[go: up one dir, main page]

WO2010020114A1 - Content access authentification method, device and system - Google Patents

Content access authentification method, device and system Download PDF

Info

Publication number
WO2010020114A1
WO2010020114A1 PCT/CN2009/000964 CN2009000964W WO2010020114A1 WO 2010020114 A1 WO2010020114 A1 WO 2010020114A1 CN 2009000964 W CN2009000964 W CN 2009000964W WO 2010020114 A1 WO2010020114 A1 WO 2010020114A1
Authority
WO
WIPO (PCT)
Prior art keywords
content
user
access
channel
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2009/000964
Other languages
French (fr)
Chinese (zh)
Inventor
刘涛
温亮生
尹瑶瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Original Assignee
China Mobile Communications Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Corp filed Critical China Mobile Communications Corp
Publication of WO2010020114A1 publication Critical patent/WO2010020114A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a content access authentication method, device, and system. Background technique
  • Dynamic Content Delivery is a C/S (Client/Server, Client/Server) architecture. After the network-side DCD server obtains content from the internal supplier at a preset time, A technique for pushing content to a DCD terminal through a specific trigger mechanism.
  • the DCD server classifies different categories of content in the form of channels and distributes them to the user's DCD terminal in the form of channels (such as sports channels, entertainment channels, etc.).
  • the content in each channel is organized in the form of channel items, that is, each channel contains several channel items.
  • the normal access mode means that after the user sees the channel item of interest in the DCD window, the channel item can be selected, and the content summary of the channel item is displayed on the summary screen, by selecting the content summary of the channel item in the summary screen.
  • the included link the DCD terminal will automatically launch its own browser, through the browser to access the content provided by the content provider corresponding to the link; abnormal access means that the user enters the URL address through the browser bookmark, manually Or a link to the content item page of the accessed channel item directly accesses the content provided by the content provider. Since the user can access the content through an abnormal manner, the DCD server needs to provide a complete set of authentication schemes to effectively protect the interests of the provider and the operator.
  • An embodiment of the present invention provides a content access authentication method for preventing a user from illegally accessing content.
  • the method includes:
  • the content providing device receives the content access request initiated by the terminal, and when it is determined that the content access request does not carry the authentication success identifier for the user access right, determining whether the channel requested to be accessed is a charging channel, 'if yes:
  • the user subscription relationship is obtained from the content access proxy server, and the user access authority is authenticated according to the user subscription relationship. If the authentication is successful, the channel content requested to be accessed is returned to the terminal.
  • the method before acquiring the user subscription relationship from the content access proxy server, the method further includes: determining, by the device, whether the user has stored access information for the channel requested to access; if yes, returning the channel content requested for access to the terminal If not, the user subscription relationship is obtained from the content access proxy server, and the user access authority is authenticated according to the user subscription relationship. If the authentication is successful, the channel content requested to be accessed is returned to the terminal.
  • the embodiment of the present invention further provides a content access authentication system, which is used to prevent users from illegally accessing content.
  • the system includes:
  • a terminal configured to initiate a content access request; and, receiving a channel content requested to be accessed; and a content access proxy server, configured to provide a user subscription relationship;
  • a content providing device configured to receive a content access request initiated by the terminal, and determine that the content access request does not carry an authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a charging channel:
  • the proxy server obtains the user subscription relationship, and authenticates the user access authority according to the user subscription relationship, and returns the channel content requested to be accessed to the terminal after the authentication succeeds; or further determines whether the user pair is already stored in the device.
  • the access information of the channel requesting access if yes, returning the channel content requested to be accessed to the terminal; if not, obtaining the user subscription relationship from the content access proxy server, and authenticating the user access authority according to the user subscription relationship, After the success of the right, storing the access information of the user to the channel requested to be accessed, and The terminal returns the channel content requested to access.
  • the embodiment of the present invention further provides a content providing device, which is used to prevent a user from illegally accessing content, and the internal device includes:
  • a receiving module configured to receive a content access request initiated by the user through the terminal
  • a determining module configured to determine whether the content access request carries an authentication success identifier for the user access right
  • a content providing module configured to: when determining that the content access request does not carry an authentication success identifier for the user access right, and requesting the accessed channel to be a charging channel: obtaining a user subscription relationship from the content access proxy server, according to the user subscription relationship The user access right is authenticated, and after the authentication succeeds, the channel content requested to be accessed is returned to the terminal; or, it is further determined whether the access information of the channel requested by the user to the accessed channel is already stored in the device; if yes, then Returning, by the terminal, the channel content requested to be accessed; if not, acquiring the user subscription relationship from the content access proxy server, authenticating the user access authority according to the user subscription relationship, and storing the channel requested by the user after the authentication succeeds Access information, and return the channel content requested for access to the terminal.
  • the content providing device receives the content access request initiated by the terminal, and determines that the content access request does not carry the authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a charging channel:
  • the access proxy server obtains the user subscription relationship, authenticates the user access authority according to the user subscription relationship, and returns the channel content requested to be accessed to the terminal after the authentication succeeds; or further determines whether the user has been stored in the device.
  • DRAWINGS 1 is a flowchart of a content access authentication method of a DCD according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a user browsing a complete content in a normal manner according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a user in an abnormal manner according to an embodiment of the present invention
  • a flow chart for accessing the full content of the free channel
  • FIG. 4 is a flowchart of a user successfully browsing a complete content of a toll channel in an abnormal manner according to an embodiment of the present invention
  • FIG. 5 is a flowchart of browsing a complete content of a charging channel by a user failing in an abnormal manner according to an embodiment of the present invention
  • FIG. 6 is a flowchart of an example of content authentication logic in an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a content access authentication system of a DCD according to an embodiment of the present invention
  • FIG. 8 is a schematic structural diagram of a content providing apparatus according to an embodiment of the present invention.
  • the DCD server provides a function for the user to access the complete content through the DCD terminal. After the user selects a link related to a channel item, the DCD terminal will automatically launch its own browser, and initiate a request to access the link to the DCD server through the browser.
  • the DCD server performs subscription relationship authentication on the access complete content request sent by the DCD terminal. After the authentication is passed, the DCD terminal obtains the complete content page according to the redirect link of the complete content page returned by the DCD server.
  • the DCD server can receive and process the subscription relationship authentication request sent by the content providing device, and The subscription relationship authentication result is provided to the content providing device, and finally the device determines whether the user can access the complete content.
  • the process of the user browsing the complete content through the DCD terminal is as follows: The user is booted through the DCD terminal, and after the DOC server subscription relationship authentication is passed, the DCD terminal obtains the complete content page according to the redirect link of the complete content page returned by the DCD server.
  • the access direction is: DCD terminal DCD server DCD terminal ⁇ H for the device.
  • the DCD server should strictly authenticate the request for complete content access, for example, to authenticate the following items:
  • Terminal model Only the terminal registered on the DCD server can use the DCD service;
  • the service is open to the scope: Only users in the open service can use the DCD service;
  • User blacklist Only users who are not in the user blacklist can use the DCD service;
  • Ordering Relationship Full content access is only available to users who have subscribed to the appropriate business.
  • the DCD server can provide friendly prompts and guide the user to perform corresponding operations. After the authentication is successful, the DCD server will redirect the DCD terminal to the device to obtain the complete content. page.
  • the content providing device First, it is determined whether the user has the right to access the content according to the user's access information in the session accessed by the user, such as the user's mobile phone number, authentication parameters, and the like.
  • the content providing device directly provides the user with the access content; if the channel accessed by the user is a charging channel, the content providing device needs to initiate a subscription relationship authentication request to the DCD server through the interface, and the DCD server will The right result is returned to the internal device: if the authentication is successful, the content providing device returns the full content page to the user, and if the authentication fails, the content providing device sends the redirect link of the complete content page to the DCD terminal, the DCD terminal According to the redirect link to access the DCD server, the DCD server returns the result of the corresponding access failure to the user, and guides the user to perform the corresponding operation.
  • Access directions for accessing the toll channel in an abnormal manner and successful authentication are: content providing device DCD server content providing device > DCD terminal; accessing the charging channel in an abnormal manner but The access directions for unsuccessful authentication are: Content providing device DCD server content providing device DCD terminal DCD server DCD terminal.
  • Step 101 The internal device receives a content access request initiated by the user through the DCD terminal.
  • Step 102 The device determines that the content access request does not carry an authentication success identifier for the user access right.
  • Step 103 When determining that the channel requested to be accessed is a charging channel, the content providing device acquires a user subscription relationship from the DCD server, authenticates the user access authority according to the user subscription relationship, and returns a channel requesting access to the DCD terminal after the authentication succeeds. content.
  • the content providing device determines that the content access request carries an authentication success identifier for the user access right
  • the content of the channel requested to be accessed is returned to the DCD terminal.
  • the user accesses the content through the normal access mode, that is, the user selects the content link to be accessed in the DCD window through the DCD terminal, triggers the DCD server to authenticate the user access authority according to the user subscription relationship; after the authentication succeeds, the DCD The server returns a page redirection link to the DCD terminal.
  • the DCD terminal initiates a content access request to the content providing device according to the received page redirection link, and carries the authentication success identifier for the user access right in the content access request.
  • Step 201 The user selects a channel item of interest through the DCD terminal, enters a summary screen, and selects a hyperlink in the summary screen.
  • Step 202 The DCD terminal automatically starts the browser, and initiates a request to browse the complete content page to the DCD server.
  • Step 203 The DCD server authenticates the user access authority based on the subscription relationship cached by the DCD server.
  • Step 204 After the authentication is passed, the DCD server returns a redirected link of the complete content page to the DCD terminal, and carries the authentication success identifier and the authentication parameter.
  • Step 205 The DCD terminal automatically sends the content to the content according to the redirected link of the returned full content page. Provides a device to initiate a content access request.
  • Step 206 The device is configured to determine whether the user has the right to access the content. At this time, because the content authentication request carries the authentication success identifier, step 207 is continued.
  • Step 207 The internal device returns the complete content page after the organization to the DCD terminal.
  • Step 208 The user browses the complete content through the DCD terminal.
  • the content providing device when the content providing device does not carry the authentication success identifier for the user access right, the content providing device further determines that the channel requested to be accessed is a free channel, and directly returns the channel requested for access to the DCD terminal. content.
  • the process of the user accessing the complete content of the free channel in an abnormal manner is as follows:
  • Step 301 The user directly initiates a content access request for browsing the full content page by using the DCD terminal directly (browser bookmark, manually inputting the URL address, and the link of the accessed channel item content page).
  • Step 302 The internal device is configured to determine whether the user has the right to browse the complete content page. In this case, the content access request does not carry the authentication success identifier, and the channel requested by the user is a free channel, and step 303 is performed.
  • Step 303 The internal device returns the complete content page after the organization to the DCD terminal.
  • Step 304 The user browses the complete content through the DCD terminal.
  • the device determines that the channel requested to be accessed is a charging channel, and obtains the user subscription relationship from the DCD server; at this time, the internal device provides the user attribute to the DCD server. Information;
  • the DCD server returns the user subscription relationship to the device according to the user attribute information.
  • the user attribute information may be a user number, a DCD terminal type, a channel identifier, etc.; the user subscription relationship may be a channel list added by the user, a charging identifier list in which the user has subscribed to the charged content, and the like.
  • the process of successfully browsing the full content of the toll channel by the user in an abnormal manner is as follows:
  • Step 401 The user initiates browsing the full content page to the content providing device directly through the DCD terminal (browser bookmark, manual input URL address, link of the accessed channel item content page) Content access request.
  • DCD terminal browser bookmark, manual input URL address, link of the accessed channel item content page
  • Step 402 The internal device determines whether the user has the right to access the content. In this case, the content access request does not carry the authentication success identifier, and the channel accessed by the user is a charging channel, and step 403 is performed.
  • Step 403 The device sends a subscription relationship authentication request to the DCD server, and needs to carry user attribute information such as a mobile phone number, a terminal type, and a channel identifier.
  • Step 404 The DCD server authenticates the subscription relationship of the user.
  • Step 405 The DCD server provides an authentication response for the DCD service subscription relationship of the user, and returns related information such as a channel list added by the user and a charging identifier list of the content that the user has subscribed to.
  • Step 406 The content providing device authenticates the user access authority according to the operation request, the authentication response information returned by the DCD server (the channel list added by the user, and the charging identifier list of the user who has subscribed the charging content). If the right is passed, step 407 is performed.
  • Step 407 The internal device is returned to the DCD terminal by the device to return the complete content page after the organization.
  • Step 408 The user browses the complete content through the DCD terminal.
  • the page redirect link is returned to the DCD terminal; the DCD terminal redirects the link according to the received page to the DCD.
  • the server initiates an authentication request; the DCD server authenticates the user access authority according to the user subscription relationship, returns an authentication failure result to the DCD terminal, and prompts the user to perform an access authority application operation according to the authentication failure reason.
  • the process of browsing the content of the toll channel by the user in an abnormal manner fails as follows:
  • Step 501 The user initiates a content access request for browsing the complete content page to the content providing device directly through the DCD terminal (browser bookmark, manual input URL address, link of the accessed channel item content page).
  • Step 502 The content providing device determines whether the user has the right to access the content. At this time, the content access request does not carry the authentication success identifier, and the channel accessed by the user is a charging channel, and then the execution is performed. Step 503.
  • Step 503 The device sends a subscription relationship authentication request to the DCD server, and needs to carry user attribute information such as a mobile phone number, a terminal type, and a channel identifier.
  • Step 504 The DCD server authenticates the subscription relationship of the user.
  • Step 505 The DCD server provides an authentication response of the DCD service subscription relationship of the user to the content providing device, and returns related information such as a channel list added by the user and a charging identifier list that the user has subscribed to the charging content.
  • Step 506 The content providing device authenticates the user access authority according to the operation request, the authentication response information returned by the DCD server (the channel list added by the user, and the charging identifier list that the user has subscribed to the charging content). If the right fails, step 507 is performed.
  • Step 507 The device returns a page redirect link to the DCD terminal and carries the channel identifier.
  • Step 508 The DCD terminal automatically initiates an access request to the DCD server according to the page redirect link.
  • Step 509 The DCD server authenticates the user access authority according to the user subscription relationship.
  • Step 511 The user enters a subscription package or adds a channel according to the prompt information.
  • the content authentication logic flow is as shown in FIG. 6, and includes:
  • Step 601 Internal: The device receives the complete content browsing request initiated by the user, that is, the content access request.
  • Step 602 The content providing device determines whether the request parameter has an authentication success identifier, and if yes, step 613 is performed, and if no, step 603 is performed.
  • Step 603 The content providing device determines whether the access is a free channel, and if yes, performing the step 613. If no, step 604 is performed.
  • Step 604 The device sends a subscription relationship authentication request to the DCD server.
  • Step 605 The DCD server authenticates the user subscription relationship.
  • Step 606 The DCD server returns the user subscription relationship information to the content providing device, and performs strong information on the information.
  • Step 607 Internal: The device decrypts the user subscription relationship information, and determines whether the user can access the charging channel. If yes, step 613 is performed, and if no, step 608 is performed.
  • Step 608 The content providing device returns a page redirection link of the DCD server to the DCD terminal.
  • Step 609 The DCD terminal automatically initiates an access request to the DCD server according to the page redirect link.
  • Step 610 The DCD server authenticates the user access authority according to the user subscription relationship.
  • Step 611 The DCD server returns a page of complete content access failure to the DCD terminal, and gives different prompt information according to the failure reason.
  • Step 612 The user enters a subscription package or adds a channel according to the prompt information.
  • Step 613 The internal device is configured to return the complete content page to the user.
  • Step 614 The user browses the complete content.
  • the content providing device may further determine whether the user has stored access information for the channel requested to be accessed in the device, and if yes, indicating that the user has previously accessed the charging.
  • the content of the channel the content providing device believes that the user has the right to access the charging channel, and will directly provide the user with the access content; if there is no user access information in the device (such as when the session times out, the user first accesses, etc.), the content
  • the providing device needs to initiate the above-mentioned authentication processing procedure for the user access authority, obtain the user subscription relationship from the DCD server, and authenticate the user access authority according to the user subscription relationship, and return the channel requesting access to the DCD terminal after the authentication is passed.
  • Content the content providing device needs to store the access information of the user to the channel requested to be accessed, as the basis for determining whether the user has the access right next time.
  • the content providing device When the user requests the content providing device to access the channel content directly from the DCD terminal (browser bookmark, manual input URL address, link of the accessed channel item content page), the content providing device needs to access information according to the user in the session, such as a mobile phone number. , authentication parameters, etc., to determine whether the user has access to the content. If the channel accessed by the user is a free channel, the content providing device directly provides the user with access to the content; if the channel accessed by the user is a premium channel, the content providing device needs to request the subscription relationship authentication from the DCD server through the content authentication interface.
  • the content providing device initiates the subscription relationship authentication request to the DCD server, access the URL address: http://dcd.monternet.com/service/authorize, and pass the phone number, the terminal model, and the channel identifier corresponding to the currently browsed content through the querystring.
  • the DCD Ji server determines whether the user terminal is a registered terminal, determines the user's subscription relationship, and lists the channel list added by the user and the charging identifier list of the user's ordered charging content.
  • the user subscription relationship information can be encrypted by DES (Data Encryption Standard), and the DES encryption key can be flexibly configured.
  • the parameters that need to be encrypted can be as follows:
  • Encryption using DES above is passed to the content providing device as an auth parameter.
  • the content providing device performs DES decryption on the auth, and performs authentication according to the authentication response parameter information (the channel list or the charging identifier list may be logically determined according to the operational requirement). If the authentication succeeds, the content providing device adds the channel list added by the user.
  • the id is the channel identifier corresponding to the user's current access content.
  • the DCD server authenticates the user access authority according to the terminal request, and prompts the user for the corresponding authentication failure result, and guides the user to complete the corresponding operation such as adding the channel.
  • the user When the user browses the complete content through the DCD terminal in the normal access mode, the user boots through the DCD terminal and enters the wap page through the DCD server.
  • the DCD server authenticates the user access authority. If the authentication succeeds, the DCD server redirects the DCD terminal to the internal device, and the redirected link address is the URL address corresponding to the channel content, and the authentication success identifier and auth are attached. Specific examples of two content access authentications are given below.
  • the user's mobile phone number is 13800010001
  • the UA User Agent
  • the UA is MOT-V300/xx.xx.xxR DCD/1.5 Profile MIDP-2.0 Configuration/CLDC-1.0.
  • the user currently wants to access a channel of a separate charging and charging channel.
  • the channel identifier feed-id of the channel is 000001
  • the corresponding charging identifier code service-id is 52000003.
  • the authentication interaction process and the parameters passed between the device and the DCD server are as follows:
  • the user directly requests the internal device to access the complete content request through the DCD terminal; the content providing device determines that the channel accessed by the user is a charging channel according to the user's access information in the session, such as the user's mobile phone number and the authentication parameter;
  • the internal device uses the HTTP GET method to initiate a subscription relationship authentication request to the DCD server.
  • the request URL is:
  • the DCD server After receiving the subscription relationship authentication request, the DCD server authenticates the user subscription relationship, and the DCD server determines that the current DCD server identifier s of the user is dcd, and the channel list fl added by the user is 000001, 000002, the user's billing identifier list si is 52000003, and the user access time t is 2007-03-28 10:12:27.
  • the DCD server returns the encrypted string as an authentication parameter to the internal device through the authentication response, and the response is:
  • the embodiment of the present invention further provides a DCD content access authentication system, and the structure thereof is as shown in FIG. 7, which may include:
  • a DCD terminal 701 configured to initiate a content access request; and, to receive a channel content requested to be accessed;
  • DCD server 702 configured to provide a user subscription relationship
  • the content providing device 703 is configured to receive a content access request initiated by the DCD terminal 701, determine that the content access request does not carry an authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a premium channel: from the DCD
  • the server 702 obtains a user subscription relationship, according to the user The subscription relationship authenticates the user access right, and returns the channel content requested to be accessed to the DCD terminal 701 after the authentication succeeds; or further determines whether the user has stored access information of the channel requested to access the device; And returning the channel content requested for access to the DCD terminal 701; if not, acquiring the user subscription relationship from the DCD server 702, authenticating the user access authority according to the user subscription relationship, and storing the user requesting access after the authentication succeeds The access information of the channel is returned to the DCD terminal 701 for the channel content requested for access.
  • the internal device may be further configured to return a page redirect link to the DCD terminal when the authentication fails; the DCD terminal may further be configured to initiate an authentication request to the DCD server according to the received page redirect link; the DCD server It can also be used to authenticate the user access rights according to the user subscription relationship, return the authentication failure result to the DCD terminal, and prompt the user to perform the access authority application operation according to the authentication failure reason.
  • the content providing device may be further configured to: when determining the authentication success identifier for the user access right in the content access request, return the channel content requested to be accessed to the DCD terminal.
  • the DCD server may be further configured to: after receiving the trigger of the content link to be accessed by the user in the DCD window, the DCD server authenticates the user access right according to the user subscription relationship; after the authentication succeeds Returning a page redirection link to the DCD terminal; the DCD terminal may be further configured to: initiate an content access request to the device according to the received page redirection link, and carry the authentication request for the user access right in the content access request Logo.
  • the internal device 703 initiates a subscription relationship authentication request to the DCD server 702 via the content authentication interface.
  • the embodiment of the present invention further provides an internal device, and the structure thereof is as shown in FIG.
  • the receiving module 801 is configured to receive a content access request initiated by the user through the DCD terminal, and the determining module 802 is configured to determine whether the content access request carries an authentication success identifier for the user access right.
  • the module 803 is configured to: when determining that the content access request does not carry the authentication success identifier for the user access right, and the channel requesting access is a charging channel: acquiring the user from the DCD server The order relationship is to authenticate the user access right according to the user subscription relationship, and return the channel content requested to be accessed to the DCD terminal after the authentication succeeds; or, further determine whether the user has stored the channel requested to access the device.
  • Accessing the information if yes, returning the channel content requested to be accessed to the DCD terminal; if not, obtaining the user subscription relationship from the DCD server, authenticating the user access authority according to the user subscription relationship, and storing the user pair after the authentication succeeds The access information of the channel requesting access, and returning the channel content requested for access to the DCD terminal.
  • the embodiments of the present invention provide an authentication mechanism and a process for content access, and formulate related data interfaces, including a complete content authentication function description, a content authentication interface, and a content authentication process, which can simultaneously support normal Mode and content authentication for content access in an abnormal manner to ensure that only users authorized by the content access proxy server (such as DCD server) and subscribed to related channel content can access related content, effectively preventing users from illegally operating in an abnormal manner. Make content access.
  • the content access proxy server such as DCD server

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

A content access authentification method, the method includes that: a content provision device receives a content access request initiated by a terminal, and if it determines that an authentification success identification for a user access right is not carried in the content access request and the channel requested to be accessed is a paid channel, then it obtains the user subscription relationship from a content access proxy server, and authenticates the user access right according to the user subscription relationship, after successful authentification, it returns the channel content requested to be accessed to the terminal. A content access authentification system and content provision device are also provided. By adopting the schemes mentioned above, it can be prevented that the user accesses contents illegally.

Description

内容访问鉴权方法、 设备及系统 技术领域  Content access authentication method, device and system

本发明涉及通信技术领域, 尤其涉及一种内容访问鉴权方法、 设备及系 统。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a content access authentication method, device, and system. Background technique

动态内容分发 ( Dynamic Content Delivery , DCD ) 是一种基于 C/S ( Client/Server, 客户机 /服务器)结构, 由网络侧 DCD服务器在预先设定的 时间从内^!供商获取内容后,通过特定的触发机制向 DCD终端推送内容的 技术。  Dynamic Content Delivery (DCD) is a C/S (Client/Server, Client/Server) architecture. After the network-side DCD server obtains content from the internal supplier at a preset time, A technique for pushing content to a DCD terminal through a specific trigger mechanism.

DCD服务器对不同类别的内容以频道的形式进行分类, 并以频道的形式 (如体育频道、 娱乐频道等)向用户的 DCD终端分发。 各频道中的内容以频 道项的形式组织, 即每个频道中包含若干条频道项。

Figure imgf000003_0001
The DCD server classifies different categories of content in the form of channels and distributes them to the user's DCD terminal in the form of channels (such as sports channels, entertainment channels, etc.). The content in each channel is organized in the form of channel items, that is, each channel contains several channel items.
Figure imgf000003_0001

正常访问方式是指用户在 DCD窗口中看到感兴趣的频道项后,可以选中 该频道项, 则在摘要屏幕上将显示该频道项的内容摘要, 通过选中摘要屏幕 中频道项的内容摘要中包含的链接, DCD终端将自动启动其自带的浏览器, 通过浏览器来访问该链接对应的内容提供商提供的详细内容; 非正常访问方 式是指用户通过浏览器书签、 手动输入 URL地址、 或已访问的频道项内容页 面的链接直接访问内容提供商提供的内容。 由于用户可以通过非正常方式进 行内容的访问, 因此需要 DCD服务器提供一整套完善的鉴权方案, 才能切实 保障内 ^^供商和运营商的利益。  The normal access mode means that after the user sees the channel item of interest in the DCD window, the channel item can be selected, and the content summary of the channel item is displayed on the summary screen, by selecting the content summary of the channel item in the summary screen. The included link, the DCD terminal will automatically launch its own browser, through the browser to access the content provided by the content provider corresponding to the link; abnormal access means that the user enters the URL address through the browser bookmark, manually Or a link to the content item page of the accessed channel item directly accesses the content provided by the content provider. Since the user can access the content through an abnormal manner, the DCD server needs to provide a complete set of authentication schemes to effectively protect the interests of the provider and the operator.

而现有技术中对用户访问动态内容, 尤其是通过非正常方式进行内容访 问并没有提供一套完善的鉴权方案。 而且, 除了动态内容分发, 其他基于 C/S 结构的内容访问, 现有技术中也没有提供相应的完善的鉴权方案。 发明内容 In the prior art, accessing dynamic content to users, especially through abnormal access to content, does not provide a complete authentication solution. Moreover, in addition to dynamic content distribution, other based on C/S The content access of the structure does not provide a corresponding perfect authentication scheme in the prior art. Summary of the invention

本发明实施例提供一种内容访问鉴权方法, 用以防止用户非法访问内容, 该方法包括:  An embodiment of the present invention provides a content access authentication method for preventing a user from illegally accessing content. The method includes:

内容提供设备接收终端发起的内容访问请求, 当判断所述内容访问请求 中未携带对用户访问权限的鉴权成功标识时, 判断请求访问的频道是否为收 费频道,'若是:  The content providing device receives the content access request initiated by the terminal, and when it is determined that the content access request does not carry the authentication success identifier for the user access right, determining whether the channel requested to be accessed is a charging channel, 'if yes:

则从内容访问代理服务器获取用户订购关系, 根据用户订购关系对用户 访问权限进行鉴权, 若鉴权成功, 则向所述终端返回请求访问的频道内容。  Then, the user subscription relationship is obtained from the content access proxy server, and the user access authority is authenticated according to the user subscription relationship. If the authentication is successful, the channel content requested to be accessed is returned to the terminal.

优选地, 在从内容访问代理服务器获取用户订购关系之前, 还包括判断 本设备中是否已存储有所述用户对请求访问的频道的访问信息; 若是, 则向 所述终端返回请求访问的频道内容; 若否, 则从内容访问代理服务器获取用 户订购关系, 根据用户订购关系对用户访问权限进行鉴权, 若鉴权成功, 则 向所述终端返回请求访问的频道内容。  Preferably, before acquiring the user subscription relationship from the content access proxy server, the method further includes: determining, by the device, whether the user has stored access information for the channel requested to access; if yes, returning the channel content requested for access to the terminal If not, the user subscription relationship is obtained from the content access proxy server, and the user access authority is authenticated according to the user subscription relationship. If the authentication is successful, the channel content requested to be accessed is returned to the terminal.

本发明实施例还提供一种内容访问鉴权系统, 用以防止用户非法访问内 容, 该系统包括:  The embodiment of the present invention further provides a content access authentication system, which is used to prevent users from illegally accessing content. The system includes:

终端, 用于发起内容访问请求; 以及, 接收请求访问的频道内容; 内容访问代理服务器, 用于提供用户订购关系;  a terminal, configured to initiate a content access request; and, receiving a channel content requested to be accessed; and a content access proxy server, configured to provide a user subscription relationship;

内容提供设备, 用于接收所述终端发起的内容访问请求, 确定所述内容 访问请求中未携带对用户访问权限的鉴权成功标识, 则在确定请求访问的频 道为收费频道时: 从内容访问代理服务器获取用户订购关系, 根据用户订购 关系对用户访问权限进行鉴权, 在鉴权成功后向所述终端返回请求访问的频 道内容; 或, 进一步确定本设备中是否已存储有所述用户对请求访问的频道 的访问信息; 若是, 则向所述终端返回请求访问的频道内容; 若否, 则从内 容访问代理服务器获取用户订购关系, 根据用户订购关系对用户访问权限进 行鉴权, 在鉴权成功后存储所述用户对请求访问的频道的访问信息, 并向所 述终端返回请求访问的频道内容。 a content providing device, configured to receive a content access request initiated by the terminal, and determine that the content access request does not carry an authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a charging channel: The proxy server obtains the user subscription relationship, and authenticates the user access authority according to the user subscription relationship, and returns the channel content requested to be accessed to the terminal after the authentication succeeds; or further determines whether the user pair is already stored in the device. The access information of the channel requesting access; if yes, returning the channel content requested to be accessed to the terminal; if not, obtaining the user subscription relationship from the content access proxy server, and authenticating the user access authority according to the user subscription relationship, After the success of the right, storing the access information of the user to the channel requested to be accessed, and The terminal returns the channel content requested to access.

本发明实施例还提供一种内容提供设备, 用以防止用户非法访问内容, 该内^供设备包括:  The embodiment of the present invention further provides a content providing device, which is used to prevent a user from illegally accessing content, and the internal device includes:

接收模块, 用于接收用户通过终端发起的内容访问请求;  a receiving module, configured to receive a content access request initiated by the user through the terminal;

确定模块, 用于确定所述内容访问请求中是否携带有对用户访问权限的 鉴权成功标识;  a determining module, configured to determine whether the content access request carries an authentication success identifier for the user access right;

内容提供模块, 用于在确定所述内容访问请求中未携带对用户访问权限 的鉴权成功标识、 请求访问的频道为收费频道时: 从内容访问代理服务器获 取用户订购关系, 根据用户订购关系对用户访问权限进行鉴权, 在鉴权成功 后向所述终端返回请求访问的频道内容; 或, 进一步确定本设备中是否已存 储有所述用户对请求访问的频道的访问信息; 若是, 则向所述终端返回请求 访问的频道内容; 若否, 则从内容访问代理服务器获取用户订购关系, 根据 用户订购关系对用户访问权限进行鉴权, 在鉴权成功后存储所述用户对请求 访问的频道的访问信息, 并向所述终端返回请求访问的频道内容。  a content providing module, configured to: when determining that the content access request does not carry an authentication success identifier for the user access right, and requesting the accessed channel to be a charging channel: obtaining a user subscription relationship from the content access proxy server, according to the user subscription relationship The user access right is authenticated, and after the authentication succeeds, the channel content requested to be accessed is returned to the terminal; or, it is further determined whether the access information of the channel requested by the user to the accessed channel is already stored in the device; if yes, then Returning, by the terminal, the channel content requested to be accessed; if not, acquiring the user subscription relationship from the content access proxy server, authenticating the user access authority according to the user subscription relationship, and storing the channel requested by the user after the authentication succeeds Access information, and return the channel content requested for access to the terminal.

本发明实施例中, 内容提供设备接收终端发起的内容访问请求, 确定所 述内容访问请求中未携带对用户访问权限的鉴权成功标识, 则在确定请求访 问的频道为收费频道时: 从内容访问代理服务器获取用户订购关系, 根据用 户订购关系对用户访问权限进行鉴权, 在鉴权成功后向所述终端返回请求访 问的频道内容; 或, 进一步确定本设备中是否已存储有所述用户对请求访问 的频道的访问信息; 若是, 则向所述终端返回请求访问的频道内容; 若否, 则从内容访问代理服务器获取用户订购关系, 根据用户订购关系对用户访问 权限进行鉴权, 在鉴权成功后存储所述用户的访问信息, 并向所述终端返回 请求访问的频道内容, 从而可以确保只有经过内容访问代理服务器授权且订 购了相关频道内容的用户才能访问相关内容, 有效地防止了用户通过非正常 方式非法进行内容访问。 附图说明 图 1为本发明实施例中 DCD的内容访问鉴权方法流程图; 图 2为本发明实施例中用户以正常方式浏览完整内容的流程图; 图 3 为本发明实施例中用户以非正常方式访问免费频道完整内容的流程 图; In the embodiment of the present invention, the content providing device receives the content access request initiated by the terminal, and determines that the content access request does not carry the authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a charging channel: The access proxy server obtains the user subscription relationship, authenticates the user access authority according to the user subscription relationship, and returns the channel content requested to be accessed to the terminal after the authentication succeeds; or further determines whether the user has been stored in the device. Access information to the channel requesting access; if yes, returning the channel content requested for access to the terminal; if not, obtaining the user subscription relationship from the content access proxy server, and authenticating the user access authority according to the user subscription relationship, After the authentication succeeds, the access information of the user is stored, and the channel content requested to be accessed is returned to the terminal, so that it is ensured that only the user authorized by the content access proxy server and subscribed to the relevant channel content can access the related content, thereby effectively preventing The user passed the non-positive Way to access illegal content. DRAWINGS 1 is a flowchart of a content access authentication method of a DCD according to an embodiment of the present invention; FIG. 2 is a flowchart of a user browsing a complete content in a normal manner according to an embodiment of the present invention; FIG. 3 is a schematic diagram of a user in an abnormal manner according to an embodiment of the present invention; A flow chart for accessing the full content of the free channel;

图 4为本发明实施例中用户通过非正常方式成功浏览收费频道完整内容 的流程图;  4 is a flowchart of a user successfully browsing a complete content of a toll channel in an abnormal manner according to an embodiment of the present invention;

图 5 为本发明实施例中用户通过非正常方式失败浏览收费频道完整内容 的流程图;  FIG. 5 is a flowchart of browsing a complete content of a charging channel by a user failing in an abnormal manner according to an embodiment of the present invention; FIG.

图 6为本发明实施例中内容鉴权逻辑的一个实例的流程图;  6 is a flowchart of an example of content authentication logic in an embodiment of the present invention;

图 7为本发明实施例中 DCD的内容访问鉴权系统的结构示意图; 图 8为本发明实施例中内容提供设备的结构示意图。 具体实施方式  FIG. 7 is a schematic structural diagram of a content access authentication system of a DCD according to an embodiment of the present invention; FIG. 8 is a schematic structural diagram of a content providing apparatus according to an embodiment of the present invention. detailed description

下面以 DCD为例对本发明实施例进行详细说明,但本领域技术人员可以 理解, 本发明不仅适用于 DCD的内容访问鉴权, 还适用于其他基于 C/S结构 的内容访问的鉴权。  The following is a detailed description of the embodiments of the present invention by using DCD as an example. However, those skilled in the art can understand that the present invention is applicable not only to content access authentication of DCD but also to authentication of other content access based on C/S structure.

本发明实施例中, DCD服务器为用户提供通过 DCD终端访问完整内容 的功能。 用户选中某个频道项相关的链接后, DCD终端将自动启动其自带的 浏览器, 通过浏览器向 DCD服务器发起访问该链接的请求。 DCD服务器对 DCD终端送来的访问完整内容请求进行订购关系鉴权, 鉴权通过后, DCD终 端根据 DCD服务器返回的完整内容页面的重定向链接获取到完整的内容页 面。  In the embodiment of the present invention, the DCD server provides a function for the user to access the complete content through the DCD terminal. After the user selects a link related to a channel item, the DCD terminal will automatically launch its own browser, and initiate a request to access the link to the DCD server through the browser. The DCD server performs subscription relationship authentication on the access complete content request sent by the DCD terminal. After the authentication is passed, the DCD terminal obtains the complete content page according to the redirect link of the complete content page returned by the DCD server.

如果用户通过其他方式(浏览器书签、 手动输入 URL地址、 已访问的频 道项内容页面的链接)直接访问完整内容, 则 DCD服务器能够接收和处理内 容提供设备发送过来的订购关系鉴权请求, 并向内容提供设备提供订购关系 鉴权结果, 最终由内^^供设备确定用户是否能够对该完整内容进行访问。  If the user directly accesses the complete content by other means (browser bookmark, manual input URL address, link of the accessed channel item content page), the DCD server can receive and process the subscription relationship authentication request sent by the content providing device, and The subscription relationship authentication result is provided to the content providing device, and finally the device determines whether the user can access the complete content.

在正常访问方式下, 用户通过 DCD终端浏览完整内容的过程如下: 用户通过 DCD终端引导, 经 DCD服务器订购关系鉴权通过后, DCD终 端根据 DCD服务器返回的完整内容页面的重定向链接获取到完整的内容页 面。 访问方向是: DCD终端 DCD服务器 DCD终端 内^ H供设备。 In the normal access mode, the process of the user browsing the complete content through the DCD terminal is as follows: The user is booted through the DCD terminal, and after the DOC server subscription relationship authentication is passed, the DCD terminal obtains the complete content page according to the redirect link of the complete content page returned by the DCD server. The access direction is: DCD terminal DCD server DCD terminal ^ H for the device.

由于运营商一般对用户通过 DCD终端浏览完整内容的浏览流量给与免 除, 因此 DCD服务器应对完整内容访问的请求进行严格的鉴权, 例如对如下 事项进行鉴权:  Since the operator generally grants the user the browsing traffic for browsing the complete content through the DCD terminal, the DCD server should strictly authenticate the request for complete content access, for example, to authenticate the following items:

终端型号: 只有在 DCD服务器上注册的终端可以使用 DCD业务; 业务开放范围: 只有在业务开放范围内的用户可以使用 DCD业务; 用户黑名单: 只有不在用户黑名单内的用户可以使用 DCD业务; 订购关系: 只有订购了相应业务的用户才可以进行完整内容访问。  Terminal model: Only the terminal registered on the DCD server can use the DCD service; The service is open to the scope: Only users in the open service can use the DCD service; User blacklist: Only users who are not in the user blacklist can use the DCD service; Ordering Relationship: Full content access is only available to users who have subscribed to the appropriate business.

在不满足条件而鉴权失败时, DCD服务器可以提供友好提示, 并引导用 户进行相应的操作; 满足条件而鉴权成功后, DCD服务器将重定向 DCD终 端至内 ^^供设备以获取完整内容页面。  When the authentication fails, the DCD server can provide friendly prompts and guide the user to perform corresponding operations. After the authentication is successful, the DCD server will redirect the DCD terminal to the device to obtain the complete content. page.

在非正常访问方式下, 用户访问完整内容页面 (如用户通过浏览器书签 访问、 在浏览器中通过手动输入 URL地址访问、 通过已访问的频道项内容页 面的链接访问等) 时, 内容提供设备首先需根据其保存的用户访问的会话中 用户的访问信息, 如用户手机号码、 鉴权参数等, 判断用户是否有权访问该 内容。  In an abnormal access mode, when a user accesses a full content page (such as a user accessing through a browser bookmark, accessing a URL address manually in a browser, accessing a link through an accessed channel item content page, etc.), the content providing device First, it is determined whether the user has the right to access the content according to the user's access information in the session accessed by the user, such as the user's mobile phone number, authentication parameters, and the like.

如果用户访问的频道为免费频道, 则内容提供设备直接向用户提供访问 内容; 如果用户访问的频道为收费频道, 则内容提供设备需通过接口向 DCD 服务器发起订购关系鉴权请求, DCD服务器将鉴权结果返回给内 ^¾供设备: 如果鉴权成功, 则内容提供设备向用户返回完整内容页面, 如果鉴权失败, 则内容提供设备将完整内容页面的重定向链接发送给 DCD终端, DCD终端 根据该重定向链接访问 DCD服务器, DCD服务器再向用户返回相应访问失 败的结果, 并引导用户进行相应的操作。  If the channel accessed by the user is a free channel, the content providing device directly provides the user with the access content; if the channel accessed by the user is a charging channel, the content providing device needs to initiate a subscription relationship authentication request to the DCD server through the interface, and the DCD server will The right result is returned to the internal device: if the authentication is successful, the content providing device returns the full content page to the user, and if the authentication fails, the content providing device sends the redirect link of the complete content page to the DCD terminal, the DCD terminal According to the redirect link to access the DCD server, the DCD server returns the result of the corresponding access failure to the user, and guides the user to perform the corresponding operation.

采用非正常方式访问收费频道且鉴权成功的访问方向是: 内容提供设备 DCD服务器 内容提供设备 > DCD终端;采用非正常方式访问收费频道但 鉴权不成功的访问方向是: 内容提供设备 DCD服务器 内容提供设备 DCD终端 DCD服务器 DCD终端。 Access directions for accessing the toll channel in an abnormal manner and successful authentication are: content providing device DCD server content providing device > DCD terminal; accessing the charging channel in an abnormal manner but The access directions for unsuccessful authentication are: Content providing device DCD server content providing device DCD terminal DCD server DCD terminal.

下面介绍本发明实施例中的内容访问鉴权方法流程。  The flow of the content access authentication method in the embodiment of the present invention is described below.

如图 1所示, 本发明实施例中, DCD的内容访问鉴权方法流程如下: 步骤 101、 内^ 供设备接收用户通过 DCD终端发起的内容访问请求。 步骤 102、内^供设备确定所述内容访问请求中未携带对用户访问权限 的鉴权成功标识。  As shown in FIG. 1 , in the embodiment of the present invention, the flow of the content access authentication method of the DCD is as follows: Step 101: The internal device receives a content access request initiated by the user through the DCD terminal. Step 102: The device determines that the content access request does not carry an authentication success identifier for the user access right.

步骤 103、 内容提供设备在确定请求访问的频道为收费频道时, 从 DCD 服务器获取用户订购关系, 根据用户订购关系对用户访问权限进行鉴权, 在 鉴权成功后向 DCD终端返回请求访问的频道内容。  Step 103: When determining that the channel requested to be accessed is a charging channel, the content providing device acquires a user subscription relationship from the DCD server, authenticates the user access authority according to the user subscription relationship, and returns a channel requesting access to the DCD terminal after the authentication succeeds. content.

一个实施例中, 内容提供设备若确定所述内容访问请求中携带了对用户 访问权限的鉴权成功标识, 则向 DCD终端返回请求访问的频道内容。 则此时 用户通过正常访问方式访问内容, 即用户通过 DCD终端在 DCD窗口中选择 欲访问的内容链接, 触发 DCD服务器根据用户订购关系, 对用户访问权限进 行鉴权;在鉴权成功后, DCD服务器向 DCD终端返回页面重定向链接; DCD 终端根据接收的页面重定向链接, 向内容提供设备发起内容访问请求, 并在 所述内容访问请求中携带对用户访问权限的鉴权成功标识。  In an embodiment, if the content providing device determines that the content access request carries an authentication success identifier for the user access right, the content of the channel requested to be accessed is returned to the DCD terminal. At this time, the user accesses the content through the normal access mode, that is, the user selects the content link to be accessed in the DCD window through the DCD terminal, triggers the DCD server to authenticate the user access authority according to the user subscription relationship; after the authentication succeeds, the DCD The server returns a page redirection link to the DCD terminal. The DCD terminal initiates a content access request to the content providing device according to the received page redirection link, and carries the authentication success identifier for the user access right in the content access request.

如图 2所示, 一个实施例中, 用户以正常方式浏览完整内容的流程如下: 步骤 201、 用户通过 DCD终端选择感兴趣的频道项, 进入摘要屏幕, 并 选中摘要屏幕中的超链接。  As shown in FIG. 2, in one embodiment, the process for the user to browse the complete content in a normal manner is as follows: Step 201: The user selects a channel item of interest through the DCD terminal, enters a summary screen, and selects a hyperlink in the summary screen.

步骤 202、 DCD终端自动启动浏览器, 向 DCD服务器发起浏览完整内容 页面的请求。  Step 202: The DCD terminal automatically starts the browser, and initiates a request to browse the complete content page to the DCD server.

步骤 203、 DCD服务器以 DCD服务器緩存的订购关系为依据,对用户访 问权限进行鉴权。  Step 203: The DCD server authenticates the user access authority based on the subscription relationship cached by the DCD server.

步骤 204、鉴权通过后, DCD服务器向 DCD终端返回完整内容页面的重 定向链接, 并携带鉴权成功标识和鉴权参数。  Step 204: After the authentication is passed, the DCD server returns a redirected link of the complete content page to the DCD terminal, and carries the authentication success identifier and the authentication parameter.

步骤 205、 DCD终端根据返回的完整内容页面的重定向链接自动向内容 提供设备发起内容访问请求。 Step 205: The DCD terminal automatically sends the content to the content according to the redirected link of the returned full content page. Provides a device to initiate a content access request.

步骤 206、 内^ ^供设备判断用户是否有权限访问该内容, 此时由于在内 容访问请求中携带了鉴权成功标识, 所以继续执行步骤 207。  Step 206: The device is configured to determine whether the user has the right to access the content. At this time, because the content authentication request carries the authentication success identifier, step 207 is continued.

步骤 207、 内 供设备返回组织后的完整内容页面给 DCD终端。  Step 207: The internal device returns the complete content page after the organization to the DCD terminal.

步骤 208、 用户通过 DCD终端浏览完整内容。  Step 208: The user browses the complete content through the DCD terminal.

一个实施例中, 内容提供设备在确定所述内容访问请求中未携带对用户 访问权限的鉴权成功标识时, 进一步确定请求访问的频道为免费频道, 此时 直接向 DCD终端返回请求访问的频道内容。 如图 3所示, 一个实施例中, 用 户以非正常方式访问免费频道完整内容的流程如下:  In an embodiment, when the content providing device does not carry the authentication success identifier for the user access right, the content providing device further determines that the channel requested to be accessed is a free channel, and directly returns the channel requested for access to the DCD terminal. content. As shown in FIG. 3, in one embodiment, the process of the user accessing the complete content of the free channel in an abnormal manner is as follows:

步骤 301、 用户通过 DCD终端直接(浏览器书签、 手动输入 URL地址、 已访问的频道项内容页面的链接 ) 向内 供设备发起浏览完整内容页面的 内容访问请求。  Step 301: The user directly initiates a content access request for browsing the full content page by using the DCD terminal directly (browser bookmark, manually inputting the URL address, and the link of the accessed channel item content page).

步骤 302、 内^:供设备判断用户是否有权限浏览该完整内容页面,此时 在内容访问请求中没有携带鉴权成功标识, 并且用户请求访问的频道为免费 频道, 执行步驟 303。  Step 302: The internal device is configured to determine whether the user has the right to browse the complete content page. In this case, the content access request does not carry the authentication success identifier, and the channel requested by the user is a free channel, and step 303 is performed.

步骤 303、 内 ^供设备返回组织后的完整内容页面给 DCD终端。  Step 303: The internal device returns the complete content page after the organization to the DCD terminal.

步骤 304、 用户通过 DCD终端浏览完整内容。  Step 304: The user browses the complete content through the DCD terminal.

前述步驟 103 中, 用户通过非正常方式访问内容时, 内^^供设备确定 请求访问的频道为收费频道, 则从 DCD服务器获取用户订购关系; 此时, 内 ^供设备向 DCD服务器提供用户属性信息; DCD服务器根据用户属性信 息,向内^:供设备返回用户订购关系。用户属性信息可以是用户号码、 DCD 终端类型、 频道标识等; 用户订购关系可以是用户所添加的频道列表、 用户 已订购收费内容的计费标识列表等。  In the foregoing step 103, when the user accesses the content in an abnormal manner, the device determines that the channel requested to be accessed is a charging channel, and obtains the user subscription relationship from the DCD server; at this time, the internal device provides the user attribute to the DCD server. Information; The DCD server returns the user subscription relationship to the device according to the user attribute information. The user attribute information may be a user number, a DCD terminal type, a channel identifier, etc.; the user subscription relationship may be a channel list added by the user, a charging identifier list in which the user has subscribed to the charged content, and the like.

如图 4所示, 一个实施例中, 用户通过非正常方式成功浏览收费频道完 整内容的流程如下:  As shown in FIG. 4, in one embodiment, the process of successfully browsing the full content of the toll channel by the user in an abnormal manner is as follows:

步骤 401、 用户通过 DCD终端直接(浏览器书签、 手动输入 URL地址、 已访问的频道项内容页面的链接 )向内容提供设备发起浏览完整内容页面的 内容访问请求。 Step 401: The user initiates browsing the full content page to the content providing device directly through the DCD terminal (browser bookmark, manual input URL address, link of the accessed channel item content page) Content access request.

步骤 402、 内^供设备判断用户是否有权限访问该内容, 此时在内容访 问请求中没有携带鉴权成功标识, 并且用户访问的频道为收费频道, 则执行 步骤 403。  Step 402: The internal device determines whether the user has the right to access the content. In this case, the content access request does not carry the authentication success identifier, and the channel accessed by the user is a charging channel, and step 403 is performed.

步骤 403、 内^^供设备向 DCD服务器发起订购关系鉴权请求, 需要携 带相应的手机号码、 终端类型、 频道标识等用户属性信息。  Step 403: The device sends a subscription relationship authentication request to the DCD server, and needs to carry user attribute information such as a mobile phone number, a terminal type, and a channel identifier.

步骤 404、 DCD服务器对用户的订购关系进行鉴权。  Step 404: The DCD server authenticates the subscription relationship of the user.

步骤 405、 DCD服务器向内 ^:供设备提供该用户 DCD业务订购关系的 鉴权响应, 并且返回用户所添加的频道列表和用户已订购收费内容的计费标 识列表等相关信息。  Step 405: The DCD server provides an authentication response for the DCD service subscription relationship of the user, and returns related information such as a channel list added by the user and a charging identifier list of the content that the user has subscribed to.

步骤 406、 内容提供设备根据运营需求对 DCD服务器返回的鉴权响应信 息(用户所添加的频道列表和用户已订购收费内容的计费标识列表等相关信 息)对用户访问权限进行鉴权, 如果鉴权通过, 则执行步骤 407。  Step 406: The content providing device authenticates the user access authority according to the operation request, the authentication response information returned by the DCD server (the channel list added by the user, and the charging identifier list of the user who has subscribed the charging content). If the right is passed, step 407 is performed.

步骤 407、 内^ ^供设备返回组织后的完整内容页面给 DCD终端。  Step 407: The internal device is returned to the DCD terminal by the device to return the complete content page after the organization.

步骤 408、 用户通过 DCD终端浏览完整内容。  Step 408: The user browses the complete content through the DCD terminal.

一个实施例中, 若内容提供设备根据 DCD服务器提供的用户订购关系, 对用户访问权限的鉴权失败时, 则向 DCD终端返回页面重定向链接; DCD 终端根据接收的页面重定向链接, 向 DCD服务器发起鉴权请求; DCD服务 器根据用户订购关系对用户访问权限进行鉴权, 向 DCD终端返回鉴权失败结 果, 并根据鉴权失败原因提示用户进行访问权限申请操作。  In one embodiment, if the content providing device fails to authenticate the user access right according to the user subscription relationship provided by the DCD server, the page redirect link is returned to the DCD terminal; the DCD terminal redirects the link according to the received page to the DCD. The server initiates an authentication request; the DCD server authenticates the user access authority according to the user subscription relationship, returns an authentication failure result to the DCD terminal, and prompts the user to perform an access authority application operation according to the authentication failure reason.

如图 5 所示, 一个实施例中, 用户通过非正常方式失败浏览收费频道完 整内容的流程如下:  As shown in FIG. 5, in one embodiment, the process of browsing the content of the toll channel by the user in an abnormal manner fails as follows:

步骤 501、 用户通过 DCD终端直接(浏览器书签、 手动输入 URL地址、 已访问的频道项内容页面的链接 )向内容提供设备发起浏览完整内容页面的 内容访问请求。  Step 501: The user initiates a content access request for browsing the complete content page to the content providing device directly through the DCD terminal (browser bookmark, manual input URL address, link of the accessed channel item content page).

步骤 502、 内容提供设备判断用户是否有权限访问该内容, 此时, 内容访 问请求中没有携带鉴权成功标识, 并且用户访问的频道为收费频道, 则执行 步骤 503。 Step 502: The content providing device determines whether the user has the right to access the content. At this time, the content access request does not carry the authentication success identifier, and the channel accessed by the user is a charging channel, and then the execution is performed. Step 503.

步骤 503、 内 ^^供设备向 DCD服务器发起订购关系鉴权请求, 需要携 带相应的手机号码、 终端类型、 频道标识等用户属性信息。  Step 503: The device sends a subscription relationship authentication request to the DCD server, and needs to carry user attribute information such as a mobile phone number, a terminal type, and a channel identifier.

步骤 504、 DCD服务器对用户的订购关系进行鉴权。  Step 504: The DCD server authenticates the subscription relationship of the user.

步骤 505、 DCD服务器向内容提供设备提供该用户 DCD业务订购关系的 鉴权响应, 并且返回用户所添加的频道列表和用户已订购收费内容的计费标 识列表等相关信息。  Step 505: The DCD server provides an authentication response of the DCD service subscription relationship of the user to the content providing device, and returns related information such as a channel list added by the user and a charging identifier list that the user has subscribed to the charging content.

步骤 506、 内容提供设备根据运营需求对 DCD服务器返回的鉴权响应信 息(用户所添加的频道列表和用户已订购收费内容的计费标识列表等相关信 息)对用户访问权限进行鉴权, 如果鉴权失败, 则执行步骤 507。  Step 506: The content providing device authenticates the user access authority according to the operation request, the authentication response information returned by the DCD server (the channel list added by the user, and the charging identifier list that the user has subscribed to the charging content). If the right fails, step 507 is performed.

步骤 507、 内^ ^供设备向 DCD终端返回页面重定向链接, 并携带频道 标识。  Step 507: The device returns a page redirect link to the DCD terminal and carries the channel identifier.

步骤 508、 DCD终端根据页面重定向链接自动向 DCD服务器发起访问请 求。  Step 508: The DCD terminal automatically initiates an access request to the DCD server according to the page redirect link.

步骤 509、 DCD服务器根据用户订购关系对用户访问权限进行鉴权。 步骤 510、 DCD服务器向 DCD终端返回完整内容访问失败的页面, 并给 出提示信息。 如果用户终端未在 DCD服务器注册, 则给出用户终端不支持的 提示信息; 如果用户未订购该套餐, 则给出用户需要订购套餐的提示信息; 如果用户未订购该频道内容, 则给出用户需要订购该频道后才能继续访问的 提示信息。  Step 509: The DCD server authenticates the user access authority according to the user subscription relationship. Step 510: The DCD server returns a page of complete content access failure to the DCD terminal, and gives a prompt message. If the user terminal is not registered in the DCD server, the prompt information that the user terminal does not support is given; if the user does not subscribe to the package, the prompt information that the user needs to subscribe to the package is given; if the user does not subscribe to the channel content, the user is given A reminder that you need to order this channel to continue accessing.

步骤 511、 用户根据提示信息进入订购套餐或者添加频道的流程。  Step 511: The user enters a subscription package or adds a channel according to the prompt information.

一个实施例中, 内容鉴权逻辑流程如图 6所示, 包括:  In one embodiment, the content authentication logic flow is as shown in FIG. 6, and includes:

步骤 601、 内^:供设备接收到用户发起的完整内容浏览请求, 即内容访 问请求。  Step 601: Internal: The device receives the complete content browsing request initiated by the user, that is, the content access request.

步骤 602、 内容提供设备判断请求参数中是否带有鉴权成功标识, 若是, 则执行步骤 613, 若否, 则执行步骤 603。  Step 602: The content providing device determines whether the request parameter has an authentication success identifier, and if yes, step 613 is performed, and if no, step 603 is performed.

步驟 603、 内容提供设备判断访问的是否为免费频道, 若是, 则执行步骤 613, 若否, 则执行步骤 604。 Step 603: The content providing device determines whether the access is a free channel, and if yes, performing the step 613. If no, step 604 is performed.

步骤 604、 内 ^^供设备向 DCD服务器发起订购关系鉴权请求。  Step 604: The device sends a subscription relationship authentication request to the DCD server.

步骤 605、 DCD服务器对用户订购关系进行鉴权。  Step 605: The DCD server authenticates the user subscription relationship.

步骤 606、 DCD服务器向内容提供设备返回用户订购关系信息, 并对信 息进行力 ø密。  Step 606: The DCD server returns the user subscription relationship information to the content providing device, and performs strong information on the information.

步骤 607、 内^:供设备对用户订购关系信息进行解密, 判断用户能否对 收费频道进行访问, 若是, 则执行步骤 613, 若否, 则执行步骤 608。  Step 607: Internal: The device decrypts the user subscription relationship information, and determines whether the user can access the charging channel. If yes, step 613 is performed, and if no, step 608 is performed.

步骤 608、 内容提供设备向 DCD终端返回 DCD服务器的页面重定向链 接。  Step 608: The content providing device returns a page redirection link of the DCD server to the DCD terminal.

步骤 609、 DCD终端根据页面重定向链接自动向 DCD服务器发起访问请 求。  Step 609: The DCD terminal automatically initiates an access request to the DCD server according to the page redirect link.

步骤 610、 DCD服务器根据用户订购关系对用户访问权限进行鉴权。 步骤 611、 DCD服务器向 DCD终端返回完整内容访问失败的页面, 并根 据失败原因给出不同的提示信息。  Step 610: The DCD server authenticates the user access authority according to the user subscription relationship. Step 611: The DCD server returns a page of complete content access failure to the DCD terminal, and gives different prompt information according to the failure reason.

步骤 612、 用户根据提示信息进入订购套餐或者添加频道的流程。  Step 612: The user enters a subscription package or adds a channel according to the prompt information.

步骤 613、 内^^供设备组织完整内容页面返回给用户。  Step 613: The internal device is configured to return the complete content page to the user.

步骤 614、 用户浏覓完整内容。  Step 614: The user browses the complete content.

一个实施例中, 如果用户访问的频道为收费频道, 则内容提供设备可以 进一步判断本设备中是否已存储有用户对请求访问的频道的访问信息, 若有, 则表明用户之前已访问过该收费频道的内容, 内容提供设备认为用户具备访 问该收费频道的权限, 将直接向用户提供访问内容; 若本设备中没有用户的 访问信息(比如在会话超时、 用户首次访问等情况下), 则内容提供设备需要 发起上述对用户访问权限的鉴权处理流程,从 DCD服务器获取用户订购关系, 并根据用户订购关系对用户访问权限进行鉴权, 在鉴权通过后, 向 DCD终端 返回请求访问的频道内容, 内容提供设备需存储用户对请求访问的频道的访 问信息, 作为下一次判断用户是否具备访问权限的依据。  In an embodiment, if the channel accessed by the user is a charging channel, the content providing device may further determine whether the user has stored access information for the channel requested to be accessed in the device, and if yes, indicating that the user has previously accessed the charging. The content of the channel, the content providing device believes that the user has the right to access the charging channel, and will directly provide the user with the access content; if there is no user access information in the device (such as when the session times out, the user first accesses, etc.), the content The providing device needs to initiate the above-mentioned authentication processing procedure for the user access authority, obtain the user subscription relationship from the DCD server, and authenticate the user access authority according to the user subscription relationship, and return the channel requesting access to the DCD terminal after the authentication is passed. Content, the content providing device needs to store the access information of the user to the channel requested to be accessed, as the basis for determining whether the user has the access right next time.

下面举例介绍本发明实施例中的内 权接口。 假设内 ^供设备向 DCD服务器请求对用户订购关系进行鉴权的内容鉴 权接 口 采 用 Http 请 求 方 式 , 以 及 假 设 URL 地 址 为 http://dcd.monternet.com/service/authorizeo The following describes an internal rights interface in the embodiment of the present invention. Assume that the content authentication interface that requests the device to authenticate the user subscription relationship to the DCD server adopts the Http request mode, and assumes that the URL address is http://dcd.monternet.com/service/authorizeo

用户从 DCD终端直接(浏览器书签、 手动输入 URL地址、 已访问的频 道项内容页面的链接 ) 向内容提供设备请求访问频道内容时, 内容提供设备 需根据会话中用户的访问信息, 如手机号码、 鉴权参数等, 判断用户是否有 权访问该内容。 如果用户访问的频道为免费频道, 则内容提供设备直接向用 户提供访问内容; 如果用户访问的频道为收费频道, 则内容提供设备需通过 该内容鉴权接口向 DCD服务器请求订购关系鉴权。  When the user requests the content providing device to access the channel content directly from the DCD terminal (browser bookmark, manual input URL address, link of the accessed channel item content page), the content providing device needs to access information according to the user in the session, such as a mobile phone number. , authentication parameters, etc., to determine whether the user has access to the content. If the channel accessed by the user is a free channel, the content providing device directly provides the user with access to the content; if the channel accessed by the user is a premium channel, the content providing device needs to request the subscription relationship authentication from the DCD server through the content authentication interface.

内容提供设备向 DCD服务器发起订购关系鉴权请求时,访问 URL地址: http://dcd.monternet.com/service/authorize, 并且需将手机号码, 终端型号以及 当前浏览内容对应的频道标识通过 querystring方式传递给 DCD服务器,例如: http://dcd.monternet.com/service/authorize?msisdn=13800010001 &ua=Mot- XXXXXXXXX&feed-id=000001  When the content providing device initiates the subscription relationship authentication request to the DCD server, access the URL address: http://dcd.monternet.com/service/authorize, and pass the phone number, the terminal model, and the channel identifier corresponding to the currently browsed content through the querystring. The method is passed to the DCD server, for example: http://dcd.monternet.com/service/authorize?msisdn=13800010001 &ua=Mot- XXXXXXXXX&feed-id=000001

DCD Ji艮务器 据用户手机号码及终端型号等, 判断用户终端是否为注册 终端, 判断用户的订购关系, 并将用户所添加的频道列表和用户已订购收费 内容的计费标识列表的相关信息返回给内容提供设备。 用户订购关系信息可 以进行 DES ( Data Encryption Standard, 数据加密标准)加密处理, 且 DES 加密密钥可以灵活配置。 需要加密的参数可以如下:  According to the user's mobile phone number and terminal model, the DCD Ji server determines whether the user terminal is a registered terminal, determines the user's subscription relationship, and lists the channel list added by the user and the charging identifier list of the user's ordered charging content. Return to the content providing device. The user subscription relationship information can be encrypted by DES (Data Encryption Standard), and the DES encryption key can be flexibly configured. The parameters that need to be encrypted can be as follows:

DCD服务器标识: s=dcd (可以是其它的 DCD服务器标识)  DCD server ID: s=dcd (can be other DCD server ID)

添加频道列表: fl=feedJD (多个频道之间使用 "," 分割)  Add channel list: fl=feedJD (use "," between multiple channels)

添加计费标识列表: si =service一 ID (多个业务之间使用 ",,, 分割) 当前时间戳: t=yyyy-mm-dd hh24:nn:ss  Add a list of billing IDs: si = service - ID (use ",,, split between multiple services" Current timestamp: t=yyyy-mm-dd hh24:nn:ss

对以上 采用 DES进行加密, 作为 auth参数传给内容提供设备。 内容 提供设备对 auth 进行 DES解密, 根据鉴权响应参数信息进行鉴权 (可以 根据运营需求对频道列表或计费标识列表进行逻辑判断), 如果鉴权成功, 内 容提供设备将用户所添加频道列表信息及用户已订购收费内容的计费标识列 表信息保存在会话中, 并组织完整内容页面返回给用户; 如果鉴权失败, 则 返 回 给 用 户 页 面 重 定 向 链 接 地 址 http:〃dcd.montemet.com/service/redirect?feed-id=xxxxxx,其中 feed— id为用户本 次访问内容对应的频道标识。 DCD终端重定向到 DCD服务器后, DCD服务 器根据终端请求对用户访问权限进行鉴权, 并且提示用户相应的鉴权失败结 果, 并引导用户完成添加频道等相应的操作。 Encryption using DES above is passed to the content providing device as an auth parameter. The content providing device performs DES decryption on the auth, and performs authentication according to the authentication response parameter information (the channel list or the charging identifier list may be logically determined according to the operational requirement). If the authentication succeeds, the content providing device adds the channel list added by the user. Information and the billing ID column of the user who has subscribed to the charged content The table information is saved in the session, and the complete content page is returned to the user; if the authentication fails, the user redirects the link address http: 〃dcd.montemet.com/service/redirect?feed-id=xxxxxx, where Feed— The id is the channel identifier corresponding to the user's current access content. After the DCD terminal is redirected to the DCD server, the DCD server authenticates the user access authority according to the terminal request, and prompts the user for the corresponding authentication failure result, and guides the user to complete the corresponding operation such as adding the channel.

当用户在正常访问方式下通过 DCD终端浏览完整内容时,用户通过 DCD 终端引导, 经过 DCD服务器进入 wap页面。 DCD服务器对用户访问权限进 行鉴权, 如果鉴权成功, DCD服务器将 DCD终端重定向到内^!供设备, 重定向链接地址为频道内容对应的 URL地址, 且附带了鉴权成功标识和 auth 下面给出两个内容访问鉴权的具体例子。  When the user browses the complete content through the DCD terminal in the normal access mode, the user boots through the DCD terminal and enters the wap page through the DCD server. The DCD server authenticates the user access authority. If the authentication succeeds, the DCD server redirects the DCD terminal to the internal device, and the redirected link address is the URL address corresponding to the channel content, and the authentication success identifier and auth are attached. Specific examples of two content access authentications are given below.

例一:  Example 1:

假设用户手机号码为 13800010001, UA ( User Agent, 用户代理) 为 MOT-V300/xx.xx.xxR DCD/1.5 Profile MIDP-2.0 Configuration/CLDC-1.0,用户 当前要访问一个单独计费收费频道的频道项的完整内容。 该频道的频道标识 feed-id为 000001, 对应的计费标识代码 service-id为 52000003。 内^^供设 备与 DCD服务器之间的鉴权交互流程及传递参数情况如下:  Assume that the user's mobile phone number is 13800010001, and the UA (User Agent) is MOT-V300/xx.xx.xxR DCD/1.5 Profile MIDP-2.0 Configuration/CLDC-1.0. The user currently wants to access a channel of a separate charging and charging channel. The full content of the item. The channel identifier feed-id of the channel is 000001, and the corresponding charging identifier code service-id is 52000003. The authentication interaction process and the parameters passed between the device and the DCD server are as follows:

用户通过 DCD终端直接向内 供设备发起访问完整内容请求; 内容提供设备根据会话中用户的访问信息, 如用户手机号码、 鉴权参数 等, 判断用户访问的频道是一个收费频道;  The user directly requests the internal device to access the complete content request through the DCD terminal; the content providing device determines that the channel accessed by the user is a charging channel according to the user's access information in the session, such as the user's mobile phone number and the authentication parameter;

内^供设备采用 HTTP GET方法向 DCD服务器发起订购关系鉴权请 求, 请求 URL为:  The internal device uses the HTTP GET method to initiate a subscription relationship authentication request to the DCD server. The request URL is:

http://dcd.monternet.com/service/authorize?msisdn== 13800010001 &ua=Mot- XXXXXXXXX&feed-id=000001;  Http://dcd.monternet.com/service/authorize?msisdn== 13800010001 &ua=Mot- XXXXXXXXX&feed-id=000001;

DCD服务器收到订购关系鉴权请求后, 对用户订购关系进行鉴权, DCD 服务器判断用户当前的 DCD服务器标识 s为 dcd, 用户所添加频道列表 fl为 000001 , 000002, 用户的计费标识列表 si 为 52000003, 用户访问时间 t为 2007-03-28 10:12:27。 则 DES加密前字符串为: s=dcd; fl=000001 , 000002; sl=52000003; t=2007-03-28 10:12:27, 经 DES加密后用 base64编码该字串为: jdienvhaspSLJIEN8322KJFDeidsFDEoiFDSlkdsfu8327329fdjewioj; After receiving the subscription relationship authentication request, the DCD server authenticates the user subscription relationship, and the DCD server determines that the current DCD server identifier s of the user is dcd, and the channel list fl added by the user is 000001, 000002, the user's billing identifier list si is 52000003, and the user access time t is 2007-03-28 10:12:27. Then the string before DES encryption is: s=dcd; fl=000001, 000002; sl=52000003; t=2007-03-28 10:12:27, after DES encryption, the string is encoded by base64: jdienvhaspSLJIEN8322KJFDeidsFDEoiFDSlkdsfu8327329fdjewioj;

DCD服务器将加密后的字符串作为鉴权参数通过鉴权响应返回给内 供设备, 响应为:  The DCD server returns the encrypted string as an authentication parameter to the internal device through the authentication response, and the response is:

HTTP/1.1 200 OK  HTTP/1.1 200 OK

Date: 2007-9-15 GMT 16:00:00  Date: 2007-9-15 GMT 16:00:00

Content-Type: application/xml; charset=gb2312  Content-Type: application/xml; charset=gb2312

Content-Length: 120  Content-Length: 120

<?xml version- ' 1.0"> <?xml version- ' 1.0">

<authresult>0< authresult>  <authresult>0< authresult>

<auth>jdienvhaspSLJIEN8322KJFDeidsFDEoiFDSlkdsfu8327329fdjewioj< auth> 例二:  <auth>jdienvhaspSLJIEN8322KJFDeidsFDEoiFDSlkdsfu8327329fdjewioj< auth> Example 2:

当用户通过 DCD终端正常访问完整内容时, 是通过 DCD终端引导, 经 过 DCD服务器进入 wap页面的, DCD服务器鉴权成功后, 发给用户重定向 的 URL地址为:  When the user accesses the complete content through the DCD terminal normally, it is booted through the DCD terminal and enters the wap page through the DCD server. After the DCD server is successfully authenticated, the URL address that is sent to the user for redirection is:

http://wapnews.i 139.cn/pams/s.do?p=611 &authresult=0&auth=ojofhwaoHOH FjdshfdefdsADSPMEO  Http://wapnews.i 139.cn/pams/s.do?p=611 &authresult=0&auth=ojofhwaoHOH FjdshfdefdsADSPMEO

基于同一发明构思,本发明实施例还提供一种 DCD的内容访问鉴权系统, 其结构如图 7所示, 可以包括:  Based on the same inventive concept, the embodiment of the present invention further provides a DCD content access authentication system, and the structure thereof is as shown in FIG. 7, which may include:

DCD终端 701, 用于发起内容访问请求; 以及, 接收请求访问的频道内 容;  a DCD terminal 701, configured to initiate a content access request; and, to receive a channel content requested to be accessed;

DCD服务器 702, 用于提供用户订购关系;  a DCD server 702, configured to provide a user subscription relationship;

内容提供设备 703, 用于接收 DCD终端 701发起的内容访问请求, 确定 所述内容访问请求中未携带对用户访问权限的鉴权成功标识, 则在确定请求 访问的频道为收费频道时: 从 DCD服务器 702获取用户订购关系, 根据用户 订购关系对用户访问权限进行鉴权,在鉴权成功后向 DCD终端 701返回请求 访问的频道内容; 或, 进一步确定本设备中是否已存储有所述用户对请求访 问的频道的访问信息; 若是, 则向 DCD终端 701返回请求访问的频道内容; 若否, 则从 DCD服务器 702获取用户订购关系, 根据用户订购关系对用户访 问权限进行鉴权, 在鉴权成功后存储所述用户对请求访问的频道的访问信息, 并向 DCD终端 701返回请求访问的频道内容。 The content providing device 703 is configured to receive a content access request initiated by the DCD terminal 701, determine that the content access request does not carry an authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a premium channel: from the DCD The server 702 obtains a user subscription relationship, according to the user The subscription relationship authenticates the user access right, and returns the channel content requested to be accessed to the DCD terminal 701 after the authentication succeeds; or further determines whether the user has stored access information of the channel requested to access the device; And returning the channel content requested for access to the DCD terminal 701; if not, acquiring the user subscription relationship from the DCD server 702, authenticating the user access authority according to the user subscription relationship, and storing the user requesting access after the authentication succeeds The access information of the channel is returned to the DCD terminal 701 for the channel content requested for access.

一个实施例中, 内 供设备还可以用于在鉴权失败时向 DCD终端返回 页面重定向链接; DCD终端还可以用于根据接收的页面重定向链接, 向 DCD 服务器发起鉴权请求; DCD服务器还可以用于根据用户订购关系对用户访问 权限进行鉴权, 向 DCD终端返回鉴权失败结果, 并根据鉴权失败原因提示用 户进行访问权限申请操作。  In an embodiment, the internal device may be further configured to return a page redirect link to the DCD terminal when the authentication fails; the DCD terminal may further be configured to initiate an authentication request to the DCD server according to the received page redirect link; the DCD server It can also be used to authenticate the user access rights according to the user subscription relationship, return the authentication failure result to the DCD terminal, and prompt the user to perform the access authority application operation according to the authentication failure reason.

一个实施例中, 内容提供设备还可以用于在确定所述内容访问请求中携 带对用户访问权限的鉴权成功标识时,向 DCD终端返回请求访问的频道内容。  In an embodiment, the content providing device may be further configured to: when determining the authentication success identifier for the user access right in the content access request, return the channel content requested to be accessed to the DCD terminal.

一个实施例中, DCD服务器还可以用于在接收到 DCD终端因用户在 DCD 窗口中选择欲访问的内容链接的触发后, 根据用户订购关系, 对用户访问权 限进行鉴权; 在鉴权成功后, 向 DCD终端返回页面重定向链接; DCD终端 还可以用于根据接收的页面重定向链接, 向内 供设备发起内容访问请求, 并在所述内容访问请求中携带对用户访问权限的鉴权成功标识。  In an embodiment, the DCD server may be further configured to: after receiving the trigger of the content link to be accessed by the user in the DCD window, the DCD server authenticates the user access right according to the user subscription relationship; after the authentication succeeds Returning a page redirection link to the DCD terminal; the DCD terminal may be further configured to: initiate an content access request to the device according to the received page redirection link, and carry the authentication request for the user access right in the content access request Logo.

一个实施例中, 内 供设备 703通过内容鉴权接口向 DCD服务器 702 发起订购关系鉴权请求。  In one embodiment, the internal device 703 initiates a subscription relationship authentication request to the DCD server 702 via the content authentication interface.

基于同一发明构思, 本发明实施例还提供一种内 ^:供设备, 其结构如 图 8所示, 可以包括:  Based on the same inventive concept, the embodiment of the present invention further provides an internal device, and the structure thereof is as shown in FIG.

接收模块 801, 用于接收用户通过 DCD终端发起的内容访问请求; 确定模块 802 ,用于确定所述内容访问请求中是否携带有对用户访问权限 的鉴权成功标识;  The receiving module 801 is configured to receive a content access request initiated by the user through the DCD terminal, and the determining module 802 is configured to determine whether the content access request carries an authentication success identifier for the user access right.

内 ^^供模块 803,用于在确定所述内容访问请求中未携带对用户访问权 限的鉴权成功标识、请求访问的频道为收费频道时: 从 DCD服务器获取用户 订购关系,根据用户订购关系对用户访问权限进行鉴权,在鉴权成功后向 DCD 终端返回请求访问的频道内容; 或, 进一步确定本设备中是否已存储有所述 用户对请求访问的频道的访问信息; 若是, 则向 DCD终端返回请求访问的频 道内容; 若否, 则从 DCD服务器获取用户订购关系, 根据用户订购关系对用 户访问权限进行鉴权, 在鉴权成功后存储所述用户对请求访问的频道的访问 信息, 并向 DCD终端返回请求访问的频道内容。 The module 803 is configured to: when determining that the content access request does not carry the authentication success identifier for the user access right, and the channel requesting access is a charging channel: acquiring the user from the DCD server The order relationship is to authenticate the user access right according to the user subscription relationship, and return the channel content requested to be accessed to the DCD terminal after the authentication succeeds; or, further determine whether the user has stored the channel requested to access the device. Accessing the information; if yes, returning the channel content requested to be accessed to the DCD terminal; if not, obtaining the user subscription relationship from the DCD server, authenticating the user access authority according to the user subscription relationship, and storing the user pair after the authentication succeeds The access information of the channel requesting access, and returning the channel content requested for access to the DCD terminal.

综上, 本发明实施例提供一种内容访问的鉴权机制和流程, 并制定了相 关数据接口, 包括完整的内容鉴权功能描述、 内容鉴权接口及内容鉴权流程, 能够同时支持以正常方式和非正常方式进行内容访问的内容鉴权, 以确保只 有经过内容访问代理服务器(如 DCD服务器)授权且订购了相关频道内容的 用户才能访问相关内容, 有效地防止了用户通过非正常方式非法进行内容访 问。  In summary, the embodiments of the present invention provide an authentication mechanism and a process for content access, and formulate related data interfaces, including a complete content authentication function description, a content authentication interface, and a content authentication process, which can simultaneously support normal Mode and content authentication for content access in an abnormal manner to ensure that only users authorized by the content access proxy server (such as DCD server) and subscribed to related channel content can access related content, effectively preventing users from illegally operating in an abnormal manner. Make content access.

显然, 本领域的技术人员可以对本发明进行各种改动和变型而不脱离本 发明的精神和范围。 这样, 倘若对本发明的这些修改和变型属于本发明权利 要求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。  It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Therefore, it is intended that the present invention cover the modifications and variations of the invention as claimed.

Claims

权 利 要 求 Rights request 1、 一种内容访问鉴权方法, 其特征在于, 包括:  A content access authentication method, comprising: 内容提供设备接收终端发起的内容访问请求, 当判断所述内容访问请求 中未携带对用户访问权限的鉴权成功标识时, 判断请求访问的频道是否为收 费频道, 若是:  The content providing device receives the content access request initiated by the terminal. When it is determined that the content access request does not carry the authentication success identifier for the user access right, it determines whether the channel requested to be accessed is a charging channel, and if: 则从内容访问代理服务器获取用户订购关系, 根据用户订购关系对用户 访问权限进行鉴权, 若鉴权成功, 则向所述终端返回请求访问的频道内容。  Then, the user subscription relationship is obtained from the content access proxy server, and the user access authority is authenticated according to the user subscription relationship. If the authentication is successful, the channel content requested to be accessed is returned to the terminal. 2、 如权利要求 1所述的方法, 其特征在于, 在从内容访问代理服务器获 取用户订购关系之前, 还包括判断本设备中是否已存储有所述用户对请求访 问的频道的访问信息;  2. The method according to claim 1, wherein before obtaining the user subscription relationship from the content access proxy server, the method further comprises: determining whether the user has stored access information of the channel requested to be accessed by the user; 若是, 则向所述终端返回请求访问的频道内容; 若否, 则从内容访问代 理服务器获取用户订购关系, 根据用户订购关系对用户访问权限进行鉴权, 若鉴权成功, 则向所述终端返回请求访问的频道内容。  If yes, returning the channel content requested for access to the terminal; if not, acquiring the user subscription relationship from the content access proxy server, authenticating the user access authority according to the user subscription relationship, and if the authentication is successful, then the terminal is Returns the channel content requested to access. 3、 如权利要求 2所述的方法, 其特征在于, 在鉴权成功之后, 向所述终 端返回请求访问的频道内容之前, 存储所述用户对请求访问的频道的访问信  3. The method according to claim 2, wherein after the authentication succeeds, before returning the channel content requested for access to the terminal, storing the access letter of the user to the channel requested to access 4、 如权利要求 1所述的方法, 其特征在于, 内^^供设备在确定所述内 容访问请求中未携带对用户访问权限的鉴权成功标识时, 进一步包括: The method according to claim 1, wherein the device further comprises: when determining that the content access request does not carry the authentication success identifier for the user access right, further comprising: 在确定请求访问的频道为免费频道时, 向所述终端返回请求访问的频道 内容。  When it is determined that the channel requested to be accessed is a free channel, the channel content requested to be accessed is returned to the terminal. 5、 如权利要求 1所述的方法, 其特征在于, 所述从内容访问代理服务器 获取用户订购关系包括:  5. The method of claim 1, wherein the obtaining a user subscription relationship from the content access proxy server comprises: 内^^供设备向内容访问代理服务器提供用户属性信息;  The device provides the user attribute information to the content access proxy server; 内容访问代理服务器根据用户属性信息, 向内容提供设备返回用户订购 关系。  The content access proxy server returns a user subscription relationship to the content providing device based on the user attribute information. 6、 如权利要求 1所述的方法, 其特征在于, 所述根据用户订购关系对用 户访问权限进行鉴权, 进一步包括: 6. The method according to claim 1, wherein said using according to a user subscription relationship User access rights are authenticated, and further include: 若鉴权失败, 则向所述终端返回页面重定向链接;  If the authentication fails, returning a page redirect link to the terminal; 所述终端根据接收的页面重定向链接, 向内容访问代理服务器发起鉴权 请求;  The terminal initiates an authentication request to the content access proxy server according to the received page redirect link; 内容访问代理服务器根据用户订购关系对用户访问权限进行鉴权, 向所 述终端返回鉴权失败结果, 并根据鉴权失败原因提示用户进行访问权限申请  The content access proxy server authenticates the user access authority according to the user subscription relationship, returns an authentication failure result to the terminal, and prompts the user to apply for the access permission according to the authentication failure reason. 7、 如权利要求 1所述的方法, 其特征在于, 该方法进一步包括: 内容提供设备确定所述内容访问请求中携带了对用户访问权限的鉴权成 功标识, 则向所述终端返回请求访问的频道内容。 The method according to claim 1, wherein the method further comprises: the content providing device determining that the content access request carries an authentication success identifier for the user access right, and returns a request access to the terminal Channel content. 8、 如权利要求 7所述的方法, 其特征在于, 内^供设备接收所述内容 访问请求之前, 进一步包括:  The method of claim 7, wherein before the receiving device receives the content access request, the method further includes: 用户通过所述终端在窗口中选择欲访问的内容链接, 触发内容访问代理 服务器根据用户订购关系对用户访问权限进行鉴权;  The user selects a content link to be accessed in the window through the terminal, and triggers the content access proxy server to authenticate the user access right according to the user subscription relationship; 在鉴权成功后, 内容访问代理服务器向所述终端返回页面重定向链接; 所述终端根据接收的页面重定向链接, 向内容提供设备发起内容访问请 求, 并在所述内容访问请求中携带对用户访问权限的鉴权成功标识。  After the authentication succeeds, the content access proxy server returns a page redirect link to the terminal; the terminal initiates a content access request to the content providing device according to the received page redirect link, and carries the content access request in the content access request. The authentication success identifier of the user access right. 9、 一种内容访问鉴权系统, 其特征在于, 包括:  9. A content access authentication system, comprising: 终端, 用于发起内容访问请求; 以及, 接收请求访问的频道内容; 内容访问代理服务器, 用于提供用户订购关系;  a terminal, configured to initiate a content access request; and, receiving a channel content requested to be accessed; and a content access proxy server, configured to provide a user subscription relationship; 内^:供设备, 用于接收所述终端发起的内容访问请求, 确定所述内容 访问请求中未携带对用户访问权限的鉴权成功标识, 则在确定请求访问的频 道为收费频道时: 从内容访问代理服务器获取用户订购关系, 根据用户订购 关系对用户访问权限进行鉴权, 在鉴权成功后向所述终端返回请求访问的频 道内容; 或, 进一步确定本设备中是否已存储有所述用户对请求访问的频道 的访问信息; 若是, 则向所述终端返回请求访问的频道内容; 若否, 则从内 容访问代理服务器获取用户订购关系, 根据用户订购关系对用户访问权限进 行鉴权, 在鉴权成功后存储所述用户对请求访问的频道的访问信息, 并向所 述终端返回请求访问的频道内容。 The device is configured to receive a content access request initiated by the terminal, and determine that the content access request does not carry an authentication success identifier for the user access right, and when determining that the channel requested to be accessed is a charging channel: The content access proxy server obtains the user subscription relationship, and authenticates the user access authority according to the user subscription relationship, and returns the channel content requested to be accessed to the terminal after the authentication succeeds; or, further determines whether the device has been stored in the device. User access information to the channel requesting access; if yes, returning the channel content requested for access to the terminal; if not, acquiring the user subscription relationship from the content access proxy server, and accessing the user according to the user subscription relationship The line authentication stores the access information of the user to the channel requested to be accessed after the authentication succeeds, and returns the channel content requested to be accessed to the terminal. 10、 如权利要求 9所述的内容访问鉴权系统, 其特征在于, 当内^供 设备确定所述内容访问请求中未携带对用户访问权限的鉴权成功标识并且确 定请求访问的频道为收费频道时, 通过内容鉴权接口向内容访问代理服务器 发起订购关系鉴权请求, 并通过所述内容鉴权接口从内容访问代理服务器获 取用户订购关系。  The content access authentication system according to claim 9, wherein the internal device determines that the content access request does not carry an authentication success identifier for the user access right and determines that the channel requesting access is a charge. At the time of the channel, a subscription relationship authentication request is initiated to the content access proxy server through the content authentication interface, and the user subscription relationship is obtained from the content access proxy server through the content authentication interface. 11、 如权利要求 10所述的内容访问鉴权系统, 其特征在于, 所述内容鉴 权接口采用 HTTP请求方式。  The content access authentication system according to claim 10, wherein the content authentication interface adopts an HTTP request mode. 12、 如权利要求 9所述的内容访问鉴权系统, 其特征在于, 所述内^^ 供设备进一步用于在鉴权失败时向所述终端返回页面重定向链接;  The content access authentication system according to claim 9, wherein the internal device is further configured to return a page redirect link to the terminal when the authentication fails; 所述终端进一步用于根据接收的页面重定向链接, 向内容访问代理服务 器发起鉴权请求;  The terminal is further configured to initiate an authentication request to the content access proxy server according to the received page redirect link; 所述内容访问代理服务器进一步用于根据用户订购关系对用户访问权限 进行鉴权, 向所述终端返回鉴权失败结果, 并根据鉴权失败原因提示用户进 行访问权限申请操作。  The content access proxy server is further configured to authenticate the user access authority according to the user subscription relationship, return an authentication failure result to the terminal, and prompt the user to perform an access authority application operation according to the authentication failure reason. 13、 如权利要求 9所述的内容访问鉴权系统, 其特征在于, 所述内^ 供设备进一步用于在确定所述内容访问请求中携带了对用户访问权限的鉴权 成功标识时, 向所述终端返回请求访问的频道内容。  The content access authentication system according to claim 9, wherein the internal device is further configured to: when determining that the content access request carries an authentication success identifier for user access rights, The terminal returns the channel content requested to be accessed. 14、 如权利要求 13所述的内容访问鉴权系统, 其特征在于, 所述内容访 问代理服务器进一步用于在接收到所述终端因用户在窗口中选择欲访问的内 容链接的触发后, 根据用户订购关系, 对用户访问权限进行鉴权; 在鉴权成 功后, 向所述终端返回页面重定向链接;  The content access authentication system according to claim 13, wherein the content access proxy server is further configured to: after receiving the trigger of the content selection link to be accessed by the user in the window, according to User subscription relationship, authenticating user access rights; after successful authentication, returning a page redirect link to the terminal; 所述终端进一步用于根据接收的页面重定向链接, 向内容提供设备发起 内容访问请求, 并在所述内容访问请求中携带对用户访问权限的鉴权成功标 识。  The terminal is further configured to initiate a content access request to the content providing device according to the received page redirect link, and carry an authentication success identifier for the user access right in the content access request. 15、 一种内 ^^供设备, 其特征在于, 包括: 接收模块, 用于接收用户通过终端发起的内容访问请求; 15. An internal device, characterized in that: a receiving module, configured to receive a content access request initiated by the user through the terminal; 确定模块, 用于确定所述内容访问请求中是否携带有对用户访问权限的 鉴权成功标识;  a determining module, configured to determine whether the content access request carries an authentication success identifier for the user access right; 内容提供模块, 用于在确定所述内容访问请求中未携带对用户访问权限 的鉴权成功标识、 请求访问的频道为收费频道时: 从内容访问代理服务器获 取用户订购关系, 根据用户订购关系对用户访问权限进行鉴权, 在鉴权成功 后向所述终端返回请求访问的频道内容; 或, 进一步确定本设备中是否已存 储有所述用户对请求访问的频道的访问信息; 若是, 则向所述终端返回请求 访问的频道内容; 若否, 则从内容访问代理服务器获取用户订购关系, 根据 用户订购关系对用户访问权限进行鉴权, 在鉴权成功后存储所述用户对请求 访问的频道的访问信息, 并向所述终端返回请求访问的频道内容。  a content providing module, configured to: when determining that the content access request does not carry an authentication success identifier for the user access right, and requesting the accessed channel to be a charging channel: obtaining a user subscription relationship from the content access proxy server, according to the user subscription relationship The user access right is authenticated, and after the authentication succeeds, the channel content requested to be accessed is returned to the terminal; or, it is further determined whether the access information of the channel requested by the user to the accessed channel is already stored in the device; if yes, then Returning, by the terminal, the channel content requested to be accessed; if not, acquiring the user subscription relationship from the content access proxy server, authenticating the user access authority according to the user subscription relationship, and storing the channel requested by the user after the authentication succeeds Access information, and return the channel content requested for access to the terminal.
PCT/CN2009/000964 2008-08-21 2009-08-21 Content access authentification method, device and system Ceased WO2010020114A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810118665A CN101656684A (en) 2008-08-21 2008-08-21 Content access authentication method, equipment and system for dynamic content delivery
CN200810118665.7 2008-08-21

Publications (1)

Publication Number Publication Date
WO2010020114A1 true WO2010020114A1 (en) 2010-02-25

Family

ID=41706834

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/000964 Ceased WO2010020114A1 (en) 2008-08-21 2009-08-21 Content access authentification method, device and system

Country Status (2)

Country Link
CN (1) CN101656684A (en)
WO (1) WO2010020114A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196372B (en) * 2010-03-01 2014-12-10 中国移动通信集团公司 Method, device, portable terminal and system for movably monitoring network alarm in real-time
CN102378115A (en) * 2010-08-16 2012-03-14 杭州华三通信技术有限公司 Control method of multicast access, system and device thereof
CN102546196B (en) * 2010-12-24 2015-07-08 联芯科技有限公司 Processing method and system for dynamic content delivery
CN103152332B (en) * 2013-02-17 2018-02-16 中兴通讯股份有限公司 A kind of EAP authentication method and apparatus under WEB service assistance
CN106330931B (en) * 2016-08-30 2019-06-25 湖南强视信息科技有限公司 It is a kind of to prevent search document method towards unmanned invigilator
CN111294615A (en) * 2018-12-07 2020-06-16 玲珑视界科技(北京)有限公司 Multicast channel batch authentication method and system
CN112929319B (en) * 2019-12-05 2024-05-31 中国电信股份有限公司 Content service method, system, device and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1430377A (en) * 2001-12-30 2003-07-16 华为技术有限公司 Method of realizing Internet contents paying
WO2005015429A1 (en) * 2003-08-06 2005-02-17 Nhn Corporation Authentication method based on ticket
CN1833459A (en) * 2003-08-06 2006-09-13 摩托罗拉公司(在特拉华州注册的公司) Method and apparatus for initiating content provider authentication
CN101083538A (en) * 2006-05-30 2007-12-05 卓望数码技术(深圳)有限公司 Real-time counting method for value added business of IP network environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1430377A (en) * 2001-12-30 2003-07-16 华为技术有限公司 Method of realizing Internet contents paying
WO2005015429A1 (en) * 2003-08-06 2005-02-17 Nhn Corporation Authentication method based on ticket
CN1833459A (en) * 2003-08-06 2006-09-13 摩托罗拉公司(在特拉华州注册的公司) Method and apparatus for initiating content provider authentication
CN101083538A (en) * 2006-05-30 2007-12-05 卓望数码技术(深圳)有限公司 Real-time counting method for value added business of IP network environment

Also Published As

Publication number Publication date
CN101656684A (en) 2010-02-24

Similar Documents

Publication Publication Date Title
EP1976181B1 (en) A method, apparatus and data download system for controlling the validity of the download transaction
US8201232B2 (en) Authentication, identity, and service management for computing and communication systems
US9003189B2 (en) Trusted third party client authentication
CN106131079B (en) Authentication method, system and proxy server
US9648132B2 (en) Method of enabling digital music content to be downloaded to and used on a portable wireless computing device
US7895445B1 (en) Token-based remote data access
US7734732B2 (en) System, apparatus and methods for storing links to media files in network storage
US20050066353A1 (en) Method and system to monitor delivery of content to a content destination
US9038191B2 (en) Method and apparatus for providing DRM service
US9961549B2 (en) Right object acquisition method and system
CN101420416B (en) Identity management platform, service server, login system and method, and federation method
US20120005041A1 (en) Mobile content distribution with digital rights management
EP2683127A1 (en) Voucher authorization for cloud server
JP2005536780A (en) Method for transmitting encrypted user data objects
WO2010020114A1 (en) Content access authentification method, device and system
CN101771676A (en) Setting and authentication method for cross-domain authorization and relevant device and system
WO2009155806A1 (en) Method, system and terminal for employing subscription service content
US20090307757A1 (en) Method and System for Centralized Access Authorization To Online Streaming Content
US20070022306A1 (en) Method and apparatus for providing protected digital content
JP5687455B2 (en) Server, terminal, program, and service providing method
JP5669441B2 (en) Cache server at hotspot for downloading services
TWI270284B (en) Method and system for downloading and authenticating digital copyright
US20060075227A1 (en) Portable information management device
JP2011191995A (en) Download device and content sales system
JP2012141883A (en) Service providing server, authorization information acquisition method and authorization information acquisition program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09807813

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09807813

Country of ref document: EP

Kind code of ref document: A1