求的第一标识;The CDN server receives an access request from an access terminal, where the access request includes at least a first identifier for identifying the access request; 如果在所述CDN服务器的本地缓存中查询到所述第一标识,所述CDN服务器在本地对所述访问请求进行鉴权,其中,所述鉴权用于确定所述访问请求的合法性;If the first identifier is found in the local cache of the CDN server, the CDN server locally authenticates the access request, where the authentication is used to determine the legitimacy of the access request; 如果在所述CDN服务器的本地缓存中没有查询到所述第一标识,所述CDN服务器将所述访问请求发送至鉴权服务器进行鉴权。If the first identifier is not found in the local cache of the CDN server, the CDN server sends the access request to an authentication server for authentication. 2.根据权利要求1所述的方法,其特征在于,所述访问请求还包括所述访问终端的IP地址,其中,如果在所述CDN服务器的本地缓存中查询到所述第一标识,所述CDN服务器在本地对所述访问请求进行鉴权包括:2. The method according to claim 1, wherein the access request further includes the IP address of the access terminal, wherein, if the first identifier is found in the local cache of the CDN server, the The CDN server authenticating the access request locally includes: 所述CDN服务器判断本地缓存的至少一个IP地址是否包括所述访问终端的IP地址,其中,所述至少一个IP地址与所述第一标识具有对应关系;The CDN server determines whether at least one IP address cached locally includes the IP address of the access terminal, where the at least one IP address has a corresponding relationship with the first identifier; 在包括的情况下,所述CDN服务器确定所述访问请求为合法请求;In the case of including, the CDN server determines that the access request is a legal request; 在不包括的情况下,所述CDN服务器确定所述访问请求为盗链请求。If not included, the CDN server determines that the access request is a hotlink request. 3.根据权利要求1所述的方法,其特征在于,所述CDN服务器将所述访问请求发送至鉴权服务器进行鉴权包括:3. The method according to claim 1, wherein the CDN server sending the access request to an authentication server for authentication comprises: 如果在所述鉴权服务器的本地缓存中没有查询到所述第一标识,所述鉴权服务器确定所述访问请求为合法请求,并缓存所述第一标识与所述访问终端的IP地址之间的对应关系;If the first identifier is not found in the local cache of the authentication server, the authentication server determines that the access request is a legitimate request, and caches the relationship between the first identifier and the IP address of the access terminal. Correspondence between; 如果在所述鉴权服务器的本地缓存中查询到包含所述第一标识,所述鉴权服务器判断本地缓存的至少一个IP地址是否包括所述访问终端的IP地址,其中,所述至少一个IP地址与所述第一标识具有对应关系;If the first identifier is found in the local cache of the authentication server, the authentication server determines whether at least one IP address in the local cache includes the IP address of the access terminal, wherein the at least one IP The address has a corresponding relationship with the first identifier; 在包括的情况下,所述鉴权服务器确定所述访问请求为合法请求;In the case of including, the authentication server determines that the access request is a legitimate request; 在不包括的情况下,所述鉴权服务器确定所述访问请求为盗链请求。If not included, the authentication server determines that the access request is a hotlinking request. 4.根据权利要求3所述的方法,其特征在于,在所述CDN服务器将所述访问请求发送至鉴权服务器进行鉴权之后,所述方法还包括:4. The method according to claim 3, characterized in that, after the CDN server sends the access request to an authentication server for authentication, the method further comprises: 所述鉴权服务器将鉴权结果发送至所述CDN服务器,其中,所述鉴权结果至少包括:所述盗链请求的访问终端的IP地址以及所述合法请求的访问终端的IP地址。The authentication server sends an authentication result to the CDN server, wherein the authentication result at least includes: the IP address of the access terminal requesting hotlinking and the IP address of the access terminal requesting legally. 5.根据权利要求4所述的方法,其特征在于,在所述鉴权服务器将鉴权结果发送至所述CDN服务器之后,所述方法还包括:5. The method according to claim 4, characterized in that, after the authentication server sends the authentication result to the CDN server, the method further comprises: 所述CDN服务器对所述盗链请求的访问终端的IP地址进行限速或拒绝访问。The CDN server limits the speed or denies access to the IP address of the access terminal of the hotlink request. 6.一种访问请求鉴权的系统,其特征在于,所述系统包括:6. A system for access request authentication, characterized in that the system comprises: 客户端,用于发送访问终端的访问请求,其中,所述访问请求至少用于标识所述访问请求的第一标识;The client is configured to send an access request for accessing the terminal, where the access request is at least used to identify the first identifier of the access request; CDN服务器,用于接收所述访问请求,如果在所述CDN服务器的本地缓存中查询到所述第一标识,所述CDN服务器在本地对所述访问请求进行鉴权,如果在所述CDN服务器的本地缓存中没有查询到所述第一标识,所述CDN服务器将所述访问请求进行转发,其中,所述鉴权用于确定所述访问请求的合法性;The CDN server is configured to receive the access request. If the first identifier is found in the local cache of the CDN server, the CDN server authenticates the access request locally. The first identifier is not found in the local cache of the CDN server, and the CDN server forwards the access request, wherein the authentication is used to determine the legitimacy of the access request; 鉴权服务器,与所述CDN服务器建立通信关系,对所述CDN服务器转发的所述访问请求进行鉴权。The authentication server establishes a communication relationship with the CDN server, and authenticates the access request forwarded by the CDN server. 7.根据权利要求6所述的系统,其特征在于,所述访问请求还包括所述访问终端的IP地址,其中,所述CDN服务器包括:7. The system according to claim 6, wherein the access request further comprises the IP address of the access terminal, wherein the CDN server comprises: 第一处理器,用于判断本地缓存的至少一个IP地址是否包括所述访问终端的IP地址,其中,所述至少一个IP地址与所述第一标识具有对应关系;A first processor, configured to determine whether at least one IP address cached locally includes the IP address of the access terminal, where the at least one IP address has a corresponding relationship with the first identifier; 在包括的情况下,所述CDN服务器确定所述访问请求为合法请求;In the case of including, the CDN server determines that the access request is a legal request; 在不包括的情况下,所述CDN服务器确定所述访问请求为盗链请求。If not included, the CDN server determines that the access request is a hotlink request. 8.根据权利要求7所述的系统,其特征在于,所述鉴权服务器包括:8. The system according to claim 7, wherein the authentication server comprises: 第二处理器,如果在所述鉴权服务器的本地缓存中没有查询到所述第一标识,所述鉴权服务器确定所述访问请求为合法请求,并缓存所述第一标识与所述访问终端的IP地址之间的对应关系;The second processor, if the first identifier is not found in the local cache of the authentication server, the authentication server determines that the access request is a legal request, and caches the first identifier and the access request Correspondence between IP addresses of terminals; 如果在所述鉴权服务器的本地缓存中查询到包含所述第一标识,所述鉴权服务器判断本地缓存的至少一个IP地址是否包括所述访问终端的IP地址,其中,所述至少一个IP地址与所述第一标识具有对应关系;If the first identifier is found in the local cache of the authentication server, the authentication server determines whether at least one IP address in the local cache includes the IP address of the access terminal, wherein the at least one IP The address has a corresponding relationship with the first identifier; 在包括的情况下,所述鉴权服务器确定所述访问请求为合法请求;In the case of including, the authentication server determines that the access request is a legitimate request; 在不包括的情况下,所述鉴权服务器确定所述访问请求为盗链请求。If not included, the authentication server determines that the access request is a hotlinking request. 9.根据权利要求8所述的系统,其特征在于,所述鉴权服务器还包括:9. The system according to claim 8, wherein the authentication server further comprises: 通信装置,用于将鉴权结果发送至所述CDN服务器,其中,所述鉴权结果至少包括:所述盗链请求的访问终端的IP地址以及所述合法请求的访问终端的IP地址。A communication device, configured to send an authentication result to the CDN server, wherein the authentication result at least includes: the IP address of the access terminal requesting hotlinking and the IP address of the access terminal requesting legally. 10.根据权利要求9所述的系统,其特征在于,所述第一处理器还用于对所述盗链请求的访问终端的IP地址进行限速或拒绝访问。10. The system according to claim 9, wherein the first processor is further configured to limit the speed or deny access to the IP address of the access terminal of the hotlink request.
CN201510703837.7A 2015-10-26 2015-10-26 The method and system of access request authentication Active CN105357190B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510703837.7A CN105357190B (en) 2015-10-26 2015-10-26 The method and system of access request authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510703837.7A CN105357190B (en) 2015-10-26 2015-10-26 The method and system of access request authentication

Publications (2)

Publication Number Publication Date
CN105357190A true CN105357190A (en) 2016-02-24
CN105357190B CN105357190B (en) 2018-12-07

Family

ID=55333054

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510703837.7A Active CN105357190B (en) 2015-10-26 2015-10-26 The method and system of access request authentication

Country Status (1)

Country Link
CN (1) CN105357190B (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844121A (en) * 2016-03-31 2016-08-10 乐视控股(北京)有限公司 Method and system for applying digital watermark to content delivery network (CDN)
CN105871888A (en) * 2016-05-16 2016-08-17 乐视控股(北京)有限公司 Identity authentication method, device and system
CN106357613A (en) * 2016-08-25 2017-01-25 乐视控股(北京)有限公司 Validation method of mobile terminal and validation system thereof
CN106790262A (en) * 2017-02-07 2017-05-31 腾讯科技(深圳)有限公司 A kind of method for authenticating and device
CN107517194A (en) * 2016-06-17 2017-12-26 阿里巴巴集团控股有限公司 A kind of content distributing network returns source authentication method and device
CN109379344A (en) * 2018-09-27 2019-02-22 网宿科技股份有限公司 Access request authentication method and authentication server
CN109982277A (en) * 2017-12-28 2019-07-05 中国移动通信集团北京有限公司 A kind of business authorization method and device
CN110062006A (en) * 2019-05-08 2019-07-26 福州福昕网络技术有限责任公司 A kind of client high concurrent method for authenticating and system
CN110392016A (en) * 2018-04-18 2019-10-29 阿里巴巴集团控股有限公司 Prevent the methods, devices and systems that flow is held as a hostage
CN110740353A (en) * 2018-07-20 2020-01-31 北京优酷科技有限公司 Request identification method and device
CN111193692A (en) * 2018-11-15 2020-05-22 北京金山云网络技术有限公司 Request response method, device, edge node and authentication system
CN111277592A (en) * 2018-06-27 2020-06-12 贵州白山云科技股份有限公司 Authentication method, authentication device, storage medium and computer equipment
CN111314365A (en) * 2020-02-25 2020-06-19 卓望数码技术(深圳)有限公司 Application downloading method, application link generating method, device and medium
CN112565305A (en) * 2021-02-19 2021-03-26 北京翼辉信息技术有限公司 Method, system and storage medium for accessing local area network equipment by using domain name
CN112866221A (en) * 2021-01-11 2021-05-28 中国邮政储蓄银行股份有限公司 Authentication method, authentication system, computer-readable storage medium, and processor
CN113568643A (en) * 2021-08-04 2021-10-29 中国建设银行股份有限公司 Resource acquisition method and device, electronic equipment and computer readable medium
CN114500067A (en) * 2022-02-09 2022-05-13 厦门元屿安科技有限公司 Asynchronous attack anti-theft chain method and system based on CDN edge computing network
CN115278671A (en) * 2022-07-27 2022-11-01 中国电信股份有限公司 Network element authentication method, device, storage medium and electronic equipment
CN115705388A (en) * 2021-08-06 2023-02-17 贵州白山云科技股份有限公司 A cache object processing method, device, equipment and storage medium
WO2023231848A1 (en) * 2022-05-31 2023-12-07 华为技术有限公司 Cross-domain access method and content delivery network edge server
US20240177139A1 (en) * 2019-09-18 2024-05-30 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a customer-specific url
US12081668B2 (en) 2018-08-01 2024-09-03 Petal Cloud Technology Co., Ltd. Authentication method, content delivery network CDN, and content server
US12159275B1 (en) 2015-03-19 2024-12-03 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
CN119520145A (en) * 2024-12-02 2025-02-25 天翼云科技有限公司 Resource access processing method, device, computer equipment and readable storage medium
US12450591B1 (en) 2020-09-16 2025-10-21 Wells Fargo Bank, N.A. Systems and methods for contactless card activation via unique activation codes
US12493868B1 (en) 2020-12-01 2025-12-09 Wells Fargo Bank, N.A. Systems and methods for information verification using a contactless card
US12499433B1 (en) 2015-03-27 2025-12-16 Wells Fargo Bank, N.A. Systems and methods for contactless smart card authentication

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102468961A (en) * 2010-11-18 2012-05-23 卓望数码技术(深圳)有限公司 Distributive enterprise identification authentication method, system and embedded terminal
CN103888409A (en) * 2012-12-19 2014-06-25 中国电信股份有限公司 Distributed unified authentication method and system
CN103986735A (en) * 2014-06-05 2014-08-13 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
US20140258713A1 (en) * 2010-03-22 2014-09-11 Echostar Technologies L.L.C. Systems and methods for securely streaming media content
US20150201033A1 (en) * 2014-01-10 2015-07-16 Facebook. Inc. Content specific router caching
CN104811438A (en) * 2015-03-26 2015-07-29 网宿科技股份有限公司 Asynchronous hotlink protection method and system based on scheduling system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140258713A1 (en) * 2010-03-22 2014-09-11 Echostar Technologies L.L.C. Systems and methods for securely streaming media content
CN102468961A (en) * 2010-11-18 2012-05-23 卓望数码技术(深圳)有限公司 Distributive enterprise identification authentication method, system and embedded terminal
CN103888409A (en) * 2012-12-19 2014-06-25 中国电信股份有限公司 Distributed unified authentication method and system
US20150201033A1 (en) * 2014-01-10 2015-07-16 Facebook. Inc. Content specific router caching
CN103986735A (en) * 2014-06-05 2014-08-13 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
CN104811438A (en) * 2015-03-26 2015-07-29 网宿科技股份有限公司 Asynchronous hotlink protection method and system based on scheduling system

Cited By (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12288206B1 (en) 2015-03-19 2025-04-29 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US12159275B1 (en) 2015-03-19 2024-12-03 Wells Fargo Bank, N.A. Systems and methods for smart card mobile device authentication
US12499433B1 (en) 2015-03-27 2025-12-16 Wells Fargo Bank, N.A. Systems and methods for contactless smart card authentication
CN105844121A (en) * 2016-03-31 2016-08-10 乐视控股(北京)有限公司 Method and system for applying digital watermark to content delivery network (CDN)
CN105871888A (en) * 2016-05-16 2016-08-17 乐视控股(北京)有限公司 Identity authentication method, device and system
CN107517194A (en) * 2016-06-17 2017-12-26 阿里巴巴集团控股有限公司 A kind of content distributing network returns source authentication method and device
CN107517194B (en) * 2016-06-17 2020-09-01 阿里巴巴集团控股有限公司 Return source authentication method and device of content distribution network
CN106357613A (en) * 2016-08-25 2017-01-25 乐视控股(北京)有限公司 Validation method of mobile terminal and validation system thereof
CN106790262A (en) * 2017-02-07 2017-05-31 腾讯科技(深圳)有限公司 A kind of method for authenticating and device
WO2018145546A1 (en) * 2017-02-07 2018-08-16 腾讯科技(深圳)有限公司 Authentication method, device and storage medium
CN109982277B (en) * 2017-12-28 2021-04-13 中国移动通信集团北京有限公司 A service authorization method, device and readable medium
CN109982277A (en) * 2017-12-28 2019-07-05 中国移动通信集团北京有限公司 A kind of business authorization method and device
CN110392016A (en) * 2018-04-18 2019-10-29 阿里巴巴集团控股有限公司 Prevent the methods, devices and systems that flow is held as a hostage
CN110392016B (en) * 2018-04-18 2022-05-31 阿里巴巴集团控股有限公司 Method, device and system for preventing traffic from being hijacked
CN111277592A (en) * 2018-06-27 2020-06-12 贵州白山云科技股份有限公司 Authentication method, authentication device, storage medium and computer equipment
CN110740353A (en) * 2018-07-20 2020-01-31 北京优酷科技有限公司 Request identification method and device
US12081668B2 (en) 2018-08-01 2024-09-03 Petal Cloud Technology Co., Ltd. Authentication method, content delivery network CDN, and content server
CN109379344B (en) * 2018-09-27 2022-05-10 网宿科技股份有限公司 Access request authentication method and authentication server
CN109379344A (en) * 2018-09-27 2019-02-22 网宿科技股份有限公司 Access request authentication method and authentication server
WO2020098773A1 (en) * 2018-11-15 2020-05-22 北京金山云网络技术有限公司 Request response method and device, edge node and authentication system
CN111193692A (en) * 2018-11-15 2020-05-22 北京金山云网络技术有限公司 Request response method, device, edge node and authentication system
CN110062006A (en) * 2019-05-08 2019-07-26 福州福昕网络技术有限责任公司 A kind of client high concurrent method for authenticating and system
US20240177139A1 (en) * 2019-09-18 2024-05-30 Wells Fargo Bank, N.A. Systems and methods for a transaction card having a customer-specific url
US12182798B1 (en) 2019-09-18 2024-12-31 Wells Fargo Bank, N.A. Systems and methods for activating a transaction card
CN111314365A (en) * 2020-02-25 2020-06-19 卓望数码技术(深圳)有限公司 Application downloading method, application link generating method, device and medium
CN111314365B (en) * 2020-02-25 2022-08-16 卓望数码技术(深圳)有限公司 Application downloading method, application link generating method, device and medium
US12450591B1 (en) 2020-09-16 2025-10-21 Wells Fargo Bank, N.A. Systems and methods for contactless card activation via unique activation codes
US12493868B1 (en) 2020-12-01 2025-12-09 Wells Fargo Bank, N.A. Systems and methods for information verification using a contactless card
CN112866221A (en) * 2021-01-11 2021-05-28 中国邮政储蓄银行股份有限公司 Authentication method, authentication system, computer-readable storage medium, and processor
CN112565305B (en) * 2021-02-19 2022-03-08 北京翼辉信息技术有限公司 Method, system and storage medium for accessing local area network equipment by using domain name
CN112565305A (en) * 2021-02-19 2021-03-26 北京翼辉信息技术有限公司 Method, system and storage medium for accessing local area network equipment by using domain name
CN113568643A (en) * 2021-08-04 2021-10-29 中国建设银行股份有限公司 Resource acquisition method and device, electronic equipment and computer readable medium
CN115705388A (en) * 2021-08-06 2023-02-17 贵州白山云科技股份有限公司 A cache object processing method, device, equipment and storage medium
CN114500067A (en) * 2022-02-09 2022-05-13 厦门元屿安科技有限公司 Asynchronous attack anti-theft chain method and system based on CDN edge computing network
WO2023231848A1 (en) * 2022-05-31 2023-12-07 华为技术有限公司 Cross-domain access method and content delivery network edge server
CN115278671B (en) * 2022-07-27 2024-11-29 中国电信股份有限公司 Network element authentication method, device, storage medium and electronic equipment
CN115278671A (en) * 2022-07-27 2022-11-01 中国电信股份有限公司 Network element authentication method, device, storage medium and electronic equipment
CN119520145A (en) * 2024-12-02 2025-02-25 天翼云科技有限公司 Resource access processing method, device, computer equipment and readable storage medium

Also Published As

Publication number Publication date
CN105357190B (en) 2018-12-07

Similar Documents

Publication Publication Date Title
CN105357190B (en) The method and system of access request authentication
CN102647461B (en) Communication method, server and terminal based on hypertext transfer protocol
CN105491001B (en) Secure communication method and device
US9774595B2 (en) Method of authentication by token
CN107517179B (en) Authentication method, device and system
JP2018501567A (en) Device verification method and equipment
WO2016184216A1 (en) Link-stealing prevention method, link-stealing prevention server, and client side
CN110662091B (en) Third-party live video access method, storage medium, electronic device and system
CN104378379B (en) A kind of digital content encrypted transmission method, equipment and system
CN112000951A (en) Access method, device, system, electronic equipment and storage medium
WO2012117253A1 (en) An authentication system
CN114826757B (en) Identity authentication method and device
CN102667799B (en) Access control system and certificate server system
CN109873819B (en) Method and system for preventing illegal access to server
CN107517194B (en) Return source authentication method and device of content distribution network
CN111786996B (en) Cross-domain synchronous login state method and device and cross-domain synchronous login system
CN109905376B (en) Method and system for preventing illegal access to server
CN106487752A (en) A kind of method and apparatus for authentication-access safety
US20200364317A1 (en) Method and system for identifying a user terminal in order to receive streaming protected multimedia content
CN110856170A (en) Data transmission method and device and communication system of Internet of things
CN111639357B (en) Encryption network disk system and authentication method and device thereof
CN114726606B (en) User authentication method, client, gateway and authentication server
CN112560102A (en) Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium
CN113312576B (en) Page jump method, system and device
CN114844644A (en) Resource request method, device, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant