CN107465669A - The equipment safety partition method and device of a kind of multi-user - Google Patents
The equipment safety partition method and device of a kind of multi-user Download PDFInfo
- Publication number
- CN107465669A CN107465669A CN201710600047.5A CN201710600047A CN107465669A CN 107465669 A CN107465669 A CN 107465669A CN 201710600047 A CN201710600047 A CN 201710600047A CN 107465669 A CN107465669 A CN 107465669A
- Authority
- CN
- China
- Prior art keywords
- equipment
- session identification
- user
- target
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present invention provides a kind of the equipment safety partition method and device of multi-user.Methods described includes:Obtain the first session identification corresponding to multiple users of access equipment;Device identification and the second session identification of all devices are obtained in slave unit list;Each first session identification is compared with the session identification of each in list of devices second, if judgement knows that the session identification of target second is identical with the session identification of target first, the then target device using equipment corresponding to the session identification of target second as user-accessible corresponding to the session identification of target first, to realize the security isolation of the target device.Described device is used to perform methods described.The embodiment of the present invention is by the way that the equipment corresponding with target the first session identification the second session identification of identical in list of devices to be used as to the target device of user-accessible, so that user can only access the equipment that own terminal mapping comes up, the equipment blocking of multi-user is realized, improves the security using equipment.
Description
Technical field
The present embodiments relate to the equipment safety partition method and dress of communication technical field, more particularly to a kind of multi-user
Put.
Background technology
In recent years, the increasingly maturation of cloud computing technology development, the reality more and more run on physical server
Business is (such as:Printing, projection, scanning etc.) move in virtual machine in cloud computing environment.Therefore, in publicly-owned or privately owned table
In the environment of the cloud of face, needs are frequently encountered in virtual machine using printer, projecting apparatus, fingerprint instrument, scanner etc..
In the prior art, when having multiple users by remote protocol while accessing some equipment on virtual machine, virtually
Machine can not accomplish that multi-user isolates, i.e., not can determine which equipment user and the user correspond to.Such as:User A terminal and
There is a printer in user B terminal, and the printer of two terminals has been mapped on virtual machine, when user A exists
On virtual machine during access printer, it is possible to the printer that can have had access to user B, makes so as to cause the dangerous of equipment
With.
Therefore, how to carry out security isolation to the equipment of multi-user is problem nowadays urgently to be resolved hurrily.
The content of the invention
The problem of existing for prior art, the embodiment of the present invention provide a kind of multi-user equipment safety partition method and
Device.
In a first aspect, the embodiment of the present invention provides a kind of equipment safety partition method of multi-user, including:
The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment is that serial equipment or parallel port are set
It is standby;
The facility information of all devices is obtained in slave unit list, the facility information includes device identification and the equipment
Second session identification corresponding to mark;
Each described second session identification in each described first session identification and the list of devices is carried out
Compare, if judging to know that the session identification of target second is identical with the session identification of target first, by the second session of target mark
Target device of the equipment corresponding to knowledge as user-accessible corresponding to the session identification of target first, to realize the target
The security isolation of equipment.
Second aspect, the embodiment of the present invention provide a kind of equipment safety isolating device of multi-user, including:
First acquisition module, for obtaining the first session identification corresponding to multiple users of access equipment, wherein, equipment is
Serial equipment or simultaneously jaws equipment;
Second acquisition module, for obtaining the facility information of all devices in slave unit list, the facility information includes
Second session identification corresponding to device identification and the device identification;
First isolation module, for by described in each in each described first session identification and the list of devices
Second session identification is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by institute
The target that equipment corresponding to the session identification of target second is stated as user-accessible corresponding to the session identification of target first is set
It is standby, to realize the security isolation of the target device.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, including:Processor, memory and bus, wherein,
The processor and the memory complete mutual communication by the bus;
The memory storage has and by the programmed instruction of the computing device, the processor described program can be called to refer to
Order is able to carry out the method and step of first aspect.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium storing program for executing, including:
The non-transient computer readable storage medium storing program for executing stores computer instruction, and the computer instruction makes the computer
Perform the method and step of first aspect.
The equipment safety partition method and device of a kind of multi-user provided in an embodiment of the present invention, by by each user
Corresponding first session identification is compared with the session identification of each in list of devices second, will be with target the first session mark
Know target of the equipment as user-accessible corresponding to the session identification of target first corresponding to identical the second session identification of target
Equipment so that user can only access the equipment that own terminal mapping comes up, and other-end can not be used to map the equipment come up,
The equipment blocking of multi-user is realized, improves the security using equipment.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs
Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with root
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the equipment safety partition method schematic flow sheet of multi-user provided in an embodiment of the present invention a kind of;
Fig. 2 is the equipment safety isolating device structural representation of multi-user provided in an embodiment of the present invention a kind of;
Fig. 3 is a kind of equipment safety isolating device structural representation for multi-user that another embodiment of the present invention provides;
Fig. 4 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the equipment safety partition method schematic flow sheet of multi-user provided in an embodiment of the present invention a kind of, such as Fig. 1 institutes
Show, methods described, including:
Step 101:The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment is serial equipment
Or simultaneously jaws equipment;
Specifically, when multiple users in service end using the application software of a certain equipment to access the equipment when, server
The user profile of multiple users can be got, the user profile includes the first session identification corresponding to user, it is to be understood that
Server can also obtain the other information of user, and the embodiment of the present invention is not especially limited to this.It should be noted that user
Can be that the equipment has remotely been mapped on server by terminal corresponding to the user in the premise of service end access equipment,
And the equipment that accesses of user can be serial equipment or simultaneously jaws equipment, such as:Serial printer, parallel port printer, string
Mouth projecting apparatus, parallel port projecting apparatus etc..
Step 102:In slave unit list obtain all devices facility information, the facility information include device identification and
Second session identification corresponding to the device identification;
Specifically, when monitoring server is to having multiple user access devices and obtain this multiple respective session mark of user
After knowledge, all facility informations being stored in the list of devices are obtained from the list of devices pre-established, wherein, equipment letter
Breath includes the second session identification corresponding to device identification and device identification, and device identification can be device id, and an equipment is corresponding
Only one device identification, when user logs in remote desktop, server can obtain the second session mark corresponding to the user
Know and the user terminal be mapped to equipment on server corresponding to device identification, the second session identification and device identification are entered
Row binding, and be deposited into list of devices.
Step 103:By each described second session in each described first session identification and the list of devices
Mark is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by the target the
Target device of the equipment corresponding to two session identifications as user-accessible corresponding to the session identification of target first, to realize
The security isolation of the target device.
Specifically, because each user can correspond to first session identification, when have multiple users all access it is same
During individual equipment, server can get multiple first session identifications, and server distinguishes multiple first session identifications got
Compared one by one with the second all session identifications in list of devices, if in the session identification of target first and list of devices
The session identification of target second it is identical, then device identification corresponding to the session identification of target second is obtained, by the device identification pair
Target device of the equipment answered as user-accessible, server will allow user corresponding to the session identification of target first to access
The target device.Conversely, then server forbids user corresponding to the session identification of target first to access the target device, so as to real
The security isolation of target device is showed.It should be noted that in the case of only having a user to access a certain equipment, can also
Using the above method, the first session identification corresponding to the user is compared with the second session identification in list of devices, from
And the target device of the user-accessible is determined, and allow the user to access.
Such as:The printer A of its own has been mapped on server by terminal A, meanwhile, terminal B is by the printing of its own
Machine B has been also mapped onto on server, user A counterpart terminal A, user B counterpart terminal B, when user A and user B is in server
On logged in remote desktop, now, server obtains user A the second session identification and user B the second session identification, and
The facility information A that printer A device identification is formed with user A the second session identification is stored in list of devices, and is beaten
The facility information B that print machine B device identification is formed with user B the second session identification, when user A and user B is in service end
Using printer function, now, server obtains user A the first session identification and user B the first session identification respectively, will
User A the first session identification compares with the second session identification in list of devices, is beaten so as to get corresponding to user A
Print machine A, without getting printer B corresponding to user B;Likewise, user B can get its corresponding printer B, this
When, user A uses printer A, and user B uses printer B, it is achieved thereby that the isolation of equipment.
The embodiment of the present invention is by by each in the first session identification corresponding to each user and list of devices the
Two session identifications are compared, will equipment corresponding with target the first session identification identical the second session identification of target as mesh
Mark the target device of user-accessible corresponding to the first session identification so that user can only access own terminal mapping come up set
Equipment standby, and that other-end mapping can not be used to come up, realizes the equipment blocking of multi-user, improves the peace using equipment
Quan Xing.
On the basis of above-described embodiment, it is described acquisition access equipment multiple users corresponding to the first session identification it
Before, methods described, in addition to:
The facility information that receiving terminal is sent, the facility information include the device identification, if judging to know the use
Family log in remote desktop, then obtain second session identification corresponding to the user, by second session identification with it is described
Device identification binding forms the facility information, and is stored in the list of devices;If judgement knows that the user logs off,
Then facility information corresponding to the user is deleted from the list of devices.
Specifically, after equipment is inserted into terminal, the facility information of the equipment is sent to server by terminal, and server connects
The facility information that terminal is sent is received, wherein, facility information includes device identification, can also include terminal iidentification, when user is taking
Business end has logged in remote desktop, and now, server can monitor this triggering information of user, and obtain the second meeting of the user
Words mark, can also obtain the terminal iidentification of user's counterpart terminal, the second session identification is assured that by terminal iidentification
Belong to same terminal with device identification, and second session identification bound with the device identification, constitution equipment information,
And the facility information is deposited into list of devices.If after the remote desktop that user logs off, server can the user couple
The facility information answered will delete processing in slave unit list, therefore, server can carry out monitoring in real time, real to list of devices
Shi Gengxin, it is of course also possible to periodically update, and the setting cycle can be adjusted according to actual conditions.
The embodiment of the present invention is by pre-establishing list of devices, for by second in the first session identification and list of devices
Session identification compares, and so as to obtain the equipment of user-accessible, realizes the isolation of user.
On the basis of above-described embodiment, it is described acquisition access equipment multiple users corresponding to the first session identification it
Before, methods described, in addition to:
The equipment is remotely mapped on server, it is described to be remotely mapped to the equipment on server, including:
Receive the terminal device binding information that the terminal is sent, the terminal device binding information include terminal iidentification and
The device identification;
According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;
Mapping request is sent to the terminal by the data transmission channel corresponding to the equipment, so that the terminal
Data are mapped according to corresponding to returning to the mapping request;
Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
Specifically, when there is equipment to be inserted into local terminal, the monitoring module that is now set in terminal, which can receive, to be set
Standby insertion message, terminal obtain the facility information of the equipment, wherein, facility information includes device identification, can also include setting
Standby type, manufacturer's information etc..Terminal is bound the terminal iidentification of the device identification of the equipment and terminal itself, and is constituted
Terminal device binding information, it is to be understood that corresponding one unique mark of each equipment, i.e. device identification, pass through
It is specific equipment that device identification, which can be known, and similarly, terminal also uniquely identifies for all corresponding one, i.e. terminal iidentification, Ke Yishi
The IP address of terminal, terminal is used to refer to by terminal iidentification.And it should be noted that terminal device binding information can also wrap
The other information of equipment and terminal, such as device type etc. are included, the embodiment of the present invention is not specifically limited to this.Terminal is by terminal
Apparatus bound information is sent to server, and server receives the terminal device binding information of terminal transmission.
Server parses the terminal device binding information after the terminal device binding information of terminal transmission is received, from
In know corresponding to terminal iidentification and device identification, server network and end are passed through according to the terminal iidentification and device identification
A data transmission channel is established at end, and the data transmission channel is specifically used between transmission server and terminal related to the equipment
Data.It should be noted that data transmission channel is a logical channel, and it is a network linking on the server, should
Network linking includes terminal iidentification, the mapping request of needs can be sent into corresponding terminal by the network linking.
If user is when service end opens the application software of the terminal, server is passed by data corresponding to the equipment
Defeated passage sends mapping request to terminal, wherein, mapping request includes completing the request of data needed for long-range mapping.Terminal exists
After the mapping request for receiving server transmission, according to mapping request, corresponding mapping data are returned into server.
The mapping data that server receiving terminal returns are so as to complete the long-range mapping to the equipment, the wherein mapping data
Data needed for being mapped on server for the equipment, can include bit rate of equipment etc., the embodiment of the present invention to this not
It is specifically limited.
The terminal device binding information that the embodiment of the present invention is sent by obtaining terminal, and according to terminal device binding information
Data transmission channel is established, mapping request, and the mapping data that receiving terminal returns are sent to terminal by data transmission channel,
So as to complete the long-range mapping of equipment so that the equipment that terminal user can use mapping on a virtual machine, improve user's
Security.
On the basis of above-described embodiment, methods described, in addition to:
If judgement knows that the session identification of target second differs with the session identification of target first, forbid described
User corresponding to the session identification of target first accesses equipment corresponding to the session identification of target second.
Specifically, the second all session identifications of the session identification of target first and list of devices are being carried out one by server
During one comparison, if the session identification of target first is different from the session identification of target second, illustrate the session identification pair of target first
The terminal answered terminal corresponding with the session identification of target second is inconsistent, because the purpose of the embodiment of the present invention is exactly only to allow to use
Family is mapped to the equipment on server using own terminal, does not allow user equipment other-end to be mapped to setting on server
It is standby, so to forbid user corresponding to the session identification of target first to access equipment corresponding to the session identification of target second.
The embodiment of the present invention knows that the session identification of target second differs with the session identification of target first by judging, then prohibits
Only user accesses equipment corresponding to the session identification of target second, it is achieved thereby that the equipment blocking of multi-user, can only allow to use
Family accesses the equipment that own terminal is mapped on server, improves the security of equipment access.
Fig. 2 is the equipment safety isolating device structural representation of multi-user provided in an embodiment of the present invention a kind of, such as Fig. 2 institutes
Show, described device, including:First acquisition module 201, the second acquisition module 202 and the first isolation module 203, wherein:
First acquisition module 201 is used to obtain the first session identification corresponding to multiple users of access equipment, wherein, equipment
For serial equipment or simultaneously jaws equipment;Second acquisition module 202 is used in slave unit list the facility information for obtaining all devices, institute
Stating facility information includes the second session identification corresponding to device identification and the device identification;First isolation module 203 is used for will
Each described first session identification is compared with second session identification of each in the list of devices, if judging
Know that second session identification is identical with first session identification, then by the equipment corresponding to second session identification
Target device as the user-accessible.
Specifically, when multiple users in service end using the application software of equipment to access the equipment when, first obtain mould
Block 201 can get the user profile of multiple users, and the user profile includes the first session identification corresponding to user, it is possible to understand that
, the first acquisition module 201 can also obtain the other information of user, and the embodiment of the present invention is not especially limited to this.Should
When explanation, user can be that terminal corresponding to the user has remotely reflected the equipment in the premise of service end access equipment
It has been mapped on server, and the equipment that user accesses can be serial equipment or simultaneously jaws equipment.When the first acquisition module
After 201 have monitored multiple user access devices and have obtained this multiple respective session identification of user, the second acquisition module 202
All facility informations being stored in the list of devices are obtained from the list of devices pre-established, wherein, facility information bag
The second session identification corresponding to device identification and device identification is included, device identification can be device id, and an equipment corresponds to unique
One device identification, when user log in remote desktop when, server can obtain the second session identification corresponding to the user with
And the user terminal be mapped to equipment on server corresponding to device identification, the second session identification and device identification are tied up
It is fixed, and be deposited into list of devices.Because each user can correspond to first session identification, all visited when there are multiple users
When asking same equipment, the first acquisition module 201 can get multiple first session identifications, and the first isolation module 203 will obtain
To multiple first session identifications compared one by one with the second all session identifications in list of devices respectively, if target
First session identification is identical with the session identification of target second in list of devices, then obtains corresponding to the session identification of target second
Device identification, the target device using equipment corresponding to the device identification as user-accessible, the first isolation module 203 will allow
User corresponding to the session identification of target first accesses the target device.Conversely, then forbid the session identification of target first corresponding
User access the target device, it is achieved thereby that the security isolation of target device.It should be noted that for there was only a use
Family accesses the situation of a certain equipment, the above method can also be used, by the first session identification and list of devices corresponding to the user
In the second session identification be compared, so that it is determined that the target device of the user-accessible, and allow the user to access.
The embodiment of device provided by the invention specifically can be used for the handling process for performing above-mentioned each method embodiment, its
Function will not be repeated here, and be referred to the detailed description of above method embodiment.
The embodiment of the present invention is by by each in the first session identification corresponding to each user and list of devices the
Two session identifications are compared, will equipment corresponding with target the first session identification identical the second session identification of target as mesh
Mark the target device of user-accessible corresponding to the first session identification so that user can only access own terminal mapping come up set
Equipment standby, and that other-end mapping can not be used to come up, realizes the equipment blocking of multi-user, improves the peace using equipment
Quan Xing.
On the basis of above-described embodiment, described device, in addition to:
Module is established in list, and the facility information sent for receiving terminal, the facility information includes the device identification,
If judgement knows that the user logs in remote desktop, second session identification corresponding to the user is obtained, by described the
Two session identifications form the facility information with device identification binding, and are stored in the list of devices;If judgement is known
The user logs off, then deletes facility information corresponding to the user from the list of devices.
Specifically, after equipment is inserted into terminal, the facility information of the equipment is sent to server by terminal, and server connects
The facility information that terminal is sent is received, wherein, facility information includes device identification, can also include terminal iidentification, when user is taking
Business end has logged in remote desktop, and now, server can monitor this triggering information of user, and obtain the second meeting of the user
Words mark, can also obtain the terminal iidentification of user's counterpart terminal, the second session identification is assured that by terminal iidentification
Belong to same terminal with device identification, and second session identification bound with the device identification, constitution equipment information,
And the facility information is deposited into list of devices.If after the remote desktop that user logs off, server can the user couple
The facility information answered will delete processing in slave unit list, therefore, server can carry out monitoring in real time, real to list of devices
Shi Gengxin, it is of course also possible to periodically update, and the setting cycle can be adjusted according to actual conditions.
The embodiment of the present invention is by pre-establishing list of devices, for by second in the first session identification and list of devices
Session identification compares, and so as to obtain the equipment of user-accessible, realizes the isolation of user.
On the basis of above-described embodiment, described device, in addition to:
Long-range mapping block, for the equipment to be remotely mapped into server, and the long-range mapping block, specifically
For:
Receive the terminal device binding information that the terminal is sent, the terminal device binding information include terminal iidentification and
The device identification;
According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;
Mapping request is sent to the terminal by the data transmission channel corresponding to the equipment, so that the terminal
Data are mapped according to corresponding to returning to the mapping request;
Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
Specifically, when there is equipment to be inserted into local terminal, the monitoring module that is now set in terminal, which can receive, to be set
Standby insertion message, terminal obtain the facility information of the equipment, wherein, facility information includes device identification.Terminal is by the equipment
Device identification and the terminal iidentification of terminal itself bound, and constitute terminal device binding information.Terminal sets terminal
Standby binding information is sent to server, and server receives the terminal device binding information of terminal transmission.
Server parses the terminal device binding information after the terminal device binding information of terminal transmission is received, from
In know corresponding to terminal iidentification and device identification, server network and end are passed through according to the terminal iidentification and device identification
A data transmission channel is established at end, and the data transmission channel is specifically used between transmission server and terminal related to the equipment
Data.It should be noted that data transmission channel is a logical channel, and it is a network linking on the server, should
Network linking includes terminal iidentification, the mapping request of needs can be sent into corresponding terminal by the network linking.
If user is when service end opens the application software of the terminal, server is passed by data corresponding to the equipment
Defeated passage sends mapping request to terminal, wherein, mapping request includes completing the request of data needed for long-range mapping.Terminal exists
After the mapping request for receiving server transmission, according to mapping request, corresponding mapping data are returned into server.
The mapping data that server receiving terminal returns are so as to complete the long-range mapping to the equipment, the wherein mapping data
Data needed for being mapped on server for the equipment, so as to complete remotely to map.
The terminal device binding information that the embodiment of the present invention is sent by obtaining terminal, and according to terminal device binding information
Data transmission channel is established, mapping request, and the mapping data that receiving terminal returns are sent to terminal by data transmission channel,
So as to complete the long-range mapping of equipment so that the equipment that terminal user can use mapping on a virtual machine, improve user's
Security.
On the basis of above-described embodiment, described device, in addition to:
Second isolation module, if for judging to know the session identification of target second and the session identification of target first
Differ, then forbid user corresponding to the session identification of target first to access and set corresponding to the session identification of target second
It is standby.
Specifically, the second isolation module is by the second all session identifications of the session identification of target first and list of devices
When being compared one by one, if the session identification of target first is different from the session identification of target second, illustrate the session of target first
The terminal corresponding with the session identification of target second of terminal corresponding to mark is inconsistent, because the purpose of the embodiment of the present invention is exactly only
Allow user to be mapped to the equipment on server using own terminal, do not allow user equipment other-end to be mapped on server
Equipment, set so to forbid user corresponding to the session identification of target first to access corresponding to the session identification of target second
It is standby.
The embodiment of the present invention knows that the session identification of target second differs with the session identification of target first by judging, then prohibits
Only user accesses equipment corresponding to the session identification of target second, it is achieved thereby that the equipment blocking of multi-user, can only allow to use
Family accesses the equipment that own terminal is mapped on server, improves the security of equipment access.
Fig. 3 is a kind of equipment safety isolating device structural representation for multi-user that another embodiment of the present invention provides, such as
Shown in Fig. 3, described device, including:Peripheral hardware monitoring module 301, desktop and user monitoring module 302, list of devices module 303,
Equipment blocking module 304 and data processing module 305, wherein, whether peripheral hardware monitoring module 301 inserts end for monitoring device
Whether end and monitoring user open application software corresponding to the equipment, after equipment inserts terminal, peripheral hardware monitoring module 301
The facility information of the equipment can be got, wherein facility information includes device identification;Answered when user opens corresponding to equipment
After software, the first session identification corresponding to the user is obtained;Desktop and user monitoring module 302 are used to monitor whether user steps on
Remote desktop has been recorded, when user has logged in remote desktop and be the second session identification for obtaining the user, and has established the second session mark
The binding relationship with device identification is known, so as to constitution equipment information;List of devices module 303 stores desktop and user monitoring module
The facility information of 302 structures;Equipment blocking module 304 is used in the session identification of target first and list of devices module 303
Second session identification is compared, if the session identification of target first is identical with the session identification of target second, notifies at data
Manage module 304, it is allowed to equipment corresponding to the session identification of user's access target second;If the session identification of target first and target
Second session identification differs, then notifies data processing module 304, forbid corresponding to the session identification of user's access target second
Equipment.
The embodiment of device provided by the invention specifically can be used for the handling process for performing above-mentioned each method embodiment, its
Function will not be repeated here, and be referred to the detailed description of above method embodiment.
The embodiment of the present invention is by by each in the first session identification corresponding to each user and list of devices the
Two session identifications are compared, will equipment corresponding with target the first session identification identical the second session identification of target as mesh
Mark the target device of user-accessible corresponding to the first session identification so that user can only access own terminal mapping come up set
Equipment standby, and that other-end mapping can not be used to come up, realizes the equipment blocking of multi-user, improves the peace using equipment
Quan Xing.
Fig. 4 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention, as shown in figure 4, the electronic equipment,
Including:Processor (processor) 401, memory (memory) 402 and bus 403;Wherein,
The processor 401 and memory 402 complete mutual communication by the bus 403;
The processor 401 is used to call the programmed instruction in the memory 402, to perform above-mentioned each method embodiment
The method provided, such as including:Obtain the first session identification corresponding to multiple users of access equipment;Obtained in slave unit list
The facility information of all devices is taken, the facility information includes the second session mark corresponding to device identification and the device identification
Know, wherein, equipment jaws equipment for serial equipment or simultaneously;By each described first session identification with it is every in the list of devices
One second session identification is compared, if judging to know the session identification of target second and target the first session identification phase
Together, then using equipment corresponding to the session identification of target second as user-accessible corresponding to the session identification of target first
Target device, to realize the security isolation of the target device.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include programmed instruction, when described program instruction is calculated
When machine performs, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:Obtain the more of access equipment
First session identification corresponding to individual user, wherein, equipment jaws equipment for serial equipment or simultaneously;All set is obtained in slave unit list
Standby facility information, the facility information include the second session identification corresponding to device identification and the device identification;Will be each
Individual first session identification is compared with second session identification of each in the list of devices, if judging to know
The session identification of target second is identical with the session identification of target first, then using equipment corresponding to the session identification of target second as
The target device of user-accessible corresponding to the session identification of target first, to realize the security isolation of the target device.
The present embodiment provides a kind of non-transient computer readable storage medium storing program for executing, the non-transient computer readable storage medium storing program for executing
Computer instruction is stored, the computer instruction makes the computer perform the method that above-mentioned each method embodiment is provided, example
Such as include:The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment is that serial equipment or parallel port are set
It is standby;The facility information of all devices is obtained in slave unit list, the facility information includes device identification and the device identification
Corresponding second session identification;By each described second meeting in each described first session identification and the list of devices
Words mark is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by the target
Target device of the equipment corresponding to second session identification as user-accessible corresponding to the session identification of target first, with reality
The security isolation of the existing target device.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through
Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program
Upon execution, the step of execution includes above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or light
Disk etc. is various can be with the medium of store program codes.
The embodiments such as device described above are only schematical, wherein the unit illustrated as separating component
It can be or may not be physically separate, can be as the part that unit is shown or may not be physics list
Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs
In some or all of module realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying creativeness
Work in the case of, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
Realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on such understanding, on
The part that technical scheme substantially in other words contributes to prior art is stated to embody in the form of software product, should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers
Make to cause a computer equipment (can be personal computer, server, or network equipment etc.) to perform each implementation
Method described in some parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used
To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic;
And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and
Scope.
Claims (12)
- A kind of 1. equipment safety partition method of multi-user, it is characterised in that including:The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment jaws equipment for serial equipment or simultaneously;The facility information of all devices is obtained in slave unit list, the facility information includes device identification and the device identification Corresponding second session identification;Each described first session identification is compared with second session identification of each in the list of devices, It is if judgement knows that the session identification of target second is identical with the session identification of target first, the session identification of target second is corresponding Target device of the equipment as user-accessible corresponding to the session identification of target first, to realize the target device Security isolation.
- 2. according to the method for claim 1, it is characterised in that the corresponding to multiple users in the acquisition access equipment Before one session identification, methods described, in addition to:The facility information that receiving terminal is sent, the facility information include the device identification, if judging to know that the user steps on Remote desktop is recorded, then second session identification corresponding to the user is obtained, by second session identification and the equipment Mark binding forms the facility information, and is stored in the list of devices;, will if judgement knows that the user logs off Facility information is deleted from the list of devices corresponding to the user.
- 3. according to the method for claim 1, it is characterised in that the corresponding to multiple users in the acquisition access equipment Before one session identification, methods described, in addition to:The equipment is remotely mapped on server.
- 4. according to the method for claim 3, it is characterised in that described to be remotely mapped to the equipment on server, bag Include:Receive the terminal device binding information that the terminal is sent, the terminal device binding information includes terminal iidentification and described Device identification;According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;By the data transmission channel corresponding to the equipment to the terminal send mapping request so that the terminal according to The mapping request maps data corresponding to returning;Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
- 5. according to the method described in claim any one of 1-4, it is characterised in that methods described, in addition to:If judgement knows that the session identification of target second differs with the session identification of target first, forbid the target User corresponding to first session identification accesses equipment corresponding to the session identification of target second.
- A kind of 6. equipment safety isolating device of multi-user, it is characterised in that including:First acquisition module, for obtaining the first session identification corresponding to multiple users of access equipment, wherein, equipment is serial ports Equipment or simultaneously jaws equipment;Second acquisition module, for obtaining the facility information of all devices in slave unit list, the facility information includes equipment Second session identification corresponding to mark and the device identification;First isolation module, for by each described first session identification and the list of devices each described second Session identification is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by the mesh Target device of the equipment corresponding to the second session identification as user-accessible corresponding to the session identification of target first is marked, with Realize the security isolation of the target device.
- 7. device according to claim 6, it is characterised in that described device, in addition to:Module is established in list, and the facility information sent for receiving terminal, the facility information includes the device identification, if sentencing It is disconnected to know that the user logs in remote desktop, then second session identification corresponding to the user is obtained, by second meeting Words mark forms the facility information with device identification binding, and is stored in the list of devices;If judgement is known described User logs off, then deletes facility information corresponding to the user from the list of devices.
- 8. device according to claim 6, it is characterised in that described device, in addition to:Long-range mapping block, for the equipment to be remotely mapped into server.
- 9. device according to claim 8, it is characterised in that the long-range mapping block, be specifically used for:Receive the terminal device binding information that the terminal is sent, the terminal device binding information includes terminal iidentification and described Device identification;According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;By the data transmission channel corresponding to the equipment to the terminal send mapping request so that the terminal according to The mapping request maps data corresponding to returning;Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
- 10. according to the device described in claim any one of 6-9, it is characterised in that described device, in addition to:Second isolation module, if for judging to know the session identification of target second and the session identification of target first not phase Together, then user corresponding to the session identification of target first is forbidden to access equipment corresponding to the session identification of target second.
- 11. a kind of electronic equipment, it is characterised in that including:Processor, memory and bus, wherein,The processor and the memory complete mutual communication by the bus;The memory storage has can be by the programmed instruction of the computing device, and the processor calls described program instruction energy Enough perform the method as described in claim any one of 1-5.
- 12. a kind of non-transient computer readable storage medium storing program for executing, it is characterised in that the non-transient computer readable storage medium storing program for executing is deposited Computer instruction is stored up, the computer instruction makes the computer perform the method as described in claim any one of 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710600047.5A CN107465669A (en) | 2017-07-21 | 2017-07-21 | The equipment safety partition method and device of a kind of multi-user |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710600047.5A CN107465669A (en) | 2017-07-21 | 2017-07-21 | The equipment safety partition method and device of a kind of multi-user |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107465669A true CN107465669A (en) | 2017-12-12 |
Family
ID=60543910
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710600047.5A Pending CN107465669A (en) | 2017-07-21 | 2017-07-21 | The equipment safety partition method and device of a kind of multi-user |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107465669A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111475318A (en) * | 2020-04-29 | 2020-07-31 | 中国人民解放军军事科学院国防科技创新研究院 | Serial port communication device, method and system supporting multi-user access |
CN113905080A (en) * | 2021-09-27 | 2022-01-07 | 深信服科技股份有限公司 | Management method, device, system and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090222463A1 (en) * | 2008-02-29 | 2009-09-03 | Clark Bryan William | Systems and methods for a journal page |
CN102411688A (en) * | 2011-11-28 | 2012-04-11 | 福建升腾资讯有限公司 | Method for separately accessing virtual USB (Universal Serial Bus) peripherals on terminal server by multiple users |
CN103324278A (en) * | 2012-10-30 | 2013-09-25 | 中兴通讯股份有限公司 | Terminal device, system and method for accessing virtual desktops |
CN103327005A (en) * | 2013-05-15 | 2013-09-25 | 深信服网络科技(深圳)有限公司 | Device access method and device based on virtual desktop |
US20130326072A1 (en) * | 2012-06-04 | 2013-12-05 | Cisco Technology, Inc. | Seamless Hand-Off of Combined Unified Communications and Virtual Desktop Infrastructure Sessions |
CN106254364A (en) * | 2016-08-19 | 2016-12-21 | 湖南麒麟信安科技有限公司 | Computer desktop service access apparatus under a kind of Multi net voting isolation environment and method |
-
2017
- 2017-07-21 CN CN201710600047.5A patent/CN107465669A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090222463A1 (en) * | 2008-02-29 | 2009-09-03 | Clark Bryan William | Systems and methods for a journal page |
CN102411688A (en) * | 2011-11-28 | 2012-04-11 | 福建升腾资讯有限公司 | Method for separately accessing virtual USB (Universal Serial Bus) peripherals on terminal server by multiple users |
US20130326072A1 (en) * | 2012-06-04 | 2013-12-05 | Cisco Technology, Inc. | Seamless Hand-Off of Combined Unified Communications and Virtual Desktop Infrastructure Sessions |
CN103324278A (en) * | 2012-10-30 | 2013-09-25 | 中兴通讯股份有限公司 | Terminal device, system and method for accessing virtual desktops |
CN103327005A (en) * | 2013-05-15 | 2013-09-25 | 深信服网络科技(深圳)有限公司 | Device access method and device based on virtual desktop |
CN106254364A (en) * | 2016-08-19 | 2016-12-21 | 湖南麒麟信安科技有限公司 | Computer desktop service access apparatus under a kind of Multi net voting isolation environment and method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111475318A (en) * | 2020-04-29 | 2020-07-31 | 中国人民解放军军事科学院国防科技创新研究院 | Serial port communication device, method and system supporting multi-user access |
CN111475318B (en) * | 2020-04-29 | 2021-02-23 | 中国人民解放军军事科学院国防科技创新研究院 | Serial port communication device, method and system supporting multi-user access |
CN113905080A (en) * | 2021-09-27 | 2022-01-07 | 深信服科技股份有限公司 | Management method, device, system and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104333863B (en) | Connection management method and device, electronic equipment | |
CN108055207A (en) | A kind of network topology cognitive method and device | |
CN105208545B (en) | Communication data management method, device and server based on virtual SIM card | |
CN110611723B (en) | Scheduling method and device of service resources | |
CN104639650B (en) | A kind of fine granularity distributed interface access control method and device | |
CN105306456B (en) | A kind of method of login system, server, system and network attached storage equipment | |
CN109327557A (en) | A kind of management method and device of virtual machine IP address | |
CN114143066A (en) | Intranet and extranet docking system and method based on agent isolation device | |
CN106534129B (en) | Connection control method and device | |
CN107341406A (en) | A kind of method and terminal for protecting privacy of user data | |
CN107465669A (en) | The equipment safety partition method and device of a kind of multi-user | |
CN108307526A (en) | Equipment connection method and Related product | |
CN107277163A (en) | A kind of long-range mapping method of equipment and device | |
CN104967603A (en) | Application account security verification method and apparatus | |
CN110569987B (en) | Automatic operation and maintenance method, operation and maintenance equipment, storage medium and device | |
CN114153705A (en) | Data monitoring method and device based on configuration management database | |
CN109800571A (en) | Event-handling method and device and storage medium and electronic device | |
CN114513419A (en) | Security policy configuration method and system | |
CN109995759B (en) | Method for accessing VPC (virtual private network) by physical machine and related device | |
CN107967265A (en) | Access method, data server and the file access system of file | |
CN111290915A (en) | Multipath equipment shielding system, method, equipment and readable storage medium | |
CN109842913A (en) | Terminal admittance control method, device, electronic equipment | |
CN106156650A (en) | Data protection system and method | |
CN111343193B (en) | Cloud network port security protection method and device, electronic equipment and storage medium | |
CN107846288A (en) | For realizing the methods, devices and systems of charging |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171212 |