CN108427649B - Access management method, terminal device, system and storage medium of USB interface - Google Patents
Access management method, terminal device, system and storage medium of USB interface Download PDFInfo
- Publication number
- CN108427649B CN108427649B CN201810046694.0A CN201810046694A CN108427649B CN 108427649 B CN108427649 B CN 108427649B CN 201810046694 A CN201810046694 A CN 201810046694A CN 108427649 B CN108427649 B CN 108427649B
- Authority
- CN
- China
- Prior art keywords
- usb
- usb peripheral
- access
- peripheral
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 108
- 230000002093 peripheral effect Effects 0.000 claims abstract description 241
- 238000000034 method Methods 0.000 claims abstract description 12
- 238000004590 computer program Methods 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 17
- 230000000977 initiatory effect Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/10—Program control for peripheral devices
- G06F13/102—Program control for peripheral devices where the programme performs an interfacing function, e.g. device driver
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/10—Program control for peripheral devices
- G06F13/105—Program control for peripheral devices where the programme performs an input/output emulation function
- G06F13/107—Terminal emulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an access management method of a USB interface, a terminal device, a system and a computer readable storage medium, wherein the method comprises the following steps: when an accessed USB peripheral is detected, acquiring attribute information of the USB peripheral; judging whether the USB peripheral is allowed to be accessed according to the current USB peripheral access rule and the attribute information of the USB peripheral; if yes, allowing the USB peripheral to be redirected to a corresponding virtual machine, and writing operation information of the USB peripheral into an operation log; if not, the USB peripheral is prohibited from being redirected to the corresponding virtual machine, whether the accessed USB peripheral can be used or not is judged according to a USB access rule set by the USB peripheral, flexible and unified management of the use of the USB peripheral is achieved, and the safety and the confidentiality of data resources in the cloud office platform are improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an access management method, a terminal device, a system, and a computer-readable storage medium for a USB interface.
Background
USB (Universal Serial Bus), which is an external Bus standard used to standardize the connection and communication between a computer and external devices, is an interface technology applied in the PC field and supports the plug and play and hot plug of devices.
Cloud official working, the cloud desktop that supplies individual or enterprise, organization to use promptly, based on the cloud computing technique, can be with data space, management service to the way of providing desktop publishes for the operator, is fit for as the network operating system of little hand-held mobile application such as panel, cell-phone, also can upgrade traditional PC into network operation, has that the energy consumption is low, the deployment is fast, the maintenance is convenient, information security characteristics such as, along with the popularization of cloud computing, the cloud desktop will become the trend of terminal management and desktop system construction not yet, but also brings some problems from this: due to the universality of the use of the USB equipment, in cloud office, if the USB peripheral is directly connected with the USB peripheral through the USB interface of the cloud office receiving terminal to perform interaction between the cloud office internal data and the USB peripheral, the safety of the internal data of the cloud office platform cannot be guaranteed, confidential information can be leaked, serious consequences are brought to the operation of the cloud office, and the economic loss of a user is caused.
Disclosure of Invention
In view of the foregoing problems, an object of the present invention is to provide an access management method, a terminal device, a system and a computer-readable storage medium for USB interfaces, which determine whether an accessed USB peripheral device is accessed according to an access rule, so as to improve data security.
In a first aspect, an embodiment of the present invention provides an access management method for a USB interface, including the following steps:
when an accessed USB peripheral is detected, acquiring attribute information of the USB peripheral;
judging whether the USB peripheral is allowed to be accessed according to the current USB peripheral access rule and the attribute information of the USB peripheral;
if yes, allowing the USB peripheral to be redirected to a corresponding virtual machine, and writing operation information of the USB peripheral into an operation log;
if not, forbidding the peripheral USB to redirect to the corresponding virtual machine; or,
sending a USB peripheral access instruction to a connected USB peripheral detection tool; the USB peripheral access instruction is used for triggering the USB peripheral detection tool to send attribute information of the USB peripheral to a cloud office management platform and initiating a USB peripheral access request to the cloud office management platform;
receiving a custom access rule returned by the cloud office management platform based on the USB peripheral access request;
updating the self USB peripheral access rule according to the self-defined access rule;
and performing access control on the USB peripheral according to the updated USB peripheral access rule.
In a first implementation manner of the first aspect, the attribute information at least includes any one or more of a USB device type, a USB class, a USB sub-class, a vendor number, and a product number.
According to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, the determining whether to allow the USB peripheral to access according to the current USB peripheral access rule and the attribute information of the USB peripheral specifically includes:
and judging whether the attribute information of the USB peripheral is matched with the attribute information of the USB peripheral which is allowed to be accessed by the current USB peripheral access rule.
In a third implementation manner of the first aspect, the method further includes:
and receiving the unified rule sent by the cloud office management platform to serve as the current USB peripheral access rule or update the current USB peripheral access rule.
In a fourth implementation manner of the first aspect, the method further includes:
receiving an access prohibition instruction sent by the cloud office management platform;
and forbidding the peripheral USB to be redirected to the corresponding virtual machine according to the access forbidding instruction.
In a second aspect, an embodiment of the present invention provides an access management terminal device for a USB interface, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements an access management method for the USB interface according to any one of all implementation manners of the first aspect when executing the computer program.
In a third aspect, an embodiment of the present invention provides an access management system for a USB interface, including at least one access management terminal device for a USB interface according to the second aspect and a cloud office management platform; wherein,
the cloud office management platform is used for sending a unified rule to the access management terminal equipment of the USB interface;
the access management terminal equipment of the USB interface is used for receiving the unified rule sent by the cloud office management platform to serve as the current USB peripheral access rule or update the current USB peripheral access rule;
the access management terminal equipment of the USB interface is also used for acquiring the attribute information of the USB peripheral equipment when the accessed USB peripheral equipment is detected; judging whether the USB peripheral is allowed to be accessed according to the current USB peripheral access rule and the attribute information of the USB peripheral; if yes, allowing the USB peripheral to be redirected to a corresponding virtual machine, and writing operation information of the USB peripheral into an operation log; and if not, forbidding the peripheral USB to redirect to the corresponding virtual machine.
In a first implementation form of the third aspect, the USB device further includes a USB peripheral detection tool;
the access management terminal equipment of the USB interface is also used for sending a USB peripheral access instruction to a connected USB peripheral detection tool;
the USB peripheral detection tool is used for receiving the USB peripheral access instruction, sending the attribute information of the USB peripheral to the cloud office management platform according to the USB peripheral access instruction, and initiating a USB peripheral access request to the cloud office management platform;
the access management terminal equipment of the USB interface is also used for receiving a custom access rule returned by the cloud office management platform based on the USB peripheral access request; updating the self USB peripheral access rule according to the self-defined access rule; and performing access control on the USB peripheral according to the updated USB peripheral access rule.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, a device in which the computer-readable storage medium is located is controlled to execute the method for managing access to a USB interface according to any one of all implementation manners of the first aspect.
The embodiment of the invention provides an access management method, terminal equipment, a system and a computer readable storage medium of a USB interface, and one embodiment of the invention has the following beneficial effects:
when the accessed USB peripheral is detected, acquiring attribute information of the USB peripheral, judging whether the USB peripheral is allowed to be accessed according to a current USB peripheral access rule and the attribute information of the USB peripheral, if so, allowing the USB peripheral to be redirected to a corresponding virtual machine, writing operation information of the USB peripheral into an operation log, if not, forbidding the USB peripheral to be redirected to the corresponding virtual machine, and judging whether the accessed USB peripheral can be used or not according to a USB access rule set by the USB peripheral, so that flexible and unified management of the use of the USB peripheral is realized, and the safety and the confidentiality of data resources in a cloud office platform are improved.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart illustrating an access management method for a USB interface according to a first embodiment of the present invention.
Fig. 2 is a flowchart illustrating an access management method for a USB interface according to a third embodiment of the present invention.
Fig. 3 is a schematic structural diagram of an access management system of a USB interface according to a sixth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of the present invention provides an access management method for a USB interface, which can be executed by a terminal device, and includes the following steps:
s11, when the accessed USB peripheral is detected, acquiring the attribute information of the USB peripheral.
In the embodiment of the present invention, the terminal device may be a computing device such as a desktop computer, a notebook, a palmtop computer, a cloud server, or a virtual device such as a hosting terminal, and particularly, the terminal device may be a hosted terminal, and the hosting terminal implements management of at least one virtual machine allocated to a user by the cloud office management platform by translating a command of an openstack into a command of VMware.
In the embodiment of the present invention, when detecting that a USB peripheral device is accessed, the terminal device obtains attribute information of the USB peripheral device, so as to perform access judgment on the USB peripheral device, where the attribute information at least includes any one or more of a USB device type, a USB class, a USB sub-class, a vendor number, and a product number.
And S12, judging whether to allow the USB peripheral to access according to the current USB peripheral access rule and the attribute information of the USB peripheral.
In the embodiment of the invention, the terminal equipment judges whether the attribute information of the USB peripheral equipment is matched with the attribute information of the USB peripheral equipment which is allowed to be accessed by the current USB peripheral equipment access rule, namely, after acquiring the attribute information of the accessed USB peripheral, the terminal equipment automatically compares the attribute information of the USB peripheral, such as the USB equipment type, the USB classification, the USB sub-classification, the supplier number, the product number and the like according to the current USB peripheral access rule, for example, the terminal device supports a certain type of USB peripheral access, such as audio devices, mass storage devices, communication devices, etc., taking the audio device as an example, the USB peripheral access rule of the terminal device is to allow only the audio device to access, when the USB equipment type of the accessed USB peripheral equipment is detected to be audio equipment, the terminal equipment allows the USB peripheral equipment to access.
And S13, if yes, allowing the USB peripheral to redirect to a corresponding virtual machine, and writing the operation information of the USB peripheral into an operation log.
In the embodiment of the invention, after matching, the USB peripheral is determined to be the USB peripheral which is allowed to be accessed by the current USB peripheral access rule of the terminal device, the USB peripheral is redirected to the corresponding virtual machine so that the USB peripheral can access the corresponding virtual machine, and meanwhile, the operation information of the user of the USB peripheral, the plugging time and the use period of the USB peripheral is written into the operation log of the USB peripheral so as to inquire the subsequent information.
And S14, if not, prohibiting the USB peripheral from being redirected to the corresponding virtual machine.
In the embodiment of the present invention, after the terminal device is matched, if it is determined that the USB peripheral is a USB peripheral that is not allowed to be accessed by the current USB peripheral access rule of the terminal device, the terminal device prohibits the USB peripheral from being redirected to the corresponding virtual machine.
To sum up, a first embodiment of the present invention provides an access management method for a USB interface, where when an accessed USB peripheral is detected, attribute information of the USB peripheral is obtained, and then it is determined whether to allow the USB peripheral to be accessed according to a current USB peripheral access rule and the attribute information of the USB peripheral, if so, the USB peripheral is allowed to be redirected to a corresponding virtual machine, and operation information of the USB peripheral is written into an operation log, if not, the USB peripheral is prohibited from being redirected to the corresponding virtual machine, and whether the accessed USB peripheral can be used is determined according to a USB access rule set by the USB peripheral, so that flexible and unified management of the use of the USB peripheral is achieved, and security and confidentiality of data resources in a cloud office platform are improved.
In order to facilitate an understanding of the invention, some preferred embodiments of the invention will now be described.
Second embodiment of the invention:
on the basis of the first embodiment of the present invention, the present invention further includes:
and receiving the unified rule sent by the cloud office management platform to serve as the current USB peripheral access rule or update the current USB peripheral access rule.
In the embodiment of the invention, when the cloud office management platform is started, the unified rules classified based on the USB standard are pushed to all the terminal devices, after the terminal devices receive the unified rules pushed by the cloud office management platform, the unified rules are used as the current USB peripheral access rules of the terminal devices, when the unified rules are updated, the cloud office management platform does not immediately push the updated unified rules to all the terminal devices, but when a connection request of the terminal devices is detected, the cloud office management platform pushes the updated unified rules to the terminal devices when in connection, then the terminal devices update the current USB peripheral access rules of the terminal devices according to the received updated unified rules, and the unified USB peripheral access rules are pushed to all managed terminals when the cloud office management platform is started, the unified rules can be set to allow all the USB peripherals to be accessed, and for some terminal devices with special requirements, the unified rules can be set to allow a certain type or types of USB peripherals to be accessed, such as audio devices, large-capacity storage devices, communication devices and the like.
Third embodiment of the invention:
referring to fig. 2, after the step S14, the first embodiment of the present invention further includes:
s15, sending a USB peripheral access instruction to the connected USB peripheral detection tool; the USB peripheral access instruction is used for triggering the USB peripheral detection tool to send the attribute information of the USB peripheral to the cloud office management platform and initiating a USB peripheral access request to the cloud office management platform.
In the embodiment of the invention, if the accessed USB peripheral does not conform to the unified rule and the user still needs to use the USB peripheral, the terminal equipment sends a USB peripheral access instruction to a USB peripheral detection tool connected with the terminal equipment, so that the USB peripheral detection tool sends detailed attribute information of the USB peripheral to the cloud office management platform and initiates a USB peripheral access request to the cloud office management platform, and the terminal equipment waits for feedback of the cloud office management platform after sending the USB peripheral access instruction.
And S16, receiving a custom access rule returned by the cloud office management platform based on the USB peripheral access request.
In the embodiment of the invention, after receiving the USB peripheral access request and the detailed attribute information of the USB peripheral, the cloud office management platform performs access judgment on the USB peripheral according to the detailed attribute information of the USB peripheral, and if the access is allowed, the cloud office management platform sets a custom access rule, such as specifying the use time of the USB peripheral, the virtual machine resources allowed to be accessed, and the like, and returns the custom access rule to the terminal device.
In the embodiment of the invention, after receiving the USB peripheral access request and the detailed attribute information of the USB peripheral, the cloud office management platform sends the USB peripheral access request and the detailed attribute information of the USB peripheral to an administrator, so that the administrator can judge whether to allow the USB peripheral to access according to the detailed attribute information of the USB peripheral, and if the access is allowed, the cloud office management platform customizes an access rule, such as specifying the use time of the USB peripheral, the virtual machine resources allowed to access, and the like, and returns the customized access rule to the terminal device.
And S17, updating the self USB peripheral access rule according to the self-defined access rule.
In the embodiment of the invention, after receiving the custom access rule sent by the cloud office management platform, the terminal equipment updates the self USB peripheral access rule according to the custom access rule, namely, the custom access rule is added into the current USB access rule of the terminal equipment, so that the unified USB peripheral access rule can be set according to USB standard classification, the access rule can be customized at the same time, specific equipment is allowed to be accessed under specific conditions, and the unified rule is combined with the custom rule, so that the flexibility and the adaptability of the system are enhanced.
And S18, performing access control on the USB peripheral according to the updated USB peripheral access rule.
In the embodiment of the invention, the terminal equipment redirects the USB peripheral to the corresponding virtual machine according to the updated USB peripheral access rule, performs access control on the USB peripheral according to the custom access rule in the updated USB peripheral access rule, and then writes the user of the USB peripheral, the plugging time and the operation information of the USB peripheral during the use period into the USB peripheral operation log so as to inquire the subsequent information.
The fourth embodiment of the present invention:
on the basis of the third embodiment of the present invention, the present invention further includes:
and receiving an access prohibition instruction sent by the cloud office management platform.
And forbidding the peripheral USB to be redirected to the corresponding virtual machine according to the access forbidding instruction.
In the embodiment of the present invention, after the cloud office management platform receives and processes the USB peripheral access request and the detailed attribute information of the USB peripheral, if the cloud office management platform returns an access prohibition instruction, that is, the USB peripheral is still not permitted to be accessed, the terminal device prohibits the USB peripheral from being redirected to the corresponding virtual machine, so as to ensure the security and confidentiality of data.
A fifth embodiment of the present invention provides an access management terminal device for a USB interface. The access management terminal device of the USB interface of this embodiment includes: a processor, a memory, and a computer program stored in the memory and executable on the processor, such as an access management program for a USB interface. When executing the computer program, the processor implements the steps in the above-mentioned embodiments of the access management method for the USB interface, for example, step S11 shown in fig. 1.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, and the instruction segments are used for describing the execution process of the computer program in the access management terminal device of the USB interface.
The access management terminal device of the USB interface can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing devices. The access management terminal device of the USB interface may include, but is not limited to, a processor and a memory. It will be understood by those skilled in the art that the above components are merely examples of the access management terminal device of the USB interface, and do not constitute a limitation to the access management terminal device of the USB interface, and may include more or less components than the above components, or combine some components, or different components, for example, the access management terminal device of the USB interface may further include an input/output device, a network access device, a bus, etc.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general processor may be a microprocessor or the processor may be any conventional processor, etc., and the processor is a control center of the access management terminal device of the USB interface, and various interfaces and lines are used to connect various parts of the access management terminal device of the entire USB interface.
The memory can be used for storing the computer program and/or the module, and the processor realizes various functions of the access management terminal device of the USB interface by running or executing the computer program and/or the module stored in the memory and calling data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the terminal device, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The module/unit integrated with the access management terminal device of the USB interface may be stored in a computer readable storage medium if it is implemented in the form of a software functional unit and sold or used as an independent product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
Referring to fig. 3, a sixth embodiment of the present invention provides an access management system for a USB interface, including at least one access management terminal device 11 for a USB interface according to a fifth embodiment and a cloud office management platform 12; wherein,
the cloud office management platform 12 is configured to send a unified rule to the access management terminal device 11 of the USB interface.
The access management terminal device 11 of the USB interface is configured to receive the unified rule sent by the cloud office management platform 12, so as to serve as a current USB peripheral access rule or update the current USB peripheral access rule.
The access management terminal device 11 of the USB interface is further configured to obtain attribute information of the USB peripheral device when the accessed USB peripheral device is detected; judging whether the USB peripheral is allowed to be accessed according to the current USB peripheral access rule and the attribute information of the USB peripheral; if yes, allowing the USB peripheral to be redirected to a corresponding virtual machine, and writing operation information of the USB peripheral into an operation log; and if not, forbidding the peripheral USB to redirect to the corresponding virtual machine.
In a first implementation manner of the sixth embodiment, the USB peripheral detection tool 13 is further included.
The access management terminal device 11 of the USB interface is further configured to send a USB peripheral access instruction to the connected USB peripheral detection tool 13.
The USB peripheral detection tool 13 is configured to receive the USB peripheral access instruction, send attribute information of the USB peripheral to the cloud office management platform 12 according to the USB peripheral access instruction, and initiate a USB peripheral access request to the cloud office management platform 12.
The access management terminal device 11 of the USB interface is further configured to receive a custom access rule returned by the cloud office management platform 12 based on the USB peripheral access request; updating the self USB peripheral access rule according to the self-defined access rule; and performing access control on the USB peripheral according to the updated USB peripheral access rule.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.
Claims (9)
1. An access management method of a USB interface is characterized by comprising the following steps:
when an accessed USB peripheral is detected, acquiring attribute information of the USB peripheral;
judging whether the USB peripheral is allowed to be accessed according to the current USB peripheral access rule and the attribute information of the USB peripheral;
if yes, allowing the USB peripheral to be redirected to a corresponding virtual machine, and writing operation information of the USB peripheral into an operation log;
if not, forbidding the peripheral USB to redirect to the corresponding virtual machine; or,
sending a USB peripheral access instruction to a connected USB peripheral detection tool; the USB peripheral access instruction is used for triggering the USB peripheral detection tool to send attribute information of the USB peripheral to a cloud office management platform and initiating a USB peripheral access request to the cloud office management platform;
receiving a custom access rule returned by the cloud office management platform based on the USB peripheral access request;
updating the self USB peripheral access rule according to the self-defined access rule;
and performing access control on the USB peripheral according to the updated USB peripheral access rule.
2. The method according to claim 1, wherein the attribute information at least includes any one or more of a USB device type, a USB class, a USB sub-class, a vendor number, and a product number.
3. The method for managing access of a USB interface according to claim 2, wherein the determining whether to allow the USB peripheral to access according to the current USB peripheral access rule and the attribute information of the USB peripheral specifically includes:
and judging whether the attribute information of the USB peripheral is matched with the attribute information of the USB peripheral which is allowed to be accessed by the current USB peripheral access rule.
4. The method for managing access to a USB interface of claim 1, further comprising:
and receiving the unified rule sent by the cloud office management platform to serve as the current USB peripheral access rule or update the current USB peripheral access rule.
5. The method for managing access to a USB interface of claim 1, further comprising:
receiving an access prohibition instruction sent by the cloud office management platform;
and forbidding the peripheral USB to be redirected to the corresponding virtual machine according to the access forbidding instruction.
6. An access management terminal device of a USB interface, comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, wherein the processor implements the access management method of the USB interface according to any one of claims 1 to 5 when executing the computer program.
7. An access management system of a USB interface, which is characterized by comprising at least one access management terminal device of the USB interface as claimed in claim 6 and a cloud office management platform; wherein,
the cloud office management platform is used for sending a unified rule to the access management terminal equipment of the USB interface;
the access management terminal equipment of the USB interface is used for receiving the unified rule sent by the cloud office management platform to serve as the current USB peripheral access rule or update the current USB peripheral access rule;
the access management terminal equipment of the USB interface is also used for acquiring the attribute information of the USB peripheral equipment when the accessed USB peripheral equipment is detected; judging whether the USB peripheral is allowed to be accessed according to the current USB peripheral access rule and the attribute information of the USB peripheral; if yes, allowing the USB peripheral to be redirected to a corresponding virtual machine, and writing operation information of the USB peripheral into an operation log; and if not, forbidding the peripheral USB to redirect to the corresponding virtual machine.
8. The access management system of a USB interface of claim 7, further comprising a USB peripheral detection tool;
the access management terminal equipment of the USB interface is also used for sending a USB peripheral access instruction to a connected USB peripheral detection tool;
the USB peripheral detection tool is used for receiving the USB peripheral access instruction, sending the attribute information of the USB peripheral to the cloud office management platform according to the USB peripheral access instruction, and initiating a USB peripheral access request to the cloud office management platform;
the access management terminal equipment of the USB interface is also used for receiving a custom access rule returned by the cloud office management platform based on the USB peripheral access request; updating the self USB peripheral access rule according to the self-defined access rule; and performing access control on the USB peripheral according to the updated USB peripheral access rule.
9. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the access management method of the USB interface according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810046694.0A CN108427649B (en) | 2018-01-16 | 2018-01-16 | Access management method, terminal device, system and storage medium of USB interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810046694.0A CN108427649B (en) | 2018-01-16 | 2018-01-16 | Access management method, terminal device, system and storage medium of USB interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108427649A CN108427649A (en) | 2018-08-21 |
| CN108427649B true CN108427649B (en) | 2020-09-15 |
Family
ID=63155943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810046694.0A Active CN108427649B (en) | 2018-01-16 | 2018-01-16 | Access management method, terminal device, system and storage medium of USB interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108427649B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110188079B (en) * | 2019-04-03 | 2020-05-12 | 特斯联(北京)科技有限公司 | External equipment management method based on distributed storage database |
| CN110149308B (en) * | 2019-04-03 | 2020-10-27 | 特斯联(北京)科技有限公司 | External equipment management method, device and system based on network database |
| CN110598428B (en) * | 2019-08-22 | 2021-08-06 | 中国电子科技集团公司第二十八研究所 | USB (Universal Serial bus) equipment management and control system based on Linux user space |
| CN110750408B (en) * | 2019-09-30 | 2021-03-26 | 湖南新云网科技有限公司 | Method, device and apparatus for controlling USB debug mode switch, and storage medium |
| CN111125710B (en) * | 2019-11-29 | 2022-06-28 | 联想(北京)有限公司 | Information processing method and device, electronic equipment and storage medium |
| CN111506893A (en) * | 2020-04-08 | 2020-08-07 | 深信服科技股份有限公司 | External equipment management method and device, electronic equipment and storage medium |
| CN111930431B (en) * | 2020-07-10 | 2024-04-05 | 深圳市广和通无线股份有限公司 | Mobile terminal, control method thereof, computer device, and storage medium |
| CN111783177A (en) * | 2020-07-15 | 2020-10-16 | 山东云天安全技术有限公司 | Device and method for carrying out safety protection and management on USB port |
| CN113742675A (en) * | 2021-09-10 | 2021-12-03 | 深圳市闪联信息技术有限公司 | USB storage medium safety management system and method based on IoT equipment |
| CN114531280A (en) * | 2022-01-25 | 2022-05-24 | 北京北信源软件股份有限公司 | Data leakage prevention method and device based on mobile terminal connected enterprise terminal |
| CN114721988B (en) * | 2022-03-08 | 2023-06-09 | 江苏信息职业技术学院 | Method and system for realizing USB peripheral drive agent and monitoring audit |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102760104B (en) * | 2012-06-25 | 2015-07-08 | 成都卫士通信息产业股份有限公司 | USB (Universal Serial Bus) equipment control method |
| CN104063335B (en) * | 2013-03-20 | 2017-06-27 | 华为技术有限公司 | USB device reorientation method, equipment and system |
| US9612854B2 (en) * | 2013-12-18 | 2017-04-04 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for virtualizing a remote device |
| CN105069383B (en) * | 2015-05-21 | 2018-11-09 | 中国科学院计算技术研究所 | A kind of method and system of cloud desktop USB storages peripheral hardware management and control |
| CN105183675B (en) * | 2015-09-30 | 2018-03-27 | 华为技术有限公司 | To the access method of USB device, device, terminal, server and system |
| US10116744B2 (en) * | 2016-02-04 | 2018-10-30 | Dell Products, Lp | System and method for providing management network communication and control in a data center |
| CN107291432A (en) * | 2016-04-01 | 2017-10-24 | 中兴通讯股份有限公司 | Cloud desktop management-control method, device and cloud desktop access method, device |
| CN106909828A (en) * | 2017-01-10 | 2017-06-30 | 中电科华云信息技术有限公司 | Based on cloud desktop USB device filter method |
| CN107463369B (en) * | 2017-06-30 | 2020-10-16 | 北京北信源软件股份有限公司 | Access device control method and device for virtual desktop |
| CN107341122B (en) * | 2017-07-25 | 2019-08-27 | Oppo广东移动通信有限公司 | Equipment access processing method, equipment access processing unit and mobile terminal |
-
2018
- 2018-01-16 CN CN201810046694.0A patent/CN108427649B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108427649A (en) | 2018-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108427649B (en) | Access management method, terminal device, system and storage medium of USB interface | |
| US9549316B2 (en) | Host device coupled to a mobile phone and method of operating the same | |
| CN110244963B (en) | Data updating method and device and terminal equipment | |
| CN107844306B (en) | Application program repairing method and device, storage medium and terminal | |
| US20170163787A1 (en) | Method and electronic device for upgrading or downgrading system | |
| CN104036194A (en) | Vulnerability detection method and device for revealing private data in application program | |
| CN112000382B (en) | Linux system starting method and device and readable storage medium | |
| CN108234551B (en) | Data processing method and device | |
| US10146963B2 (en) | Systems and methods for dynamic external input/output port screening | |
| CN113760610A (en) | OpenStack-based bare computer high-availability realization method and device and electronic equipment | |
| WO2022256128A1 (en) | Firmware policy enforcement via a security processor | |
| US20150058926A1 (en) | Shared Page Access Control Among Cloud Objects In A Distributed Cloud Environment | |
| CN109783196B (en) | Virtual machine migration method and device | |
| CN109298956B (en) | File transmission method and device and terminal equipment | |
| CN109271266B (en) | File transmission method and device and terminal equipment | |
| CN110290172B (en) | Container application cloning method and device, computer equipment and storage medium | |
| CN109254932B (en) | Multi-network-port driving method, device and storage medium | |
| WO2020113421A1 (en) | Method for mounting file system, terminal device, and storage medium | |
| CN113923130B (en) | Multi-tenant open interface resource configuration method, device and terminal | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN114706657A (en) | Multi-platform virtual machine management interface, management method, terminal and storage medium | |
| CN112380411B (en) | Sensitive word processing method, device, electronic equipment, system and storage medium | |
| WO2022133827A1 (en) | Method and apparatus for processing task processing request, and blockchain node device | |
| CN115576626A (en) | Method, device and storage medium for safe mounting and dismounting of USB (Universal Serial bus) device | |
| CN113312669A (en) | Password synchronization method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |