Content acquisition method and apparatus, computing device, and computer-readable storage medium

Abstract

The application discloses a content acquisition method, a content acquisition device, a computing device and a computer readable storage medium. The content acquisition method comprises: sending a rotation task request to a server; receiving a first challenge task from the server, the first challenge task being sent by the server in response to the rotation task request; generating first verification information based on the first challenge task; sending a request for a content address including the first verification information to the server; and acquiring a content address sent by the server after first authentication, wherein the first authentication is performed by the server on the first verification information based on the first challenge task after receiving the request for the content address.

Description

Technical Field

[0001] This disclosure relates to the field of information transmission, and in particular to content acquisition methods, content acquisition devices, computing devices, and computer-readable storage media. Background Technology

[0002] With the development of communication technology and the advancement of communication equipment, internet technology has profoundly changed people's production and lifestyles. In particular, with the widespread adoption of smart terminals and the development of mobile internet, more and more users are accessing various types of data on the internet anytime, anywhere through various terminals, such as reading news, watching videos, watching live streams, and engaging in social networking. For various reasons, some internet service providers hotlink content from other internet service providers. Summary of the Invention

[0003] According to one aspect, this disclosure provides a content acquisition method, comprising: sending a rotation task request to a server; receiving a first challenge task from the server, the first challenge task being sent by the server in response to the rotation task request; generating first verification information based on the first challenge task; sending a request for a content address including the first verification information to the server; and acquiring the content address sent by the server after first authentication is passed, wherein the first authentication is performed by the server on the first verification information based on the first challenge task after receiving the request for the content address.

[0004] In some embodiments, the first challenge task includes executable code, and generating first verification information based on the first challenge task includes: executing the executable code in the first challenge task to generate a first execution result; and encrypting the first execution result to generate the first verification information.

[0005] In some embodiments, obtaining the content address sent by the server after the first authentication is successful includes: obtaining the content address including a key sent by the server after the first authentication is successful, wherein the key is generated by the server based on at least one of the user information of the user at the end that sent the request for the content address and the content information of the content stream to be obtained at the content address.

[0006] In some embodiments, the content acquisition method further includes: receiving a second challenge task from the server while acquiring the content address sent by the server after the first authentication is passed; generating second verification information based on the second challenge task; sending a pull request including the second verification information to the server; and acquiring the content stream sent by the server from the content address after the second authentication is passed, wherein the second authentication is performed by the server on the second verification information based on the second challenge task after receiving the pull request.

[0007] In some embodiments, the content acquisition method further includes: receiving a second challenge task from the server while acquiring the content address sent by the server after the first authentication is passed; generating second verification information based on the second challenge task; sending a pull request to the server including the second verification information and a key; and acquiring the content stream sent by the server from the content address after key authentication and second authentication are passed, wherein key authentication is performed by the server on the key based on at least one of user information and content information of the content stream to be acquired after receiving the pull request, and the second authentication is performed by the server on the second verification information based on the second challenge task after receiving the pull request.

[0008] In another aspect, this disclosure provides a content acquisition method, comprising: receiving a rotation task request from a client; in response to receiving the rotation task request, sending a first challenge task to the client; receiving a request from the client for a content address including first verification information, the first verification information being generated by the client based on the first challenge task; after receiving the request for the content address, performing a first authentication on the first verification information based on the first challenge task; and after the first authentication is successful, sending the content address to the client.

[0009] In some embodiments, performing first authentication on the first verification information based on the first challenge task includes: decrypting the first verification information to generate a decryption result; and performing first authentication on the decryption result based on the first challenge task, wherein the first challenge task includes executable code, and wherein the first verification information is generated by the client executing the executable code in the first challenge task to generate a first execution result and encrypting the first execution result.

[0010] In some embodiments, sending a content address to a client includes sending the content address to the client including a key, the key being generated based on at least one of user information of the user at the end that sent the request for the content address and content information of the content stream to be retrieved at the content address.

[0011] In some embodiments, the content acquisition method further includes: sending a second challenge task to the client while sending a content address to the client; receiving a pull request from the client including second verification information, the second verification information being generated by the client based on the second challenge task; performing a second authentication on the second verification information based on the second challenge task after receiving the pull request; and sending a content stream to the client from the content address after the second authentication is successful.

[0012] In some embodiments, the content acquisition method further includes: sending a second challenge task to the client while sending a content address to the client; receiving a streaming request from the client including second verification information and a key, wherein the second verification information is generated by the client based on the second challenge task; after receiving the streaming request, performing key authentication on the key based on at least one of user information and content information of the content stream to be acquired, and performing second authentication on the second verification information based on the second challenge task; and after the key authentication and second authentication are successful, sending the content stream from the content address to the client.

[0013] In some embodiments, before sending the first challenge task to the client, the method further includes: periodically resetting the first challenge task.

[0014] In another aspect, this disclosure provides a content acquisition apparatus, comprising: a rotation task request sending module configured to send a rotation task request to a server; a first challenge task receiving module configured to receive a first challenge task from the server, the first challenge task being sent by the server in response to the rotation task request; a first verification information generation module configured to generate first verification information based on the first challenge task; a request sending module configured to send a request for a content address including the first verification information to the server; and a content address acquisition module configured to acquire the content address sent by the server after first authentication is passed, wherein the first authentication is performed by the server based on the first verification information after receiving the request for the content address.

[0015] In another aspect, this disclosure provides a content acquisition device, comprising: a rotation task request receiving module configured to receive a rotation task request from a client; a first challenge task sending module configured to send a first challenge task to the client in response to receiving the rotation task request; a request receiving module configured to receive a request for a content address from the client, the first verification information being generated by the client based on the first challenge task; a first authentication module configured to perform first authentication on the first verification information based on the first challenge task after receiving the request for the content address; and a content address sending module configured to send the content address to the client after the first authentication is successful.

[0016] In another aspect, this disclosure provides a computing device including a memory and a processor, the memory being configured to store computer-executable instructions thereon, which, when executed on the processor, perform the above-described content retrieval method.

[0017] In another aspect, this disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed on a processor, perform the aforementioned content acquisition method.

[0018] In the content acquisition method provided in this disclosure, the client retrieves the first challenge task from the server in a round-robin fashion, the client executes the first challenge task to obtain the result, the client returns the result to the server, and the server verifies the result to identify hotlinking. This transforms the passive reception of client messages by the server in related technologies into a dynamic collection method where the server can actively send the first challenge task to the client, optimizing the server's information collection from a static or relatively fixed method. Thus, service providers offering hotlinking cannot obtain the first challenge task and cannot forge dynamically changing execution results for the first challenge task, ensuring that the server sends the content address to legitimate clients while avoiding sending the content address to the hotlinking party, effectively preventing hotlinking risks. Furthermore, it eliminates the need to collect user behavior data and perform extensive comparisons and analyses, allowing for immediate hotlinking identification. Additionally, the method according to the embodiments of this disclosure can be used to collect data from the hotlinking party, thereby analyzing the hotlinking party's technical methods and providing data support for further optimization of anti-hotlinking technology. Attached Figure Description

[0019] Further details, features, and advantages of this disclosure are disclosed in the following description of exemplary embodiments in conjunction with the accompanying drawings. The drawings are for illustrative purposes only and are not intended to limit the scope of this disclosure. Furthermore, throughout the drawings, the same reference numerals denote the same or similar elements. In the drawings:

[0020] Figure 1a The diagram illustrates a scenario in which a client retrieves content in the relevant technology.

[0021] Figure 1b The diagram illustrates the principle of obtaining content via hotlinking in related technologies.

[0022] Figure 2a The diagram illustrates the principle of hotlinking targeting client vulnerabilities in related technologies.

[0023] Figure 2b The diagram illustrates the principle of hotlinking targeting server-side vulnerabilities in related technologies.

[0024] Figure 3 A schematic diagram illustrating the principle of Key anti-hotlinking in related technologies is shown.

[0025] Figure 4a The diagram illustrates an application scenario of content retrieval methods in related technologies.

[0026] Figure 4b The diagram illustrates an application scenario of a content retrieval method according to some embodiments of the present disclosure.

[0027] Figure 5 A flowchart illustrating a content acquisition method according to some embodiments of the present disclosure is shown schematically;

[0028] Figure 6 A signaling flowchart illustrating how a client obtains a content address from a server according to some embodiments of this disclosure is shown schematically.

[0029] Figure 7 The diagram illustrates a signaling flowchart of a client obtaining a content address and content stream from a server according to some embodiments of the present disclosure.

[0030] Figure 8 A flowchart illustrating a content acquisition method according to some embodiments of the present disclosure is shown schematically;

[0031] Figure 9 The schematic diagram illustrates the principle of anti-leeching for content retrieval methods according to some embodiments of this disclosure;

[0032] Figure 10 The diagram illustrates the anti-leeching effect of a content retrieval method according to some embodiments of the present disclosure;

[0033] Figure 11 A schematic block diagram of a content acquisition apparatus 1100 according to some embodiments of the present disclosure is shown;

[0034] Figure 12 A schematic block diagram of a content acquisition apparatus 1200 according to some embodiments of the present disclosure is shown; and.

[0035] Figure 13 A schematic block diagram of a computing system capable of implementing a content retrieval method according to some embodiments of the present disclosure is shown. Detailed Implementation

[0036] Several embodiments of the present disclosure will now be described in more detail with reference to the accompanying drawings to enable those skilled in the art to understand and implement the disclosure. However, the present disclosure may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided herein to make the disclosure comprehensive and complete, and to fully convey the scope of the disclosure to those skilled in the art. These embodiments are illustrative and not limiting of the disclosure.

[0037] It will be understood that although the terms first, second, third, etc., may be used herein to describe various elements, steps, and / or parts, these elements, steps, and / or parts should not be limited by these terms. These terms are used only to distinguish one element, step, or part from another. Therefore, the first element, step, or part discussed below may be referred to as the second element, step, or part without departing from the teachings of this disclosure.

[0038] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit this disclosure. As used herein, the singular forms “a,” “an,” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprising” and / or “including” as used in this specification specify the presence of a feature, integral, step, operation, element, and / or component, but do not exclude the presence of one or more other features, integrals, steps, operations, elements, components, and / or groups thereof. As used herein, the term “and / or” includes any and all combinations of one or more of the associated listed items.

[0039] Unless otherwise defined, all terms used herein (including technical and scientific terms) have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure pertains. It will be further understood that terms such as those defined in commonly used dictionaries should be interpreted as having meanings consistent with their meanings in the relevant field and / or the context of this specification, and will not be interpreted in an idealized or overly formal sense unless expressly defined herein.

[0040] It should be noted that, provided there is no conflict, features in different embodiments can be combined and used arbitrarily.

[0041] Before detailing the embodiments of this disclosure, some related concepts will first be explained:

[0042] 1. Service Provider: A person or organization that uses servers or other means to provide content data for Internet users to access, such as a company that provides on-demand or live video services.

[0043] 2. Content to be acquired: The content data that internet users will acquire. This content may include images, audio, video, or other files. For example, the content to be acquired could be the video that a user watching a video wants to acquire.

[0044] 3. Hotlinking: This refers to a service provider that does not provide the service itself, but uses technical means to bypass the end-user interface of other service providers (the bypassed end-user interface may include those with commercial benefits, such as push notifications), and directly provides the other service provider's content to the end user on its own server, thereby deceiving the end user into browsing and clicking. The service provider providing the hotlink (the hotlinker) provides little or no resources, while the service provider whose content is being hotlinked (the victim) actually provides the content but receives little or no benefit. For example, the service provider providing the hotlink embeds links to other service providers' content on its own page to achieve the purpose of hotlinking. Hotlinking can target images, audio, video, and other files.

[0045] 4. Client: A program that interacts with a client, such as an app on a terminal device on a network.

[0046] 5. Server-side: The end that provides services to clients, referring to the facilities used by service providers to deliver content data to clients. For example, a server-side can include multiple communication nodes, one or more of which can interact to implement server-side functions, and these communication nodes can be located in different geographical locations. For instance, a server-side can refer to a server that integrates various functions, or it can refer to communication nodes distributed across multiple locations.

[0047] 6. CDN: Content Delivery Network. A CDN is an intelligent virtual network built on top of an existing network and configured to provide users with the content data they need.

[0048] 7. OSS: Operation Support Systems, is an essential support platform for the development and operation of telecommunications services. OSS is an integrated support system for telecommunications operators that shares information resources. It mainly consists of network management, system management, billing, business operations, accounting, and customer service. It is responsible for the inspection and management of the communication quality and operation of the entire network, recording and collecting various data during the operation of the entire network, and performing monitoring and control functions on all equipment within the network.

[0049] In online scenarios, users typically access content data provided by service providers on their servers via clients and the network. In some cases, the server provides a content address to the client, and the client retrieves the content data from this address. This approach creates an opportunity for hotlinking. For example, a service provider offering hotlinking may not provide the resources or provide very few resources, but simply place the content address on its own page for users to access, thereby achieving the purpose of hotlinking.

[0050] Figure 1a This diagram schematically illustrates a scenario where a client retrieves content in related technologies. Figure 1a In the absence of hotlinking, the process by which the client 130 obtains the content 110 is as follows: the content 110 is distributed to the CDN 120, and the client 130 obtains the content 110 from the CDN 120 through communication with the CDN 120. In the presence of hotlinking, the service provider 140 providing the hotlinking service obtains the CDN address and performs hotlinking. For example, the service provider 140 may place these addresses in their own app for user use. Figure 1b This diagram schematically illustrates the principle of obtaining content through hotlinking in related technologies. For example... Figure 1b As shown, the hotlinking party (1) 142, hotlinking party (2) 144, hotlinking party (3) 146, etc., obtain content from CDN 120 and provide content services 150 to users through hotlinking server 148 and hotlinking app (not shown). The service provider providing hotlinking has little or no content cost and bandwidth cost, which are often borne by the service provider whose content is being hotlinked. At the same time, the service provider providing hotlinking may also convert the users of the service provider whose content is being hotlinked into its own users.

[0051] The inventors of this application have discovered that hotlinking may target one or more communication nodes in the various communication nodes during the content acquisition process (where the source service can prevent hotlinking by adding a whitelist). Figure 2a The diagram illustrates a principle of hotlinking targeting client vulnerabilities in related technologies. Figure 2b This diagram illustrates the principle of hotlinking targeting server-side vulnerabilities in related technologies. The hotlinking method and corresponding anti-hotlinking measures can be seen in the following two examples:

[0052] 1. Hotlinking exploiting client-side vulnerabilities (e.g.) Figure 2aAs shown in the diagram, the principle is as follows: Client 130 obtains the content address by requesting the service provider's backend service 210, and then requests CDN 120 to receive content data from that address. The service provider 140, which is providing the hotlinking, obtains the content address by finding vulnerabilities in the backend service 210 or by impersonating a normal user of the service provider being hotlinked (e.g., using a client plugin), and then obtains the content from CDN 120 for hotlinking. Vulnerabilities in the backend service 210 often occur when a new service function is launched. Anti-hotlinking measures against this method can be implemented using authentication: Client 130 needs to sign to obtain the encrypted content address; the backend service 210 needs to verify the signature; after successful verification, it returns the encrypted content address; finally, CDN 120 decrypts the encrypted content address. During this process, addresses that cannot be decrypted are identified as hotlinking. Simultaneously, the encryption method for Client 130 needs to be continuously upgraded to raise the barrier to hotlinking.

[0053] 2. Hotlinking exploiting CDN vulnerabilities (e.g.) Figure 2b As shown in the diagram, the principle is as follows: The service provider offering hotlinking analyzes the client 130 by packet capture analysis 220, thereby obtaining the CDN address 230 and thus the domain name 240; then, based on the domain name 240, it finds the corresponding server node IP (Internet Protocol) address 250 and performs hotlinking. In some cases, occasional changes to the CDN may cause authentication failure, such as the entire domain name becoming invalid or a single node failing. Anti-hotlinking measures against this method can refer to the following principles: First, authentication verification needs to be implemented when accessing the CDN; second, bandwidth monitoring is crucial, as hotlinking will inevitably increase bandwidth costs; and third, the CDN can be regularly scanned for authentication vulnerabilities, and these vulnerabilities should be repaired promptly to minimize losses.

[0054] The inventors of this application have further discovered that anti-leeching technology in related technologies can include the following methods:

[0055] 1. Referer (Access Source) Anti-Hotlinking: Based on the Referer mechanism supported by HTTP (Hypertext Transfer Protocol), the source of the request is identified by the Referer field carried in the content request header. By setting a batch of domains as a blacklist or whitelist, CDN nodes will authenticate according to the domains on the list, thereby allowing or denying content requests. Similarly, information such as UserAgent in the header can also be verified. These methods all identify whether it is hotlinking by verifying user information—judging whether the referer or UserAgent information is legitimate to prevent hotlinking. For service providers that provide hotlinking, it is easy to disguise, the threshold for hotlinking is low, and it is easy to bypass.

[0056] 2. Key anti-hotlinking: Figure 3 The diagram illustrates the principle of Key anti-hotlinking in related technologies. Client 310 generates an encrypted string using an encryption algorithm based on content information (e.g., video filename 312), IP address 314, timestamp 318, device ID 316, etc. (step S320), thereby generating a playback address with the encrypted string (step S322). The client sends a request to CDN 330 (step S324), CDN 330 processes the request (step S332), and CDN 330 processes the playback address with the encrypted string to extract the encrypted string (step S334), then decrypts the encrypted string (step S336) and compares the decrypted fields (step S338). If the string cannot be decrypted, it is considered hotlinking. If it can be decrypted, after a validity check (step S340) (e.g., a valid timestamp), information is allowed to be returned (step S342), providing content to client 310, thus enabling client 310 to obtain the content. The key to this anti-hotlinking method lies in cracking the encryption algorithm. However, if the encryption process occurs on the terminal, the service provider offering hotlinking can debug and find the encryption function, then generate the encrypted string by executing that function. If the encryption process occurs on the server side, the service provider offering hotlinking can obtain the encrypted string by simulating a normal user request to the server. Therefore, by spending considerable time, Key anti-hotlinking measures can also be cracked. This, in turn, requires the service provider being hotlinked to continuously upgrade its encryption algorithm. However, many older client versions may not be able to upgrade in time, allowing the service provider offering hotlinking to use older versions for hotlinking. This method of cracking does not require reusing the encrypted string, and CDN-side unique verification of the playback address cannot detect hotlinking; and

[0057] 3. User Behavior: During the client-side streaming phase, the CDN simultaneously collects various user behavior information associated with the user, such as clicks, buffering, and streaming events, and reports this information to the data platform after encryption. The data platform performs real-time filtering and statistics, and the anti-leeching configuration uses this data to determine whether content is being provided to legitimate users, synchronizing the results to the CDN side. This allows for the crackdown on leeching, including those that have already obtained legitimate playback addresses. Service providers offering leeching protection find it difficult to completely mimic this method. However, identifying leeching service providers through user behavior requires the client to report user behavior, followed by offline statistics and calculations. Network or computational latency may lead to a small number of false positives; if an incident affects computational services, it could result in widespread false positives, impacting the quality of content delivery.

[0058] In order to alleviate or solve at least one of the above problems and other possible problems, this application provides a content acquisition method, a content acquisition apparatus, a computing device, and a computer-readable storage medium.

[0059] Figure 4a The diagram illustrates an application scenario of content retrieval methods in related technologies. Figure 4b The diagram schematically illustrates an application scenario of a content retrieval method according to some embodiments of the present disclosure. Figure 4a In 4b, application scenarios 450 or 460 may include a client 410, a server 420, and a network (not shown) between the client 410 and the server 420. User 405 interacts with the client 410, thereby communicating with the server 420. For example, the client 410 may be installed on a terminal device. The terminal device on which the client 410 is installed, or the server 420, may include one or more computing devices, which may be distributed in different geographical locations and communicate via a network. The one or more computing devices included in the server 420 may, for example, include a single server or a group of servers, or may include other devices with certain computing and communication capabilities. The one or more computing devices included in the server 420 may be provided and maintained by a service provider (not shown) that provides the content to be obtained.

[0060] In some embodiments, user 405 can interact with server 420 through client 410, for example, by browsing videos. Server 420 can provide content that the user wants to obtain, such as video data, to client 410 according to user requests.

[0061] In related technologies, during the process of client 410 sending a request to server 420 (e.g., a request for a content address, a request for streaming, etc.), anti-leeching is mainly based on passive defense. As shown in step S455, client 410 sends the request information along with identity information (e.g., Figure 3 The content information shown (e.g., video file name 312, IP address 314, timestamp 318, device ID 316, etc.) is sent to the server 420. The server 420 uses the received request information and identity information to identify hotlinking. However, the request information and identity information received by the server 420 from the client 410 are only based on information from the client 410's side. The server 420 can only passively receive information. In this mode, the information that the server 420 can collect is relatively fixed, resulting in a high risk of hotlinking and low security.

[0062] In some embodiments of this disclosure, such as Figure 4b As shown, client 410 can send a rotation task request to server 420 (step S462); client 410 can receive a first challenge task from server 420 (step S464), the first challenge task being sent by server 420 in response to the rotation task request; client 410 can generate first verification information based on the first challenge task; client 410 can send a request for a content address including the first verification information to server 420 (step S466); and client 410 can obtain the content address (not shown) sent by server 420 after the first authentication is passed, wherein the first authentication is performed by server 420 on the first verification information based on the first challenge task after receiving the request for the content address.

[0063] In some embodiments, the network between client 410 and server 420 may include a local area network (LAN), a wide area network (WAN), a personal area network (PAN), and / or a combination of communication networks such as the Internet. The terminal devices on which server 420 and client 410 are installed may include at least one communication interface (not shown) capable of communicating over a network. Such a communication interface may be one or more of the following: any type of network interface (e.g., a network interface card (NIC)), wired or wireless (such as an IEEE 801.11 wireless LAN (WLAN)) wireless interface, Wi-MAX interface, Ethernet interface, Universal Serial Bus (USB) interface, cellular network interface, Bluetooth™ interface, Near Field Communication (NFC) interface, etc.

[0064] The terminal device on which client 410 is installed can be any type of computing device, including mobile computers (e.g., Microsoft® Surface® devices, personal digital assistants (PDAs), laptops, notebook computers, and devices such as Apple iPads). TM Tablet computers, netbooks, etc.), mobile phones (e.g., cellular phones, smartphones such as Microsoft Windows® phones, Apple iPhones, and devices implementing Google® Android). TM Operating systems such as phones, Palm® devices, Blackberry® devices, etc.), and wearable devices (such as smartwatches, head-mounted devices, including smart glasses such as Google® Glass). TM (e.g., mobile devices, etc.) or other types of mobile devices. In some embodiments, the terminal device may also be a fixed device, such as a desktop computer, game console, smart TV, in-vehicle computer, etc. Furthermore, when multiple terminal devices exist, the multiple terminal devices may be the same or different types of devices.

[0065] Client 410 may include an app (not shown) that interacts with user 405. The app can be a local application, a web application, or a lightweight application (such as a mobile app or WeChat app). If the app is a local application that requires installation, it can be installed on the terminal device. If the app is a web application, it can be accessed through a browser. If the app is a mini-program, it can be opened directly on the user's terminal without installation by searching for relevant information (such as the app's name) or scanning its graphic code (such as a barcode or QR code).

[0066] In some embodiments, application scenarios 450 or 460 described above can be a distributed system consisting of a cluster of terminal devices installed on the client 410 and a server 420. This distributed system can, for example, constitute a blockchain system. Blockchain is a novel application model of computer technologies such as distributed data storage, peer-to-peer transmission, consensus mechanisms, and cryptographic algorithms. Essentially, a blockchain is a decentralized database, a chain of data blocks linked using cryptographic methods. Each data block contains information about a batch of network transactions, used to verify the validity of the information (anti-counterfeiting) and generate the next block. A blockchain can include a blockchain underlying platform, a platform product service layer, and an application service layer.

[0067] The underlying blockchain platform can include processing modules such as user management, basic services, smart contracts, and operational monitoring. The user management module is responsible for managing the identity information of all blockchain participants, including maintaining public and private key generation (account management), key management, and maintaining the correspondence between user real identities and blockchain addresses (access management). Furthermore, under authorization, it monitors and audits transactions of certain real identities and provides risk control rule configuration (risk control audit). The basic services module is deployed on all blockchain node devices to verify the validity of business requests. After consensus is reached on valid requests, they are recorded in storage. For a new business request, the basic services first perform interface adaptation parsing and authentication (interface adaptation), and then encrypt the business information using a consensus algorithm (consensus management). After encryption, the data is transmitted completely and consistently to the shared ledger (network communication) and recorded and stored. The smart contract module is responsible for contract registration, issuance, triggering, and execution. Developers can define contract logic using a programming language and publish it to the blockchain (contract registration). According to the contract terms, the key or other events are invoked to trigger execution and complete the contract logic. It also provides functions for contract upgrades and cancellations. The operation monitoring module is mainly responsible for deployment, configuration modification, contract settings, cloud adaptation, and real-time status visualization output during product release, such as alarms, network monitoring, and monitoring of node device health status.

[0068] The platform's product service layer provides the basic capabilities and implementation frameworks for typical applications. Developers can leverage these basic capabilities, along with the specific characteristics of their business needs, to implement blockchain-based business logic. The application service layer provides blockchain-based application services to business stakeholders.

[0069] Figure 5 A flowchart illustrating a content acquisition method 500 according to some embodiments of the present disclosure is shown schematically. Figure 5 As shown, the content acquisition method 500 according to some embodiments of this disclosure includes the following steps S510-S550.

[0070] S510. Send a rotation task request to the server. For example, the client may send a rotation task request to the server. In some embodiments, the client sends a rotation task request to the server at regular intervals, and the server responds to the client's rotation task request by returning a message to the client, such as the first challenge task described below.

[0071] As an example, Figure 6 A signaling flowchart illustrating how a client obtains a content address from a server according to some embodiments of this disclosure is schematically shown. Figure 6In this configuration, client 610 may include a content acquisition module 612 and an anti-leeching SDK (software development kit) module 614. The content acquisition module 612 and the anti-leeching SDK module 614 can be located in different geographical locations or integrated into the same computing device. The content acquisition module 612 and the anti-leeching SDK module 614 are merely examples; they could also be the same module. The content acquisition module 612 can be configured to acquire content for use by the user of client 610, and the anti-leeching SDK module 614 can be configured to perform anti-leeching verification. Server 620 may include a channel service module 621, a content backend module 622, a synchronization attack module 624, and an OSS module 626. The channel service module 621, content backend module 622, synchronization attack module 624, and OSS module 626 can be located in different geographical locations (e.g., as interconnected cloud devices) or integrated into the same computing device. Channel service module 621, content backend module 622, synchronous attack module 624, and OSS module 626 are just examples; they could also be the same module.

[0072] As an example, such as Figure 6 As shown, the anti-hotlinking SDK module 614 can send a rotation task request to the channel service module 621, and the channel service module 621 can receive the rotation task request from the anti-hotlinking SDK module 614 (step S634).

[0073] For example, the client 610 can send a rotation task request to the server 620 once per minute.

[0074] For example, before step S510, such as when starting client 610, content acquisition module 612 may send an initialization command (illustrated as "init(appkey)") to anti-hotlinking SDK module 614 (step S632).

[0075] S520. Receive the first challenge task from the server. The first challenge task is sent by the server in response to the rotation task request. In some embodiments, the client sends a rotation task request to the server at regular intervals, and the server returns the first challenge task to the client in response to the client's rotation task request, so that the client can obtain the first challenge task.

[0076] As an example, such as Figure 6As shown, the anti-leeching SDK module 614 can receive a first challenge code from the channel service module 621. The channel service module 621 can send the first challenge code to the anti-leeching SDK module 614, wherein the first challenge code is sent by the channel service module 621 in response to a round-robin task request (step S638). For example, before the channel service module 621 sends the first challenge code to the anti-leeching SDK module 614, the OSS module 626 can send the first challenge code and the policy associated with the first challenge code to the channel service module 621 (step S636).

[0077] S530. Generate first verification information based on the first challenge task. In some embodiments, the client generates first verification information based on the received first challenge task. Generating the first verification information can be achieved in various ways, such as: running program code in the first challenge task to generate the first verification information, decoding and transforming encrypted data in the first challenge task to generate the first verification information, or utilizing existing data correspondence between the first challenge task and the client to generate the first verification information, etc.

[0078] As an example, such as Figure 6 As shown, the first challenge task includes executable code. Step S530 may include: the anti-hotlinking SDK module 614 executing the executable code in the first challenge task to generate a first execution result (step S640); and encrypting the first execution result to generate first verification information. This encryption of the first execution result enhances the security of requests to content addresses, including the first verification information, as described below, and improves the effectiveness of anti-hotlinking measures.

[0079] S540. Send a request for a content address, including first verification information, to the server. In some embodiments, the client sends a request for a content address to the server to request the content address corresponding to the content to be obtained, the request for the content address including the first verification information. The server receives the request for the content address from the client. For example, the first verification information and the request for the content address may be in the form of strings, and the first verification information may be concatenated into the request for the content address.

[0080] As an example, such as Figure 6 As shown, the content acquisition module 612 sends a request for the content address, including first verification information, to the content backend module 622, and the content backend module 622 receives the request for the content address, including the first verification information, from the content acquisition module 612 (step S644). For example, the request may include " The instruction can include first verification information (shown as "ckey"), and the first verification information can be appended to the instruction.

[0081] For example, prior to step S540, the content acquisition module 612 may receive and execute a content acquisition instruction (illustrated as "play") (step S642).

[0082] S550. Obtain the content address sent by the server after the first authentication is successful, wherein the first authentication is performed by the server on the first verification information based on the first challenge task after receiving a request for the content address. In some embodiments, the server sends the content address corresponding to the content to be obtained to the client after the first authentication is successful, and the client obtains the content address sent by the server after the first authentication is successful to provide the content to be obtained to the user through the content address. The first authentication is performed by the server on the first verification information based on the first challenge task after receiving a request for the content address. The server can generate an authentication policy associated with the first challenge task according to the first challenge task, and authenticate the first verification information according to this authentication policy.

[0083] As an example, such as Figure 6 As shown, after the content backend module 622 performs the first authentication (step S650) by the synchronization attack module 624 and the first authentication is successful, it sends the content address to the content acquisition module 612. The content acquisition module 612 then acquires the content address sent by the content backend module 622 (step S654). The first authentication is performed by the synchronization attack module 624 based on the first challenge task and the first verification information after receiving a request for the content address. For example, the content backend module 622 sends the received request for the content address, including the first verification information, to the synchronization attack module 624 for the first authentication (step S648). The OSS module 626 sends the policy associated with the first challenge code to the synchronization attack module 624 (step S646). After receiving the request for the content address, the synchronization attack module 624 performs a policy judgment on the first verification information based on the first challenge task (e.g., based on the policy associated with the first challenge code), thereby completing the first authentication (step S650).

[0084] In some embodiments, obtaining the content address sent by the server after the first authentication is successful includes: obtaining a content address including a key sent by the server after the first authentication is successful, wherein the key is generated by the server based on at least one of the user information of the user at the end that sent the request for the content address and the content information of the content stream to be retrieved at the content address. In some embodiments, the content address sent by the server to the client further includes the key, which enables key authentication performed by the server when the client subsequently makes a content request (e.g., pulls a stream) through the content address.

[0085] For example, such as Figure 6As shown, after the content backend module 622 performs the first authentication (step S650) by the synchronization attack module 624 and the first authentication is successful, it sends a content address including a key (shown as "vkey") to the content acquisition module 612. The content acquisition module 612 acquires the content address including the key (vkey) sent by the content backend module 622. The key (vkey) is generated by the synchronization attack module 624 based on at least one of the user information of the user at the end that sent the request for the content address (i.e., the client 610) and the content information of the content stream to be acquired at the content address. For example, the user information may include, for instance, user information including ... Figure 3 The information shown includes at least one of the following: IP address 314, timestamp 318, device ID 316, etc., and the content information may include, for example: Figure 3 The video file name shown is 312, etc. For example, before the content backend module 622 sends the content address including the key (vkey) to the content acquisition module 612, the synchronization attack module 624 can send the key (vkey) to the content backend module 622 after the first authentication is successful (step S652). In this way, the key (vkey) can be included in the content address, making it easier for the server to authenticate and verify the key when the client requests the content stream, thus improving security and enhancing the effectiveness of anti-hotlinking.

[0086] In the content acquisition method provided in the embodiments of this disclosure, the client retrieves a first challenge task from the server in a round-robin fashion, the client executes the first challenge task to obtain the result, the client returns the result to the server, and the server verifies the result to identify hotlinking. This transforms the passive reception of client messages by the server in related technologies into a dynamic process where the server can actively send the first challenge task to the client, optimizing the server's information collection from static or relatively fixed client data to dynamic collection. Thus, service providers offering hotlinking cannot obtain the first challenge task and cannot forge dynamically changing execution results for the first challenge task, ensuring that the server sends the content address to legitimate clients while avoiding sending the content address to the hotlinking party, effectively preventing hotlinking risks. Furthermore, it eliminates the need to collect user behavior data and perform extensive comparisons and analyses, allowing for immediate hotlinking identification. Additionally, the method according to the embodiments of this disclosure can be used to collect data from the hotlinking party, thereby analyzing the hotlinking party's technical methods and providing data support for further optimization of anti-hotlinking technology.

[0087] In some embodiments, the content acquisition method 500 may further include: receiving a second challenge task from the server while acquiring the content address sent by the server after the first authentication is passed; generating second verification information based on the second challenge task; sending a pull request including the second verification information to the server; and acquiring the content stream sent by the server from the content address after the second authentication is passed, wherein the second authentication is performed by the server on the second verification information based on the second challenge task after receiving the pull request. In some embodiments, the server sends a content address corresponding to the content to be acquired to the client after the first authentication is passed, and the client acquires the content address from the server to acquire the content for user use. The client can acquire the second challenge task while acquiring the content address from the server. For example, the second challenge task and the content address can be in the form of strings, and the second challenge task can be concatenated in the content address. The client generates the second verification information based on the received second challenge task. The generation of the second verification information can take various forms, such as running program code in the second challenge task to generate the second verification information, decoding and transforming encrypted data in the second challenge task to generate the second verification information, or using the existing data correspondence between the second challenge task and the client to generate the second verification information, etc. The client sends a pull request to the server to request the content to be retrieved. The server receives the pull request from the client, and the pull request may include second authentication information. For example, the second authentication information and the pull request can be in string form, and the second authentication information can be concatenated into the pull request. After successful second authentication, the server can send the content stream from the content address to the client. The client can obtain the content stream sent by the server after successful second authentication to provide the user with the content to be retrieved. The second authentication can be performed by the server based on a second challenge task on the second authentication information after receiving the pull request. The server can generate an authentication policy associated with the second challenge task and perform second authentication on the second authentication information according to this authentication policy.

[0088] As an example, Figure 7 The diagram schematically illustrates a signaling flow chart of a client obtaining a content address and content stream from a server according to some embodiments of the present disclosure. Server 720 may include a content backend module 622, a synchronous attack module 624, an OSS module 626, a CDN module 728, and an asynchronous attack module 730. The content backend module 622, synchronous attack module 624, OSS module 626, CDN module 728, and asynchronous attack module 730 may be distributed in different geographical locations (e.g., as interconnected cloud devices) or integrated in the same computing device.

[0089] For example, while OSS module 626 sends the policy associated with the first challenge code to synchronization attack module 624, it also sends a second challenge task (e.g., a second challenge code) (step S736). Upon receiving a request for a content address, synchronization attack module 624 performs a policy judgment on the first verification information based on the first challenge task (e.g., based on the policy associated with the first challenge code), thereby completing the first authentication (step S650). Synchronization attack module 624 can then send the second challenge code to content backend module 622 (as shown in step S740). Content backend module 622 sends the second challenge task to client 610 simultaneously with sending the content address. Client 610 receives the second challenge task from content backend module 622 while simultaneously obtaining the content address sent by content backend module 622 after the first authentication is successful (step S742).

[0090] For example, client 610 generates second verification information based on a second challenge task. In some embodiments, the second challenge task includes executable code, client 610 executes the executable code in the second challenge task to generate a second execution result (step S744); and encrypts the second execution result to generate the second verification information.

[0091] For example, client 610 sends a pull request including second verification information to CDN module 728, and CDN module 728 receives the pull request including the second verification information from client 610. For instance, the pull request may include " The address, where "revoi=yyyy" can indicate the second verification information concatenated into the address.

[0092] In some embodiments, after the second authentication (step S754) is passed, the CDN module 728 sends a content stream from the content address to the client 610, and the client 610 obtains the content stream sent by the CDN module 728 from the content address after the second authentication (step S754) is passed (step S752). The second authentication may be performed by the asynchronous attack module 730 on the second verification information based on the second challenge task after receiving the pull request. In some embodiments, after the CDN module 728 receives the pull request, it can send the pull request to the asynchronous attack module 730 (step S750). The OSS module 626 can send a policy associated with the second challenge code to the asynchronous attack module 730 (step S745). After receiving the pull request including the second verification information, the asynchronous attack module 730 performs a policy judgment on the second verification information based on the second challenge task (e.g., based on the policy associated with the second challenge code), thereby completing the second authentication (step S754).

[0093] In some embodiments, during the second authentication (step S754), the asynchronous attack module 730 identifies hotlinking based on the result of the second authentication and returns the attack strategy to the CDN module 728 (step S751). The CDN module 728 can return a result to the client 610 according to the attack strategy. For example, if the second authentication passes, the asynchronous attack module 730 identifies the streaming request as coming from a normal client and returns the attack strategy corresponding to the normal client to the CDN module 728, and the CDN module 728 can return the result (content stream) normally; if the second authentication fails, the asynchronous attack module 730 identifies the streaming request as coming from a hotlinking or abnormal client and returns the attack strategy corresponding to the hotlinking or abnormal client to the CDN module 728, and the CDN module 728 may not return the content stream or return an error result.

[0094] In the embodiments disclosed herein, the server issues a second challenge task simultaneously with returning the content address. The client encrypts the execution result of the second challenge task and appends it to the content address to request a streaming request. The server identifies hotlinking based on the second authentication result of the execution result and returns a countermeasure strategy to the CDN module based on the identification result. The CDN module then determines whether to send the content stream to the client based on the identification result. This combines synchronous and asynchronous countermeasures, preventing hotlinking by service providers who only possess the content address. Hotlinking can be identified even if the client is completely compromised (encryption and behavior). Furthermore, it eliminates the need for extensive comparison and analysis, saving time and increasing the efficiency of hotlinking identification.

[0095] In some embodiments, the content acquisition method 500 further includes: receiving a second challenge task from the server while acquiring the content address sent by the server after the first authentication is passed; generating second verification information based on the second challenge task; sending a pull request including the second verification information and a key to the server; and acquiring the content stream sent by the server from the content address after key authentication and second authentication are passed, wherein key authentication is performed by the server on the key based on at least one of user information and content information of the content stream to be acquired after receiving the pull request, and the second authentication is performed by the server on the second verification information based on the second challenge task after receiving the pull request. In some embodiments, the client sends a pull request to the server to request the content to be acquired, and the server receives the pull request from the client. The pull request may include the second verification information and the key. For example, the second verification information, the key, and the pull request may be in the form of strings, and the second verification information and the key may be concatenated in the pull request. The server may send the content stream from the content address to the client after key authentication and second authentication are passed, and the client may acquire the content stream sent by the server after key authentication and second authentication are passed to provide the content to be acquired to the user. Key authentication can be performed by the server on the key based on at least one of the user information and the content information of the content stream to be obtained after receiving the pull request. Second authentication can be performed by the server on the second verification information based on the second challenge task after receiving the pull request.

[0096] As an example, the synchronous attack module 624 can send the second challenge code and key (vkey) to the content backend module 622 (as shown in step S740). After the first authentication is successful, the content backend module 622 sends a content address including the key (vkey) to the content acquisition module 612, and the content acquisition module 612 acquires the content address including the key (vkey) sent by the content backend module 622 after the first authentication is successful. In this case, the client 610 can send a pull request including the second verification information and key to the CDN module 728, and the CDN module 728 can receive the pull request including the second verification information and key from the client 610 (as shown in step S746). For example, the pull request may include " The address contains "revoi=yyyy", which indicates the second verification information appended to the address, and "vkey" indicates the key appended to the address.

[0097] As an example, after key authentication (in step S748) and second authentication (in step S754) are successful, server 720 can send a content stream from the content address to client 610 (step S752). Client 610 can obtain the content stream sent by server 720 from the content address after key authentication (in step S748) and second authentication (in step S754) are successful (step S752). Key authentication can be performed by CDN module 728 on the key based on at least one of user information and content information of the content stream to be obtained after receiving a pull request. Second authentication can be performed by asynchronous challenge module 730 on the second verification information based on a second challenge task after receiving a pull request.

[0098] For example, after receiving a pull request, CDN module 728 can perform key authentication on the key in the pull request based on at least one of user information and content information of the content stream to be retrieved (step S748). If key authentication fails, CDN module directly identifies the pull request as coming from a hotlinking or abnormal client, and CDN module 728 may not return the content stream or return an error result. If key authentication passes, CDN module 728 can send the pull request including the second verification information to asynchronous attack module 730 (step S750). OSS module 626 can send the policy associated with the second challenge code to asynchronous attack module 730 (step S745). After receiving the pull request including the second verification information, asynchronous attack module 730 performs policy judgment on the second verification information based on the second challenge task (e.g., based on the policy associated with the second challenge code), thereby completing the second authentication (step S754).

[0099] In some embodiments, during the second authentication (step S754), the asynchronous attack module 730 identifies hotlinking based on the result of the second authentication and returns the attack strategy to the CDN module 728 (step S751). The CDN module 728 can return a result to the client 610 according to the attack strategy. For example, if the second authentication passes, the asynchronous attack module 730 identifies the streaming request as coming from a normal client and returns the attack strategy corresponding to the normal client to the CDN module 728, and the CDN module 728 can return the result (content stream) normally; if the second authentication fails, the asynchronous attack module 730 identifies the streaming request as coming from a hotlinking or abnormal client and returns the attack strategy corresponding to the hotlinking or abnormal client to the CDN module 728, and the CDN module 728 may not return the content stream or return an error result.

[0100] This allows for dual authentication through both key (vkey) authentication and secondary authentication, further enhancing the effectiveness of hotlinking prevention. Furthermore, compared to secondary authentication, key authentication is faster and more flexible, allowing for instantaneous processing of streaming requests. Adding key authentication to the system enriches its overall configurability.

[0101] It should be understood that in some embodiments, when faced with a pull request, the server can directly send the content stream after key authentication is successful, and use the result of the second authentication for this pull request for the next pull request. For example, key authentication and second authentication can be performed for the first pull request. Since the second authentication may take a long time, the content stream can be returned directly when key authentication is successful without waiting for the result of the second authentication. Then, after the second authentication is completed, the result of the second authentication for the first pull request can be used for the second pull request. That is, for the second pull request, the server needs to judge based on the following two results: key authentication for the second pull request and second authentication for the first pull request. Only when both pass will the content stream be returned normally. Correspondingly, for the third pull request, the server needs to judge based on the following two results: key authentication for the third pull request and second authentication for the second pull request. Subsequent pull requests follow the same pattern. For example, if the asynchronous attack module 730 identifies the first pull request as hotlinking based on the second authentication result corresponding to the first pull request, it can stop returning the content stream for the second pull request. In this way, even when the second authentication takes a long time, the waiting time for users during the first streaming request is reduced, thus improving the user experience.

[0102] Figure 8 A flowchart illustrating a content acquisition method 800 according to some embodiments of the present disclosure is shown schematically. Figure 8 As shown, the content acquisition method 800 according to some embodiments of this disclosure includes the following steps S810-S850.

[0103] S810: Receive a rotation task request from the client;

[0104] S820: In response to receiving the rotation task request, sends the first challenge task to the client;

[0105] S830. Receive a request from the client for the content address, including first verification information, which is generated by the client based on the first challenge task;

[0106] S840. Upon receiving a request for the content address, perform first authentication on the first verification information based on the first challenge task; and

[0107] S850: After the first authentication is successful, send the content address to the client.

[0108] In some embodiments, performing first authentication on the first verification information based on the first challenge task includes: the synchronous attack module 624 decrypting the first verification information to generate a decryption result; and the synchronous attack module 624 performing first authentication on the decryption result based on the first challenge task, wherein the first challenge task includes executable code, and wherein the first verification information is generated by the client (anti-hotlinking SDK module 614) executing the executable code in the first challenge task to generate a first execution result and encrypting the first execution result. This allows for encryption and decryption of the first execution result, increasing the security of requests to content addresses including the first verification information as described below, and improving the effectiveness of anti-hotlinking.

[0109] In some embodiments, sending a content address to a client includes sending the content address to the client including a key, the key being generated based on at least one of user information of the user at the end that sent the request for the content address and content information of the content stream to be retrieved at the content address.

[0110] In some embodiments, the content acquisition method further includes: sending a second challenge task to the client while sending a content address to the client; receiving a pull request from the client including second verification information, the second verification information being generated by the client based on the second challenge task; performing a second authentication on the second verification information based on the second challenge task after receiving the pull request; and sending a content stream to the client from the content address after the second authentication is successful.

[0111] In some embodiments, the content acquisition method further includes: sending a second challenge task to the client while sending a content address to the client; receiving a streaming request from the client including second verification information and a key, wherein the second verification information is generated by the client based on the second challenge task; after receiving the streaming request, performing key authentication on the key based on at least one of user information and content information of the content stream to be acquired, and performing second authentication on the second verification information based on the second challenge task; and after the key authentication and second authentication are successful, sending the content stream from the content address to the client.

[0112] For details on the implementation methods and technical effects of content acquisition method 800, please refer to the above text. Figures 5-7 The description will not be repeated here.

[0113] In some embodiments, before sending the first challenge task to the client, the method further includes: periodically resetting the first challenge task. For example, the server may reset the first challenge task once a day. In some embodiments, before sending the second challenge task to the client along with the content address, the method further includes: periodically resetting the second challenge task. For example, the server may reset the second challenge task once a day. In this way, even if a service provider offering hotlinking cracks the challenge task in a short time, the anti-hotlinking effect can still be effectively achieved because the challenge task changes periodically and rapidly.

[0114] Figure 9 The diagram illustrates the principle of anti-leeching for content retrieval methods according to some embodiments of this disclosure. For example... Figure 9 As shown, the server 720 may include a content backend module 622, a synchronous attack module 624, a CDN module 728, and an asynchronous attack module 730. In some embodiments, the client 610 may send a request for a content address, including first verification information, to the content backend module 622. The content backend module 622 may forward the client 610's request to the synchronous attack module 624, which will then perform first authentication (i.e., synchronous attack) on the first verification information based on a first challenge task. Client 610 can receive a second challenge task from the server simultaneously with obtaining the content address, including the key, sent by the server after the first authentication is successful. Then, client 610 can generate second verification information based on the second challenge task and send a streaming request, including the second verification information and the key, to CDN module 728. CDN module 728 can perform key authentication 920 to identify abnormal requests, and after successful key authentication, forward the streaming request to asynchronous attack module 730. Asynchronous attack module 730 can perform second authentication on the second verification information based on the second challenge task. If the second authentication is successful, asynchronous attack module 730 can instruct CDN module 728 to return the content stream normally to client 610. Additionally, asynchronous attack module 730 can also verify the IP address of the terminal device on which client 610 is installed when sending the request for the content address to server 720 and when sending the streaming request to server 720 (frequency service 930), as well as user behavior information during the content acquisition process (behavior service 940), thereby preventing hotlinking from multiple dimensions.

[0115] Figure 10 The diagram illustrates the anti-hotlinking effect of a content retrieval method according to some embodiments of the present disclosure. When only a very small number of hotlinks occur, it is generally difficult to detect. By adjusting the challenge tasks and configuring synchronous and asynchronous attack strategies, all user requests can be quickly identified. The anti-hotlinking effect of the content retrieval method according to some embodiments of the present disclosure is as follows: Figure 10As shown in the image, taking live streaming as an example, when asynchronous attacks are initiated at 17:00, the bandwidth data drops instantly, and the number of online users on the client side also decreases significantly afterward, demonstrating a good anti-hotlinking effect.

[0116] Figure 11 A schematic block diagram of a content acquisition apparatus 1100 according to some embodiments of the present disclosure is shown. Figure 11 As shown, the content acquisition device 1100 includes: a rotation task request sending module 1110, configured to send a rotation task request to a server; a first challenge task receiving module 1120, configured to receive a first challenge task from the server, the first challenge task being sent by the server in response to the rotation task request; a first verification information generation module 1130, configured to generate first verification information based on the first challenge task; a request sending module 1140, configured to send a request for a content address including the first verification information to the server; and a content address acquisition module 1150, configured to acquire the content address sent by the server after the first authentication is passed, wherein the first authentication is performed by the server on the first verification information based on the first challenge task after receiving the request for the content address. The specific implementation and technical effects of the content acquisition device 1100 can be referred to the above description of the content acquisition method, and will not be repeated here.

[0117] Figure 12 A schematic block diagram of a content acquisition apparatus 1200 according to some embodiments of the present disclosure is shown. Figure 12 As shown, the content acquisition device 1200 includes: a rotation task request receiving module 1210, configured to receive rotation task requests from a client; a first challenge task sending module 1220, configured to send a first challenge task to the client in response to receiving the rotation task request; a request receiving module 1230, configured to receive a request for a content address from the client, including first verification information generated by the client based on the first challenge task; a first authentication module 1240, configured to perform first authentication on the first verification information based on the first challenge task after receiving the request for the content address; and a content address sending module 1250, configured to send the content address to the client after the first authentication is successful. The specific implementation and technical effects of the content acquisition device 1200 can be found in the description of the content acquisition method above, and will not be repeated here.

[0118] Figure 13 A schematic block diagram of a computing system 1300 capable of implementing a content retrieval method according to some embodiments of the present disclosure is shown. In some embodiments, the computing system 1300 may correspond to a terminal device on which the client 410 is installed or one or more computing devices included in the server 420, such as... Figure 4bAs shown in the application scenarios.

[0119] The computing system 1300 may include various types of devices, such as computing devices, computers, client devices, system-on-a-chip and / or any other suitable computing system.

[0120] The computing system 1300 may include at least one processor 1302, memory 1304, multiple communication interfaces 1306, display device 1308, other input / output (I / O) devices 1310, and one or more mass storage devices 1313 that are capable of communicating with each other, such as via a system bus 1311 or other suitable means.

[0121] Processor 1302 may be a single processing unit or multiple processing units, and all processing units may include a single or multiple computing units or multiple cores. Processor 1302 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuits, and / or any device that manipulates signals based on operating instructions. Among other capabilities, processor 1302 may be configured to acquire and execute computer-readable instructions stored in memory 1304, mass storage device 1313, or other computer-readable media, such as program code of operating system 1316, program code of application program 1318, program code of other program 1320, etc., to implement the content acquisition method provided in the embodiments of this disclosure.

[0122] Memory 1304 and mass storage device 1313 are examples of computer storage media for storing instructions that are executed by processor 1302 to perform the various functions described above. For example, memory 1304 may generally include both volatile and non-volatile memory (e.g., RAM, ROM, etc.). Furthermore, mass storage device 1313 may generally include hard disk drives, solid-state drives, removable media, including external and removable drives, memory cards, flash memory, floppy disks, optical disks (e.g., CDs, DVDs), storage arrays, network-attached storage, storage area networks, etc. Both memory 1304 and mass storage device 1313 may be collectively referred to herein as memory or computer storage media, and may be non-transitory media capable of storing computer-readable, processor-executable program instructions as computer program code, which may be executed by processor 1302 as a specific machine configured to perform the operations and functions described in the examples herein.

[0123] Multiple program modules can be stored on mass storage device 1313. These programs include operating system 1316, one or more application programs 1318, other programs 1320, and program data 1322, and they can be loaded into memory 1304 for execution. Examples of such application programs or program modules may include, for example, computer program logic (e.g., computer program code or instructions) for implementing the content retrieval methods provided herein. Moreover, these program modules can be distributed across different physical locations to implement corresponding functions. For example, those described as being made by... Figure 4b The methods executed by the client 410 or server 420 can be distributed across multiple computing devices.

[0124] Although Figure 13 The modules 1313, 1318, 1320, and 1322, or portions thereof, are illustrated as being stored in memory 1304 of computing system 1300; however, modules 1313, 1318, 1320, and 1322 may be implemented using any form of computer-readable medium accessible by computing system 1300. As used herein, “computer-readable medium” includes at least two types of computer-readable media: computer storage media and communication media.

[0125] Computer storage media includes volatile and non-volatile, removable and non-removable media implemented by any method or technology for storing information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technologies, CD-ROM, DVD, or other optical storage devices, magnetic cassettes, magnetic tapes, disk storage devices or other magnetic storage devices, or any other non-transfer medium that can be used to store information for access by a computing system.

[0126] In contrast, communication media can embody computer-readable instructions, data structures, program modules, or other data within modulated data signals such as carrier waves or other transmission mechanisms. Computer storage media as defined herein do not include communication media.

[0127] The computing system 1300 may also include one or more communication interfaces 1306 for exchanging data with other devices, such as via a network, direct connection, etc. The communication interface 1306 can facilitate communication across various network and protocol types, including wired networks (e.g., LAN, cable, etc.) and wireless networks (e.g., WLAN, cellular, satellite, etc.), the Internet, etc. The communication interface 1306 can also provide communication with external storage devices (not shown), such as storage arrays, network-attached storage, storage area networks, etc.

[0128] In some examples, a display device 1308, such as a monitor, may be included for displaying information and images. Other I / O devices 1310 may be devices that receive various inputs from a user and provide various outputs to the user, and may include touch input devices, gesture input devices, cameras, keyboards, remote controls, mice, printers, audio input / output devices, and so on.

[0129] This application provides a computer-readable storage medium storing computer-readable instructions thereon, which, when executed, implement the above-described content retrieval method.

[0130] This application provides a computer program product or computer program including computer instructions stored in a computer-readable storage medium. A processor of a computing device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computing device to perform the content acquisition method provided in the various optional implementations described above.

[0131] In the description of this specification, the terms "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., refer to a specific feature, structure, material, or characteristic described in connection with that embodiment or example that is included in at least one embodiment or example of this disclosure. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.

[0132] Any process or method description in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or more executable instructions for implementing custom logic functions or processes, and the scope of preferred embodiments of this disclosure includes additional implementations in which functions may be performed not in the order shown or discussed (including substantially simultaneously or in reverse order depending on the functions involved), as will be understood by those skilled in the art to which embodiments of this disclosure pertain.

[0133] Furthermore, the functional units in the various embodiments of this disclosure can be integrated into a processing module, or each unit can exist physically separately, or two or more units can be integrated into a module. The integrated module can be implemented in hardware or as a software functional module. If the integrated module is implemented as a software functional module and sold or used as an independent product, it can also be stored in a computer-readable storage medium.

[0134] By studying the accompanying drawings, the disclosure, and the appended claims, those skilled in the art can understand and implement variations of the disclosed embodiments in practicing the claimed subject matter. In the claims, the word "comprising" does not exclude other elements or steps, and the indefinite articles "a" or "an" do not exclude a plurality. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used for profit.

Claims

1. A content acquisition method, comprising: Send a rotation task request to the server; Receive a first challenge task from the server, the first challenge task being sent by the server in response to the rotation task request; Based on the first challenge task, generate the first verification information; Send a request for the content address, including the first verification information, to the server; as well as Obtain the content address sent by the server after the first authentication is passed, wherein the first authentication is performed by the server on the first verification information based on the first challenge task after receiving the request for the content address; The content acquisition method further includes: While obtaining the content address sent by the server after the first authentication is successful, the second challenge task is received from the server. Based on the second challenge task, generate second verification information; Send a pull request including the second verification information to the server; and The server obtains the content stream sent from the content address after the second authentication is successful, wherein the second authentication is performed by the server on the second verification information based on the second challenge task after receiving the pull request.

2. The content acquisition method according to claim 1, wherein, The first challenge task includes executable code, and The step of generating the first verification information based on the first challenge task includes: Execute the executable code in the first challenge task to generate a first execution result; and The first execution result is encrypted to generate the first verification information.

3. The content acquisition method according to any one of claims 1-2, wherein, The address to which the server sends content after the first authentication is successful includes: The server obtains a content address including a key sent by the server after the first authentication is successful. The key is generated by the server based on at least one of the user information of the user at the end that sent the request for the content address and the content information of the content stream to be obtained at the content address.

4. The content acquisition method according to claim 3, wherein, The step of sending a pull request including the second verification information to the server further includes: sending a pull request including the second verification information and the key to the server; and The step of obtaining the content stream sent by the server from the content address after the second authentication is passed further includes: obtaining the content stream sent by the server from the content address after the key authentication and the second authentication are passed, wherein the key authentication is performed by the server on the key based on at least one of the user information and the content information of the content stream to be obtained after receiving the pull request.

5. A content acquisition method, comprising: Receive rotation task requests from the client; In response to receiving the rotation task request, a first challenge task is sent to the client; The client receives a request for a content address, including first verification information generated by the client based on the first challenge task. Upon receiving the request for the content address, the first authentication is performed on the first verification information based on the first challenge task; as well as After the first authentication is successful, the content address is sent to the client; The content acquisition method further includes: At the same time as sending the content address to the client, a second challenge task is sent to the client. The client receives a pull request including second verification information, which is generated by the client based on the second challenge task. Upon receiving the streaming request, a second authentication is performed on the second verification information based on the second challenge task; and After the second authentication is successful, the content stream is sent from the content address to the client.

6. The content acquisition method according to claim 5, wherein, The first authentication of the first verification information based on the first challenge task includes: The first verification information is decrypted to generate a decryption result; and Based on the first challenge task, the decryption result undergoes a first authentication. The first challenge task includes executable code, and the first verification information is generated by the client executing the executable code in the first challenge task to generate a first execution result and encrypting the first execution result.

7. The content acquisition method according to any one of claims 5-6, wherein, The address to which the content is sent to the client includes: Send a content address including a key to the client, the key being generated based on at least one of user information of the user at the end that sent the request for the content address and content information of the content stream to be retrieved at the content address.

8. The content acquisition method according to claim 7, wherein, Receiving a pull request from the client that includes the second verification information includes: receiving a pull request from the client that includes the second verification information and the key; The second authentication of the second verification information based on the second challenge task includes: performing key authentication on the key based on at least one of the user information and the content information of the content stream to be obtained, and performing second authentication on the second verification information based on the second challenge task; and Sending a content stream from the content address to the client after the second authentication is successful includes: sending a content stream from the content address to the client after the key authentication and the second authentication are successful.

9. The content acquisition method according to any one of claims 5-6, wherein before sending the first challenge task to the client, it further comprises: The first challenge mission is reset periodically.

10. A content acquisition device, comprising: The task rotation request sending module is configured to send task rotation requests to the server. The first challenge task receiving module is configured to receive a first challenge task from the server, wherein the first challenge task is sent by the server in response to the rotation task request; The first verification information generation module is configured to generate first verification information based on the first challenge task; The request sending module is configured to send a request for the content address, including the first verification information, to the server; as well as The content address acquisition module is configured to acquire the content address sent by the server after the first authentication is passed, wherein the first authentication is performed by the server on the first verification information based on the first challenge task after receiving the request for the content address; The first challenge task receiving module is also configured to receive the second challenge task from the server while obtaining the content address sent by the server after the first authentication is passed; The first verification information generation module is also configured to generate second verification information based on the second challenge task; The request sending module is also configured to send a pull request, including the second verification information, to the server; as well as The content address acquisition module is also configured to acquire the content stream sent by the server from the content address after the second authentication is passed, wherein the second authentication is performed by the server on the second verification information based on the second challenge task after receiving the pull request.

11. A content acquisition device, comprising: The rotation task request receiving module is configured to receive rotation task requests from the client. The first challenge task sending module is configured to send a first challenge task to the client in response to receiving the rotation task request; The request receiving module is configured to receive a request for a content address from the client, including first verification information, wherein the first verification information is generated by the client based on the first challenge task; The first authentication module is configured to perform first authentication on the first verification information based on the first challenge task after receiving the request for the content address. as well as The content address sending module is configured to send the content address to the client after the first authentication is passed; The first challenge task sending module is also configured to send a second challenge task to the client at the same time as sending the content address to the client; The request receiving module is also configured to receive a pull request from the client including second verification information, which is generated by the client based on the second challenge task; The first authentication module is further configured to perform a second authentication on the second verification information based on the second challenge task after receiving the streaming request; and The content address sending module is also configured to send a content stream from the content address to the client after the second authentication is passed.

12. A computing device comprising a memory and a processor, the memory being configured to store computer-executable instructions thereon, the computer-executable instructions, when executed on the processor, performing the content acquisition method of any one of claims 1-9.

13. A computer-readable storage medium having stored thereon computer-executable instructions, which, when executed on a processor, perform the content acquisition method of any one of claims 1-9.

Images