CN107465669A - The equipment safety partition method and device of a kind of multi-user - Google Patents

The equipment safety partition method and device of a kind of multi-user Download PDF

Info

Publication number
CN107465669A
CN107465669A CN201710600047.5A CN201710600047A CN107465669A CN 107465669 A CN107465669 A CN 107465669A CN 201710600047 A CN201710600047 A CN 201710600047A CN 107465669 A CN107465669 A CN 107465669A
Authority
CN
China
Prior art keywords
equipment
session identification
user
target
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710600047.5A
Other languages
Chinese (zh)
Inventor
张帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qianxin Technology Co Ltd filed Critical Beijing Qianxin Technology Co Ltd
Priority to CN201710600047.5A priority Critical patent/CN107465669A/en
Publication of CN107465669A publication Critical patent/CN107465669A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the present invention provides a kind of the equipment safety partition method and device of multi-user.Methods described includes:Obtain the first session identification corresponding to multiple users of access equipment;Device identification and the second session identification of all devices are obtained in slave unit list;Each first session identification is compared with the session identification of each in list of devices second, if judgement knows that the session identification of target second is identical with the session identification of target first, the then target device using equipment corresponding to the session identification of target second as user-accessible corresponding to the session identification of target first, to realize the security isolation of the target device.Described device is used to perform methods described.The embodiment of the present invention is by the way that the equipment corresponding with target the first session identification the second session identification of identical in list of devices to be used as to the target device of user-accessible, so that user can only access the equipment that own terminal mapping comes up, the equipment blocking of multi-user is realized, improves the security using equipment.

Description

The equipment safety partition method and device of a kind of multi-user
Technical field
The present embodiments relate to the equipment safety partition method and dress of communication technical field, more particularly to a kind of multi-user Put.
Background technology
In recent years, the increasingly maturation of cloud computing technology development, the reality more and more run on physical server Business is (such as:Printing, projection, scanning etc.) move in virtual machine in cloud computing environment.Therefore, in publicly-owned or privately owned table In the environment of the cloud of face, needs are frequently encountered in virtual machine using printer, projecting apparatus, fingerprint instrument, scanner etc..
In the prior art, when having multiple users by remote protocol while accessing some equipment on virtual machine, virtually Machine can not accomplish that multi-user isolates, i.e., not can determine which equipment user and the user correspond to.Such as:User A terminal and There is a printer in user B terminal, and the printer of two terminals has been mapped on virtual machine, when user A exists On virtual machine during access printer, it is possible to the printer that can have had access to user B, makes so as to cause the dangerous of equipment With.
Therefore, how to carry out security isolation to the equipment of multi-user is problem nowadays urgently to be resolved hurrily.
The content of the invention
The problem of existing for prior art, the embodiment of the present invention provide a kind of multi-user equipment safety partition method and Device.
In a first aspect, the embodiment of the present invention provides a kind of equipment safety partition method of multi-user, including:
The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment is that serial equipment or parallel port are set It is standby;
The facility information of all devices is obtained in slave unit list, the facility information includes device identification and the equipment Second session identification corresponding to mark;
Each described second session identification in each described first session identification and the list of devices is carried out Compare, if judging to know that the session identification of target second is identical with the session identification of target first, by the second session of target mark Target device of the equipment corresponding to knowledge as user-accessible corresponding to the session identification of target first, to realize the target The security isolation of equipment.
Second aspect, the embodiment of the present invention provide a kind of equipment safety isolating device of multi-user, including:
First acquisition module, for obtaining the first session identification corresponding to multiple users of access equipment, wherein, equipment is Serial equipment or simultaneously jaws equipment;
Second acquisition module, for obtaining the facility information of all devices in slave unit list, the facility information includes Second session identification corresponding to device identification and the device identification;
First isolation module, for by described in each in each described first session identification and the list of devices Second session identification is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by institute The target that equipment corresponding to the session identification of target second is stated as user-accessible corresponding to the session identification of target first is set It is standby, to realize the security isolation of the target device.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, including:Processor, memory and bus, wherein,
The processor and the memory complete mutual communication by the bus;
The memory storage has and by the programmed instruction of the computing device, the processor described program can be called to refer to Order is able to carry out the method and step of first aspect.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium storing program for executing, including:
The non-transient computer readable storage medium storing program for executing stores computer instruction, and the computer instruction makes the computer Perform the method and step of first aspect.
The equipment safety partition method and device of a kind of multi-user provided in an embodiment of the present invention, by by each user Corresponding first session identification is compared with the session identification of each in list of devices second, will be with target the first session mark Know target of the equipment as user-accessible corresponding to the session identification of target first corresponding to identical the second session identification of target Equipment so that user can only access the equipment that own terminal mapping comes up, and other-end can not be used to map the equipment come up, The equipment blocking of multi-user is realized, improves the security using equipment.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are this hairs Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, can be with root Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is the equipment safety partition method schematic flow sheet of multi-user provided in an embodiment of the present invention a kind of;
Fig. 2 is the equipment safety isolating device structural representation of multi-user provided in an embodiment of the present invention a kind of;
Fig. 3 is a kind of equipment safety isolating device structural representation for multi-user that another embodiment of the present invention provides;
Fig. 4 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 is the equipment safety partition method schematic flow sheet of multi-user provided in an embodiment of the present invention a kind of, such as Fig. 1 institutes Show, methods described, including:
Step 101:The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment is serial equipment Or simultaneously jaws equipment;
Specifically, when multiple users in service end using the application software of a certain equipment to access the equipment when, server The user profile of multiple users can be got, the user profile includes the first session identification corresponding to user, it is to be understood that Server can also obtain the other information of user, and the embodiment of the present invention is not especially limited to this.It should be noted that user Can be that the equipment has remotely been mapped on server by terminal corresponding to the user in the premise of service end access equipment, And the equipment that accesses of user can be serial equipment or simultaneously jaws equipment, such as:Serial printer, parallel port printer, string Mouth projecting apparatus, parallel port projecting apparatus etc..
Step 102:In slave unit list obtain all devices facility information, the facility information include device identification and Second session identification corresponding to the device identification;
Specifically, when monitoring server is to having multiple user access devices and obtain this multiple respective session mark of user After knowledge, all facility informations being stored in the list of devices are obtained from the list of devices pre-established, wherein, equipment letter Breath includes the second session identification corresponding to device identification and device identification, and device identification can be device id, and an equipment is corresponding Only one device identification, when user logs in remote desktop, server can obtain the second session mark corresponding to the user Know and the user terminal be mapped to equipment on server corresponding to device identification, the second session identification and device identification are entered Row binding, and be deposited into list of devices.
Step 103:By each described second session in each described first session identification and the list of devices Mark is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by the target the Target device of the equipment corresponding to two session identifications as user-accessible corresponding to the session identification of target first, to realize The security isolation of the target device.
Specifically, because each user can correspond to first session identification, when have multiple users all access it is same During individual equipment, server can get multiple first session identifications, and server distinguishes multiple first session identifications got Compared one by one with the second all session identifications in list of devices, if in the session identification of target first and list of devices The session identification of target second it is identical, then device identification corresponding to the session identification of target second is obtained, by the device identification pair Target device of the equipment answered as user-accessible, server will allow user corresponding to the session identification of target first to access The target device.Conversely, then server forbids user corresponding to the session identification of target first to access the target device, so as to real The security isolation of target device is showed.It should be noted that in the case of only having a user to access a certain equipment, can also Using the above method, the first session identification corresponding to the user is compared with the second session identification in list of devices, from And the target device of the user-accessible is determined, and allow the user to access.
Such as:The printer A of its own has been mapped on server by terminal A, meanwhile, terminal B is by the printing of its own Machine B has been also mapped onto on server, user A counterpart terminal A, user B counterpart terminal B, when user A and user B is in server On logged in remote desktop, now, server obtains user A the second session identification and user B the second session identification, and The facility information A that printer A device identification is formed with user A the second session identification is stored in list of devices, and is beaten The facility information B that print machine B device identification is formed with user B the second session identification, when user A and user B is in service end Using printer function, now, server obtains user A the first session identification and user B the first session identification respectively, will User A the first session identification compares with the second session identification in list of devices, is beaten so as to get corresponding to user A Print machine A, without getting printer B corresponding to user B;Likewise, user B can get its corresponding printer B, this When, user A uses printer A, and user B uses printer B, it is achieved thereby that the isolation of equipment.
The embodiment of the present invention is by by each in the first session identification corresponding to each user and list of devices the Two session identifications are compared, will equipment corresponding with target the first session identification identical the second session identification of target as mesh Mark the target device of user-accessible corresponding to the first session identification so that user can only access own terminal mapping come up set Equipment standby, and that other-end mapping can not be used to come up, realizes the equipment blocking of multi-user, improves the peace using equipment Quan Xing.
On the basis of above-described embodiment, it is described acquisition access equipment multiple users corresponding to the first session identification it Before, methods described, in addition to:
The facility information that receiving terminal is sent, the facility information include the device identification, if judging to know the use Family log in remote desktop, then obtain second session identification corresponding to the user, by second session identification with it is described Device identification binding forms the facility information, and is stored in the list of devices;If judgement knows that the user logs off, Then facility information corresponding to the user is deleted from the list of devices.
Specifically, after equipment is inserted into terminal, the facility information of the equipment is sent to server by terminal, and server connects The facility information that terminal is sent is received, wherein, facility information includes device identification, can also include terminal iidentification, when user is taking Business end has logged in remote desktop, and now, server can monitor this triggering information of user, and obtain the second meeting of the user Words mark, can also obtain the terminal iidentification of user's counterpart terminal, the second session identification is assured that by terminal iidentification Belong to same terminal with device identification, and second session identification bound with the device identification, constitution equipment information, And the facility information is deposited into list of devices.If after the remote desktop that user logs off, server can the user couple The facility information answered will delete processing in slave unit list, therefore, server can carry out monitoring in real time, real to list of devices Shi Gengxin, it is of course also possible to periodically update, and the setting cycle can be adjusted according to actual conditions.
The embodiment of the present invention is by pre-establishing list of devices, for by second in the first session identification and list of devices Session identification compares, and so as to obtain the equipment of user-accessible, realizes the isolation of user.
On the basis of above-described embodiment, it is described acquisition access equipment multiple users corresponding to the first session identification it Before, methods described, in addition to:
The equipment is remotely mapped on server, it is described to be remotely mapped to the equipment on server, including:
Receive the terminal device binding information that the terminal is sent, the terminal device binding information include terminal iidentification and The device identification;
According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;
Mapping request is sent to the terminal by the data transmission channel corresponding to the equipment, so that the terminal Data are mapped according to corresponding to returning to the mapping request;
Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
Specifically, when there is equipment to be inserted into local terminal, the monitoring module that is now set in terminal, which can receive, to be set Standby insertion message, terminal obtain the facility information of the equipment, wherein, facility information includes device identification, can also include setting Standby type, manufacturer's information etc..Terminal is bound the terminal iidentification of the device identification of the equipment and terminal itself, and is constituted Terminal device binding information, it is to be understood that corresponding one unique mark of each equipment, i.e. device identification, pass through It is specific equipment that device identification, which can be known, and similarly, terminal also uniquely identifies for all corresponding one, i.e. terminal iidentification, Ke Yishi The IP address of terminal, terminal is used to refer to by terminal iidentification.And it should be noted that terminal device binding information can also wrap The other information of equipment and terminal, such as device type etc. are included, the embodiment of the present invention is not specifically limited to this.Terminal is by terminal Apparatus bound information is sent to server, and server receives the terminal device binding information of terminal transmission.
Server parses the terminal device binding information after the terminal device binding information of terminal transmission is received, from In know corresponding to terminal iidentification and device identification, server network and end are passed through according to the terminal iidentification and device identification A data transmission channel is established at end, and the data transmission channel is specifically used between transmission server and terminal related to the equipment Data.It should be noted that data transmission channel is a logical channel, and it is a network linking on the server, should Network linking includes terminal iidentification, the mapping request of needs can be sent into corresponding terminal by the network linking.
If user is when service end opens the application software of the terminal, server is passed by data corresponding to the equipment Defeated passage sends mapping request to terminal, wherein, mapping request includes completing the request of data needed for long-range mapping.Terminal exists After the mapping request for receiving server transmission, according to mapping request, corresponding mapping data are returned into server.
The mapping data that server receiving terminal returns are so as to complete the long-range mapping to the equipment, the wherein mapping data Data needed for being mapped on server for the equipment, can include bit rate of equipment etc., the embodiment of the present invention to this not It is specifically limited.
The terminal device binding information that the embodiment of the present invention is sent by obtaining terminal, and according to terminal device binding information Data transmission channel is established, mapping request, and the mapping data that receiving terminal returns are sent to terminal by data transmission channel, So as to complete the long-range mapping of equipment so that the equipment that terminal user can use mapping on a virtual machine, improve user's Security.
On the basis of above-described embodiment, methods described, in addition to:
If judgement knows that the session identification of target second differs with the session identification of target first, forbid described User corresponding to the session identification of target first accesses equipment corresponding to the session identification of target second.
Specifically, the second all session identifications of the session identification of target first and list of devices are being carried out one by server During one comparison, if the session identification of target first is different from the session identification of target second, illustrate the session identification pair of target first The terminal answered terminal corresponding with the session identification of target second is inconsistent, because the purpose of the embodiment of the present invention is exactly only to allow to use Family is mapped to the equipment on server using own terminal, does not allow user equipment other-end to be mapped to setting on server It is standby, so to forbid user corresponding to the session identification of target first to access equipment corresponding to the session identification of target second.
The embodiment of the present invention knows that the session identification of target second differs with the session identification of target first by judging, then prohibits Only user accesses equipment corresponding to the session identification of target second, it is achieved thereby that the equipment blocking of multi-user, can only allow to use Family accesses the equipment that own terminal is mapped on server, improves the security of equipment access.
Fig. 2 is the equipment safety isolating device structural representation of multi-user provided in an embodiment of the present invention a kind of, such as Fig. 2 institutes Show, described device, including:First acquisition module 201, the second acquisition module 202 and the first isolation module 203, wherein:
First acquisition module 201 is used to obtain the first session identification corresponding to multiple users of access equipment, wherein, equipment For serial equipment or simultaneously jaws equipment;Second acquisition module 202 is used in slave unit list the facility information for obtaining all devices, institute Stating facility information includes the second session identification corresponding to device identification and the device identification;First isolation module 203 is used for will Each described first session identification is compared with second session identification of each in the list of devices, if judging Know that second session identification is identical with first session identification, then by the equipment corresponding to second session identification Target device as the user-accessible.
Specifically, when multiple users in service end using the application software of equipment to access the equipment when, first obtain mould Block 201 can get the user profile of multiple users, and the user profile includes the first session identification corresponding to user, it is possible to understand that , the first acquisition module 201 can also obtain the other information of user, and the embodiment of the present invention is not especially limited to this.Should When explanation, user can be that terminal corresponding to the user has remotely reflected the equipment in the premise of service end access equipment It has been mapped on server, and the equipment that user accesses can be serial equipment or simultaneously jaws equipment.When the first acquisition module After 201 have monitored multiple user access devices and have obtained this multiple respective session identification of user, the second acquisition module 202 All facility informations being stored in the list of devices are obtained from the list of devices pre-established, wherein, facility information bag The second session identification corresponding to device identification and device identification is included, device identification can be device id, and an equipment corresponds to unique One device identification, when user log in remote desktop when, server can obtain the second session identification corresponding to the user with And the user terminal be mapped to equipment on server corresponding to device identification, the second session identification and device identification are tied up It is fixed, and be deposited into list of devices.Because each user can correspond to first session identification, all visited when there are multiple users When asking same equipment, the first acquisition module 201 can get multiple first session identifications, and the first isolation module 203 will obtain To multiple first session identifications compared one by one with the second all session identifications in list of devices respectively, if target First session identification is identical with the session identification of target second in list of devices, then obtains corresponding to the session identification of target second Device identification, the target device using equipment corresponding to the device identification as user-accessible, the first isolation module 203 will allow User corresponding to the session identification of target first accesses the target device.Conversely, then forbid the session identification of target first corresponding User access the target device, it is achieved thereby that the security isolation of target device.It should be noted that for there was only a use Family accesses the situation of a certain equipment, the above method can also be used, by the first session identification and list of devices corresponding to the user In the second session identification be compared, so that it is determined that the target device of the user-accessible, and allow the user to access.
The embodiment of device provided by the invention specifically can be used for the handling process for performing above-mentioned each method embodiment, its Function will not be repeated here, and be referred to the detailed description of above method embodiment.
The embodiment of the present invention is by by each in the first session identification corresponding to each user and list of devices the Two session identifications are compared, will equipment corresponding with target the first session identification identical the second session identification of target as mesh Mark the target device of user-accessible corresponding to the first session identification so that user can only access own terminal mapping come up set Equipment standby, and that other-end mapping can not be used to come up, realizes the equipment blocking of multi-user, improves the peace using equipment Quan Xing.
On the basis of above-described embodiment, described device, in addition to:
Module is established in list, and the facility information sent for receiving terminal, the facility information includes the device identification, If judgement knows that the user logs in remote desktop, second session identification corresponding to the user is obtained, by described the Two session identifications form the facility information with device identification binding, and are stored in the list of devices;If judgement is known The user logs off, then deletes facility information corresponding to the user from the list of devices.
Specifically, after equipment is inserted into terminal, the facility information of the equipment is sent to server by terminal, and server connects The facility information that terminal is sent is received, wherein, facility information includes device identification, can also include terminal iidentification, when user is taking Business end has logged in remote desktop, and now, server can monitor this triggering information of user, and obtain the second meeting of the user Words mark, can also obtain the terminal iidentification of user's counterpart terminal, the second session identification is assured that by terminal iidentification Belong to same terminal with device identification, and second session identification bound with the device identification, constitution equipment information, And the facility information is deposited into list of devices.If after the remote desktop that user logs off, server can the user couple The facility information answered will delete processing in slave unit list, therefore, server can carry out monitoring in real time, real to list of devices Shi Gengxin, it is of course also possible to periodically update, and the setting cycle can be adjusted according to actual conditions.
The embodiment of the present invention is by pre-establishing list of devices, for by second in the first session identification and list of devices Session identification compares, and so as to obtain the equipment of user-accessible, realizes the isolation of user.
On the basis of above-described embodiment, described device, in addition to:
Long-range mapping block, for the equipment to be remotely mapped into server, and the long-range mapping block, specifically For:
Receive the terminal device binding information that the terminal is sent, the terminal device binding information include terminal iidentification and The device identification;
According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;
Mapping request is sent to the terminal by the data transmission channel corresponding to the equipment, so that the terminal Data are mapped according to corresponding to returning to the mapping request;
Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
Specifically, when there is equipment to be inserted into local terminal, the monitoring module that is now set in terminal, which can receive, to be set Standby insertion message, terminal obtain the facility information of the equipment, wherein, facility information includes device identification.Terminal is by the equipment Device identification and the terminal iidentification of terminal itself bound, and constitute terminal device binding information.Terminal sets terminal Standby binding information is sent to server, and server receives the terminal device binding information of terminal transmission.
Server parses the terminal device binding information after the terminal device binding information of terminal transmission is received, from In know corresponding to terminal iidentification and device identification, server network and end are passed through according to the terminal iidentification and device identification A data transmission channel is established at end, and the data transmission channel is specifically used between transmission server and terminal related to the equipment Data.It should be noted that data transmission channel is a logical channel, and it is a network linking on the server, should Network linking includes terminal iidentification, the mapping request of needs can be sent into corresponding terminal by the network linking.
If user is when service end opens the application software of the terminal, server is passed by data corresponding to the equipment Defeated passage sends mapping request to terminal, wherein, mapping request includes completing the request of data needed for long-range mapping.Terminal exists After the mapping request for receiving server transmission, according to mapping request, corresponding mapping data are returned into server.
The mapping data that server receiving terminal returns are so as to complete the long-range mapping to the equipment, the wherein mapping data Data needed for being mapped on server for the equipment, so as to complete remotely to map.
The terminal device binding information that the embodiment of the present invention is sent by obtaining terminal, and according to terminal device binding information Data transmission channel is established, mapping request, and the mapping data that receiving terminal returns are sent to terminal by data transmission channel, So as to complete the long-range mapping of equipment so that the equipment that terminal user can use mapping on a virtual machine, improve user's Security.
On the basis of above-described embodiment, described device, in addition to:
Second isolation module, if for judging to know the session identification of target second and the session identification of target first Differ, then forbid user corresponding to the session identification of target first to access and set corresponding to the session identification of target second It is standby.
Specifically, the second isolation module is by the second all session identifications of the session identification of target first and list of devices When being compared one by one, if the session identification of target first is different from the session identification of target second, illustrate the session of target first The terminal corresponding with the session identification of target second of terminal corresponding to mark is inconsistent, because the purpose of the embodiment of the present invention is exactly only Allow user to be mapped to the equipment on server using own terminal, do not allow user equipment other-end to be mapped on server Equipment, set so to forbid user corresponding to the session identification of target first to access corresponding to the session identification of target second It is standby.
The embodiment of the present invention knows that the session identification of target second differs with the session identification of target first by judging, then prohibits Only user accesses equipment corresponding to the session identification of target second, it is achieved thereby that the equipment blocking of multi-user, can only allow to use Family accesses the equipment that own terminal is mapped on server, improves the security of equipment access.
Fig. 3 is a kind of equipment safety isolating device structural representation for multi-user that another embodiment of the present invention provides, such as Shown in Fig. 3, described device, including:Peripheral hardware monitoring module 301, desktop and user monitoring module 302, list of devices module 303, Equipment blocking module 304 and data processing module 305, wherein, whether peripheral hardware monitoring module 301 inserts end for monitoring device Whether end and monitoring user open application software corresponding to the equipment, after equipment inserts terminal, peripheral hardware monitoring module 301 The facility information of the equipment can be got, wherein facility information includes device identification;Answered when user opens corresponding to equipment After software, the first session identification corresponding to the user is obtained;Desktop and user monitoring module 302 are used to monitor whether user steps on Remote desktop has been recorded, when user has logged in remote desktop and be the second session identification for obtaining the user, and has established the second session mark The binding relationship with device identification is known, so as to constitution equipment information;List of devices module 303 stores desktop and user monitoring module The facility information of 302 structures;Equipment blocking module 304 is used in the session identification of target first and list of devices module 303 Second session identification is compared, if the session identification of target first is identical with the session identification of target second, notifies at data Manage module 304, it is allowed to equipment corresponding to the session identification of user's access target second;If the session identification of target first and target Second session identification differs, then notifies data processing module 304, forbid corresponding to the session identification of user's access target second Equipment.
The embodiment of device provided by the invention specifically can be used for the handling process for performing above-mentioned each method embodiment, its Function will not be repeated here, and be referred to the detailed description of above method embodiment.
The embodiment of the present invention is by by each in the first session identification corresponding to each user and list of devices the Two session identifications are compared, will equipment corresponding with target the first session identification identical the second session identification of target as mesh Mark the target device of user-accessible corresponding to the first session identification so that user can only access own terminal mapping come up set Equipment standby, and that other-end mapping can not be used to come up, realizes the equipment blocking of multi-user, improves the peace using equipment Quan Xing.
Fig. 4 is electronic equipment entity structure schematic diagram provided in an embodiment of the present invention, as shown in figure 4, the electronic equipment, Including:Processor (processor) 401, memory (memory) 402 and bus 403;Wherein,
The processor 401 and memory 402 complete mutual communication by the bus 403;
The processor 401 is used to call the programmed instruction in the memory 402, to perform above-mentioned each method embodiment The method provided, such as including:Obtain the first session identification corresponding to multiple users of access equipment;Obtained in slave unit list The facility information of all devices is taken, the facility information includes the second session mark corresponding to device identification and the device identification Know, wherein, equipment jaws equipment for serial equipment or simultaneously;By each described first session identification with it is every in the list of devices One second session identification is compared, if judging to know the session identification of target second and target the first session identification phase Together, then using equipment corresponding to the session identification of target second as user-accessible corresponding to the session identification of target first Target device, to realize the security isolation of the target device.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, the computer program include programmed instruction, when described program instruction is calculated When machine performs, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:Obtain the more of access equipment First session identification corresponding to individual user, wherein, equipment jaws equipment for serial equipment or simultaneously;All set is obtained in slave unit list Standby facility information, the facility information include the second session identification corresponding to device identification and the device identification;Will be each Individual first session identification is compared with second session identification of each in the list of devices, if judging to know The session identification of target second is identical with the session identification of target first, then using equipment corresponding to the session identification of target second as The target device of user-accessible corresponding to the session identification of target first, to realize the security isolation of the target device.
The present embodiment provides a kind of non-transient computer readable storage medium storing program for executing, the non-transient computer readable storage medium storing program for executing Computer instruction is stored, the computer instruction makes the computer perform the method that above-mentioned each method embodiment is provided, example Such as include:The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment is that serial equipment or parallel port are set It is standby;The facility information of all devices is obtained in slave unit list, the facility information includes device identification and the device identification Corresponding second session identification;By each described second meeting in each described first session identification and the list of devices Words mark is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by the target Target device of the equipment corresponding to second session identification as user-accessible corresponding to the session identification of target first, with reality The security isolation of the existing target device.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above method embodiment can pass through Programmed instruction related hardware is completed, and foregoing program can be stored in a computer read/write memory medium, the program Upon execution, the step of execution includes above method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or light Disk etc. is various can be with the medium of store program codes.
The embodiments such as device described above are only schematical, wherein the unit illustrated as separating component It can be or may not be physically separate, can be as the part that unit is shown or may not be physics list Member, you can with positioned at a place, or can also be distributed on multiple NEs.It can be selected according to the actual needs In some or all of module realize the purpose of this embodiment scheme.Those of ordinary skill in the art are not paying creativeness Work in the case of, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can Realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on such understanding, on The part that technical scheme substantially in other words contributes to prior art is stated to embody in the form of software product, should Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including some fingers Make to cause a computer equipment (can be personal computer, server, or network equipment etc.) to perform each implementation Method described in some parts of example or embodiment.
Finally it should be noted that:The above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although The present invention is described in detail with reference to the foregoing embodiments, it will be understood by those within the art that:It still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic; And these modification or replace, do not make appropriate technical solution essence depart from various embodiments of the present invention technical scheme spirit and Scope.

Claims (12)

  1. A kind of 1. equipment safety partition method of multi-user, it is characterised in that including:
    The first session identification corresponding to multiple users of access equipment is obtained, wherein, equipment jaws equipment for serial equipment or simultaneously;
    The facility information of all devices is obtained in slave unit list, the facility information includes device identification and the device identification Corresponding second session identification;
    Each described first session identification is compared with second session identification of each in the list of devices, It is if judgement knows that the session identification of target second is identical with the session identification of target first, the session identification of target second is corresponding Target device of the equipment as user-accessible corresponding to the session identification of target first, to realize the target device Security isolation.
  2. 2. according to the method for claim 1, it is characterised in that the corresponding to multiple users in the acquisition access equipment Before one session identification, methods described, in addition to:
    The facility information that receiving terminal is sent, the facility information include the device identification, if judging to know that the user steps on Remote desktop is recorded, then second session identification corresponding to the user is obtained, by second session identification and the equipment Mark binding forms the facility information, and is stored in the list of devices;, will if judgement knows that the user logs off Facility information is deleted from the list of devices corresponding to the user.
  3. 3. according to the method for claim 1, it is characterised in that the corresponding to multiple users in the acquisition access equipment Before one session identification, methods described, in addition to:
    The equipment is remotely mapped on server.
  4. 4. according to the method for claim 3, it is characterised in that described to be remotely mapped to the equipment on server, bag Include:
    Receive the terminal device binding information that the terminal is sent, the terminal device binding information includes terminal iidentification and described Device identification;
    According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;
    By the data transmission channel corresponding to the equipment to the terminal send mapping request so that the terminal according to The mapping request maps data corresponding to returning;
    Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
  5. 5. according to the method described in claim any one of 1-4, it is characterised in that methods described, in addition to:
    If judgement knows that the session identification of target second differs with the session identification of target first, forbid the target User corresponding to first session identification accesses equipment corresponding to the session identification of target second.
  6. A kind of 6. equipment safety isolating device of multi-user, it is characterised in that including:
    First acquisition module, for obtaining the first session identification corresponding to multiple users of access equipment, wherein, equipment is serial ports Equipment or simultaneously jaws equipment;
    Second acquisition module, for obtaining the facility information of all devices in slave unit list, the facility information includes equipment Second session identification corresponding to mark and the device identification;
    First isolation module, for by each described first session identification and the list of devices each described second Session identification is compared, if judging to know that the session identification of target second is identical with the session identification of target first, by the mesh Target device of the equipment corresponding to the second session identification as user-accessible corresponding to the session identification of target first is marked, with Realize the security isolation of the target device.
  7. 7. device according to claim 6, it is characterised in that described device, in addition to:
    Module is established in list, and the facility information sent for receiving terminal, the facility information includes the device identification, if sentencing It is disconnected to know that the user logs in remote desktop, then second session identification corresponding to the user is obtained, by second meeting Words mark forms the facility information with device identification binding, and is stored in the list of devices;If judgement is known described User logs off, then deletes facility information corresponding to the user from the list of devices.
  8. 8. device according to claim 6, it is characterised in that described device, in addition to:
    Long-range mapping block, for the equipment to be remotely mapped into server.
  9. 9. device according to claim 8, it is characterised in that the long-range mapping block, be specifically used for:
    Receive the terminal device binding information that the terminal is sent, the terminal device binding information includes terminal iidentification and described Device identification;
    According to the terminal iidentification and the device identification, the data transmission channel corresponding with the terminal is established;
    By the data transmission channel corresponding to the equipment to the terminal send mapping request so that the terminal according to The mapping request maps data corresponding to returning;
    Receive long-range mapping of the mapping data completion of the terminal return to the equipment.
  10. 10. according to the device described in claim any one of 6-9, it is characterised in that described device, in addition to:
    Second isolation module, if for judging to know the session identification of target second and the session identification of target first not phase Together, then user corresponding to the session identification of target first is forbidden to access equipment corresponding to the session identification of target second.
  11. 11. a kind of electronic equipment, it is characterised in that including:Processor, memory and bus, wherein,
    The processor and the memory complete mutual communication by the bus;
    The memory storage has can be by the programmed instruction of the computing device, and the processor calls described program instruction energy Enough perform the method as described in claim any one of 1-5.
  12. 12. a kind of non-transient computer readable storage medium storing program for executing, it is characterised in that the non-transient computer readable storage medium storing program for executing is deposited Computer instruction is stored up, the computer instruction makes the computer perform the method as described in claim any one of 1-5.
CN201710600047.5A 2017-07-21 2017-07-21 The equipment safety partition method and device of a kind of multi-user Pending CN107465669A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710600047.5A CN107465669A (en) 2017-07-21 2017-07-21 The equipment safety partition method and device of a kind of multi-user

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710600047.5A CN107465669A (en) 2017-07-21 2017-07-21 The equipment safety partition method and device of a kind of multi-user

Publications (1)

Publication Number Publication Date
CN107465669A true CN107465669A (en) 2017-12-12

Family

ID=60543910

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710600047.5A Pending CN107465669A (en) 2017-07-21 2017-07-21 The equipment safety partition method and device of a kind of multi-user

Country Status (1)

Country Link
CN (1) CN107465669A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475318A (en) * 2020-04-29 2020-07-31 中国人民解放军军事科学院国防科技创新研究院 Serial port communication device, method and system supporting multi-user access
CN113905080A (en) * 2021-09-27 2022-01-07 深信服科技股份有限公司 Management method, device, system and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090222463A1 (en) * 2008-02-29 2009-09-03 Clark Bryan William Systems and methods for a journal page
CN102411688A (en) * 2011-11-28 2012-04-11 福建升腾资讯有限公司 Method for separately accessing virtual USB (Universal Serial Bus) peripherals on terminal server by multiple users
CN103324278A (en) * 2012-10-30 2013-09-25 中兴通讯股份有限公司 Terminal device, system and method for accessing virtual desktops
CN103327005A (en) * 2013-05-15 2013-09-25 深信服网络科技(深圳)有限公司 Device access method and device based on virtual desktop
US20130326072A1 (en) * 2012-06-04 2013-12-05 Cisco Technology, Inc. Seamless Hand-Off of Combined Unified Communications and Virtual Desktop Infrastructure Sessions
CN106254364A (en) * 2016-08-19 2016-12-21 湖南麒麟信安科技有限公司 Computer desktop service access apparatus under a kind of Multi net voting isolation environment and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090222463A1 (en) * 2008-02-29 2009-09-03 Clark Bryan William Systems and methods for a journal page
CN102411688A (en) * 2011-11-28 2012-04-11 福建升腾资讯有限公司 Method for separately accessing virtual USB (Universal Serial Bus) peripherals on terminal server by multiple users
US20130326072A1 (en) * 2012-06-04 2013-12-05 Cisco Technology, Inc. Seamless Hand-Off of Combined Unified Communications and Virtual Desktop Infrastructure Sessions
CN103324278A (en) * 2012-10-30 2013-09-25 中兴通讯股份有限公司 Terminal device, system and method for accessing virtual desktops
CN103327005A (en) * 2013-05-15 2013-09-25 深信服网络科技(深圳)有限公司 Device access method and device based on virtual desktop
CN106254364A (en) * 2016-08-19 2016-12-21 湖南麒麟信安科技有限公司 Computer desktop service access apparatus under a kind of Multi net voting isolation environment and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111475318A (en) * 2020-04-29 2020-07-31 中国人民解放军军事科学院国防科技创新研究院 Serial port communication device, method and system supporting multi-user access
CN111475318B (en) * 2020-04-29 2021-02-23 中国人民解放军军事科学院国防科技创新研究院 Serial port communication device, method and system supporting multi-user access
CN113905080A (en) * 2021-09-27 2022-01-07 深信服科技股份有限公司 Management method, device, system and storage medium

Similar Documents

Publication Publication Date Title
CN104333863B (en) Connection management method and device, electronic equipment
CN108055207A (en) A kind of network topology cognitive method and device
CN105208545B (en) Communication data management method, device and server based on virtual SIM card
CN110611723B (en) Scheduling method and device of service resources
CN104639650B (en) A kind of fine granularity distributed interface access control method and device
CN105306456B (en) A kind of method of login system, server, system and network attached storage equipment
CN109327557A (en) A kind of management method and device of virtual machine IP address
CN114143066A (en) Intranet and extranet docking system and method based on agent isolation device
CN106534129B (en) Connection control method and device
CN107341406A (en) A kind of method and terminal for protecting privacy of user data
CN107465669A (en) The equipment safety partition method and device of a kind of multi-user
CN108307526A (en) Equipment connection method and Related product
CN107277163A (en) A kind of long-range mapping method of equipment and device
CN104967603A (en) Application account security verification method and apparatus
CN110569987B (en) Automatic operation and maintenance method, operation and maintenance equipment, storage medium and device
CN114153705A (en) Data monitoring method and device based on configuration management database
CN109800571A (en) Event-handling method and device and storage medium and electronic device
CN114513419A (en) Security policy configuration method and system
CN109995759B (en) Method for accessing VPC (virtual private network) by physical machine and related device
CN107967265A (en) Access method, data server and the file access system of file
CN111290915A (en) Multipath equipment shielding system, method, equipment and readable storage medium
CN109842913A (en) Terminal admittance control method, device, electronic equipment
CN106156650A (en) Data protection system and method
CN111343193B (en) Cloud network port security protection method and device, electronic equipment and storage medium
CN107846288A (en) For realizing the methods, devices and systems of charging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171212