CN100505734C - Method for realizing external device mapping of network computer - Google Patents
Method for realizing external device mapping of network computer Download PDFInfo
- Publication number
- CN100505734C CN100505734C CNB2005100598444A CN200510059844A CN100505734C CN 100505734 C CN100505734 C CN 100505734C CN B2005100598444 A CNB2005100598444 A CN B2005100598444A CN 200510059844 A CN200510059844 A CN 200510059844A CN 100505734 C CN100505734 C CN 100505734C
- Authority
- CN
- China
- Prior art keywords
- function call
- function
- peripheral hardware
- client modules
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method for achieving the external device mapping in the network computer. It arranges an intercepting module and a redirection client end module on the applied layer of the server; it arranges a redirection server end module on the driving layer of the network computer NC; when the applied layer of the server visits the external device of NC, the method comprises: a) the intercepting module intercepts the function calling information for visiting the external device and sends it to the redirection client end module; b) the redirection client end module sends the received function calling information to the corresponding NC redirection server end module; c) the redirection server end module calls the external visiting function of the NC external driving layer and visits the NC connecting external device by the received function calling information.
Description
Technical field
The present invention relates to the application technology of network computer, particularly a kind of method that realizes the external equipment mapping of network computer.
Background technology
Network computer (NC, Network Computer) is a kind of simplification computer that does not have equipment such as hard disk, CD-ROM drive, floppy drive, it utilizes local resource or server resource to calculate, utilize server resource to carry out storage, have characteristics such as safety, reliable, manageability, and in government, functional department and enterprise, obtained extensive use.Different with common computer, network computer is except moving local the application, mainly be by login WBT (referring to server end operation Windows series operating system) or UBT (referring to server end operation Unix or Linux series operating system), the application on the runtime server.At present, in the majority with the application under the login WBT mode, its communications protocol that adopts mainly contains two kinds of RDP (RDP, Remote Desktop Protocol) and independent computing architecture agreements (ICA, Independent Computing Architecture).
Under the WBT pattern, the software that moves on the peripheral hardware application layer of Windows server is visible for the user, the peripheral hardware application layer also can only be visited the various external equipments that are connected on the Windows server, such as: printer, USB flash disk, the authentication hardware (U-KEY) of USB interface etc., and the use pattern of NC requires various external equipments to be connected on the various interface of NC, therefore, need make the server peripheral hardware application layer under the WBT pattern can visit the external equipment that is connected on the NC, that is: realize that the various external equipments of NC are from the mapping of NC to the Windows server.At present, RDP and ICA agreement have realized the mapping function of some basic external equipments, such as: serial equipment, printer etc., but can't realize mapping function to all external equipments, such as: RDP and ICA agreement can't realize the mapping of external equipments such as U-KEY, scanner, Windows2000 system sound card to the Windows server.
Usually, when the peripheral hardware application layer software visit of server is connected local external equipment hardware, need call the peripheral access function, at first call the peripheral hardware Drive Layer by the peripheral hardware application layer, function call information is mail to the peripheral hardware Drive Layer, the peripheral hardware Drive Layer is called corresponding peripheral access function according to function call information then, and outside device hardware is carried out various accessing operations.For most of external equipments, only comprise peripheral hardware hardware driving layer in its peripheral hardware Drive Layer, be used to provide various peripheral access functions, these peripheral access functions can realize opening external equipment, close external equipment, external equipment such as is read and write at operation.But, for external equipments such as U-KEY, a plurality of external equipments are used in expansion on same terminal for convenience, comprise two processing layers in its peripheral hardware Drive Layer: peripheral hardware middleware layer and peripheral hardware hardware driving layer, described peripheral hardware middleware layer provides the function interface of a plurality of external equipments, call the function interface of corresponding external equipment according to the function call information that receives, the function interface that passes through to be called calls peripheral access function corresponding in the described peripheral hardware hardware driving layer, thus the corresponding external equipment hardware of visit.Here, the peripheral hardware middleware layer is embodied as a dynamic link library usually, this dynamic link library provides the function interface of a plurality of external equipments, during peripheral hardware application layer visit external equipment, call dynamic link library, and sending function call information to dynamic link library, this dynamic link library calls corresponding function interface according to the function call information that receives.
But, at external equipments such as U-KEY, scanner, Windows2000 system sound cards, NC such as RDP, ICA communications protocol does not propose the concrete norm how the Windows server calls the peripheral access function of NC as yet, therefore, the Windows server can't be visited external equipments such as U-KEY that NC connects, scanner, Windows2000 system sound card, can't realize the mapping of these external equipments to the Windows server.
In sum, existing NC communications protocol can not provide the function to server mappings for the external equipment that all NC may connect, and this will make server can't visit these external equipments, and the user can only use the external equipment that is connected server end.But for some external equipment, it uses meaning promptly to be to be connected on each user's the NC, if can not realize the mapping of this external equipment to server, will cause this external equipment to use.Such as: if use NC at finance, field of telecommunications, then the NC of each user's special use must connect U-KEY and realizes critical functions such as internet safe payment, online identity authentication, soft ware authorization use; But because U-KEY can't be mapped on the server when connecting NC, so U-KEY can't normally use, and U-KEY has important function at these special dimensions, makes finance, field of telecommunications be unsuitable for using the NC technology like this.As seen, existing realization NC external equipment can not satisfy the demand of NC to miscellaneous service field wide spread to the technology of server mappings, demands urgently providing a kind of technology can realize that more external equipments are from the mapping of NC to the Windows server.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method that realizes the external equipment mapping of network computer, can make the peripheral hardware application layer of server can visit the various external equipments that are connected on the NC, realize that various external equipments are from the mapping function of NC to server.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention discloses a kind of method that realizes the external equipment mapping of network computer, blocking module and redirected client modules are set under the peripheral hardware application layer of server; Redirect Server end module is set on the peripheral hardware Drive Layer of network computer NC; The process of the external equipment of the peripheral hardware application layer visit NC of server comprises:
A. the function call information of the visit NC external equipment that sends of blocking module intercept server peripheral hardware application layer and be sent to redirected client modules;
B. be redirected client modules the function call information that receives is sent to Redirect Server end module among the corresponding NC;
Redirect Server end module among the C.NC is according to the function call information that receives, and calls the peripheral access function in the peripheral hardware Drive Layer of NC, visits the external equipment that this NC connects.
Wherein, only comprise peripheral hardware hardware driving layer in the described peripheral hardware Drive Layer; In the steps A, the method that described blocking module is tackled described function call information is: the filtration drive module that described blocking module is configured to described peripheral hardware hardware driving layer by the framework of agreement regulation; When server peripheral hardware application layer is called the peripheral access function, function call information is sent to this blocking module.
Wherein, comprise in the described peripheral hardware Drive Layer: peripheral hardware middleware layer and peripheral hardware hardware driving layer; Described peripheral hardware middleware layer provides the dynamic link library that comprises all function interfaces; In the steps A, the method that described blocking module is tackled described function call information is: in blocking module, the dynamic link library that the dynamic link library that structure and described peripheral hardware middleware layer provide has like-identified, each function interface has identical sign in each function interface that comprises in the dynamic link library of being constructed and the peripheral hardware middleware layer, and uses the dynamic link library of being constructed to cover the dynamic link library that the peripheral hardware middleware layer in the server system catalogue provides; When server peripheral hardware application layer is called the peripheral access function, call the function interface in the dynamic link library of being constructed, function call information is sent to blocking module.
Among the step C, behind the peripheral access function in the described peripheral hardware Drive Layer of described Redirect Server end module invokes, this method further comprises: the peripheral hardware Drive Layer return function of NC calls the result and gives described Redirect Server end module, this Redirect Server end module returns to the function call result who receives described redirected client modules again, and this redirected client modules returns to the function call result who receives by described blocking module the peripheral hardware application layer of server.
Wherein, described redirected client modules is connected transfer function recalls information and function call result with Redirect Server end module by setting up network.
Among the step B, redirected client modules judges further which kind of operation is this function call information indicate after receiving this function call information, if external equipment is opened in described function call information indication, then be redirected the network that client modules sets up between self Redirect Server end module corresponding with this function call information and connect, by the network connection transfer function recalls information or the function call result of current foundation; If described function call information indication, then is redirected client modules and connects transfer function recalls information and function call result by the network of having set up except that opening external equipment and other operation of closing the external equipment external equipment; If external equipment is closed in described function call information indication, then be redirected client modules and connect the transfer function recalls information by the network of having set up, and, among the step C, redirected client modules further comprises after receiving the function call result of this function call information correspondence: discharge the described network of having set up and connect.
Among the step B, after described redirected client modules received function call information at every turn, the network of setting up between self Redirect Server end module corresponding with this function call information connected; Among the step C, after the each return function of described Redirect Server end module calls the result, further comprise: the network that discharges described current foundation connects.
Wherein, the described method of network connection of setting up is: described redirected client modules is created socket SOCKET, obtain the IP address of described Redirect Server end module, use the SOCKET that self creates, send network by the IP address that is obtained to the Redirect Server end and connect the request of foundation; Described Redirect Server end module is pre-created the SOCKET that is used to monitor, after this SOCKET that is used to monitor listens to from the network connection foundation request that is redirected client modules, the SOCKET that establishment is used to transmit, echo reply give and are redirected client modules, and network connects to be set up; The method that described releasing network connects is: described redirected client modules is closed the SOCKET that self creates, and disconnects network and connects; Described Redirect Server end module is closed the SOCKET that is used to transmit that self creates.
Among the step B, described redirected client modules is packaged into packet with described function call information, packaged packet is sent to described Redirect Server end module, the packet that this Redirect Server end module parses receives obtains described function call information again; Among the step C, described Redirect Server end module is packaged into packet with the function call result who receives, packaged packet is returned to described redirected client modules, this redirected client modules is resolved the packet that receives and is obtained the function call result again.
Wherein, described external equipment is: the sound card of authentication hardware U-KEY, scanner or the Windows2000 system of USB interface; Described server is the Windows server.
By such scheme as can be seen, key of the present invention is: blocking module and redirected client modules are set under the peripheral hardware application layer of server; Redirect Server end module is set on the peripheral hardware Drive Layer of NC; When the peripheral hardware application layer of server is visited the external equipment of NC, the function call information of the visit NC external equipment that described blocking module intercept server peripheral hardware application layer sends; Then, be redirected the Redirect Server end module that client modules is redirected to the function call information that receives far-end NC; At last, this Redirect Server end module is called peripheral access function in the local peripheral hardware Drive Layer according to function call information, thereby realizes the visit of the external equipment that server connects NC.
Therefore, the method for the external equipment mapping of realization NC provided by the present invention makes server can visit the various external equipments that NC connects, and realizes the function of external equipment to server mappings.Especially under the WBT pattern, realized the accessing operation of Windows server to the U-KEY of NC connection, thereby outside the external equipment mapping function of agreement regulation, expanded U-KEY from the function of NC, made the NC technology be extended to the special dimension such as finance, telecommunications of extensive use U-KEY to the Windows server mappings.And realization of the present invention is simple, needn't change to existing peripheral hardware application layer and peripheral hardware Drive Layer, and stability and operability all can reach higher level.
Description of drawings
Fig. 1 is a logical relation schematic diagram between each functional module and the processing layer in a preferred embodiment of the present invention;
Fig. 2 is the handling process schematic diagram of redirected client modules shown in Figure 1;
Fig. 3 is the handling process schematic diagram of Redirect Server end module shown in Figure 1;
Fig. 4 is the tunneling one instantiation schematic diagram that adopts when sending packet in the inventive method.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
The main design philosophy of the inventive method is: blocking module and redirected client modules are set under the peripheral hardware application layer of server; Redirect Server end module is set on the peripheral hardware Drive Layer of NC; The process of the external equipment of the peripheral hardware application layer visit NC of server comprises: described blocking module is tackled from the function call information of server peripheral hardware application layer and is sent to described redirected client modules; Then, this redirected client modules is sent to Redirect Server end module among the NC with function call information; At last, this Redirect Server end module is called the peripheral access function in the peripheral hardware Drive Layer of local NC according to this function call information, thereby visits the external equipment that this NC connects.
Be example with U-KEY below, the inventive method is described in detail.At first introduce each functional module that the present invention is correlated with and the logical relation between the processing layer.Fig. 1 is a logical relation schematic diagram between each functional module and the processing layer in a preferred embodiment of the present invention.Among Fig. 1, the module that oblique line is filled is the functional module that the present invention adds, and comprising: blocking module, redirected client modules, Redirect Server end module.Other processing unit then is existing and visit U-KEY relevant part, comprising: peripheral hardware application layer, peripheral hardware Drive Layer and U-KEY hardware; Wherein, the peripheral hardware application layer comprises: provide (CSP) interface based on the distinctive Microsoft's cryptographic service that is used to carry out authentication of the upper layer application of U-KEY and U-KEY, the peripheral hardware Drive Layer comprises: the peripheral hardware middleware layer is that U-KEY middleware layer and peripheral hardware hardware driving layer are U-KEY hardware driving layer.From Fig. 1 as seen, the processing of the inventive method relates to Windows server and NC, in the Windows server, the part relevant with visit U-KEY comprises from top to bottom successively: based on upper layer application, the CSP of Microsoft interface, blocking module, redirected client modules, U-KEY middleware and the U-KEY hardware driving layer of U-KEY; In NC, the part relevant with visit U-KEY comprises from top to bottom successively: Redirect Server end module, U-KEY middleware layer, U-KEY hardware driving layer and U-KEY hardware.Here, because the present invention mainly solves the problem that the server access external equipment occurs under the WBT pattern, therefore described server mainly refers to the Windows server.
At the Windows server end, in the prior art, can only visit the U-KEY that is connected this locality based on the upper layer application of U-KEY, the function call information of its transmission is handled via the CSP of Microsoft interface, U-KEY middleware layer successively, and the peripheral access function that calls then in the U-KEY hardware driving layer is operated U-KEY hardware.And the blocking module that the present invention increases can be intercepted and captured the function call information that the CSP of Microsoft interface mails to the U-KEY middleware layer originally, then it is transmitted to redirected client modules; Redirected client modules connects the Redirect Server end module that mails among the far-end NC with function call information again by network; This Redirect Server end module is called function interface corresponding in the local U-KEY middleware layer according to the function call information that receives, call peripheral access function in the local U-KEY hardware driving layer by this function interface, thereby to the U-KEY hardware that NC the connects operation that conducts interviews.Because blocking module has been intercepted and captured the function call information that mails to Windows server U-KEY middleware layer originally, the U-KEY middleware layer in the Windows server and U-KEY hardware driving layer will can not carry out any with visit the relevant processing of U-KEY.Obviously, whether are Windows server installation U-KEY middleware layer and U-KEY hardware driving layer software, all can not influence processing of the present invention.Therefore, with dashed lines identifies this U-KEY middleware layer and U-KEY hardware driving layer among Fig. 1, shows: U-KEY middleware layer and U-KEY hardware driving layer can be set in the Windows server, also U-KEY middleware layer and U-KEY hardware driving layer can be set.
According to above description to Fig. 1 as seen, the key of the inventive method is: one, use blocking module to come intercept server peripheral hardware application layer to mail to the function call information of server peripheral hardware Drive Layer; Two, adopt redirecting technique, by being redirected the Redirect Server end module that function call information that client modules intercepts blocking module is redirected to far-end NC, thereby can call peripheral access function in the local peripheral hardware Drive Layer of NC according to this function call information from server peripheral hardware application layer.
At the blocking module of one of above-mentioned key point, the invention provides the method that two kinds of blocking modules are realized interception:
One, when only comprising peripheral hardware hardware driving layer in the peripheral hardware Drive Layer of external equipment, blocking module should be arranged on this peripheral hardware hardware driving layer.At this moment, can realize this blocking module, be about to this blocking module and be configured to this filtration drive module by the filtration drive module of configuration peripheral hardware hardware driving layer.Described filtration drive module can receive all data from the peripheral hardware application layer, thereby can intercept the function call information from the peripheral hardware application layer.Wherein, this filtration drive modules configured is followed the framework of agreement regulation, proposed at present the standard framework of configurating filtered driver module at the Windows system such as: the protocol specification of Microsoft, so the concrete configuration principle of filtration drive module and process this paper do not describe.
Two, because, the external equipments such as solving U-KEY that has been mainly of the present invention can't be realized the problem to the mapping of Windows server from NC, therefore, at this external equipments that possesses the processing of peripheral hardware middleware layer such as U-KEY, the present invention also provides the implementation method of another kind of blocking module, the main thought of this method is the structure dynamic link library similar to the dynamic link library of peripheral hardware middleware layer in blocking module, and the dynamic link library of being constructed for the peripheral hardware application layer should be identical with the dynamic link library of peripheral hardware middleware layer.Because having only the sign of each function interface that comprises in the sign of dynamic link library and the dynamic link library is visible for the peripheral hardware application layer.Therefore, the present invention can construct the dynamic link library that has like-identified with the original dynamic link library of peripheral hardware middleware layer in blocking module, and in the dynamic link library of being constructed each function interface respectively with the dynamic link library of peripheral hardware middleware layer in each function interface have like-identified, in the server system catalogue, use the dynamic link library of being constructed to cover the dynamic link library of peripheral hardware middleware layer then.Like this, when server peripheral hardware application layer function call information is called the peripheral access function, though for server peripheral hardware application layer, the function interface that is still the peripheral hardware Drive Layer that calls, but what in fact call is the function interface that identifies identical blocking module with this function interface, thereby blocking module can successfully be intercepted and captured the function call information from the peripheral hardware application layer, and the program that need not externally to establish application layer is carried out any modification.Here, the purpose of blocking module is interception but not function is handled, so only possessing sign, each function interface in the dynamic link library of blocking module gets final product, function that needn't constructed fuction interface correspondence is handled, that is to say: what in fact comprise in the blocking module all is empty function interfaces, and as seen, the realization of blocking module of the present invention can't take too many processing resource, implement also and do not bother, needn't write too much code.
By as can be known noted earlier, another key point of the inventive method is exactly: be redirected the re-orientation processes between client modules and the Redirect Server end module.Below in conjunction with Fig. 2 and Fig. 3 described re-orientation processes is described in detail.
Fig. 2 is the handling process schematic diagram of redirected client modules shown in Figure 1.As shown in Figure 2, the concrete processing comprises:
Step 201: be redirected the function call information of client modules reception from blocking module.
Step 202: be redirected client modules and create the socket (SOCKET) that is used to carry out Network Transmission, comprise the IP address of Windows server, current self employed port address etc. when carrying out Network Transmission among this SOCKET, and the IP address that obtains the NC of this function call information correspondence by application programming interfaces (API) function that calls the RDP session.
Step 203: the SOCKET that creates in the redirected client modules use step 202, the IP address of 202 NC that obtained and this NC are used to monitor the port address transmission network connection foundation request that request is set up in the network connection set by step.Here, configuration NC is used to monitor the port address that network connects the request of foundation, each NC correspondence port address separately that the Windows server connects in being redirected client modules in advance.
Subsequently, the Redirect Server end module of NC will connect the request of foundation according to this network and determine whether to accept this request, and when accepting this request, create the SOCKET be used to transmit, and promptly distribute port address that NC is used to transmit etc., return replying that indication accepts to connect.Then, redirected client modules receives this and replys, and finishes network and connects the process of setting up.Described from Redirect Server end module to reply indication NC be the parameters such as port address that are used to transmit that the network of current foundation connect to distribute, can connect to Redirect Server end module by this network and transmit data thereby be redirected client modules.
In above-mentioned steps 202 and the step 203, be redirected and adopt the SOCKET technology to set up network between client modules and the Redirect Server end module to be connected, also can to adopt other technology to set up the network connection, here elaboration no longer one by one.Set up network about which kind of method of concrete employing and connect, the present invention does not limit.
Step 204: redirected client modules is packaged into packet with the function call information that receives and is saved to the transmission buffering area of self.Described function call information comprises: handle in system of function coding, U-KEY, function parameter etc.This step and above-mentioned steps 202 and step 203 are separate, therefore can with step 202 and step 203 executed in parallel.
Step 205: after network connection foundation is finished, be redirected client modules and read the packet of being preserved from sending buffering area, use the SOCKET that creates in the step 202, connect, the packet that is read is sent to Redirect Server end module among the NC by the network of having set up.
Here, be redirected client modules and send function call information to after the Redirect Server end module, this Redirect Server end module will be called peripheral access function in the peripheral hardware Drive Layer according to the function call information that receives, and finish the U-KEY access hardware is operated.But consider that the peripheral access function calls is usually with the function call result datas such as return value of return function execution result, peripheral access function, these function calls result also needs to return to the peripheral hardware application layer of Windows server, therefore further comprises after step 205:
Step 206: the SOCKET that is redirected the client modules wait and passes through to be created receives the packet from Redirect Server end module, the U-KEY middleware layer that has encapsulated NC in this packet calls the function call result who returns behind the peripheral access function according to the described function call information of step 204, and this function call is the result comprise: the return value of the execution result of peripheral access function and peripheral access function etc.
Step 207: be redirected client modules and resolve the packet that receives, obtain the described function call result of step 206, and this function call result returned to the CSP of Microsoft interface by blocking module, thereby the function call result of the described function call information correspondence of step 201 is returned to the peripheral hardware application layer of U-KEY; Simultaneously, redirected client modules is also closed from the SOCKET that creates in step 202, disconnect with the Redirect Server end between the network set up of step 203 be connected, finish this function call process.
Fig. 3 is the handling process schematic diagram of Redirect Server end module shown in Figure 1.As shown in Figure 3, the concrete processing comprises:
Step 301~step 302:NC start starts Redirect Server end module when powering on, the SOCKET1 that Redirect Server end module creation is used to monitor, with the port address binding of SOCKET1 and appointment, monitor the network connection foundation request that client modules mails to this port address that is redirected.
From the description of Fig. 2 as can be known, each NC of configuration is used to monitor the port address that network connects the request of foundation in being redirected client modules in advance, the described designated port of this step address is is redirected the current NC that disposes in the client modules and is used to monitor the destination interface address that network connects the request of foundation, thereby Redirect Server end module is monitored from the network that is redirected client modules and connected the request of foundation.
Step 303: listen to from after the network connection foundation request that is redirected client modules, the SOCKET2 that establishment is used to transmit, comprise the information such as port address that are used to transmit that client modules distributes that are redirected among this SOCKET2, return indication then and accept replying of this request, set up network with redirected client modules and be connected to redirected client modules.
Here, comprise the information such as port address that are used to transmit of SOCKET2 in described the replying, can send packet to Redirect Server end module according to this port address that is used to transmit thereby be redirected client modules.
Step 304: wait for and receive from the packet that is redirected client modules by SOCKET2.
Step 305: the packet that step 304 receives is resolved, obtain the function call information that encapsulates in this packet.
Step 306: resolve the function call information that obtains according to step 305 and call corresponding function interface in the local U-KEY middleware layer of NC, and then call peripheral access function in the local U-KEY hardware driving of the NC layer, to the U-KEY hardware that the is connected NC this locality operation that conducts interviews.
At this moment; though operation is finished for the U-KEY access hardware, considers that the execution of peripheral access function is also called the result with return function usually, this function call result also should return to Windows server peripheral hardware application layer; therefore after step 306, further carry out following steps:
Step 307: wait for and receive function call result, and will receive the function call result and be packaged into packet from the local U-KEY middleware layer of NC.
Step 308: use the SOCKET2 that is created, connect by the network of having set up, the packet that step 307 is encapsulated is sent to redirected client modules.
Step 309: close the SOCKET2 that is used to transmit that self creates, finish this function call process, return step 303, connect the request of foundation thereby continue to monitor from the network that is redirected client modules.
Among the described embodiment of Fig. 2 and Fig. 3, being redirected client modules with the working method that Redirect Server end module is adopted is: set up primary network at each peripheral access function calls function call information and be connected, and releasing network connects after each peripheral access function call finishes, be exactly specifically: redirected client modules whenever receives function call information, just create SOCKET, transmission network connection foundation request, and after receiving the function call result, close the SOCKET that is created, the network connection that disconnection has been set up; And Redirect Server end module whenever receives the network request of connect setting up, and just creates the SOCKET that is used to transmit, returns replying of this request, and behind the packet that has sent encapsulation function call result, close the SOCKET that this is used to transmit.Adopt this kind mode to make the network connective stability that is redirected between client modules and the Redirect Server end module higher, can guarantee the quality of data packet transmission.
Because the complete procedure of visit external equipment should be: from opening external equipment, then to external equipment except that opening external equipment and closing other operation the external equipment, to closing external equipment by this overall process, therefore be redirected client modules and can also adopt another working method: set up primary network at the complete procedure of visit external equipment and be connected with Redirect Server end module, setting up network when opening external equipment connects, use the network of having set up to be connected external equipment except that other when operation opening external equipment and closing external equipment, releasing network connects after closing external equipment, be exactly specifically: for being redirected client modules, it judges at first which kind of accessing operation is this function call information indicate after receiving function call information, when external equipment is opened in the function call information indication, create SOCKET, send network and connect the request of foundation, after receiving the function call result, keep SOCKET that is created and the network connection state of having set up constant; Open external equipment and close the external equipment other when operating when function call information indication removes external equipment, use the SOCKET that has created to connect and send function call information, after receiving the function call result, keep SOCKET that is created and the network connection state of having set up constant by the network of having set up; When external equipment is closed in function call information indication, use the SOCKET that has created to connect and send function call information by the network of having set up, after receiving the function call result, close the SOCKET that created, disconnect the network of having set up and connect.For Redirect Server end module, whenever receiving network connects when setting up request, just create the SOCKET that is used to transmit, return and accept replying of this request, after returning the function call result and network connection disconnection who indicates the peripheral access function of closing external equipment, close the SOCKET that is used to transmit that is created.
In addition, in order to realize encapsulation to function call information and function call result, can predesignate tunneling, this agreement can comprise two parts: from being redirected client modules to the up agreement of Redirect Server end module direction and the descending protocol from Redirect Server end module to redirected client modules direction.Then when the tansfer function recalls information, redirected client modules is pressed this up protocol analysis packet at first by up protocol encapsulation packet when the Redirect Server termination is received packet then; And when tansfer function called as a result, Redirect Server end module was redirected client modules then and by this descending protocol the packet that receives is resolved at first by descending protocol encapsulation packet.Wherein, the concrete regulation mode of described up agreement and descending protocol has multiple, thereby purpose all is to make the receiving terminal of data to use correct parameter to operate by a series of data represented which kind of implication that the identification of agreement regulation receives.Below in conjunction with Fig. 4 the concrete regulation mode of described up agreement and descending protocol is illustrated.
Fig. 4 is the tunneling one instantiation schematic diagram that adopts when sending packet in the inventive method.Owing to comprise to the function call information that the NC direction sends from the Window server: function coding, U-KEY handle, the function system encoded, should be sent the function parameter of peripheral access function etc. to, therefore, descending protocol has been stipulated the field at various function call information place in packet.As shown in Figure 4, descending protocol has stipulated that the data that begin to comprise successively from first byte in the descending protocol packet of encapsulation function call information are respectively: data packet length, function coding, U-KEY handle and this three kinds of data system all take 4 bytes, remainder bytes is then for sending the function parameter of peripheral access function to, and its shared byte number is according to different peripheral access functions and different.In like manner, because the function call result who upwards sends from NC to the Windows server side comprises: the return value of the execution result of peripheral access function, peripheral access function etc., therefore, up agreement has been stipulated the field at various function call results place in packet.As shown in Figure 4, up agreement has been stipulated to have encapsulated the data that begin to comprise successively from first byte in function call result's the up protocol data bag and has been respectively: the execution result of data packet length, peripheral access function and this two kinds of data all take 4 bytes, remainder bytes then is the return value of peripheral access function, and its shared byte number is according to different peripheral access function and different.Here, about the concrete regulation mode of up agreement and descending protocol, the present invention does not limit, and this paper no longer describes other concrete regulation mode of up agreement and descending protocol.
According to above description as seen, the inventive method can make the U-KEY hardware that arrives far-end NC connection in the Windows server based on the upper layer application successful access of U-KEY, thereby realizes that U-KEY is from the mapping of NC to the Windows server.When the user uses U-KEY, at first on NC, insert U-KEY, after NC had detected new hardware insertion, the peripheral hardware Drive Layer of self loaded this U-KEY hardware; When the user capture page relevant with the authentication of U-KEY as: during the login website of bank, the U-KEY peripheral hardware application layer software of Windows server is by blocking module of the present invention, redirected client modules, Redirect Server module, call the peripheral access function in the local peripheral hardware Drive Layer of NC, this U-KEY is carried out operations such as authentication.Such as: whether user name, password of judging this U-KEY etc. be correct, if then allow the relevant page of user capture authentication current and U-KEY; Otherwise forbid the relevant page of user capture authentication current and U-KEY.
In addition, the inventive method can realize the mapping function of other external equipments equally, such as: external equipments such as scanner, sound card.Wherein, the front has been described the mode that blocking module is realized interception in detail, and the mode of this realizations interception is applicable to any external equipment, and blocking module is tackled the implementation procedure of function call information when therefore no longer describing the present invention here and being applied to other external equipment.When the present invention is applied to other external equipment, be redirected the redirection process between client modules and the Redirect Server end module, can employing and Fig. 2 and the described essentially identical method of Fig. 3 handle, different is that some external equipment may not possess the peripheral hardware middleware layer; But this does not influence blocking module that the present invention increases, is redirected the processing of client modules and Redirect Server end module on the prior art basis, the processing of only relevant peripheral hardware middleware layer needn't be carried out, by Redirect Server end module directly and peripheral hardware hardware driving layer carry out communication, can realize goal of the invention equally; Therefore, this paper also is not described in detail the redirection process that is redirected between client modules and the Redirect Server end module.After using the inventive method, the embedded in advance sound card of the mainboard of NC, the peripheral hardware Drive Layer of NC loads this sound card hardware; The user is during by the playing sound of Windows server, the sound card peripheral hardware application layer software of Windows server is by the peripheral access function in blocking module of the present invention, redirected client modules, local this sound card peripheral hardware Drive Layer of Redirect Server end module invokes NC, this sound card is operated, made the user can use this sound card file that plays sound at NC end.
In sum, use the inventive method, server can successful access be connected the various external equipments on the NC, realizes that external equipment is from the mapping of NC to server.What deserves to be mentioned is, the present invention has realized that U-KEY is from the mapping function of NC to the Windows server under the WBT pattern, be that the useful of existing NC communications protocol replenished, make NC become possibility, greatly expanded the development space of NC technology in the application of special dimensions such as finance, telecommunications.Simultaneously, the present invention realizes simply, stablizes, operability is stronger, the method for a kind of preferable realization external equipment mapping of can yet be regarded as.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.All any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (10)
1, a kind of method that realizes the external equipment mapping of network computer is characterized in that, blocking module and redirected client modules are set under the peripheral hardware application layer of server; Redirect Server end module is set on the peripheral hardware Drive Layer of network computer NC; The process of the external equipment of the peripheral hardware application layer visit NC of server comprises:
A. the function call information of the visit NC external equipment that sends of blocking module intercept server peripheral hardware application layer and be sent to redirected client modules;
B. be redirected client modules the function call information that receives is sent to Redirect Server end module among the corresponding NC;
Redirect Server end module among the C.NC is according to the function call information that receives, and calls the peripheral access function in the peripheral hardware Drive Layer of NC, visits the external equipment that this NC connects.
2, method according to claim 1 is characterized in that, only comprises peripheral hardware hardware driving layer in the described peripheral hardware Drive Layer;
In the steps A, the method that described blocking module is tackled described function call information is:
Described blocking module is configured to the filtration drive module of described peripheral hardware hardware driving layer by the framework of agreement regulation; When server peripheral hardware application layer is called the peripheral access function, function call information is sent to this blocking module.
3, method according to claim 1 is characterized in that, comprises in the described peripheral hardware Drive Layer: peripheral hardware middleware layer and peripheral hardware hardware driving layer; Described peripheral hardware middleware layer provides the dynamic link library that comprises all function interfaces;
In the steps A, the method that described blocking module is tackled described function call information is:
In blocking module, the dynamic link library that the dynamic link library that structure and described peripheral hardware middleware layer provide has like-identified, each function interface has identical sign in each function interface that comprises in the dynamic link library of being constructed and the peripheral hardware middleware layer, and uses the dynamic link library of being constructed to cover the dynamic link library that the peripheral hardware middleware layer in the server system catalogue provides; When server peripheral hardware application layer is called the peripheral access function, call the function interface in the dynamic link library of being constructed, function call information is sent to blocking module.
4, method according to claim 1, it is characterized in that, among the step C, behind the peripheral access function in the described peripheral hardware Drive Layer of described Redirect Server end module invokes, this method further comprises: the peripheral hardware Drive Layer return function of NC calls the result and gives described Redirect Server end module, this Redirect Server end module returns to the function call result who receives described redirected client modules again, and this redirected client modules returns to the function call result who receives by described blocking module the peripheral hardware application layer of server.
5, method according to claim 4 is characterized in that, described redirected client modules is connected transfer function recalls information and function call result with Redirect Server end module by setting up network.
6, method according to claim 5 is characterized in that, among the step B, redirected client modules judges further which kind of operation is this function call information indicate after receiving this function call information,
If external equipment is opened in described function call information indication, then be redirected the network that client modules sets up between self Redirect Server end module corresponding with this function call information and connect, by the network connection transfer function recalls information or the function call result of current foundation;
If described function call information indication, then is redirected client modules and connects transfer function recalls information and function call result by the network of having set up except that opening external equipment and other operation of closing the external equipment external equipment;
If external equipment is closed in described function call information indication, then be redirected client modules and connect the transfer function recalls information by the network of having set up, and, among the step C, redirected client modules further comprises after receiving the function call result of this function call information correspondence: discharge the described network of having set up and connect.
7, method according to claim 5 is characterized in that, among the step B, after described redirected client modules received function call information at every turn, the network of setting up between self Redirect Server end module corresponding with this function call information connected;
Among the step C, after the each return function of described Redirect Server end module calls the result, further comprise: the network that discharges described current foundation connects.
8, according to claim 6 or 7 described methods, it is characterized in that, the described method of network connection of setting up is: described redirected client modules is created socket SOCKET, obtain the IP address of described Redirect Server end module, use the SOCKET that self creates, send network by the IP address that is obtained to the Redirect Server end and connect the request of foundation;
Described Redirect Server end module is pre-created the SOCKET that is used to monitor, after this SOCKET that is used to monitor listens to from the network connection foundation request that is redirected client modules, the SOCKET that establishment is used to transmit, echo reply give and are redirected client modules, and network connects to be set up;
The method that described releasing network connects is: described redirected client modules is closed the SOCKET that self creates, and disconnects network and connects; Described Redirect Server end module is closed the SOCKET that is used to transmit that self creates.
9, according to each described method of claim 2 to 4, it is characterized in that, among the step B, described redirected client modules is packaged into packet with described function call information, packaged packet is sent to described Redirect Server end module, the packet that this Redirect Server end module parses receives obtains described function call information again;
Among the step C, described Redirect Server end module is packaged into packet with the function call result who receives, packaged packet is returned to described redirected client modules, this redirected client modules is resolved the packet that receives and is obtained the function call result again.
10, according to each described method of claim 1 to 4, it is characterized in that described external equipment is: the sound card of authentication hardware U-KEY, scanner or the Windows2000 system of USB interface; Described server is the Windows server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100598444A CN100505734C (en) | 2005-03-31 | 2005-03-31 | Method for realizing external device mapping of network computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100598444A CN100505734C (en) | 2005-03-31 | 2005-03-31 | Method for realizing external device mapping of network computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1842073A CN1842073A (en) | 2006-10-04 |
| CN100505734C true CN100505734C (en) | 2009-06-24 |
Family
ID=37030917
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100598444A Active CN100505734C (en) | 2005-03-31 | 2005-03-31 | Method for realizing external device mapping of network computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100505734C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109982121A (en) * | 2019-03-28 | 2019-07-05 | 烽火通信科技股份有限公司 | A kind of set-top box, cloud virtual system and device redirection method |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102104553A (en) * | 2009-12-16 | 2011-06-22 | 浙江省公众信息产业有限公司 | Instant message response system and method based on ActiveX control |
| CN101951361B (en) * | 2010-07-30 | 2013-04-24 | 北京握奇数据系统有限公司 | Method for accessing intelligent card and server |
| CN102752412B (en) * | 2012-07-04 | 2015-07-01 | 深圳市京华科讯科技有限公司 | Port mapping method and port mapping system under wide area network (WAN) environment |
| CN103051716A (en) * | 2012-12-25 | 2013-04-17 | 中标软件有限公司 | Method and system for redirecting network-oriented serial device |
| CN103425922B (en) * | 2013-08-14 | 2016-12-28 | 广州尚融网络科技有限公司 | The method and system of far-end encryption instruction are obtained based on CSP |
| CN105404503A (en) * | 2015-10-22 | 2016-03-16 | 成都卫士通信息产业股份有限公司 | Method for supporting multiple terminals to remotely access to intelligent card in parallel |
| CN109656757B (en) * | 2018-11-20 | 2022-03-15 | 广东微云科技股份有限公司 | Intelligent diagnosis method for redirection problem of USB (universal serial bus) equipment |
| CN112463897B (en) * | 2020-10-14 | 2023-06-02 | 麒麟软件有限公司 | Method and system for redirecting positioning data |
| CN112733091A (en) * | 2020-12-31 | 2021-04-30 | 北京深思数盾科技股份有限公司 | Control method and device for accessing external equipment by application program |
| CN112925591A (en) * | 2021-01-25 | 2021-06-08 | 北京房江湖科技有限公司 | Method and device for intercepting call routing method |
-
2005
- 2005-03-31 CN CNB2005100598444A patent/CN100505734C/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109982121A (en) * | 2019-03-28 | 2019-07-05 | 烽火通信科技股份有限公司 | A kind of set-top box, cloud virtual system and device redirection method |
| CN109982121B (en) * | 2019-03-28 | 2021-07-06 | 烽火通信科技股份有限公司 | Set top box, cloud virtual system and equipment redirection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1842073A (en) | 2006-10-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100505734C (en) | Method for realizing external device mapping of network computer | |
| KR100723006B1 (en) | Method for registering a user on an internet-type network directory server and/or for locating a user on said network, and smart card therefor | |
| US8099456B2 (en) | Application programming interface for implementing directory service access using directory service markup language | |
| KR100791946B1 (en) | Safe terminal provided with a smart card reader designed to communicate with a server via an internet-type network | |
| KR100778322B1 (en) | Method for managing multimedia data transmission via internet and smart card therefor | |
| AU776016B2 (en) | System for accessing an object using a "web" browser co-operating with a smart card | |
| KR100886137B1 (en) | Method for loading a software component in a smart card, in particular applet | |
| US5623600A (en) | Virus detection and removal apparatus for computer networks | |
| US6665701B1 (en) | Method and system for contention controlled data exchange in a distributed network-based resource allocation | |
| US7448071B2 (en) | Dynamic downloading of keyboard keycode data to a networked client | |
| US20140366109A1 (en) | Secure messaging facility system | |
| EP1419637B1 (en) | A method and system for providing a web service for a plurality of web domains sharig a single IP address | |
| CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
| JP4293729B2 (en) | Chip card reader long-distance communication terminal | |
| US7039952B2 (en) | Using patterns to perform personal identification data substitution | |
| US7003797B2 (en) | Secure personal identification number entry in a distributed network | |
| CN108279855A (en) | A method of read-write storage device | |
| Lu et al. | A new secure communication framework for smart cards | |
| US20080022387A1 (en) | Firewall penetrating terminal system and method | |
| CN115603962A (en) | Data resource access method, gateway and storage medium | |
| WO2003069475A2 (en) | A plug-in api for modular network transaction processing | |
| CN114721988A (en) | Method and system for realizing USB peripheral drive proxy and monitoring audit | |
| US20020083180A1 (en) | Method for actuating network linking to internet from distant end | |
| WO2006018595A1 (en) | Improved communications device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |