CN114500067A - Asynchronous attack anti-theft chain method and system based on CDN edge computing network - Google Patents
Asynchronous attack anti-theft chain method and system based on CDN edge computing network Download PDFInfo
- Publication number
- CN114500067A CN114500067A CN202210121868.1A CN202210121868A CN114500067A CN 114500067 A CN114500067 A CN 114500067A CN 202210121868 A CN202210121868 A CN 202210121868A CN 114500067 A CN114500067 A CN 114500067A
- Authority
- CN
- China
- Prior art keywords
- authentication
- request
- cdn
- authentication result
- cdn edge
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000004044 response Effects 0.000 claims abstract description 42
- 238000012795 verification Methods 0.000 claims description 11
- 235000014510 cooky Nutrition 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- 230000001953 sensory effect Effects 0.000 abstract description 8
- 230000009466 transformation Effects 0.000 abstract description 5
- 230000001360 synchronised effect Effects 0.000 description 26
- 230000008569 process Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 230000006399 behavior Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 4
- 230000004075 alteration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000009527 percussion Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an asynchronous attack anti-theft chain method and system based on a CDN edge computing network, wherein the method comprises the following steps: a CDN edge node receives a request initiated by a terminal; performing primary authentication on the legality of the request at a CDN edge node, and responding to the request after the primary authentication is passed; the CDN edge node sends the request to a CDN authentication center; and the CDN authentication center carries out deep authentication on the legality of the request in an asynchronous authentication mode, and if the deep authentication is not passed, the response is attacked by a CDN edge node. The method can provide content response preferentially, and ensure the first sensory effect of the user; and the method can realize a complex authentication strategy, does not need customized transformation of manufacturers, and has wide application range.
Description
Technical Field
The invention relates to the technical field of internet, in particular to an asynchronous attack anti-theft chain method and system based on a CDN edge computing network.
Background
The stealing behavior means that an illegal service provider bypasses other beneficial end user interfaces (such as advertisements) through technical means and provides service contents on other service providers to an end user directly on a website of the illegal service provider, so that the browsing and clicking rate of the end user is cheated. Doing so would result in the beneficiary of the hotlink gaining benefit without providing resources or providing few resources, while the true service provider loses benefit.
With the rapid development of multimedia technology, the link stealing behavior on the internet is more wild, which causes huge loss for source service providers. Currently, service providers mostly adopt authentication hands to fight the stealing behavior. The authentication means that after the content is accelerated through a CDN network (content delivery network), the CDN network often replaces a source station to become a direct provider of the content. Therefore, the CDN network is often required to identify and determine the validity of the user request, and reject an illegal content acquisition request. Common authentication scenarios are: user membership, user access area, user access content range, user access link validity time, etc.
However, most of the existing authentications are synchronous authentications, that is, the user requests to synchronously perform authentication check after reaching the CDN edge server, and the content can be obtained from the CDN edge server only after the check is passed. The authentication rules are issued to the CDN nodes in advance in a configuration mode, and after a user requests the CDN, the CDN system executes access release, access prohibition, speed limit and other strategies according to local rules located in the nodes. And an asynchronous authentication mode is independently adopted, namely the CDN returns to a specific authentication center, the authentication center carries out rule judgment according to the characteristics of the user request, a corresponding strategy is responded, and the CDN node executes the strategy according to the obtained strategy. The two existing authentication methods have the following defects:
1. the real-time property is poor: the CDN local rule, that is, the synchronous authentication rule needs to be configured, issued, validated, and the like in advance through the CDN configuration platform, so that once the rule needs to be changed, the rule is slow to validate, and cannot meet the real-time requirement;
2. the customization requirements cannot be met: the CDN is a general service platform, part of complex and personalized authentication rules are difficult to realize through the CDN, and the requirements cannot be met;
3. the scenes are limited: the synchronous authentication is suitable for the scenes with low requirement on the content response time, such as the downloading of large files, because the back-source authentication needs to consume more network time. The asynchronous authentication can respond to partial content firstly and then return to the source for authentication, and strategy striking is carried out according to the result of the asynchronous authentication in the service providing process, so that the method is more suitable for scenes such as live broadcast, video on demand and the like.
4. And (3) dynamic policy adjustment: once the synchronous authentication rule passes the verification, the content acquisition will be completely released until the request is reinitiated next time, and the attack strategy cannot be dynamically adjusted in the content request process. For example, if a certain anchor needs to stop broadcasting for 5 minutes when finding an violation in the live broadcasting process, the violation cannot be completed by synchronous striking.
Aiming at the problem that the authentication mode adopted by the existing anti-theft chain is difficult to realize, and the maximum attack effect is exerted, an effective solution is urgently needed.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the art described above. Therefore, one objective of the present invention is to provide an asynchronous attack anti-theft chain method based on a CDN edge computing network, which can provide content response preferentially and ensure a first sensory effect for a user; and the method can realize a complex authentication strategy, does not need customized transformation of manufacturers, and has wide application range.
The second purpose of the invention is to provide an asynchronous attack anti-theft chain system based on a CDN edge computing network, which can preferentially provide content response, overcome the problem of poor real-time performance and ensure the first sensory effect of a user; and the method can realize a complex authentication strategy, does not need customized transformation of manufacturers, and has wide application range.
In order to achieve the above object, an embodiment of the first aspect of the present invention provides an asynchronous attack hotlink protection method based on a CDN edge computing network, including the following steps:
a CDN edge node receives a request initiated by a terminal;
performing primary authentication on the legality of the request at a CDN edge node, and responding to the request after the primary authentication is passed;
the CDN edge node sends the request to a CDN authentication center; and the CDN authentication center carries out deep authentication on the legality of the request in an asynchronous authentication mode, and if the deep authentication is not passed, the response is attacked by a CDN edge node.
The embodiment of the invention provides an asynchronous attack anti-theft chain method based on a CDN edge computing network. Firstly, primary authentication is carried out on the legality of the request by adopting a synchronous authentication mode at a CDN edge node, and the request content can be responded after the primary authentication is passed. Therefore, content response can be preferentially provided, and first sensory effects of users such as first package, first frame and first screen are guaranteed; the problem of poor real-time performance of synchronous authentication can be solved, for the CDN platform, only a conventional striking strategy with low authentication difficulty needs to be deployed, the real-time configuration requirement on the CDN platform is remarkably reduced, and a CDN manufacturer is not required to carry out customized transformation. Secondly, delivering the personalized, variable and complex authentication strategy to the CDN center to perform deep authentication by adopting an asynchronous authentication mode. Therefore, the double authentication mode of synchronous authentication and asynchronous authentication synchronously matched execution not only obviously strengthens the attack strength; and moreover, the striking strategy can be dynamically adjusted, and the stealing link and violation striking effects are exerted to the greatest extent.
In addition, the asynchronous hit hotlink protection method based on the CDN edge computing network proposed by the above embodiment of the present invention may further have the following additional technical features:
optionally, the CDN authentication center performs deep authentication on the validity of the request in an asynchronous authentication manner, and if the deep authentication does not pass, strikes the response through a CDN edge node, including:
the CDN authentication center judges whether a cache authentication result which corresponds to the request and is in the valid period is cached locally;
if so, striking the response by the CDN edge node according to the cache authentication result when the cache authentication result is not correspondingly passed;
if not, the request is sent to the source station authentication center server;
and the source station authentication center server deeply checks the legality of the request to obtain an authentication result, and if the authentication result does not pass correspondingly, the CDN edge node strikes the response according to the authentication result.
Optionally, the performing, by the source station authentication center server, deep verification on the validity of the request to obtain an authentication result, and if the authentication result does not pass correspondingly, attacking, by the CDN edge node, the response according to the authentication result, including:
the source station authentication center server carries out deep verification on the legality of the request to obtain an authentication result;
the source station authentication center server sets the validity period of the authentication result and returns the authentication result and the validity period thereof to the CDN authentication center;
the CDN authentication center stores the authentication result as a cache authentication result corresponding to the request to the local, and synchronizes the validity period of the authentication result as the validity period of the cache authentication result;
the CDN authentication center judges whether the authentication result correspondingly passes or does not pass;
and if the authentication result does not pass correspondingly, sending the authentication result to a CDN edge node, and attacking the response by the CDN edge node according to the authentication result.
Optionally, the storing the authentication result as a cached authentication result corresponding to the request to the local includes:
and the CDN authentication center takes the user request characteristics in the request as keys, takes the corresponding authentication result as value, creates an association relation between the request and the cache authentication result thereof, and caches the association relation to the local.
Optionally, the deep verification of the legitimacy of the request by the source station authentication center server to obtain an authentication result includes:
the source station authentication center server checks the legality of the user request characteristics in the request to obtain an authentication result;
the user request feature comprises a combination of one or more of a user IP, a request URL parameter, a cookie, a user-agent, and a referrer;
the authentication result comprises the judgment of passing or not of authentication and the striking strategy corresponding to the request when the authentication is not passed;
the hit strategy includes at least one of rejecting a request, defining content, defining download speed, defining picture sharpness, defining sound quality, and defining regional service.
In order to achieve the above object, a second embodiment of the present invention provides an asynchronous hit anti-theft chain system based on a CDN edge computing network, where the system includes: the CDN edge node and the CDN authentication center are in communication connection;
the CDN edge node is used for receiving a request initiated by a terminal; and is used for carrying on the primary authentication to the legitimacy of the said request, and respond to the said request after the said primary authentication passes; and for sending the request to a CDN authentication center;
and the CDN authentication center is used for deeply authenticating the legality of the request by adopting an asynchronous authentication mode, and striking the response by a CDN edge node if the deep authentication is not passed.
The embodiment of the invention provides an asynchronous attack anti-theft chain system based on a CDN edge computing network. Firstly, primary authentication is carried out on the legality of the request by a CDN edge node in a synchronous authentication mode, and the request content can be responded after the primary authentication is passed. Therefore, content response can be preferentially provided, and first sensory effects of users such as first package, first frame and first screen are guaranteed; the problem of poor real-time performance of synchronous authentication can be solved, for the CDN platform, only a conventional striking strategy with low authentication difficulty needs to be deployed, the real-time configuration requirement on the CDN platform is remarkably reduced, and a CDN manufacturer is not required to carry out customized transformation. Secondly, delivering the personalized, variable and complex authentication strategy to the CDN center to perform deep authentication by adopting an asynchronous authentication mode. Therefore, the double authentication mode of synchronous authentication and asynchronous authentication synchronously matched execution not only obviously strengthens the attack strength; and moreover, the striking strategy can be dynamically adjusted, and the stealing link and violation striking effects are exerted to the greatest extent.
In addition, the asynchronous hit hotlink system based on the CDN edge computing network proposed in the above embodiment of the present invention may further have the following additional technical features:
optionally, the system further includes a source station authentication center server in communication connection with the CDN authentication center;
the CDN authentication center is specifically used for judging whether a cache authentication result which corresponds to the request and is in the validity period is cached locally; if so, controlling a CDN edge node to attack the response according to the cache authentication result when the cache authentication result is not correspondingly passed; if not, the request is sent to the source station authentication center server;
the source station authentication center server is used for carrying out deep verification on the legality of the request to obtain an authentication result, and if the authentication result does not pass correspondingly, the CDN edge node is controlled to attack the response according to the authentication result;
the CDN edge node is further configured to strike the response according to the cache authentication result corresponding to the non-passing authentication result and the authentication result corresponding to the non-passing authentication result.
Optionally, the source station authentication center server is specifically configured to set a validity period of the authentication result, and return the authentication result and the validity period thereof to the CDN authentication center;
the CDN authentication center is specifically configured to store the authentication result to the local as a cache authentication result corresponding to the request, and synchronize that a validity period of the authentication result is a validity period of the cache authentication result; judging whether the authentication result passes or fails correspondingly; and if the authentication result does not pass correspondingly, sending the authentication result to the CDN edge node.
Optionally, the CDN authentication center is specifically configured to use a user request feature in the request as a key, use a corresponding authentication result as a value, create an association between the request and a cached authentication result, and cache the association locally.
Optionally, the source station authentication center server is specifically configured to verify the validity of the user request feature in the request to obtain an authentication result;
wherein the user request feature comprises a combination of one or more of a user IP, a request URL parameter, a cookie, a user-agent, and a referrer;
the authentication result comprises the judgment of passing or not of authentication and the striking strategy corresponding to the request when the authentication is not passed;
the hit strategy includes at least one of rejecting a request, defining content, defining download speed, defining picture sharpness, defining sound quality, and defining regional service.
Drawings
Fig. 1 is a schematic flowchart illustrating an asynchronous hit hotlink protection method based on a CDN edge computing network according to an embodiment of the present invention;
fig. 2 is a schematic flowchart illustrating an asynchronous hit hotlink protection method based on a CDN edge computing network according to a second embodiment of the present invention;
fig. 3 is a schematic diagram illustrating components and connections of an asynchronous hit anti-theft chain system based on a CDN edge computing network according to a third embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Firstly, performing primary authentication on the legality of a request by adopting a synchronous authentication mode at a CDN edge node, responding to the content of the request after the request passes the validity of the request, providing a first sensory effect for a user, and solving the problem of poor instantaneity of synchronous authentication; and then, the CDN center adopts an asynchronous authentication mode to carry out deep authentication, and through a dual authentication mode, the attack strength is obviously enhanced, the attack strategy is dynamically adjusted, and the attack effectiveness of stealing links and violation attacks is exerted to the greatest extent.
In order to better understand the above technical solutions, exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
In order to better understand the technical solution, the technical solution will be described in detail with reference to the drawings and the specific embodiments.
Example one
As shown in fig. 1, an asynchronous hit hotlink protection method based on a CDN edge computing network according to an embodiment of the present invention includes the following steps:
s1: the CDN edge node receives a request initiated by a user terminal client.
Specifically, the user terminal client initiates a content request to the CDN edge node according to the rule carrying the request verification information. For example: https:// play.livestream.baidu.com/xxxxxxxk1 ═ v1& k2 ═ v2, wherein check parameters such as k1 and k2 can be defined according to convention.
S2: and performing primary authentication on the legality of the request at the CDN edge node according to a local authentication rule, and responding to the request after the primary authentication is passed.
Specifically, the primary authentication refers to authentication by using a general, conventional and low-difficulty authentication strategy. In this embodiment, once the primary authentication passes, the content of the request is responded, and thus, the primary authentication adopts a synchronous authentication mode, which can ensure the timeliness of the response and optimize the user experience; meanwhile, the primary authentication can be independently completed by a CDN edge node, and can be realized by directly and simply deploying a CDN platform based on the regularity of the primary authentication, and a CDN manufacturer is not required to be troublesome to customize a modified authentication strategy, so that the problem of poor real-time performance of synchronous authentication can be solved.
It should be noted that the primary authentication method of this embodiment, that is, the synchronous authentication method is different from the synchronous authentication method in the prior art that has a higher requirement on authentication strength, and authentication needs to be performed through a CDN authentication center to obtain a result, which requires more network transmission and time to be consumed.
In a preferred embodiment, the primary authentication procedure comprises:
s21: the CDN edge node judges whether the request needs to be authenticated or not; if necessary, go to S22; if it is not required,
s22: the CDN edge node verifies the legality of the user access information in the request according to a locally stored primary authentication rule to obtain a primary authentication result, and if the authentication result correspondingly passes, the CDN edge node responds to the content requested by the request; if the authentication result does not pass correspondingly, the request is rejected, and the process is ended.
The primary authentication rule may be to determine whether the user IP belongs to a black and white list, whether the user referrer head belongs to a black and white list, whether the user ua head belongs to a black and white list, whether the validity period of the URL is still within the validity period rule, and the like.
S3: the CDN edge node sends the request to a CDN authentication center;
and the CDN edge node synchronously executes the asynchronous authentication process of the request while performing primary authentication.
In this embodiment, the asynchronous authentication process is composed of a hotlink protection asynchronous attack system (hereinafter referred to as an asynchronous attack system) including a CDN authentication center and a source authentication service center, and is intended to effectively attack relatively complex abnormal requests that are difficult to effectively attack by CDN edge nodes and are difficult to efficiently configure.
Preferably, when initiating an asynchronous authentication request to the asynchronous attack system, the CDN edge node extracts only user request features in the original request (i.e., the request of S1 above), and then combines the user request features according to a requirement preset by the asynchronous attack system and sends the combined user request features to the asynchronous attack system. Therefore, the authentication efficiency of the asynchronous striking system can be improved.
The user request features include, but are not limited to: the user requests a complete URL, the refer and user _ agent headers carried in the user request, the user IP, the domain name part in the user request URL, the cookie and the like. The user request feature may also be referred to as an "asynchronous authentication portion".
In a specific example of use, the CDN edge node sends to an "asynchronous authentication portion" of the asynchronous attack system:
POST/xxxHTTP/1.1
Host:xxxxxx
Accept:*/*
Content-Type:application/json
Content-Length:xxx
{
“play_url”:https://play.livestream.baidu.com/xxxxxxxk1=v1&k2=v2”,
“user_ip”:xxx.xxx.xxx.xxx
}
the requested content, including but not limited to play _ url, user _ ip, etc., as shown above, may be added or modified according to conventions.
S4: the CDN authentication center adopts an asynchronous authentication mode to carry out deep authentication on the legality of the request,
if the deep authentication is not passed, attacking the response through a CDN edge node;
and if the deep authentication is passed, the operation is not carried out, and the CDN edge node is allowed to continue responding to the request content.
Wherein the authentication complexity of the primary authentication is lower than the complexity of the deep authentication.
Therefore, in this embodiment, the CDN edge node performs primary authentication on the request in advance by using a synchronous authentication method, so as to simplify the quick response content and CDN center configuration; meanwhile, the request is delivered to the asynchronous striking system to synchronously adopt an asynchronous authentication mode to carry out more complex deep authentication so as to ensure the accuracy and comprehensiveness of the authentication and realize dynamic adjustment of the striking strategy. Therefore, the dual authentication means of "synchronous authentication" + "asynchronous authentication" adopted in this embodiment can optimize the customer experience, simplify the configuration requirements of the CDN edge node, improve the efficiency, pertinence, validity, and comprehensiveness of authentication as a whole, and better meet various scene requirements.
In particular, the embodiment can realize dynamic policy adjustment, and compared with the defect that once the synchronous authentication rule used in the prior art is verified, all content acquisition is released until the request is reinitiated next time, and effective attack cannot be performed, the embodiment can provide the first sensory effect of the first package, the first frame and the first screen for the user by the cooperation of synchronous authentication and asynchronous authentication; and the attack strategy can be dynamically adjusted in the corresponding process of the content, so that the effectiveness of the anti-theft chain is guaranteed. It can be understood that: the asynchronous attack system is essentially only a broadcast control bypass check system, so that the CDN side firstly normally responds to a download request of a user, and then limits a download stream of the user when receiving an explicit anti-theft chain attack strategy of the asynchronous attack system; and if the strategy of the anti-theft chain is not received, the downloading request of the user is not limited. For example, if a certain anchor needs to prohibit broadcasting for 5 minutes in the live broadcasting process, the attack cannot be completed through synchronous attack, but in this embodiment, the attack can be identified in time and a corresponding attack strategy can be adopted to prohibit broadcasting for 5 minutes in time when the anchor breaks the rule.
Example two
In this embodiment, on the basis of the first embodiment, a process of performing deep authentication by using an asynchronous authentication method in the asynchronous percussion system is further defined.
Referring to fig. 2, in the present embodiment, the S4 of the first embodiment may specifically include:
s41: the CDN authentication center judges whether a cache authentication result corresponding to the request is cached locally or not, and the cache authentication result is in the valid period;
if the valid cache authentication result exists, striking the response through a CDN edge node according to the cache authentication result when the cache authentication result is not passed correspondingly; when the cache authentication result passes the corresponding authentication, the CDN edge node does not act and is allowed to continue responding to the request content;
if no effective cache authentication result exists, the request is sent to the source station authentication center server for source returning authentication;
that is, in this step, the CDN authentication center preferentially checks whether a valid cache authentication result corresponding to the request is stored locally, and if so, directly responds to the cache authentication result, and if not, performs origin returning authentication. Therefore, the efficiency of asynchronous authentication can be improved, and the authentication is effective.
In a specific application example, when the CDN authentication center strikes the response according to the cache authentication result by the CDN edge node, a content format of the cache authentication result sent to the CDN edge node by the CDN authentication center may be:
HTTP/1.1 200OK
Content-Type:application/json
Content-Length:xxx
{
“ret”:200/403
“ret_msg”:“xxx”
}
wherein the ret field represents a status code of a strike strategy, each status code representing a different strike strategy. For example, the ret values include, but are not limited to, 200, 403, etc., where definition 200 indicates authentication is passed and definition 403 indicates non-authentication, and where other values may be defined according to the agreement of the two parties to indicate different strike strategies. The ret _ msg indicates the description information of the state code of the corresponding ret field, for example, ret:403, then ret _ mst: recover.
S42: and the source station authentication center server deeply checks the legality of the request to obtain an authentication result, and if the authentication result does not pass corresponding to the authentication, the CDN edge node strikes the response according to the authentication result.
Specifically, the source station authentication center server may be a source station server or an independent authentication server. The deep check, namely the executing party of the deep authentication is the source station authentication center, and in the invention, the authentication difficulty and complexity of the deep authentication are both greater than the primary authentication executed by the CDN edge node. The allocation system can greatly simplify the configuration requirements on the CDN edge nodes, and for the CDN edge nodes, only the conventional authentication rules need to be configured and executed, so that the quick response of the synchronous authentication of the CDN edge nodes is realized, and a CDN manufacturer does not need to be found to match the customization requirements; meanwhile, the source station authentication center can give consideration to complex and changeable authentication rules, and the higher calculation power of the source station authentication center is fully utilized to ensure the accuracy and comprehensiveness of the authentication, so that the overall authentication efficiency is improved, and the authentication accuracy can be ensured.
In a preferred embodiment, the step S42 specifically includes:
s421: and the source station authentication center server carries out deep verification on the legality of the request to obtain an authentication result.
In particular, the authentication rules used for deep verification are used to fully and deeply verify the characteristics of the user request in the request to ensure the validity of the request. The authentication result is obtained by deep authentication, and comprises a judgment result of whether the authentication is passed or not and a striking strategy used when the corresponding authentication is not passed.
The strike strategies include, but are not limited to: denial of request, definition of content, definition of download speed, definition of picture definition, definition of sound quality, and definition of regional services, etc. Generally, the strike strategy includes one or a combination of two or more of the above. For example, if the user initiating the request is found to be a low-level member through deep authentication, the resulting strategy of attack includes defining content, defining download speed, and defining screen definition.
In a preferred embodiment, the rules for deep authentication include, but are not limited to: judging whether the IP of the user is in the request blacklist, judging whether the referrer of the user belongs to the request blacklist, judging whether the URL requested by the user relates to illegal contents, judging whether the user is a member, judging the member grade of the user and the like. The specific rule content is a strategy for calculation and identification based on the request parameters, and the method supports adjustment and change at any time and is flexible in configuration.
S422: the source station authentication center server sets the validity period of the authentication result and returns the authentication result and the validity period thereof to the CDN authentication center;
s423: and the CDN authentication center stores the authentication result as a cache authentication result corresponding to the request to the local, and synchronizes the validity period of the authentication result as the validity period of the cache authentication result.
Specifically, the validity period is used to limit the timeliness of the authentication result/cache authentication result, and in the validity period, for the same request of the same user, the CDN authentication center can directly perform local authentication through the local cache authentication result without source return authentication, thereby alleviating the problems of delay and pressure of central authentication to a certain extent.
In a preferred embodiment, the way for the CDN authentication center to locally store the cache authentication result corresponding to the request may be:
the CDN authentication center takes the user request characteristics in the request as keys, the corresponding authentication result and the validity period thereof are values, creates an association relation between the request and the cached authentication result, and caches the association relation to the local.
S424: the CDN authentication center judges whether the authentication result correspondingly passes or does not pass;
if the authentication result does not pass correspondingly, the authentication result is sent to a CDN edge node, and the CDN edge node strikes the response according to a striking strategy in the authentication result;
and if the authentication result correspondingly passes, not acting, and allowing the CDN edge node to continue responding to the request content.
In the asynchronous authentication mode adopted by the asynchronous striking system, on one hand, the source station central server with higher calculation power executes deep authentication if necessary, so that the accuracy and comprehensiveness of the authentication result can be ensured; on the other hand, the CDN authentication center is set as an asynchronous authentication cache center, the strategy query request of CDN edge nodes is directly processed in advance, the authentication can be efficiently completed under the condition that an effective cache authentication result exists, the source station authentication service center only processes deep authentication calculation from the CDN authentication center, compared with the existing asynchronous authentication mode, the calculation pressure of the source station authentication service center can be greatly reduced through the CDN authentication center, the authentication effect is prevented from being influenced by the network condition of a source station center server, and therefore the asynchronous authentication efficiency is improved.
EXAMPLE III
In this embodiment, corresponding to the above embodiments, an asynchronous hit anti-theft chain system based on a CDN edge computing network is provided, referring to fig. 2 and fig. 3, where the system includes: the system comprises a terminal 1, a CDN edge node 2 and a CDN authentication center 3 which are in communication connection;
the CDN edge node 2 is configured to receive a request initiated by a terminal; and is used for carrying on the primary authentication to the legitimacy of the said request, and respond to the said request after the said primary authentication passes; and for sending the request to a CDN authentication center;
the CDN authentication center 3 is configured to perform deep authentication on the validity of the request by using an asynchronous authentication mode, and strike the response through a CDN edge node if the deep authentication fails;
wherein the authentication complexity of the primary authentication is lower than the complexity of the deep authentication.
Optionally, the system further includes a source station authentication center server 4 communicatively connected to the CDN authentication center 3;
the CDN authentication center 3 is specifically configured to determine whether a cache authentication result corresponding to the request and within a validity period is cached locally; if yes, controlling a CDN edge node to attack the response according to the cache authentication result when the cache authentication result is not passed; if not, the request is sent to the source station authentication center server;
the source station authentication center server 4 is configured to perform deep verification on the validity of the request to obtain an authentication result, and if the authentication result does not pass correspondingly, control a CDN edge node to attack the response according to the authentication result;
the CDN edge node 2 is further configured to hit the response according to the cache authentication result that corresponds to the non-passing authentication result and the authentication result that corresponds to the non-passing authentication result.
Optionally, the source station authentication center server 4 is specifically configured to set a validity period of the authentication result, and return the authentication result and the validity period thereof to the CDN authentication center;
the CDN authentication center 3 is specifically configured to store the authentication result to the local as a cache authentication result corresponding to the request, and synchronize that a validity period of the authentication result is a validity period of the cache authentication result; judging whether the authentication result passes or fails correspondingly; and if the authentication result does not pass correspondingly, sending the authentication result to the CDN edge node.
Optionally, the CDN authentication center 3 is specifically configured to use the user request feature in the request as a key, use the corresponding authentication result as a value, create an association between the request and the cached authentication result, and cache the association locally.
Optionally, the source station authentication center server 4 is specifically configured to verify the validity of the user request feature in the request to obtain an authentication result;
wherein the user request feature comprises a combination of one or more of a user IP, a request URL parameter, a cookie, a user-agent, and a referrer;
the authentication result comprises the judgment of passing or not of authentication and the striking strategy corresponding to the request when the authentication is not passed;
the hit strategy includes at least one of rejecting a request, defining content, defining download speed, defining picture sharpness, defining sound quality, and defining regional service.
Example four
This embodiment corresponds to the first to third embodiments, and provides two specific application scenarios:
the application scenario I is as follows: providing differentiated file downloading service and video on demand service for members with different grades
1. Receiving a user downloading request, acquiring user request characteristics, and judging whether a synchronous authentication rule exists or not;
2. if no synchronous authentication rule exists, or the authentication rule exists and the authentication is passed, directly responding to the content data requested by the user, and simultaneously entering the step 4;
3. if the authentication rule exists and the authentication is not passed, rejecting the user request and ending the access process;
4. acquiring user characteristics from a user request, and judging whether an asynchronous authentication process needs to be started or not;
if the asynchronous authentication flow does not exist, continuing to respond to the user content;
if asynchronous authentication is needed, if asynchronous authentication request is sent to the asynchronous attack system, entering step 5;
5. the asynchronous percussion system verifies the user membership grade. For non-members, response to a strike strategy denying the request; responding to the attack strategy of downloading speed limit for the low-grade members; for high-ranking members, no striking is performed. The single machine strategy can also provide different definition video services for members with different levels, provide different service contents for users in different regions and the like, and then enter step 6;
6. the server acquires the asynchronous striking strategy and carries out strategy striking on the user download.
An application scenario two: processing audience users and content anchor in live broadcast process
Background: the internet live broadcast is more and more extensive, the live broadcast forms are more and more abundant, and live broadcast of television, live broadcast of bringing goods, live sharing, game live broadcast and the like are in endless layers; the structure of the user watching the live broadcast is more and more complex, and the user can be minors, students, Internet of things equipment and the like.
Aiming at the anchor broadcasting illegal contents, the embodiment of the invention can be used for carrying out strategy striking such as forbidden, current limiting and the like in the live broadcasting process, and preventing illegal contents from being transmitted in time;
aiming at the users who release bad statements, swipe illegal contents such as statements and the like, the embodiment of the invention can be used for timely discovering and forbidding and maintaining the harmony and stability of the network platform;
embodiments of the present invention may be used to limit content relating in part to intellectual property based on the user's membership, age, region, etc.
The asynchronous attack anti-theft chain method and system based on the CDN edge computing network provided by the invention at least have the following beneficial effects:
1. the method comprises the steps of firstly, carrying out primary authentication in a synchronous authentication mode, ensuring the legality of request access, preferentially providing content response, and ensuring the first sensory effects of users such as the first package, the first frame, the first screen and the downloading speed; then, an asynchronous authentication mode is adopted to carry out deep check on the request legality through an asynchronous striking system, so that the accuracy and the comprehensiveness of authentication are guaranteed;
2. the authentication result can be cached in a CDN authentication center, the access of the same user does not need to be authenticated by the authentication center within a certain time, the calculation pressure of the source station and source station authentication service center can be relieved, and the asynchronous authentication efficiency can be improved;
3. the dynamic adjustment strategy is supported, and the targeted striking strategy adjustment can be carried out according to the using behavior condition of the user in the content response process;
4. the method can be better applied to scenes with longer user behavior duration such as file downloading, video on demand service and live broadcast service, and widens the application scenes of the anti-theft chain.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that in the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
In the description of the present invention, it is to be understood that the terms "first", "second" and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
In the present invention, unless otherwise expressly stated or limited, the first feature "on" or "under" the second feature may be directly contacting the first and second features or indirectly contacting the first and second features through an intermediate. Also, a first feature "on," "over," and "above" a second feature may be directly or diagonally above the second feature, or may simply indicate that the first feature is at a higher level than the second feature. A first feature being "under," "below," and "beneath" a second feature may be directly under or obliquely under the first feature, or may simply mean that the first feature is at a lesser elevation than the second feature.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above should not be understood to necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (10)
1. An asynchronous attack anti-theft chain method based on a CDN edge computing network is characterized by comprising the following steps:
a CDN edge node receives a request initiated by a terminal;
performing primary authentication on the legality of the request at a CDN edge node, and responding to the request after the primary authentication is passed;
the CDN edge node sends the request to a CDN authentication center;
and the CDN authentication center carries out deep authentication on the legality of the request in an asynchronous authentication mode, and if the deep authentication is not passed, the response is attacked by a CDN edge node.
2. The asynchronous attack anti-theft chain method based on the CDN edge computing network of claim 1 wherein the CDN authentication center deeply authenticates the legitimacy of the request by an asynchronous authentication method, and if the deep authentication does not pass, the response is attacked by the CDN edge node, comprising:
the CDN authentication center judges whether a cache authentication result which corresponds to the request and is in the valid period is cached locally;
if yes, when the cache authentication result is not passed correspondingly, the response is attacked through a CDN edge node according to the cache authentication result;
if not, the request is sent to the source station authentication center server;
and the source station authentication center server deeply checks the legality of the request to obtain an authentication result, and if the authentication result does not pass correspondingly, the CDN edge node strikes the response according to the authentication result.
3. The asynchronous attack anti-theft chain method based on the CDN edge computing network of claim 2, wherein the source station authentication center server deeply checks validity of the request to obtain an authentication result, and if the authentication result does not correspond, attacks the response according to the authentication result by the CDN edge node, including:
the source station authentication center server deeply checks the legality of the request to obtain an authentication result;
the source station authentication center server sets the validity period of the authentication result and returns the authentication result and the validity period thereof to the CDN authentication center;
the CDN authentication center stores the authentication result as a cache authentication result corresponding to the request to the local, and synchronizes the validity period of the authentication result as the validity period of the cache authentication result;
the CDN authentication center judges whether the authentication result correspondingly passes or does not pass;
and if the authentication result does not pass correspondingly, sending the authentication result to a CDN edge node, and attacking the response by the CDN edge node according to the authentication result.
4. The asynchronous hit anti-hotlink method based on CDN edge computing network as claimed in claim 3, wherein said storing the authentication result as a cached authentication result corresponding to the request to a local comprises:
and the CDN authentication center takes the user request characteristics in the request as keys, takes the corresponding authentication result as value, creates an association relation between the request and the cache authentication result thereof, and caches the association relation to the local.
5. The asynchronous attack chain guard method based on the CDN edge computing network as claimed in claim 3 wherein the deep verification of the legitimacy of the request by the source station authentication center server to obtain the authentication result comprises:
the source station authentication center server checks the legality of the user request characteristics in the request to obtain an authentication result;
the user request feature comprises a combination of one or more of a user IP, a request URL parameter, a cookie, a user-agent, and a referrer;
the authentication result comprises the judgment of passing or not of authentication and the striking strategy corresponding to the request when the authentication is not passed;
the hit strategy includes at least one of rejecting a request, defining content, defining download speed, defining picture sharpness, defining sound quality, and defining regional service.
6. An asynchronous hit anti-theft chain system based on a CDN edge computing network, the system comprising: the CDN edge node and the CDN authentication center are in communication connection;
the CDN edge node is used for receiving a request initiated by a terminal; and is used for carrying on the primary authentication to the legitimacy of the said request, and respond to the said request after the said primary authentication passes; and for sending the request to a CDN authentication center;
and the CDN authentication center is used for deeply authenticating the legality of the request by adopting an asynchronous authentication mode, and striking the response by a CDN edge node if the deep authentication is not passed.
7. The CDN edge computing network-based asynchronous hit anti-theft chain system of claim 6, wherein the system further comprises a source station authentication center server communicatively coupled to the CDN authentication center;
the CDN authentication center is specifically used for judging whether a cache authentication result which corresponds to the request and is in the valid period is cached locally; if yes, controlling a CDN edge node to attack the response according to the cache authentication result when the cache authentication result is not passed; if not, the request is sent to the source station authentication center server;
the source station authentication center server is used for carrying out deep verification on the legality of the request to obtain an authentication result, and if the authentication result does not pass correspondingly, the CDN edge node is controlled to attack the response according to the authentication result;
the CDN edge node is further configured to strike the response according to the cache authentication result corresponding to the non-passing authentication result and the authentication result corresponding to the non-passing authentication result.
8. The asynchronous attack hotlink system based on the CDN edge computing network of claim 7, wherein the source station authentication center server is specifically configured to set a validity period of the authentication result, and return the authentication result and the validity period thereof to the CDN authentication center;
the CDN authentication center is specifically configured to store the authentication result to the local as a cache authentication result corresponding to the request, and synchronize that a validity period of the authentication result is a validity period of the cache authentication result; judging whether the authentication result passes or fails correspondingly; and if the authentication result does not pass correspondingly, sending the authentication result to the CDN edge node.
9. The system of claim 8, wherein the CDN authentication center is specifically configured to create an association between the request and a cached authentication result thereof, and cache the association locally, with a user request feature in the request as a key and a corresponding authentication result as a value.
10. The asynchronous attack anti-theft chain system based on CDN edge computing network of claim 8, wherein the source station authentication center server is specifically configured to check validity of a user request feature in the request to obtain an authentication result;
wherein the user request feature comprises a combination of one or more of a user IP, a request URL parameter, a cookie, a user-agent, and a referrer;
the authentication result comprises the judgment of passing or not of authentication and the striking strategy corresponding to the request when the authentication is not passed;
the hit strategy includes at least one of rejecting a request, defining content, defining download speed, defining picture sharpness, defining sound quality, and defining regional service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210121868.1A CN114500067A (en) | 2022-02-09 | 2022-02-09 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210121868.1A CN114500067A (en) | 2022-02-09 | 2022-02-09 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114500067A true CN114500067A (en) | 2022-05-13 |
Family
ID=81478453
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210121868.1A Pending CN114500067A (en) | 2022-02-09 | 2022-02-09 | Asynchronous attack anti-theft chain method and system based on CDN edge computing network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114500067A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117873660A (en) * | 2023-12-13 | 2024-04-12 | 天翼云科技有限公司 | A method for implementing edge function of timing trigger type |
| CN119520145A (en) * | 2024-12-02 | 2025-02-25 | 天翼云科技有限公司 | Resource access processing method, device, computer equipment and readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811438A (en) * | 2015-03-26 | 2015-07-29 | 网宿科技股份有限公司 | Asynchronous hotlink protection method and system based on scheduling system |
| CN105357190A (en) * | 2015-10-26 | 2016-02-24 | 网宿科技股份有限公司 | Method and system for performing authentication on access request |
| CN107294928A (en) * | 2016-04-05 | 2017-10-24 | 北京优朋普乐科技有限公司 | A kind of terminal access CDN method and system, driving and CDN |
| CN107517179A (en) * | 2016-06-15 | 2017-12-26 | 阿里巴巴集团控股有限公司 | A kind of method for authenticating, device and system |
| CN108901022A (en) * | 2018-06-28 | 2018-11-27 | 深圳云之家网络有限公司 | A kind of micro services universal retrieval method and gateway |
| CN109391686A (en) * | 2018-09-27 | 2019-02-26 | 网宿科技股份有限公司 | The processing method and CDN node server of access request |
| CN111277592A (en) * | 2018-06-27 | 2020-06-12 | 贵州白山云科技股份有限公司 | Authentication method, authentication device, storage medium and computer equipment |
| CN112994882A (en) * | 2021-04-21 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Authentication method, device, medium and equipment based on block chain |
-
2022
- 2022-02-09 CN CN202210121868.1A patent/CN114500067A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104811438A (en) * | 2015-03-26 | 2015-07-29 | 网宿科技股份有限公司 | Asynchronous hotlink protection method and system based on scheduling system |
| CN105357190A (en) * | 2015-10-26 | 2016-02-24 | 网宿科技股份有限公司 | Method and system for performing authentication on access request |
| CN107294928A (en) * | 2016-04-05 | 2017-10-24 | 北京优朋普乐科技有限公司 | A kind of terminal access CDN method and system, driving and CDN |
| CN107517179A (en) * | 2016-06-15 | 2017-12-26 | 阿里巴巴集团控股有限公司 | A kind of method for authenticating, device and system |
| CN111277592A (en) * | 2018-06-27 | 2020-06-12 | 贵州白山云科技股份有限公司 | Authentication method, authentication device, storage medium and computer equipment |
| CN108901022A (en) * | 2018-06-28 | 2018-11-27 | 深圳云之家网络有限公司 | A kind of micro services universal retrieval method and gateway |
| CN109391686A (en) * | 2018-09-27 | 2019-02-26 | 网宿科技股份有限公司 | The processing method and CDN node server of access request |
| CN112994882A (en) * | 2021-04-21 | 2021-06-18 | 腾讯科技(深圳)有限公司 | Authentication method, device, medium and equipment based on block chain |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117873660A (en) * | 2023-12-13 | 2024-04-12 | 天翼云科技有限公司 | A method for implementing edge function of timing trigger type |
| CN119520145A (en) * | 2024-12-02 | 2025-02-25 | 天翼云科技有限公司 | Resource access processing method, device, computer equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10951674B2 (en) | Public/private communications paths | |
| CN107483509B (en) | A kind of auth method, server and readable storage medium storing program for executing | |
| US8904559B2 (en) | Enforcing single stream per sign-on from a content delivery network (CDN) media server | |
| US11019383B2 (en) | Internet anti-attack method and authentication server | |
| KR101549803B1 (en) | Verification of integrity of peer-received content in a peer-to-peer content distribution system | |
| US20100100950A1 (en) | Context-based adaptive authentication for data and services access in a network | |
| CN110830564A (en) | CDN scheduling method, apparatus, system, and computer-readable storage medium | |
| CN109635550B (en) | Permission verification method, gateway and system for cluster data | |
| CN104618738B (en) | A kind of smart television program broadcasting method and device | |
| CN109391686B (en) | Processing method of access request and CDN node server | |
| CN105915494A (en) | Anti-stealing-link method and system | |
| CN114500067A (en) | Asynchronous attack anti-theft chain method and system based on CDN edge computing network | |
| US20160127435A1 (en) | Method for Delivering Advertising Content and/or Advertising Media and Communication System for Performing the Method | |
| CN106453305A (en) | Member live broadcast link stealing prevention method and device, and network server | |
| US20250175338A1 (en) | Systems and methods for secure streaming across a distributed platform | |
| CN106162640A (en) | A kind of portal authentication method and system | |
| CN113079396B (en) | Service management and control method and device, terminal equipment and storage medium | |
| CN109726545A (en) | An information display method, device, computer-readable storage medium and device | |
| CN102143154A (en) | Method for preventing attack on media server and media server | |
| US20210349967A1 (en) | Media content control | |
| CN111866993B (en) | Wireless local area network connection management method, device, software program and storage medium | |
| CN108924595A (en) | Realize the method and system of TS slice door chain | |
| WO2025077599A1 (en) | Rich media file transmission method, apparatus and system, and electronic device, storage medium and computer program product | |
| CN114079573A (en) | Router access method and router | |
| CN101772959A (en) | A receiver and a processing method for data broadcasting signal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240620 Address after: No. 0364, Unit 209, No. 62 Chengyi North Street, Software Park Phase III, Xiamen Torch High tech Zone, Xiamen, Fujian Province, 361000 Applicant after: Xiamen Anjie Cloud Network Co.,Ltd. Country or region after: China Address before: 361000 room 237-8, No. 481, Qianpu East Road, Siming District, Xiamen City, Fujian Province Applicant before: Xiamen yuanyu'an Technology Co.,Ltd. Country or region before: China |
|
| TA01 | Transfer of patent application right |