CN105744555B - A kind of terminal maintenance method, maintenance device and NM server - Google Patents
A kind of terminal maintenance method, maintenance device and NM server Download PDFInfo
- Publication number
- CN105744555B CN105744555B CN201410767645.8A CN201410767645A CN105744555B CN 105744555 B CN105744555 B CN 105744555B CN 201410767645 A CN201410767645 A CN 201410767645A CN 105744555 B CN105744555 B CN 105744555B
- Authority
- CN
- China
- Prior art keywords
- terminal
- maintenance device
- server
- mark
- connection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The embodiment of the invention discloses a kind of terminal maintenance method, maintenance device and NM servers, wherein the described method includes: maintenance device sends connection certification request to NM server, so that the NM server verifies the legitimacy of the maintenance device;When verification result is legal, the mark of first terminal is sent to the NM server by the maintenance device, so that the maintenance device is arranged to the connection management permission of the first terminal in the NM server;The maintenance device is attached and manages control to the first terminal based on set connection management permission.Using the present invention, maintenance process can be made to become more convenient, and save the time.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of terminal maintenance methods, maintenance device and network manager service
Device.
Background technique
Due to the mobility of mobile terminal, so the physical location of mobile terminal can often change, or even can be in the whole world
It is moved in range, such as: smart phone, car-mounted terminal, Shipborne terminal, this will bring greatly tired to the maintenance of mobile terminal
It is difficult.Conventional maintenance method is frequently necessary to maintenance personnel's on-site maintenance or returns factory repair after removing, when maintenance personnel's distance is tieed up
When the live distant or faulty equipment of shield is distant from producer, maintenance duration will be all greatly increased, so that maintenance process is inadequate
It is convenient, not enough save the time.
Summary of the invention
The embodiment of the present invention provides a kind of terminal maintenance method, maintenance device and NM server, can make to safeguard
Journey becomes more convenient, and saves the time.
First aspect present invention provides a kind of terminal maintenance method, comprising:
Maintenance device sends connection certification request to NM server, so that the NM server verifies the maintenance dress
The legitimacy set;
When verification result is legal, the mark of first terminal is sent to the NM server by the maintenance device,
So that the maintenance device is arranged to the connection management permission of the first terminal in the NM server;
The maintenance device is attached and manages control to the first terminal based on set connection management permission.
In the first possible implementation, the maintenance device is based on set connection management permission to described
One terminal is attached and manages control, comprising:
The maintenance device receives the Connecting quantity for the first terminal that the NM server is sent, and according to described
Connecting quantity sends connection request to the first terminal;
The maintenance device receives the connection response that the first terminal returns, to establish the connection with the first terminal
Relationship;
The maintenance device sends management control command to the first terminal, so that the first terminal responds the pipe
Manage control command.
With reference to first aspect or the first possible implementation of first aspect, in second of possible implementation
In, further includes:
The maintenance device generates mass-sending administration order, and obtains the mark of multiple second terminals;
The mark of the multiple second terminal and mass-sending administration order are sent to the network management and taken by the maintenance device
Business device, so that the mass-sending administration order is sent to the multiple second terminal by the NM server, to the multiple
Second terminal is managed control.
Second aspect of the present invention provides a kind of terminal maintenance method, comprising:
NM server receives the connection certification request that maintenance device is sent, and verifies institute according to the connection certification request
State the legitimacy of maintenance device;
When verification result is legal, the NM server receives the mark for the first terminal that the maintenance device is sent
Know,
And the maintenance device is arranged to the connection management permission of the first terminal according to the mark of the first terminal,
So that the maintenance device is attached and manages control to the first terminal based on set connection management permission.
In the first possible implementation, described that the maintenance device pair is arranged according to the mark of the first terminal
The connection management permission of the first terminal, so that the maintenance device is based on set connection management permission to described first
Terminal is attached and manages control, comprising:
The NM server sends security policy information to the first terminal according to the mark of the first terminal, with
Make the first terminal that the maintenance device be arranged according to the security policy information to weigh the connection management of the first terminal
Limit;
The NM server obtains the Connecting quantity of the first terminal according to the mark of the first terminal;
The NM server sends the Connecting quantity of the first terminal to the maintenance device, so that the maintenance fills
It sets and is established a connection according to the Connecting quantity and the first terminal, and based on the connection management permission to described first
Terminal is managed control;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device.
In conjunction with the possible implementation of the first of second aspect or second aspect, in second of possible implementation
In, further includes:
The NM server receives the mark of mass-sending administration order and multiple second terminals that the maintenance device is sent
Know;
The NM server to it is described mass-sending administration order and the multiple second terminal mark validity into
Row verifying;
It is described when the mark for verifying the mass-sending administration order and the multiple second terminal all has validity
The mass-sending administration order is sent to the multiple second terminal by NM server, to carry out pipe to the multiple second terminal
Reason control.
Third aspect present invention provides a kind of maintenance device, comprising:
Sending module is authenticated, for sending connection certification request to NM server, so that the NM server is verified
The legitimacy of the maintenance device;
Sending module is identified, for the mark of first terminal being sent to the network management and is taken when verification result being legal
Business device, so that the maintenance device is arranged to the connection management permission of the first terminal in the NM server;
Connection management module, for the first terminal to be attached and managed based on set connection management permission
Control.
In the first possible implementation, the connection management module includes:
Connection unit, for receiving the Connecting quantity for the first terminal that the NM server is sent, and according to institute
It states Connecting quantity and sends connection request to the first terminal;
The connection unit is also used to receive the connection response that the first terminal returns, to establish with described first eventually
The connection relationship at end;
Management control unit, for sending management control command to the first terminal, so that the first terminal responds
The management control command.
In conjunction with the possible implementation of the first of the third aspect or the third aspect, in second of possible implementation
In, further includes:
It generates and obtains module, for generating mass-sending administration order, and obtain the mark of multiple second terminals;
Command sending module is mass-sended, for the mark of the multiple second terminal and mass-sending administration order to be sent to institute
NM server is stated, so that the mass-sending administration order is sent to the multiple second terminal by the NM server, with right
The multiple second terminal is managed control.
Fourth aspect present invention provides a kind of NM server, comprising:
Receiving module is authenticated, is asked for receiving the connection certification request of maintenance device transmission, and according to connection certification
Seek the legitimacy for verifying the maintenance device;
Receiving module is identified, for receiving the first terminal that the maintenance device is sent when verification result is legal
Mark;
The maintenance device is arranged to the company of the first terminal for the mark according to the first terminal in setup module
Administration authority is connect, so that the maintenance device is attached and is managed to the first terminal based on set connection management permission
Reason control.
In the first possible implementation, the setup module includes:
Policy information transmission unit, for sending security policy information to described first according to the mark of the first terminal
Terminal, so that connection of the maintenance device to the first terminal is arranged according to the security policy information in the first terminal
Administration authority;
Connecting quantity acquiring unit, the connection for obtaining the first terminal for the mark according to the first terminal are joined
Number;
Connecting quantity transmission unit, for sending the Connecting quantity of the first terminal to the maintenance device, so that institute
It states maintenance device to be established a connection according to the Connecting quantity and the first terminal, and is based on the connection management permission pair
The first terminal is managed control;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device.
In conjunction with the possible implementation of the first of fourth aspect or fourth aspect, in second of possible implementation
In, further includes:
Command id receiving module, for receiving the mass-sending administration order and multiple second of the maintenance device transmission eventually
The mark at end;
Validation verification module, for the effective of the mark to the mass-sending administration order and the multiple second terminal
Property is verified;
Command sending module, for equal when verifying the mark for mass-sending administration order and the multiple second terminal
When with validity, the mass-sending administration order is sent to the multiple second terminal, with to the multiple second terminal into
Row management control.
Therefore maintenance device is authenticated by NM server, and after certification passes through, it can be by safeguarding people
Member by maintenance device is managed control to first terminal, and maintenance personnel is made to no longer need to maintenance scene safeguard, also without
Factory repair is returned again after first terminal need to being removed, so that maintenance process be made to become more convenient, and saves the time.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of terminal maintenance method provided in an embodiment of the present invention;
Fig. 2 is the flow diagram of another terminal maintenance method provided in an embodiment of the present invention;
Fig. 3 is a kind of time diagram of terminal maintenance method provided in an embodiment of the present invention;
Fig. 4 is the time diagram of another terminal maintenance method provided in an embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram of maintenance device provided in an embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram of connection management module provided in an embodiment of the present invention;
Fig. 7 is a kind of structural schematic diagram of NM server provided in an embodiment of the present invention;
Fig. 8 is a kind of structural schematic diagram of setup module provided in an embodiment of the present invention;
Fig. 9 is the structural schematic diagram of another maintenance device provided in an embodiment of the present invention;
Figure 10 is the structural schematic diagram of another NM server provided in an embodiment of the present invention;
Figure 11 is a kind of structural schematic diagram of terminal maintenance system provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
The maintenance device involved by the embodiment of the present invention can be terminal used in maintenance personnel, it can use
In the terminal of maintenance;NM server involved by the embodiment of the present invention can be the back-stage management service of a certain Terminal Type
Device for example, the car-mounted terminal of a certain type may be coupled to the same NM server, and is managed collectively by NM server
The mark of each car-mounted terminal, location information etc.;The first terminal involved by the embodiment of the present invention and described more
The terminal that a second terminal all can be need to be maintained, the first terminal and the multiple second terminal be with it is described
The terminal that NM server has connection relationship and is managed by the NM server.
It referring to Figure 1, is a kind of flow diagram of terminal maintenance method provided in an embodiment of the present invention, the method can
To include:
S101, maintenance device send connection certification request to NM server, so that described in NM server verifying
The legitimacy of maintenance device;
Specifically, the maintenance device can remotely connect the NM server of certain system by internet, in the dimension
Before protection unit and the NM server establish a connection, the maintenance device can first send connection certification request to institute
State NM server, the connection certification request carries the mark of the maintenance device, and the mark of the maintenance device can be with
Equipment Serial Number, user account including the maintenance device etc., the NM server can be according to the maintenance devices
Identity verification described in maintenance device legitimacy, that is, verify the legitimacy of the corresponding user of the maintenance device.Optionally, may be used
It include multiple in the legal terminal list with legitimacy to store legal terminal list in the NM server in advance
Maintenance device mark.The NM server can detecte the connection when verifying the legitimacy of the maintenance device
The entrained maintenance device identifies whether that there are in the legal terminal list in certification request, and if it exists, then authenticates
Pass through, otherwise authentification failure.Wherein, when the NM server, which verifies the maintenance device, has legitimacy, the net
Pipe server can establish a connection with the maintenance device, allow the maintenance device that the NM server is added
The mobile network at place.Wherein, the NM server can use common any authentication techniques, and the present invention does not do this
It limits.
S102, when verification result is legal, the mark of first terminal is sent to the network management and taken by the maintenance device
Business device, so that the maintenance device is arranged to the connection management permission of the first terminal in the NM server;
Specifically, illustrate that the maintenance device has a legitimacy when verification result is legal, the maintenance device can be with
It is successfully established connection relationship with the NM server, is sent at this point, the maintenance device can receive the NM server
Online terminal list, the online terminal list may include multiple having connection relationship with the NM server and being in
The mark of the terminal of presence, for example, if the NM server is the background server in certain vehicle netbios, institute
The mark for stating multiple terminals in online terminal list can be the mark of multiple car-mounted terminals being currently running.The maintenance dress
It sets described in receiving after line terminal list, the maintenance device can obtain and the network manager service from online terminal list
Device has the mark of the first terminal of connection relationship.Maintenance personnel can also input what needs were maintained on the maintenance device
The information of terminal, at this point, the maintenance device can be obtained from the information for the terminal that the needs that maintenance personnel inputs are maintained
The mark of the first terminal.The mark of first terminal can be sequence number or IMSI (International Mobile
Subscriber Identification Number, international mobile subscriber identity) or media access control (Media
Access Control, abbreviation MAC) address etc..
The maintenance device can send out the mark of the first terminal after the mark for getting the first terminal
It send to the NM server.After the NM server receives the mark of the first terminal, the NM server
Security policy information can be sent to the first terminal, the first terminal is received and respond the maintenance dress
Set the connection request and management control command of transmission, that is, institute can be arranged according to the security policy information in the first terminal
Maintenance device is stated to the connection management permission of the first terminal.The security policy information may include the maintenance device
Mark and the connection management permission, the security policy information can be based on accesses control list (Access
Control List, abbreviation ACL) or the customized command format of system, realize the maintenance device to the first terminal
Connection management permission.
S103, the maintenance device are attached and are managed to the first terminal based on set connection management permission
Control;
Specifically, the maintenance device can receive the connection ginseng for the first terminal that the NM server is sent
Number, generates and sends connection request to the first terminal further according to the Connecting quantity.The Connecting quantity is by the net
For pipe server according to accessed by the mark of the first terminal, the Connecting quantity may include the ground of the first terminal
The mobile communication information such as location, port, IMSI number.
The maintenance device receives the connection response that the first terminal returns again, to establish the company with the first terminal
Connect relationship.Wherein, the connection type of the maintenance device and the first terminal may include: that Telnet (assist by remote terminal
View), containment agreement (Secure Shell, abbreviation SSH), Web (internet) or other modes.The connection response is by institute
It is generated based on the connection management permission to state first terminal.
After the maintenance device and the first terminal establish connection relationship, the maintenance device can send management
Control command is to the first terminal with the maintenance device with connection relationship, so that the first terminal is according to the connecting tube
It manages permission and responds the management control command, the maintenance device obtains and shows that the first terminal controls the management and orders
The command response message of order, the command response message may include the fault message, configuration information, log of the first terminal
Information etc..
Optionally, when the NM server detects that the maintenance device actively exits or exception exits the network management clothes
Be engaged in mobile network where device when, the NM server can send the order for cancelling security policy information to described the
One terminal, so that the first terminal can cancel the maintenance device to the connection management permission of the first terminal, to prevent
Only illegal control of the other users to the first terminal.Wherein, the case where exception exits may include: when the maintenance
When the duration that device is not managed control to the first terminal is more than preset duration threshold value, the NM server control
The maintenance device exits the mobile network where the NM server.
The method provided in an embodiment of the present invention not only may include the maintenance described in above-mentioned S101 to S103
For device to the point-to-point monitor model of the first terminal, the method can also include following maintenance device to multiple the
The point-to-multipoint monitor model of two terminals.Specifically, the method also includes:
The maintenance device generates mass-sending administration order, and obtains the mark of multiple second terminals;
The mark of the multiple second terminal and mass-sending administration order are sent to the network management and taken by the maintenance device
Business device, so that the mass-sending administration order is sent to the multiple second terminal by the NM server, to the multiple
Second terminal is managed control;
Specifically, mass-sending administration order can be generated in the maintenance device, the mass-sending administration order can be multicast side
The management control command that formula is sent, the more parts of management control commands that can also be sent with mode of unicast.The maintenance device obtains institute
The mode for stating the mark of multiple second terminals is identical as the mode for the mark that the maintenance device obtains the first terminal;It can be with
It is obtained from the online terminal list that the NM server provides, the end that can also be maintained from the needs that maintenance personnel inputs
The mark that the multiple second terminal is obtained in the information at end, is not discussed here.
The maintenance device, can be by the multiple second terminal after the mark for getting the multiple second terminal
Mark and mass-sending administration order be sent to the NM server together.The NM server verifies the multiple
When the mark of two terminals and the mass-sending administration order all have validity, the NM server can be to the multiple
Two terminals send the mass-sending administration order, so that each second terminal is parsed and rung to the mass-sending administration order respectively
Answer command operation.
Further, the maintenance device can also receive and show that each second terminal responds the mass-sending administration order
The command response result returned.The command response result may include fault message, configuration information, log information etc..
The point-to-point monitor model is suitable for detecting the terminal that some needs is maintained, reconfigure
Operation, the point-to-multipoint monitor model are suitable for carrying out identical configuration, detection to multiple terminals for needing to be maintained
Deng operation.
Therefore maintenance device is authenticated by NM server, and after certification passes through, it can be by safeguarding people
Member by maintenance device is managed control to first terminal, and maintenance personnel is made to no longer need to maintenance scene safeguard, also without
Factory repair is returned again after first terminal need to being removed, so that maintenance process be made to become more convenient, and saves the time;Meanwhile
Maintenance personnel can control first terminal without the device password and address for knowing first terminal, and maintenance personnel
Assistance without network administrator can control first terminal, to further improve maintenance efficiency;The dimension
Protection unit can also carry out identical attended operation to multiple second terminals simultaneously by the NM server, and this mode is more
It is to effectively improve maintenance efficiency.
Fig. 2 is referred to again, is the flow diagram of another terminal maintenance method provided in an embodiment of the present invention, the side
Method may include:
S201, NM server receive the connection certification request that maintenance device is sent, and according to the connection certification request
Verify the legitimacy of the maintenance device;
Specifically, the maintenance device can remotely connect the NM server of certain system by internet, in the dimension
Before protection unit and the NM server establish a connection, the NM server can receive what maintenance device was sent to
Connect certification request, the connection certification request carries the mark of the maintenance device, and the mark of the maintenance device can be with
Equipment Serial Number, user account including maintenance device etc., the NM server can be according to the marks of the maintenance device
Know the legitimacy for verifying the maintenance device, that is, verifies the legitimacy of the corresponding user of the maintenance device.It is alternatively possible to pre-
Legal terminal list is first stored in the NM server, includes multiple dimensions with legitimacy in the legal terminal list
The mark of protection unit.The NM server can detecte the connection certification when verifying the legitimacy of the maintenance device
The entrained maintenance device identifies whether that there are in the legal terminal list in request, and if it exists, then certification passes through,
Otherwise authentification failure.Wherein, when the NM server, which verifies the maintenance device, has legitimacy, the network manager service
Device can establish a connection with the maintenance device, and the maintenance device is added where the NM server
Mobile network.Wherein, the NM server can use common any authentication techniques, and which is not limited by the present invention.
S202, when verification result is legal, the NM server receives the maintenance device that the maintenance device is sent
Mark;
Specifically, the maintenance device is successfully built with the NM server when the maintenance device has legitimacy
Vertical connection relationship, at this point, to can receive the maintenance device getting with the network manager service utensil for the NM server
There is the mark of the first terminal of connection relationship.The NM server is in the first terminal for receiving the maintenance device transmission
Mark before, the NM server can first send online terminal list to the maintenance device, the online terminal column
Table may include the mark of multiple terminals for having connection relationship with the NM server and being online, for example, if
The NM server is the background server in certain vehicle netbios, then multiple terminals in the online terminal list
Mark can be the mark of multiple car-mounted terminals being currently running.The maintenance device receive it is described after line terminal list,
The maintenance device can obtain the first terminal for having connection relationship with the NM server from online terminal list
Mark.Maintenance personnel can also input the information for needing the terminal being maintained on the maintenance device, at this point, the maintenance fills
Set the mark that the first terminal can be obtained from the information for the terminal that the needs that maintenance personnel inputs are maintained.First terminal
Mark can be sequence number or IMSI or media access control address etc..The maintenance device is getting described first eventually
After the mark at end, the NM server can receive the mark for the first terminal that the maintenance device is sent.
S203 is arranged the maintenance device according to the mark of the first terminal and weighs to the connection management of the first terminal
Limit, so that the maintenance device is attached and manages control to the first terminal based on set connection management permission;
Specifically, be legal in verification result, and after the NM server receives the mark of the first terminal,
The NM server can send security policy information to the first terminal, so that institute according to the mark of the first terminal
Stating first terminal can receive and respond connection request and management control command that the maintenance device is sent, that is, described first
The maintenance device is arranged to the connection management permission of the first terminal according to the security policy information in terminal.The safety
Policy information includes the mark and the connection management permission of the maintenance device, and the security policy information, which can be, to be based on
Accesses control list or the customized command format of system realize that the maintenance device weighs the connection management of the first terminal
Limit.
For the NM server while sending the security policy information, the NM server can also be according to institute
The mark for stating first terminal obtains the Connecting quantity of the first terminal, and sends the Connecting quantity of the first terminal described in
Maintenance device, so that the maintenance device is based on the connection management permission and according to the Connecting quantity and the first terminal
It establishes a connection, the Connecting quantity may include the mobile communication such as the address, port, IMSI number of first terminal letter
Breath.After the maintenance device and the first terminal establish connection relationship, the maintenance device can send management control
The first terminal that there is connection relationship with the maintenance device is ordered, so that the first terminal is weighed according to the connection management
Limit responds the management control command.
Optionally, when the NM server detects that the maintenance device actively exits or exception exits the network management clothes
Be engaged in mobile network where device when, i.e., when the connection for detecting the maintenance device and the first terminal disconnects, the net
Pipe server can cancel the set maintenance device to the connection management permission of the first terminal.Cancel the connection
The detailed process of administration authority can be with are as follows: the NM server can send the order for cancelling security policy information to institute
First terminal is stated, so that the first terminal can cancel the maintenance device to the connection management permission of the first terminal,
To prevent illegal control of the other users to the first terminal.Wherein, the case where exception exits may include: when described
When the duration that maintenance device is not managed control to the first terminal is more than preset duration threshold value, the NM server
It controls the maintenance device and exits mobile network where the NM server.
The method provided in an embodiment of the present invention not only may include the maintenance described in above-mentioned S201 to S203
For device to the point-to-point monitor model of the first terminal, the method can also include following maintenance device to multiple the
The point-to-multipoint monitor model of two terminals.Specifically, the method also includes: the NM server receives the maintenance
The mark of mass-sending administration order and multiple second terminals that device is sent;
The NM server to it is described mass-sending administration order and the multiple second terminal mark validity into
Row verifying;
It is described when the mark for verifying the mass-sending administration order and the multiple second terminal all has validity
The mass-sending administration order is sent to the multiple second terminal by NM server, to carry out pipe to the multiple second terminal
Reason control;
Specifically, the NM server can receive the mass-sending administration order that the maintenance device is sent and multiple the
The mark of two terminals, the management control command that the mass-sending administration order can send for multicast mode, can also be with mode of unicast
The more parts of management control commands sent.Wherein, the maintenance device obtains mode and the institute of the mark of the multiple second terminal
The mode for stating the mark that maintenance device obtains the first terminal is identical;The online terminal that can be provided from the NM server
It is obtained in list, the multiple second terminal can also be obtained from the information for the terminal that the needs that maintenance personnel inputs are maintained
Mark, be not discussed here.
The NM server receives the mass-sending administration order that the maintenance device is sent and multiple second terminals
After mark, the validity of the mark of the mass-sending administration order and the multiple second terminal can be verified;When
Verify the mass-sending administration order and when the mark of the multiple second terminal all has validity, the NM server
The mass-sending administration order can be sent to the multiple second terminal, so that each second terminal respectively manages the mass-sending
Order parse and response command operation.
Further, the NM server can also receive each second terminal response institute in the multiple second terminal
The command response that is returned of mass-sending administration order is stated as a result, the NM server sends institute for each command response result again
Maintenance device is stated, so that the maintenance device can show each command response result.The command response result can be with
Including fault message, configuration information, log information etc..
The point-to-point monitor model is suitable for detecting the terminal that some needs is maintained, reconfigure
Operation, the point-to-multipoint monitor model are suitable for carrying out identical configuration, detection to multiple terminals for needing to be maintained
Deng operation.
Therefore maintenance device is authenticated by NM server, and after certification passes through, it can be by safeguarding people
Member by maintenance device is managed control to first terminal, and maintenance personnel is made to no longer need to maintenance scene safeguard, also without
Factory repair is returned again after first terminal need to being removed, so that maintenance process be made to become more convenient, and saves the time;Meanwhile
Maintenance personnel can control first terminal without the device password and address for knowing first terminal, and maintenance personnel
Assistance without network administrator can control first terminal, to further improve maintenance efficiency;The dimension
Protection unit can also carry out identical attended operation to multiple second terminals simultaneously by the NM server, and this mode is more
It is to effectively improve maintenance efficiency.
Fig. 3 is referred to, is a kind of time diagram of terminal maintenance method provided in an embodiment of the present invention, the present invention is implemented
Example illustrates the detailed process of terminal maintenance method, the method from maintenance device side, first terminal side, NM server side jointly
May include:
S301, the maintenance device send connection certification request to the NM server;
S302, the NM server send authentication response and pass through message to the maintenance device;
Specifically, can send authentication response when the NM server is by certification to the maintenance device and pass through
Message is to the maintenance device, to inform that the maintenance device certification has passed through, meanwhile, the NM server can with it is described
Maintenance device establishes a connection.
S303, the maintenance device send online terminal list request to the NM server;
S304, the NM server send online terminal list to the maintenance according to the online terminal list request
Device;
Wherein, the online terminal list may include multiple and the NM server has connection relationship and is in
The mark of the terminal of linear state.
S305, the maintenance device obtain the mark of first terminal from online terminal list or input information;
S306, the mark that the maintenance device will acquire the first terminal are sent to the NM server;
Security policy information is sent to described first according to the mark of the first terminal by S307, the NM server
Terminal;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device.
Connection management permission is arranged according to the security policy information in S308, the first terminal;
Specifically, the maintenance device is arranged to the first terminal according to the security policy information in the first terminal
Connection management permission, the first terminal is received and responds connection request and management that the maintenance device is sent
Control command.
S309, the NM server send the Connecting quantity of first terminal to the maintenance device;
Specifically, the NM server is first joined according to the connection that the mark of the first terminal obtains the first terminal
Number, then the maintenance device is sent by the Connecting quantity of the first terminal.The Connecting quantity may include described first
The mobile communication information such as address, port, IMSI number of terminal.S309 step and S307 step may be performed simultaneously.
S310, the maintenance device generates connection request according to the Connecting quantity of the first terminal, and sends the company
Request is connect to the first terminal;
S311, the first terminal be based on the connection management permission connection request is responded, with it is described
Maintenance device establishes a connection;
S312, the maintenance device are managed control to the first terminal;
Specifically, the maintenance device can send management control command to the maintenance device, so that described first is whole
End responds the management control command according to the connection management permission.
S313, the maintenance device transmission exit request to the NM server;
S314, the NM server send removal security policy information to the first terminal;
Specifically, the NM server can when the NM server detects that the maintenance device will exit connection
To send removal security policy information to the first terminal.
S315, the first terminal cancel connection management permission according to the removal security policy information;
Specifically, the first terminal can delete the security policy information according to the removal security policy information,
To cancel the maintenance device to the connection management permission of the first terminal.
S316, the NM server respond the request of exiting of the maintenance device, to disconnect and the maintenance
The connection of device.
Fig. 4 is referred to, is a kind of time diagram of terminal maintenance method provided in an embodiment of the present invention, the present invention is implemented
Example illustrates the detailed process of terminal maintenance method, this hair from maintenance device side, multiple second terminal sides, NM server side jointly
Bright embodiment by taking two second terminals as an example, the method may include:
S401, the maintenance device send connection certification request to the NM server;
S402, the NM server send authentication response and pass through message to the maintenance device;
Specifically, can send authentication response when the NM server is by certification to the maintenance device and pass through
Message is to the maintenance device, to inform that the maintenance device certification has passed through, meanwhile, the NM server can with it is described
Maintenance device establishes a connection.
S403, the maintenance device send online terminal list request to the NM server;
S404, the NM server send online terminal list to the maintenance according to the online terminal list request
Device;
Wherein, the online terminal list may include multiple and the NM server has connection relationship and is in
The mark of the terminal of linear state.
S405, the maintenance device obtain the mark of multiple second terminals from online terminal list or input information;
S406, the maintenance device sends the mark of the multiple second terminal and mass-sending administration order takes to the network management
Business device;
The mass-sending administration order is sent to second terminal by S407, the NM server;
The mass-sending administration order is sent to second terminal by S408, the NM server;
Specifically, S407 and S408 are performed simultaneously, wherein the quantity of the multiple second terminal is 2, the net
Pipe server is when verifying selected two second terminals and mass-sending administration order is with validity, the network manager service
The mass-sending administration order is respectively sent to two second terminals by device.
S409, second terminal feedback command response results to the NM server;
S410, second terminal feedback command response results to the NM server;
Specifically, S409 step and S410 step are that two second terminals respectively ring the mass-sending administration order
It answers, to obtain command response as a result, corresponding command response result is sent to the network manager service respectively by two second terminals
Device.
Each command response result is fed back to the maintenance device by S411, the NM server;
S412, the maintenance device transmission exit request to the NM server;
S413, the NM server respond the request of exiting of the maintenance device, to disconnect and the maintenance
The connection of device.
Optionally, any moment after step S404 can also be synchronized and be executed in above-mentioned Fig. 3 corresponding embodiment
S305-S316;Similarly, any moment after the step S304 in above-mentioned Fig. 3 corresponding embodiment, can also synchronize execution
S405-S413。
Fig. 5 is referred to, is a kind of structural schematic diagram of maintenance device provided in an embodiment of the present invention, the maintenance device 1
It may include: certification sending module 11, mark sending module 12, connection management module 13;
The certification sending module 11, for sending connection certification request to NM server, so that the network manager service
Device verifies the legitimacy of the maintenance device 1;
Specifically, the maintenance device 1 can remotely connect the NM server of certain system by internet, in the dimension
Before protection unit 1 and the NM server establish a connection, the certification sending module 11 can first send connection certification
The NM server is requested, the connection certification request carries the mark of the maintenance device 1, the maintenance device 1
Mark may include equipment Serial Number, user account of maintenance device 1 etc., the NM server can be according to the dimension
The legitimacy of maintenance device 1 described in the identity verification of protection unit 1 verifies the legitimacy of the corresponding user of the maintenance device 1.
It include multiple in the legal terminal list it is alternatively possible to store legal terminal list in the NM server in advance
The mark of maintenance device 1 with legitimacy.The NM server, can be with when verifying the legitimacy of the maintenance device 1
Identifying whether there are in the legal terminal list for the maintenance device 1 entrained in the connection certification request is detected,
If it exists, then certification passes through, otherwise authentification failure.Wherein, has conjunction when the NM server verifies the maintenance device 1
When method, the NM server can establish a connection with the maintenance device 1, and the maintenance device 1 is added
Enter the mobile network where the NM server.Wherein, the NM server can use common any certification skill
Art, which is not limited by the present invention.
The mark sending module 12, for the mark of first terminal being sent to described when verification result is legal
NM server, so that the maintenance device 1 is arranged to the connection management permission of the first terminal in the NM server;
Specifically, illustrating that the maintenance device 1 has legitimacy, the maintenance device 1 can when verification result is legal
To be successfully established connection relationship with the NM server, at this point, the mark sending module 12 can receive the network management clothes
The online terminal list that business device is sent, the online terminal list may include multiple and the NM server has connection pass
The mark of terminal for being and being online, for example, if the NM server is the backstage clothes in certain vehicle netbios
Business device, then the mark of multiple terminals in the online terminal list can be the mark of multiple car-mounted terminals being currently running.
The mark sending module 12 receives described after line terminal list, and the mark sending module 12 can be arranged from online terminal
The mark for the first terminal that there is connection relationship with the NM server is obtained in table.Maintenance personnel can also be in the maintenance
The information for the terminal that input needs to be maintained on device 1, at this point, what the mark sending module 12 can be inputted from maintenance personnel
The mark of the first terminal is obtained in the information for the terminal for needing to be maintained.The mark of first terminal can be sequence number, or
IMSI or media access control address etc..
The mark sending module 12, can be by the first terminal after the mark for getting the first terminal
Mark is sent to the NM server.After the NM server receives the mark of the first terminal, the network management
Security policy information can be sent to the first terminal by server, and the first terminal is received and is responded described
The connection request and management control command that maintenance device 1 is sent, that is, the first terminal can be according to the security policy information
The maintenance device 1 is set to the connection management permission of the first terminal.The security policy information may include the dimension
The mark of protection unit 1 and the connection management permission, the security policy information can be based on accesses control list or be
It unites customized command format, realizes the maintenance device to the connection management permission of the first terminal.
The connection management module 13, for being attached based on set connection management permission to the first terminal
It is controlled with management;
Specifically, the connection management module 13 can receive the company for the first terminal that the NM server is sent
Parameter is connect, generates and sends connection request to the first terminal further according to the Connecting quantity.The Connecting quantity is by institute
NM server is stated according to accessed by the mark of the first terminal, the Connecting quantity may include the first terminal
The mobile communication information such as address, port, IMSI number.
The connection management module 13 receives the connection response that the first terminal returns again, to establish with described first eventually
The connection relationship at end.Wherein, the connection type of the maintenance device 1 and the first terminal may include: Telnet, containment
Agreement, Web or other modes.The connection response is generated based on the connection management permission by the first terminal.
After the connection management module 13 and the first terminal establish connection relationship, the connection management module 13
Management control command can be sent to the first terminal with the maintenance device 1 with connection relationship, so that the first terminal
The management control command is responded according to the connection management permission, the connection management module 13 obtains and shows described first
For terminal to the command response message of the management control command, the command response message may include the event of the first terminal
Hinder information, configuration information, log information etc..
Optionally, when the NM server detects that 1 active of maintenance device is exited or exception exits the network management
When mobile network where server, the NM server can send the order for cancelling security policy information to described
First terminal, so that the first terminal can cancel the maintenance device 1 to the connection management permission of the first terminal, with
Prevent illegal control of the other users to the first terminal.Wherein, the case where exception exits may include: when the dimension
When the duration that protection unit 1 is not managed control to the first terminal is more than preset duration threshold value, the NM server
It controls the maintenance device 1 and exits mobile network where the NM server.
Further, the maintenance device 1 can also include: and generate to obtain module 14, mass-sending command sending module 15;
The generation obtains module 14, for generating mass-sending administration order, and obtains the mark of multiple second terminals;
Specifically, the generation, which obtains module 14, can be generated mass-sending administration order, the mass-sending administration order can be
The management control command that multicast mode is sent, the more parts of management control commands that can also be sent with mode of unicast.The generation obtains
Module 14 obtains the mode of the mark of the multiple second terminal and the maintenance device 1 obtains the mark of the first terminal
Mode is identical;It can obtain, can also be inputted from maintenance personnel from the online terminal list that the NM server provides
The mark that the multiple second terminal is obtained in the information for the terminal for needing to be maintained, is not discussed here.
The mass-sending command sending module 15, for sending out the mark of the multiple second terminal and mass-sending administration order
It send to the NM server, so that the mass-sending administration order is sent to the multiple second eventually by the NM server
End, to be managed control to the multiple second terminal;
Specifically, the generation obtains module 14 after the mark for getting the multiple second terminal, the mass-sending
The mark of the multiple second terminal and mass-sending administration order can be sent to the network management by command sending module 15 together
Server.The NM server verifies the mark of the multiple second terminal and the mass-sending administration order has all had
When effect property, the NM server can send the mass-sending administration order to the multiple second terminal, so that each second
Terminal parse to the mass-sending administration order respectively and response command operates.
Further, the maintenance device 1 can also receive and show that each second terminal responds the mass-sending management life
Enable returned command response result.The command response result may include fault message, configuration information, log information etc.
Deng.
Further, then Fig. 6 is referred to, is a kind of structural representation of connection management module 13 provided in an embodiment of the present invention
Figure, the connection management module 13 may include:
Connection unit 131, the Connecting quantity of the first terminal for receiving the NM server transmission, and according to
The Connecting quantity sends connection request to the first terminal;
Wherein, the Connecting quantity be as the NM server according to accessed by the mark of the first terminal,
The Connecting quantity may include the mobile communication such as address, port, IMSI number of first terminal information.
The connection unit 131 is also used to receive the connection response that the first terminal returns, to establish and described first
The connection relationship of terminal;
Management control unit 132, for sending management control command to the first terminal, so that the first terminal is rung
Answer the management control command;
Specifically, the management control unit 132, which can send management control command, has company to the maintenance device 1
The first terminal of relationship is connect, so that the first terminal responds the management control command, institute according to the connection management permission
Stating management control unit 132 can also obtain and show that the first terminal responds the order that the management control command is returned
Response results, the command response result may include fault message, configuration information, log information etc..
Therefore maintenance device 1 is authenticated by NM server, and after certification passes through, it can be by safeguarding
Personnel are managed control to first terminal by maintenance device 1, and maintenance personnel is made to no longer need to maintenance scene safeguard,
Without returning factory repair again after removing first terminal, so that maintenance process be made to become more convenient, and the time is saved;Together
When, maintenance personnel can control first terminal without the device password and address for knowing first terminal, and safeguard
Personnel can control first terminal without the assistance of network administrator, to further improve maintenance efficiency;Institute
Identical attended operation can also be carried out to multiple second terminals simultaneously by the NM server by stating maintenance device 1, this
Mode is even more to effectively improve maintenance efficiency.
Fig. 7 is referred to, is a kind of structural schematic diagram of NM server provided in an embodiment of the present invention, the network manager service
Device 2 may include: certification receiving module 21, mark receiving module 22, setup module 23;
The certification receiving module 21, for receiving the connection certification request of maintenance device transmission, and according to the connection
Certification request verifies the legitimacy of the maintenance device;
Specifically, the maintenance device can remotely connect the NM server 2 of certain system by internet, in the dimension
Before protection unit and the NM server 2 establish a connection, the certification receiving module 21 can receive maintenance device hair
The connection certification request being sent to, the connection certification request carry the mark of the maintenance device, the mark of the maintenance device
Knowledge may include the equipment Serial Number of maintenance device, user account etc., and the certification receiving module 21 can be according to the dimension
The legitimacy of maintenance device described in the identity verification of protection unit verifies the legitimacy of the corresponding user of the maintenance device.It can
Selection of land can store legal terminal list in the NM server 2 in advance, include multiple tools in the legal terminal list
There is the mark of the maintenance device of legitimacy.The certification receiving module 21, can be with when verifying the legitimacy of the maintenance device
Identifying whether there are in the legal terminal list for the maintenance device entrained in the connection certification request is detected, if
In the presence of then certification passes through, otherwise authentification failure.Wherein, have when the certification receiving module 21 verifies the maintenance device
When legitimacy, the NM server 2 can establish a connection with the maintenance device, and the maintenance device is added
Enter the mobile network where the NM server 2.Wherein, the NM server 2 can use common any certification
Technology, which is not limited by the present invention.
The mark receiving module 22, for receiving the maintenance device is sent first when verification result is legal
The mark of terminal;
Specifically, the maintenance device is successfully built with the NM server 2 when the maintenance device has legitimacy
Vertical connection relationship, at this point, to can receive the maintenance device getting with the network manager service for the mark receiving module 22
Device 2 has the mark of the first terminal of connection relationship.The mark receiving module 22 is in the institute for receiving the maintenance device transmission
Before the mark for stating first terminal, the mark receiving module 22 can first send online terminal list to the maintenance device,
The online terminal list may include multiple terminals for having connection relationship with the NM server 2 and being online
Mark, for example, if the NM server 2 is the background server 2 in certain vehicle netbios, the online terminal column
The mark of multiple terminals in table can be the mark of multiple car-mounted terminals being currently running.The maintenance device receives described
After line terminal list, the maintenance device can be obtained from online terminal list has connection with the NM server 2
The mark of the first terminal of relationship.Maintenance personnel can also input the letter for needing the terminal being maintained on the maintenance device
Breath, at this point, the maintenance device can obtain described first from the information for the terminal that the needs that maintenance personnel inputs are maintained
The mark of terminal.The mark of first terminal can be sequence number or IMSI or media access control address etc..The maintenance dress
It sets after the mark for getting the first terminal, the mark receiving module 22 can receive what the maintenance device was sent
The mark of the first terminal.
The setup module 23, it is whole to described first for the maintenance device to be arranged according to the mark of the first terminal
The connection management permission at end, so that the maintenance device connects the first terminal based on set connection management permission
Connect and manage control;
Specifically, being legal in verification result, and the mark receiving module 22 receives the mark of the first terminal
Later, the setup module 23 can send security policy information to the first terminal according to the mark of the first terminal,
The first terminal is received and responds connection request and management control command that the maintenance device is sent, that is, institute
State the connection management permission that the maintenance device is arranged to the first terminal according to the security policy information in first terminal.Institute
State the mark and the connection management permission that security policy information includes the maintenance device, the security policy information can be with
It is that connection of the maintenance device to the first terminal is realized based on accesses control list or the customized command format of system
Administration authority.
For the setup module 23 while sending the security policy information, the setup module 23 can also be according to institute
The mark for stating first terminal obtains the Connecting quantity of the first terminal, and sends the Connecting quantity of the first terminal described in
Maintenance device, so that the maintenance device is based on the connection management permission and according to the Connecting quantity and the first terminal
It establishes a connection, the Connecting quantity may include the mobile communication such as the address, port, IMSI number of first terminal letter
Breath.After the maintenance device and the first terminal establish connection relationship, the maintenance device can send management control
The first terminal that there is connection relationship with the maintenance device is ordered, so that the first terminal is weighed according to the connection management
Limit responds the management control command.
Optionally, when the NM server 2 detects that the maintenance device actively exits or exception exits the network management
It is when the mobile network at 2 place of server, i.e., described when the connection for detecting the maintenance device and the first terminal disconnects
Setup module 23 can cancel the set maintenance device to the connection management permission of the first terminal.Cancel the company
The detailed process for connecing administration authority can be with are as follows: the setup module 23 can send the order for cancelling security policy information to
The first terminal, so that the first terminal can cancel the maintenance device and weigh to the connection management of the first terminal
Limit, to prevent illegal control of the other users to the first terminal.Wherein, the case where exception exits may include: to work as
When the duration that the maintenance device is not managed control to the first terminal is more than preset duration threshold value, the network management clothes
Business device 2 controls the mobile network that the maintenance device exits 2 place of NM server.
Further, the NM server 2 can also include: command id receiving module 24, validation verification module
25, command sending module 26;
The command id receiving module 24, for receiving mass-sending administration order that the maintenance device is sent and multiple
The mark of second terminal;
Specifically, the command id receiving module 24 can receive the mass-sending administration order that the maintenance device is sent with
And the mark of multiple second terminals, the management control command that the mass-sending administration order can send for multicast mode can also be with
The more parts of management control commands that mode of unicast is sent.Wherein, the maintenance device obtains the mark of the multiple second terminal
Mode is identical as the mode for the mark that the maintenance device obtains the first terminal;It can be provided from the NM server 2
Online terminal list in obtain, can also be obtained from the information of terminal that the needs that maintenance personnel inputs are maintained described more
The mark of a second terminal, is not discussed here.
The validation verification module 25, for the mark to the mass-sending administration order and the multiple second terminal
Validity verified;
The command sending module 26, for when verifying the mass-sending administration order and the multiple second terminal
When mark all has validity, the mass-sending administration order is sent to the multiple second terminal, to the multiple second
Terminal is managed control;
Specifically, the command id receiving module 24 receive the mass-sending administration order that the maintenance device is sent and
After the mark of multiple second terminals, the validation verification module 25 can be to the mass-sending administration order and the multiple
The validity of the mark of second terminal is verified;When the validation verification module 25 verify the mass-sending administration order with
And the mark of the multiple second terminal, when all having validity, the command sending module 26 can be to the multiple second eventually
End sends the mass-sending administration order, so that each second terminal respectively parses the mass-sending administration order and responds life
Enable operation.
Further, the NM server 2 can also receive each second terminal response in the multiple second terminal
The command response that the mass-sending administration order is returned is as a result, the NM server 2 again sends each command response result
To the maintenance device, so that the maintenance device can show each command response result.The command response result
It may include fault message, configuration information, log information etc..
Further, then Fig. 8 is referred to, is a kind of structural schematic diagram of setup module 23 provided in an embodiment of the present invention,
The setup module 23 may include:
Policy information transmission unit 231, for sending security policy information described according to the mark of the first terminal
First terminal, so that the maintenance device is arranged to the first terminal according to the security policy information in the first terminal
Connection management permission;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device, described
Security policy information can be measured acl rule or the customized command format of system.
Connecting quantity acquiring unit 232 obtains the connection of the first terminal for the mark according to the first terminal
Parameter;
Wherein, the Connecting quantity may include the mobile communication such as the address, port, IMSI number of first terminal letter
Breath.
Connecting quantity transmission unit 233, for sending the Connecting quantity of the first terminal to the maintenance device, so that
The maintenance device establishes a connection according to the Connecting quantity and the first terminal, and is based on the connection management permission
Control is managed to the first terminal.
Therefore maintenance device is authenticated by NM server 2, and after certification passes through, it can be by safeguarding
Personnel are managed control to first terminal by maintenance device, and maintenance personnel is made to no longer need to maintenance scene safeguard,
Without returning factory repair again after removing first terminal, so that maintenance process be made to become more convenient, and the time is saved;Together
When, maintenance personnel can control first terminal without the device password and address for knowing first terminal, and safeguard
Personnel can control first terminal without the assistance of network administrator, to further improve maintenance efficiency;Institute
Identical attended operation can also be carried out to multiple second terminals simultaneously by the NM server 2 by stating maintenance device, this
Mode is even more to effectively improve maintenance efficiency.
Fig. 9 is referred to, is the structural schematic diagram of another maintenance device provided in an embodiment of the present invention, the maintenance device
1000 may include processor 1001, communication interface 1002 and the (processor 1001 in maintenance device 1000 of memory 1003
Quantity can be to be one or more, in Fig. 9 by taking a processor 1001 as an example).In some embodiments of the present invention, processor
1001, communication interface 1002 can be connected with memory 1003 by communication bus or other modes, wherein Fig. 9 is to pass through communication
For bus connection.
Wherein, the communication interface 1002, for being communicated with NM server and first terminal;
The memory 1003 is for storing program;Specifically, program may include program code, said program code packet
Include computer operation instruction.Memory 1003 may include random access memory (random access memory, abbreviation
RAM), it is also possible to further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.
The processor 1001 is for executing described program, to realize terminal maintenance method provided in an embodiment of the present invention,
Include:
Connection certification request is sent to NM server, so that the NM server verifies the legal of the maintenance device
Property;
When verification result is legal, the mark of first terminal is sent to the NM server, so that the network management
The maintenance device is arranged to the connection management permission of the first terminal in server;
The first terminal is attached and is managed control based on set connection management permission.
Wherein, described the first terminal to be attached and managed control based on set connection management permission, tool
Body includes:
The Connecting quantity for the first terminal that the NM server is sent is received, and is sent according to the Connecting quantity
Connection request is to the first terminal;
The connection response that the first terminal returns is received, to establish the connection relationship with the first terminal;
Management control command is sent to the first terminal, so that the first terminal responds the management control command.
Further, the method also includes:
Mass-sending administration order is generated, and obtains the mark of multiple second terminals;
The mark of the multiple second terminal and mass-sending administration order are sent to the NM server, so that described
The mass-sending administration order is sent to the multiple second terminal by NM server, to carry out pipe to the multiple second terminal
Reason control.
Above-mentioned processor 1001 can be general processor, including central processing unit (Central Processing
Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor
(DSP), specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate
Or transistor logic, discrete hardware components.
Therefore maintenance device 1000 is authenticated by NM server, and after certification passes through, it can be by tieing up
Shield personnel are managed control to first terminal by maintenance device 1000, and maintenance personnel is made to no longer need to maintenance scene tie up
Shield, without returning factory repair again after removing first terminal, so that maintenance process be made to become more convenient, and when saving
Between;Meanwhile maintenance personnel can control first terminal without the device password and address for knowing first terminal, and
Maintenance personnel can control first terminal without the assistance of network administrator, to further improve maintenance effect
Rate;The maintenance device 1000 can also carry out identical maintenance to multiple second terminals simultaneously by the NM server and grasp
Make, this mode is even more to effectively improve maintenance efficiency.
Referring to Figure 10, it is the structural schematic diagram of another NM server provided in an embodiment of the present invention, the network management
Server 2000 may include processor 2001, communication interface 2002 and the (processing in NM server 2000 of memory 2003
The quantity of device 2001 can be to be one or more, in Figure 10 by taking a processor 2001 as an example).Some embodiments of the present invention
In, processor 2001, communication interface 2002 and memory 2003 can be connected by communication bus or other modes, wherein Figure 10
For being connected by communication bus.
Wherein, the communication interface 2002, for being led to maintenance device, first terminal and multiple second terminals
Letter;
The memory 2003 is for storing program;Specifically, program may include program code, said program code packet
Include computer operation instruction.Memory 2003 may include RAM, it is also possible to and it further include nonvolatile memory, for example, at least one
A magnetic disk storage.
The processor 2001 is for executing described program, to realize terminal maintenance method provided in an embodiment of the present invention,
Include:
The connection certification request that maintenance device is sent is received, and the maintenance device is verified according to the connection certification request
Legitimacy;
When verification result is legal, the mark for the first terminal that the maintenance device is sent is received,
And the maintenance device is arranged to the connection management permission of the first terminal according to the mark of the first terminal,
So that the maintenance device is attached and manages control to the first terminal based on set connection management permission.
Wherein, the maintenance device is arranged to the connecting tube of the first terminal in the mark according to the first terminal
Permission is managed, so that the maintenance device is attached and manages control to the first terminal based on set connection management permission
System, comprising:
Security policy information is sent to the first terminal, so that the first terminal according to the mark of the first terminal
The maintenance device is set to the connection management permission of the first terminal according to the security policy information;
The Connecting quantity of the first terminal is obtained according to the mark of the first terminal;
The Connecting quantity of the first terminal is sent to the maintenance device, so that the maintenance device is according to the connection
Parameter establishes a connection with the first terminal, and is managed control to the first terminal based on the connection management permission
System;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device.
Further, the method also includes:
Receive the mark of mass-sending administration order and multiple second terminals that the maintenance device is sent;
The validity of the mark of the mass-sending administration order and the multiple second terminal is verified;
When the mark for verifying the mass-sending administration order and the multiple second terminal all has validity, by institute
It states mass-sending administration order and is sent to the multiple second terminal, to be managed control to the multiple second terminal.
Above-mentioned processor 2001 can be general processor, including central processing unit, network processing unit etc.;It can also be
Digital signal processor (DSP), specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable patrol
Collect device, discrete gate or transistor logic, discrete hardware components.
Therefore maintenance device is authenticated by NM server 2000, and after certification passes through, it can be by tieing up
Shield personnel are managed control to first terminal by maintenance device, and maintenance personnel is made to no longer need to maintenance scene safeguard,
Without factory repair is returned again after removing first terminal, so that maintenance process be made to become more convenient, and the time is saved;Together
When, maintenance personnel can control first terminal without the device password and address for knowing first terminal, and safeguard
Personnel can control first terminal without the assistance of network administrator, to further improve maintenance efficiency;Institute
Identical attended operation can also be carried out to multiple second terminals simultaneously by the NM server 2000 by stating maintenance device, this
Kind mode is even more to effectively improve maintenance efficiency.
Referring to Figure 11, it is a kind of structural schematic diagram of terminal maintenance system provided in an embodiment of the present invention, the system
It may include maintenance device, NM server, first terminal and multiple second terminals, the maintenance device can pass through interconnection
Net and the NM server and the first terminal communicate to connect, and the NM server can pass through internet and described the
One terminal and the communication connection of the multiple second terminal.Structure, function and Fig. 5 of the maintenance device in the system are retouched
Structure, the function for the maintenance device 1 stated are identical;Net described in the structure of NM server in the system, function and Fig. 7
Structure, the function of pipe server 2 are identical;The embodiment of the present invention does not repeat.Alternatively, the maintenance device in the system
Structure, function are identical as the structure, function of maintenance device 1000 described in Fig. 9;The knot of NM server in the system
Structure, function are identical as the structure, function of NM server 2000 described in Figure 10;The embodiment of the present invention does not repeat.
Wherein, the security policy information that the first terminal in the system can be sent according to the NM server
The maintenance device is set to the connection management permission of the first terminal, allows the maintenance device whole to described first
End is attached and manages control.The multiple second terminal in the system can receive the NM server forwarding
Administration order is mass-sended, and the mass-sending administration order is responded, the maintenance device is taken by the network management
Business device is managed control to the multiple second terminal.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, abbreviation ROM) or RAM etc..
The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly
It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.
Claims (8)
1. a kind of terminal maintenance method characterized by comprising
Maintenance device sends connection certification request to NM server, so that the NM server verifies the maintenance device
Legitimacy;
When verification result is legal, the mark of first terminal is sent to the NM server by the maintenance device, so that
The maintenance device is arranged to the connection management permission of the first terminal in the NM server;
The maintenance device is attached and manages control to the first terminal based on set connection management permission;
The maintenance device generates mass-sending administration order, and obtains the mark of multiple second terminals;The multiple second terminal is equal
For mobile terminal;
The mark of the multiple second terminal and mass-sending administration order are sent to the NM server by the maintenance device,
So that the mass-sending administration order is sent to the second terminal by the NM server, with to the multiple second terminal into
Row management control.
2. the method as described in claim 1, which is characterized in that the maintenance device is based on set connection management permission pair
The first terminal is attached and manages control, comprising:
The maintenance device receives the Connecting quantity for the first terminal that the NM server is sent, and according to the connection
Parameter sends connection request to the first terminal;
The maintenance device receives the connection response that the first terminal returns, to establish the connection pass with the first terminal
System;
The maintenance device sends management control command to the first terminal, so that the first terminal responds the management control
System order.
3. a kind of terminal maintenance method characterized by comprising
NM server receives the connection certification request that maintenance device is sent, and verifies the dimension according to the connection certification request
The legitimacy of protection unit;
When verification result is legal, the NM server receives the mark for the first terminal that the maintenance device is sent,
And the maintenance device is arranged to the connection management permission of the first terminal according to the mark of the first terminal, so that
The maintenance device is attached and manages control to the first terminal based on set connection management permission;
The NM server receives the mark of mass-sending administration order and multiple second terminals that the maintenance device is sent;Institute
Stating multiple second terminals is mobile terminal;
The NM server tests the validity of the mark of the mass-sending administration order and the multiple second terminal
Card;
When the mark for verifying the mass-sending administration order and the multiple second terminal all has validity, the network management
The mass-sending administration order is sent to the multiple second terminal by server, to be managed control to the multiple second terminal
System.
4. method as claimed in claim 3, which is characterized in that described that the maintenance is arranged according to the mark of the first terminal
Device is to the connection management permission of the first terminal, so that the maintenance device is based on set connection management permission to institute
It states first terminal and is attached and manages control, comprising:
The NM server sends security policy information to the first terminal, so that institute according to the mark of the first terminal
State the connection management permission that the maintenance device is arranged to the first terminal according to the security policy information in first terminal;
The NM server obtains the Connecting quantity of the first terminal according to the mark of the first terminal;
The NM server sends the Connecting quantity of the first terminal to the maintenance device, so that the maintenance device root
It establishes a connection according to the Connecting quantity and the first terminal, and based on the connection management permission to the first terminal
It is managed control;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device.
5. a kind of maintenance device characterized by comprising
Sending module is authenticated, for sending connection certification request to NM server, so that described in NM server verifying
The legitimacy of maintenance device;
Sending module is identified, for when verification result is legal, the mark of first terminal to be sent to the NM server,
So that the maintenance device is arranged to the connection management permission of the first terminal in the NM server;
Connection management module, for the first terminal being attached and being managed control based on set connection management permission
System;
It generates and obtains module, for generating mass-sending administration order, and obtain the mark of multiple second terminals;The multiple second eventually
End is mobile terminal;
Command sending module is mass-sended, for the mark of the multiple second terminal and mass-sending administration order to be sent to the net
Pipe server, so that the mass-sending administration order is sent to the multiple second terminal by the NM server, to described
Multiple second terminals are managed control.
6. device as claimed in claim 5, which is characterized in that the connection management module includes:
Connection unit, for receiving the Connecting quantity for the first terminal that the NM server is sent, and according to the company
It connects parameter and sends connection request to the first terminal;
The connection unit is also used to receive the connection response that the first terminal returns, to establish and the first terminal
Connection relationship;
Management control unit, for sending management control command to the first terminal, so that described in first terminal response
Manage control command.
7. a kind of NM server characterized by comprising
Receiving module is authenticated, for receiving the connection certification request of maintenance device transmission, and is tested according to the connection certification request
Demonstrate,prove the legitimacy of the maintenance device;
Receiving module is identified, for receiving the mark for the first terminal that the maintenance device is sent when verification result is legal;
The maintenance device is arranged to the connecting tube of the first terminal for the mark according to the first terminal in setup module
Permission is managed, so that the maintenance device is attached and manages control to the first terminal based on set connection management permission
System;
Command id receiving module, for receiving mass-sending administration order that the maintenance device is sent and multiple second terminals
Mark;The multiple second terminal is mobile terminal;
Validation verification module, for it is described mass-sending administration order and the multiple second terminal mark validity into
Row verifying;
Command sending module, for being all had when the mark for verifying the mass-sending administration order and the multiple second terminal
When validity, the mass-sending administration order is sent to the multiple second terminal, to carry out pipe to the multiple second terminal
Reason control.
8. server as claimed in claim 7, which is characterized in that the setup module includes:
Policy information transmission unit, it is whole to described first for sending security policy information according to the mark of the first terminal
End, so that the maintenance device is arranged to the connecting tube of the first terminal according to the security policy information in the first terminal
Manage permission;
Connecting quantity acquiring unit obtains the Connecting quantity of the first terminal for the mark according to the first terminal;
Connecting quantity transmission unit, for sending the Connecting quantity of the first terminal to the maintenance device, so that the dimension
Protection unit establishes a connection according to the Connecting quantity and the first terminal, and based on the connection management permission to described
First terminal is managed control;
Wherein, the security policy information includes the mark and the connection management permission of the maintenance device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410767645.8A CN105744555B (en) | 2014-12-12 | 2014-12-12 | A kind of terminal maintenance method, maintenance device and NM server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410767645.8A CN105744555B (en) | 2014-12-12 | 2014-12-12 | A kind of terminal maintenance method, maintenance device and NM server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105744555A CN105744555A (en) | 2016-07-06 |
CN105744555B true CN105744555B (en) | 2019-05-28 |
Family
ID=56241379
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410767645.8A Active CN105744555B (en) | 2014-12-12 | 2014-12-12 | A kind of terminal maintenance method, maintenance device and NM server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105744555B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480511A (en) * | 2016-11-02 | 2017-12-15 | 深圳市波普安创技术有限公司 | The maintenance tamper resistant systems and its method of information safety devices |
CN108376290B (en) * | 2018-02-07 | 2021-05-11 | 深圳怡化电脑股份有限公司 | Financial self-service equipment maintenance control method and device and server |
CN108682087B (en) * | 2018-05-04 | 2021-02-02 | 深圳怡化电脑股份有限公司 | Method and system for maintaining fault of terminal equipment and computer readable storage medium |
CN108650122A (en) * | 2018-05-08 | 2018-10-12 | 普联技术有限公司 | Network management and computer storage media, network controller |
CN108632090B (en) * | 2018-05-08 | 2021-09-10 | 普联技术有限公司 | Network management method and system |
CN109194729B (en) * | 2018-08-24 | 2021-07-09 | 国广东方网络(北京)有限公司 | Information communication system and method |
CN111709538B (en) * | 2020-05-25 | 2023-11-24 | 中国商用飞机有限责任公司 | System and method for authenticating ground maintenance equipment of an aircraft |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1866874A (en) * | 2006-03-28 | 2006-11-22 | 华为技术有限公司 | Terminal device maintaining method and system |
CN1866848A (en) * | 2005-05-18 | 2006-11-22 | 上海华为技术有限公司 | Method for realizing configuration of service frame data |
CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
CN103974308A (en) * | 2013-02-01 | 2014-08-06 | 中兴通讯股份有限公司 | Base station maintenance equipment, method, device and system, mobile terminal and base station |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI334714B (en) * | 2006-12-10 | 2010-12-11 | Cameo Communications Inc | Discovery method for network devices |
-
2014
- 2014-12-12 CN CN201410767645.8A patent/CN105744555B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1866848A (en) * | 2005-05-18 | 2006-11-22 | 上海华为技术有限公司 | Method for realizing configuration of service frame data |
CN1866874A (en) * | 2006-03-28 | 2006-11-22 | 华为技术有限公司 | Terminal device maintaining method and system |
CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
CN103974308A (en) * | 2013-02-01 | 2014-08-06 | 中兴通讯股份有限公司 | Base station maintenance equipment, method, device and system, mobile terminal and base station |
Also Published As
Publication number | Publication date |
---|---|
CN105744555A (en) | 2016-07-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105744555B (en) | A kind of terminal maintenance method, maintenance device and NM server | |
CN108881232B (en) | Sign-on access method, apparatus, storage medium and the processor of operation system | |
CN104883267B (en) | network configuration access method and device | |
CN102271133B (en) | Authentication method, device and system | |
CN104780069B (en) | A kind of key-course towards SDN and data Layer communication port self-configuration method and its system | |
CN107493280A (en) | Method, intelligent gateway and the certificate server of user authentication | |
WO2018036198A1 (en) | Control method and apparatus for smart household, home gateway, and mobile terminal | |
CN111324672A (en) | Block chain safety processing system and method | |
CN110072236A (en) | Equipment connection method, equipment and system | |
US9401905B1 (en) | Transferring soft token authentication capabilities to a new device | |
CN104811433A (en) | Distributed IoT (Internet of Things) solution scheme of C/S configuration | |
CN103647788B (en) | A kind of node security authentication method in intelligent grid | |
CN109104475A (en) | Connect restoration methods, apparatus and system | |
CN108900484A (en) | A kind of generation method and device of access authority information | |
CN108429820A (en) | A kind of communication means of internet of things application layer, system and terminal device | |
CN108024243A (en) | A kind of eSIM is caught in Network Communication method and its system | |
CN105392137A (en) | Household WIFI embezzlement preventing method, wireless router and terminal equipment | |
CN105592459B (en) | Safety certification device based on wireless communication | |
CN109302397A (en) | A kind of network safety managing method, platform and computer readable storage medium | |
CN105792095A (en) | Secret key negotiation method and system for MTC (Machine Type Communication) packet communication and network entity | |
CN109981312A (en) | Smart machine configuration method, apparatus and system | |
CN104917750B (en) | A kind of key-course towards SDN and data Layer communication port self-configuration method and its system | |
CN105391720A (en) | User terminal login method and device | |
CN106878020A (en) | Network system, the authentication method of the network equipment and device | |
CN104468194B (en) | The compatibility method and forwarding server of a kind of network equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |