CN110210191A

CN110210191A - A kind of data processing method and relevant apparatus

Info

Publication number: CN110210191A
Application number: CN201910213911.5A
Authority: CN
Inventors: 李引; 庄木沛
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-03-20
Filing date: 2019-03-20
Publication date: 2019-09-06

Abstract

The embodiment of the present invention discloses a kind of data processing method and relevant apparatus, wherein this method comprises: obtaining multiple network equipments in target application, and the first attribute information of destination network device and destination network device is obtained from multiple network equipments；It include first password status information and operation data information in first attribute information；First password status information is adjusted to the second cryptographic state information for the Status Change operation of the operation data information triggering in the corresponding Password Management interface of target application by response；It is updated based on first attribute information of second cryptographic state information to destination network device, and updated first attribute information is determined as the second attribute information, second attribute information is used to indicate destination network device when detecting the failure of first password status information, carries out password login based on the second cryptographic state information that Password Management equipment is returned.The flexibility of Password Management and the efficiency of Password Management can be improved using the embodiment of the present invention.

Description

A kind of data processing method and relevant apparatus

Technical field

The present invention relates to Internet technical field more particularly to a kind of data processing method and relevant apparatus.

Background technique

In existing cloud computing system, maintenance personnel can be to the service on the node of some in cloud computation data center The password of device carries out manual maintenance.For example, needing hand when maintenance personnel needs to carry out Password Management to the password of the server Dynamic typing is account information set by the server and password to access the change page of the server in advance, so as to The change page of the server carries out Password Management to the password, and Password Management here is primarily referred to as maintenance personnel can be at this It changes on the page and manual amendment is carried out to the password of the server；Match in advance for example, can be manually entered on the change page The Old Password set and the new password for carrying out password update.In consideration of it, when there are a large amount of servers in the cloud computing system When password needs to change, then need to distinguish the new, old of typing respective server on the change page corresponding to different server Password safeguards the password of these servers so that a large amount of time can be consumed, so that the efficiency of Password Management is extremely low. In addition, it is more single by way of the Password Management of manual amendment's password, cause the flexibility ratio of Password Management relatively low.

Summary of the invention

The embodiment of the present invention provides a kind of data processing method and relevant apparatus, can increase the flexibility ratio of Password Management, And the efficiency of Password Management can be improved.

On the one hand the embodiment of the present invention provides a kind of data processing method, the method is applied to Password Management equipment, Include:

Multiple network equipments are obtained in target application, and from the multiple network equipment obtain destination network device with And the first attribute information of the destination network device；It include first password status information and operation in first attribute information Data information；The target application includes Password Management interface；

Response, will be described for the Status Change operation of the operation data information triggering in the Password Management interface The cryptographic state information of destination network device is adjusted to the second cryptographic state information by the first password status information；

It is updated based on first attribute information of second cryptographic state information to the destination network device, And using updated first attribute information as the second attribute information of the destination network device, second attribute information is used The second cryptographic state in second attribute information is believed when getting password request in the instruction Password Management equipment Breath returns to the destination network device；The password request is to detect to step on for carrying out password in the destination network device To transmitted by the Password Management equipment when first password status information failure of record.

Wherein, described that multiple network equipments are obtained in target application, and target is obtained from the multiple network equipment First attribute information of the network equipment and the destination network device, comprising:

The target account information of target application is obtained, and login authentication is carried out to the target account information, and authenticating By when log in the target application, and the output password administration interface in the target application；In the Password Management interface Attribute information comprising all associate devices with the Password Management equipment with incidence relation；

The target search information in the Password Management interface is obtained, and screening and the target from all associate devices The associate device that search information is consistent is determined as the network equipment, and according to the attribute information of the all-network equipment filtered out There is the equipment state list of incidence relation with each network equipment；It is set in the equipment state list comprising each network Standby attribute information；

Response is directed to the equipment selection operation of equipment state list triggering, is included from the equipment state list Destination network device is obtained in multiple network equipments, and will be corresponding with the destination network device in the equipment state list List column in attribute information be determined as the first attribute information of the destination network device；Operand in the list column It is believed that breath is for carrying out condition managing to the first password status information in the corresponding list column of the destination network device.

Wherein, in the target application before output password administration interface, further includes:

The class information of the target account information is detected in the target application；

If the class information for detecting the target account information is the first estate for having Password Management permission, execute It is described in the target application the step of output password administration interface；The corresponding target account information of described the first estate Has the permission being managed to all associate devices in the Password Management interface；

If detecting, the class information of the target account information is the second grade for having state inquiry authority, in institute Output state query interface in target application is stated, and shows have in the status inquiry interface with the Password Management equipment All associate devices of incidence relation；The class information of second grade is lower than the class information of described the first estate, and institute The corresponding target account information of the second grade is stated to have to all associate devices progress in the status inquiry interface The permission of inquiry.

Wherein, Status Change behaviour of the response for the operation data information triggering in the Password Management interface Make, the cryptographic state information of the destination network device be adjusted to the second cryptographic state information by the first state information, Include:

If the first password status information in the corresponding list column of the destination network device is initial state information, Then response is grasped for first operand associated by the initial state information according to the password in-stockroom operation of triggering by described first Make the corresponding password inbound task of data and be added to to-be-processed task list, and activates the first operand according to corresponding first Sub thread；

According to cryptographic state change rule and first sub thread, by the cryptographic state information of the destination network device Second cryptographic state information is adjusted to by the initial state information；Second cryptographic state information is described initial for that will have Identified cryptographic state information after the initial password typing password database of status information.

If the first password status information is target status information, the dbjective state is obtained from the list column The corresponding multiple second operand evidences of information；

Object run data are obtained in from the multiple second operand, and are responded and touched for the object run data The password change of hair operates, and the password change is operated corresponding password change task and is added to to-be-processed task list, and Activate corresponding second sub thread of the object run data；

According to cryptographic state change rule and second sub thread, by the destination network device in password database The cryptographic state information the second cryptographic state information is adjusted to by the target status information.

Wherein, the target status information, second cryptographic state information are to be stored in the password database The corresponding tag types of target password；The target password is used to log in the destination OS of the destination network device； The tag types are exempted from any one in close login type comprising temporary password login type, long-term password login type, key Kind.

Wherein, the method also includes:

When the target status information of the destination network device is that the temporary password logs in type, and from the multiple the When the object run data got in two operation datas are that cipher inquiry operates, record the cipher inquiry and operate corresponding Shen Please timestamp, and will stab the application time described in typing in password database；

The cipher inquiry is operated into corresponding cipher inquiry task and is added to to-be-processed task list, and is activated described close The corresponding timing query procedure of code inquiry operation；

The cipher inquiry is obtained from the password database according to the timing query procedure, application time stamp Corresponding temporary password is operated, and is exported the temporary password as the target password.

Wherein, described that institute is obtained from the password database according to the timing query procedure, application time stamp It states cipher inquiry and operates corresponding temporary password, and exported the temporary password as the target password, comprising:

It is stabbed, is added up described close in the inactive queue of task according to the timing query procedure, the application time The corresponding time duration of code query task；

According to the life of temporary password corresponding to the temporary password login type stored in the password database It imitates timestamp, update duration and application time stamp, determine that the temporary password logs in temporary password corresponding to type Remaining effective time；

If the time duration reaches the scheduling duration, and the time duration is not up to the remaining effective time, The corresponding first ciphertext password of the temporary password is then obtained from the password database, and passes through asymmetric encryption mode pair The first ciphertext password is decrypted, and obtains the corresponding temporary password of the first ciphertext password, and by first ciphertext The corresponding temporary password of password is exported as target password.

Wherein, the method also includes:

If the time duration reaches the remaining effective time, determined by the timing query procedure described interim Password is failure password；

By the failure password and the corresponding update sub thread of the timing query procedure, accesses and control the target The destination OS of the network equipment；

It is modified based on the destination OS to the temporary password, and with the ciphertext of modified temporary password Password is updated the first ciphertext password in the password database, and updated first ciphertext password is determined For the second ciphertext password；

The second ciphertext password is decrypted by asymmetric encryption mode, it is corresponding to obtain the second ciphertext password Temporary password, and exported using the corresponding temporary password of the second ciphertext password as target password.

Wherein, the method also includes:

When in the inactive queue of task including multiple waiting tasks, obtained by the timing query procedure every The corresponding locking duration of a waiting task；It include the untreated cipher inquiry task in the multiple waiting task；

The waiting task that duration reaches deadlock duration threshold value is locked if existing in the multiple waiting task, in institute It states in inactive queue of task and the waiting task for locking duration and reaching deadlock duration threshold value is determined as task to be unlocked, and Processing is unlocked to the task to be unlocked in the inactive queue of task, and will solution in the inactive queue of task Treated that the cipher inquiry task is removed for lock.

On the one hand the embodiment of the present invention provides a kind of data processing equipment, described device is applied to Password Management equipment, Include:

Equipment obtains module, for obtaining multiple network equipments in target application, and from the multiple network equipment Obtain the first attribute information of destination network device and the destination network device；It include first in first attribute information Cryptographic state information and operation data information；The target application includes Password Management interface；

State adjusts module, for responding the shape of the operation data information being directed in Password Management interface triggering It is close by the first password status information to be adjusted to second by state change operation for the cryptographic state information of the destination network device Code status information；

Attribute update module, for based on second cryptographic state information to the destination network device described first Attribute information is updated, and using updated first attribute information as the second attribute information of the destination network device, Second attribute information is used to indicate the Password Management equipment when getting password request for second attribute information In the second cryptographic state information return to the destination network device；The password request is examined in the destination network device To transmitted by the Password Management equipment when measuring the first password status information failure for carrying out password login.

Wherein, the equipment acquisition module includes:

Account authenticating unit is carried out for obtaining the target account information of target application, and to the target account information Authentication is logged in, and logs in the target application when the authentication is passed；

Interface output unit, for the output password administration interface in the target application；In the Password Management interface Attribute information comprising all associate devices with the Password Management equipment with incidence relation；

Equipment screening unit is set for obtaining the target search information in the Password Management interface, and from institute is relevant The associate device that standby middle screening is consistent with the target search information, as the network equipment, and according to the all-network filtered out The determining equipment state list with each network equipment with incidence relation of the attribute information of equipment；In the equipment state list Attribute information comprising each network equipment；

Target determination unit is set for responding the equipment selection operation for being directed to equipment state list triggering from described Destination network device is obtained in multiple network equipments that standby status list is included, and will be with institute in the equipment state list State the first attribute information that the attribute information in the corresponding list column of destination network device is determined as the destination network device；Institute The operation data information in list column is stated to be used to believe the first password state in the corresponding list column of the destination network device Breath carries out condition managing.

Wherein, the equipment obtains module further include:

Grade detection unit, for detecting the class information of the target account information in the target application；

Notification unit, if the class information for detecting the target account information is have Password Management permission One grade then notifies the interface output unit to execute the output password administration interface in the target application；Described The one grade corresponding target account information, which has, is managed all associate devices in the Password Management interface Permission；

Query interface output unit, if the class information for detecting the target account information is to have status inquiry Second grade of permission, then the output state query interface in the target application, and shown in the status inquiry interface There are all associate devices of incidence relation with the Password Management equipment；The class information of second grade is lower than described the The class information of one grade, and the corresponding target account information of second grade has at the status inquiry interface In the permission inquired of all associate devices.

Wherein, the state adjustment module includes:

First task adding unit, if for the first password shape in the corresponding list column of the destination network device State information is initial state information, then response is for first operand associated by the initial state information according to the password of triggering The first operand is added to to-be-processed task list according to corresponding password inbound task by in-stockroom operation, and described in activation First operand is according to corresponding first sub thread；

The first adjustment unit, for changing rule and first sub thread according to cryptographic state, by the target network The cryptographic state information of stating of equipment is adjusted to the second cryptographic state information by the initial state information；Second cryptographic state Information is identified cryptographic state information after the initial password typing password database that will have the initial state information.

Wherein, the state adjustment module includes:

Acquiring unit is operated, if being target status information for the first password status information, from the list column It is middle to obtain the corresponding multiple second operand evidences of the target status information；

Second task adding unit for obtaining object run data in from the multiple second operand, and responds For the password change operation of object run data triggering, the password change is operated into corresponding password change task and is added It is added to to-be-processed task list, and activates corresponding second sub thread of the object run data；

Second adjustment unit, for changing rule and second sub thread according to cryptographic state, in password database The cryptographic state information of the destination network device is adjusted to the second cryptographic state information by the target status information.

Wherein, the state adjusts module further include:

Timestamp typing unit, when the target status information of the destination network device is that the temporary password logs in class Type, and from the object run data that the multiple second operand is got in be that cipher inquiry operates when, record described close The corresponding application time stamp of code inquiry operation, and the application time is stabbed in password database described in typing；

Query task unit is added to waiting task for the cipher inquiry to be operated corresponding cipher inquiry task List, and the cipher inquiry is activated to operate corresponding timing query procedure；

Password acquiring unit, for being stabbed according to the timing query procedure, the application time from the password database It is middle to obtain the corresponding temporary password of the cipher inquiry operation and the temporary password is defeated as target password progress Out.

Wherein, the password acquiring unit includes:

Duration adds up subelement, for being stabbed according to the timing query procedure, the application time, adds up described to be processed The corresponding time duration of the cipher inquiry task in task queue；

Duration determines subelement, for logging in type institute according to the temporary password stored in the password database The entry-into-force time stamp of corresponding temporary password updates duration and application time stamp, determines that the temporary password logs in class The remaining effective time of temporary password corresponding to type；

First determines subelement, if reaching the scheduling duration for the time duration, and the time duration does not reach To the remaining effective time, then the corresponding first ciphertext password of the temporary password is obtained from the password database；

First decryption subelement is obtained for the first ciphertext password to be decrypted by asymmetric encryption mode The corresponding temporary password of the first ciphertext password, and using the corresponding temporary password of the first ciphertext password as target password It is exported.

Wherein, the password acquiring unit further include:

Second determines subelement, if reaching the remaining effective time for the time duration, passes through the timing Query procedure determines the temporary password for failure password；

System accesses subelement, for passing through the failure password and the corresponding update sub-line of the timing query procedure Journey accesses and controls the destination OS of the destination network device；

Password modifies subelement, for being modified to the temporary password based on the destination OS, and with repairing The ciphertext password of temporary password after changing is updated the first ciphertext password in the password database, and will update The first ciphertext password afterwards is determined as the second ciphertext password；

Second decryption subelement is obtained for the second ciphertext password to be decrypted by asymmetric encryption mode The corresponding temporary password of the second ciphertext password, and using the corresponding temporary password of the second ciphertext password as target password It is exported.

Wherein, the password acquiring unit further include:

Task locks subelement, for passing through institute when in the inactive queue of task including multiple waiting tasks It states timing query procedure and obtains the corresponding locking duration of each waiting task；Comprising untreated in the multiple waiting task The cipher inquiry task；

Task unlocks subelement, if reaching deadlock duration threshold value for there is locking duration in the multiple waiting task Waiting task, then in the inactive queue of task by lock duration reach deadlock duration threshold value waiting task it is true It is set to task to be unlocked, and processing is unlocked to the task to be unlocked in the inactive queue of task, and described In inactive queue of task will unlock treated that the cipher inquiry task is removed.

On the one hand the embodiment of the present invention provides a kind of data processing equipment, described device is applied to Password Management equipment, It include: processor, memory and network interface；

The processor is connected with memory, network interface, wherein network interface is for connecting multiple network equipments, institute Memory is stated for storing program code, the processor is for calling said program code, to execute such as the embodiment of the present invention Method in one side.

On the one hand the embodiment of the present invention provides a kind of computer readable storage medium, the computer readable storage medium It is stored with computer program, the computer program includes program instruction, is held when the processor executes described program instruction Row such as the method in one side of the embodiment of the present invention.

In embodiments of the present invention, multiple network equipments can be obtained in target application, and can be further from described Destination network device and the first attribute information of the destination network device are obtained in multiple network equipments；Wherein, described first It may include first password status information and operation data information in attribute information；May include in the target application can be right The password of the destination network device carries out the Password Management interface of flexible management；Wherein, the first password status information can With initial state information corresponding to the initial password comprising the destination network device being not yet put in storage, optionally, the first password Status information can also include target status information corresponding to the target password for the destination network device being put in storage.It should manage Solution, if the first password status information is initial password status information, Status Change corresponding to the initial state information Operation can be understood as password in-stockroom operation, it can the destination network device that will acquire in the target application it is initial close Initial password before storage and then can be referred to as first password status information into password database by code storage, and can be with The cryptographic state information of initial password after storage storage is referred to as the second cryptographic state information.Optionally, of the invention real It applies in example, if the first password status information is dbjective state corresponding to the target password for the destination network device being put in storage Information, then the Status Change operation can be for for password change performed by the operation data information in the first attribute information Operation, so as to carry out visualized management to the cryptographic state information of the destination network device in the target application, with The efficiency of Password Management is improved, and can rapidly pass through the second cryptographic state information in the target application to the target network First attribute information of network equipment is updated, and obtains the second attribute information, so as to detect in the destination network device Into the second attribute information that when first password status information failure, can be returned based on the Password Management equipment Second cryptographic state information carries out password login, to improve the safety and reliability of system.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.

Fig. 1 is a kind of structural schematic diagram of network architecture provided in an embodiment of the present invention；

Fig. 2 is a kind of schematic diagram of data processing method provided in an embodiment of the present invention

Fig. 3 is a kind of schematic diagram at Password Management interface provided in an embodiment of the present invention；

Fig. 4 is the flow diagram of another data processing method provided in an embodiment of the present invention；

Fig. 5 is a kind of schematic diagram of waiting task table provided in an embodiment of the present invention；

Fig. 6 a, Fig. 6 b are a kind of schematic diagrames for obtaining temporary password provided in an embodiment of the present invention；

Fig. 7 is the schematic diagram that a kind of pair of scheduler task provided in an embodiment of the present invention is polled；

Fig. 8 is a kind of structural schematic diagram of data processing equipment provided in an embodiment of the present invention；

Fig. 9 is the structural schematic diagram of another data processing equipment provided in an embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

It referring to Figure 1, is a kind of structural schematic diagram of network architecture provided in an embodiment of the present invention.As shown in Figure 1, described The network architecture can be applied to cloud management platform, and the network architecture described in the cloud management platform may include service terminal collection Group, first server 2000 and user terminal cluster.As shown in Figure 1, may include multiple second in the service terminal cluster Server, as shown in Figure 1, can specifically include second server 4000a, second server 4000b ..., second server 4000n.It should be appreciated that each second server can be referred to as should in the corresponding cloud computing system of cloud management platform A node (i.e. server node) in cloud management platform.In addition, as shown in Figure 1, the user terminal cluster may include Multiple user terminals, as shown in Figure 1, can specifically include user terminal 3000a, user terminal 3000b ..., user terminal 3000c。

As shown in Figure 1, user terminal 3000a, user terminal 3000b ..., user terminal 3000c can respectively with it is described First server 2000 is connected to the network, the first server 2000 can respectively with the second server 4000a, Two server 4000b ..., second server 4000n is connected to the network.In consideration of it, maintenance personnel can pass through user end Hold any one user terminal pair in cluster that there is each second service of network connection relation with the first server 2000 The password of device is managed concentratedly, to improve the flexibility of Password Management and the efficiency of Password Management.

In embodiments of the present invention, it is integrated in each user terminal in the user terminal cluster for each The password of two servers carries out the target application of Password Management, at this point, in the cloud management platform, it can be by above-mentioned user terminal Any one user terminal in cluster is referred to as the headend equipment (i.e. management front end) of the first server 2000, and can be with The first server 2000 is referred to as to manage background devices corresponding to front end (i.e. management rear end).Wherein, the front end Equipment can be used for providing the visualization interface for being able to carry out cryptographic state change management in the target application, this can It can be referred to as Password Management interface depending on changing interface.Further, there are the background devices of incidence relation with the target application (i.e. management rear end can be above-mentioned first server 2000), then can grasp the Status Change triggered in Password Management interface It is responded, is managed with the password to each second server in above-mentioned service terminal cluster.

It should be appreciated that maintenance personnel can execute man-machine interactive operation in the Password Management interface of management front end, thus One or more scheduling requests can be sent to above-mentioned management rear end according to performed man-machine interactive operation, so that management rear end Can based on the scheduling request received backstage carry out Data Concurrent processing, so as in the management rear end to the scheduling The cryptographic state information of the associated second server of request carries out Password Management.For example, first server 2000 can connect It, will when receiving the scheduling request that management front end (for example, above-mentioned user terminal 3000a and user terminal 3000b) is sent respectively Entrained scheduler task is added separately in queue to be processed in the scheduling request received, so as in the team to be processed Data Concurrent processing is carried out to the corresponding scheduler task of each request in column, to improve the efficiency of Password Management.

It wherein, optionally, in embodiments of the present invention can also be by least one user in above-mentioned user terminal cluster The equipment that terminal and the first server 2000 are constituted is referred to as Password Management equipment or the first equipment, at this point, the password The integration that management equipment (i.e. the first equipment) can be understood as having interface visualization function and data concurrent processing function is set It is standby.In other words, which can be used for at least one under proprietary cloud network corresponding to above-mentioned cloud management platform The password of a second server (for example, above-mentioned second server 4000a shown in FIG. 1) is managed.Wherein, of the invention real Applying in example can will have any one second server of incidence relation to be referred to as associate device with the Password Management equipment, i.e., It can be by second servers all in above-mentioned service terminal cluster shown in FIG. 1 (for example, second server 4000a, second service Device 4000b ..., second server 4000n) together be referred to as the proprietary cloud network under all associate devices.

It should be appreciated that the Password Management equipment can receive the mesh of maintenance personnel institute's typing in the Password Management interface Mark search information, so as to which (i.e. institute is relevant sets from all second servers in above-mentioned service terminal cluster shown in FIG. 1 It is standby) in filter out the second server (i.e. associate device) to match with the target search information, (can as the network equipment The second server to match with target search information is referred to as the second equipment), in order to which above-mentioned Password Management equipment can be with By proprietary cloud network corresponding to above-mentioned cloud management platform, to each node (the i.e. each network being dispersed in the proprietary cloud network Equipment) password be managed, for example, can be carried out to the password of the operating system of above-mentioned each second server shown in FIG. 1 Password Management.In other words, when integrated installation has operating system in each second server under proprietary cloud network, Ke Yiwei The operating system of each second server configures a set of for logging in the password of the operating system.Therefore, maintenance personnel can lead to It crosses above-mentioned Password Management equipment to be managed the password of each second server in the proprietary cloud network, for example, can be right The password of each second server carries out password stock management, at this point it is possible to the password being not yet put in storage is referred to as initial close Code, i.e. the Password Management equipment can receive the password for selected destination network device from multiple network equipments When in-stockroom operation, the password in-stockroom operation corresponding password storage request can be generated, password storage request can be used for pair Initial password in above-mentioned password database to be logged carries out password stock management.Further, maintenance personnel can also be at this To each password being put in storage (at this point it is possible to by being stored in password database in the password database of Password Management equipment Password be referred to as target password) carry out cipher inquiry management and Status Change management.

It is understood that Password Management equipment is close by password (i.e. above-mentioned initial password) typing of each network equipment During code database, corresponding tag types can be set for the initial password of these typings, the tag types can be with Type is logged in comprising temporary password, long-term password logs in type, key exempts from any one close logged in type.

For example, by taking above-mentioned second server 4000a shown in FIG. 1 is destination network device as an example, it can be in Password Management Corresponding tag types are set for the initial password of second server 4000a in equipment, it is right to obtain respective labels type institute The target password answered.It for another example, can should in the Password Management equipment during carrying out above-mentioned password stock management The tag types of initial password are set as the temporary password and log in type, at this point it is possible to which this is logged in class with temporary password The initial password of type is referred to as target password, at this point, the target password, which is that a kind of needs are regular, carries out the interim close of password update Code.Similarly, during carrying out above-mentioned password stock management, it is described the tag types of the initial password can also to be set to Long-term password logs in type, at this point it is possible to which the initial password for logging in type with long-term password is referred to as long-term password.Together Reason, during carrying out above-mentioned password stock management, can also set the key for the tag types of the initial password Exempt from close login type, at this point it is possible to which this, which is exempted from the close initial password for logging in type with key, is referred to as key.It can be seen that In embodiments of the present invention, the password of each password (i.e. target password) being put in storage can be described by above-mentioned tag types Status information, so as to intensively carry out password pipe to the corresponding password of these tag types in the Password Management interface Reason, to improve the efficiency of Password Management.

Wherein, in the proprietary cloud network (Virtual Private Cloud, abbreviation VPC) corresponding to cloud management platform, The device class of each second server can be greatly classified into physical machine and virtual machine.For example, can be by the proprietary cloud network Private IP address Range-partition at one or more physical machines, it is of course also possible to virtual to every physical machine further progress Change processing, to fictionalize multiple virtual machines.Wherein, virtualization can be understood as a kind of virtualization technology, pass through the virtualization skill One computer (i.e. physical machine) virtually can be more logical computers (i.e. multiple virtual machines) by art.In other words, by this Virtualization technology may be implemented on one computer while running multiple logical computers, and can on each logical computer To run an operating system, so as to ensure that application program relevant to each operating system can be in mutually independent sky Interior operation and be independent of each other, and then the parallel processing efficiency of the physical machine can be significantly improved.

Wherein it is possible to understand, when maintenance personnel needs to one or more second clothes in the cloud management platform The password of business device (device class of one or more second server can be above-mentioned virtual machine) is when being safeguarded, can be with All associate devices according to maintenance needs (O&M demand can also be referred to as) in target application, under the proprietary cloud network One or more second server to be safeguarded is determined in (all second servers in i.e. above-mentioned service terminal cluster), And one or more second server determined can be referred to as the destination network device for needing to carry out Password Management, from And the cryptographic state information of the destination network device can be adjusted to the second cryptographic state information by first password status information.

Further, which can be close corresponding to target application according to the second cryptographic state information The attribute information on list column where destination network device is updated in code administration interface, so as to by updated attribute Information is output on the Password Management interface, in order to which maintenance personnel can check on the Password Management interface to the target The password of the network equipment carries out the situation after Password Management.It, can be with it can be seen that by the Password Management interface of the target application Visualized management is carried out to the password for each second server being shown in the Password Management interface, so as in the password Flexible management is carried out to the password of these second servers in administration interface, to improve the flexibility ratio and efficiency of Password Management.

Wherein, the embodiment of the present invention obtains destination network device from multiple network equipments, and to the destination network device Cryptographic state information be adjusted, and first attribute information is updated based on cryptographic state information adjusted, with The detailed process for obtaining the second attribute information may refer to embodiment corresponding to following Fig. 2 to Fig. 7.

Further, Fig. 2 is referred to, is a kind of schematic diagram of data processing method provided in an embodiment of the present invention.Such as Fig. 2 Shown, the method can be applied to Password Management equipment, and the method at least may comprise steps of S101- step S103。

Step S101 obtains multiple network equipments in target application, and obtains target from the multiple network equipment First attribute information of the network equipment and the destination network device；

Specifically, the target account information of the available target application of data processing equipment, and the target account is believed Breath carries out login authentication, and the target application is logged in when the authentication is passed, and the output password management in the target application Interface；Attribute comprising all associate devices with the Password Management equipment with incidence relation in the Password Management interface Information；Further, the target search information in the available Password Management interface of the data processing equipment, and from all The associate device being consistent with the target search information is screened in associate device, as the network equipment, and according to the institute filtered out There is the determining equipment state list with each network equipment with incidence relation of the attribute information of the network equipment；The equipment state It include the attribute information of each network equipment in list；Further, which can respond for described The equipment selection operation of equipment state list triggering, obtains mesh from multiple network equipments that the equipment state list is included The network equipment is marked, and by the attribute information in list corresponding with destination network device column in the equipment state list It is determined as the first attribute information of the destination network device；Operation data information in the list column is used for the target First password status information in the corresponding list column of the network equipment carries out condition managing.

Wherein, first password status information and operation data information be may include in first attribute information；The mesh The visualization interface of mark application can be referred to as Password Management interface, and maintenance personnel can be in the Password Management interface intensively Password Management is carried out to the password of the destination network device in multiple network equipments.Wherein, which can be aobvious Show at least one network equipment in the Password Management interface.For ease of understanding, the embodiment of the present invention is only set with target network For for a network equipment, the target network is set with being set forth in the Password Management equipment for be integrated with data processing equipment The standby detailed process for carrying out Password Management.

Wherein, the data processing equipment can have cryptography management function, and at the data with cryptography management function Reason device, which can integrate, to be mounted in Password Management equipment.In embodiments of the present invention, when the data processing equipment is to password pipe When managing the password progress Password Management of the destination network device in interface, the Password Management equipment can be equivalent to the password pipe The Password Management that the password of destination network device in reason interface is carried out.Wherein, the Password Management equipment can be understood as Interface visualization is integrated with to show with functions such as data concurrent processing in the equipment of one.At this point, close in cloud management platform Code management equipment can by with proprietary cloud network corresponding to the cloud management platform, it is more in the proprietary cloud network to being distributed in The password of a network equipment is managed concentratedly.It may include all and Password Management equipment in the Password Management interface to have The attribute information of relevant all associate devices.

Wherein it is possible to understand, when the Password Management interface in the Password Management equipment has interface visualization When function, after maintenance personnel logs in target application by the Password Management equipment, it can see in the Password Management interface Access the attribute information of all associate devices in the proprietary cloud network.It is understood that all associate devices can be by It is shown in the corresponding server list in Password Management interface, which can be used for recording under the proprietary cloud network Each associate device (any one second server in i.e. above-mentioned service terminal cluster shown in FIG. 1) facility information. For example, may include the attribute information of each associate device under the proprietary cloud network in the server list, and each association The attribute information of equipment can specifically include identification information, classification information, cryptographic state information and the behaviour of each associate device Date information etc..

For ease of understanding, further, Fig. 3 is referred to, is a kind of Password Management interface provided in an embodiment of the present invention Schematic diagram.As shown in figure 3, maintenance personnel can log in the target application in the Password Management equipment by target account information (target application can be Password Management application), and the target application can be logged in when authenticating successfully, so as at After function has logged in Password Management application (i.e. target application), password pipe shown in Fig. 3 is shown in the Password Management equipment Manage interface 100a.As shown in figure 3, maintenance personnel can see in proprietary cloud network in the 100a of Password Management interface belongs to region The attribute information of multiple network equipments in A, it can see in Password Management interface 100a shown in Fig. 3 comprising network mark The equipment state list of the fields such as knowledge, device identification, device class, cryptographic state and operation, at this point it is possible to shown in Fig. 3 With region A will there is the associate device of incidence relation to be referred to as the network equipment in the 100a of Password Management interface.

Wherein, optionally, maintenance personnel, can be in Password Management after logging in target application by target account information All associate devices under proprietary cloud network, and the attribute information of all associate devices under the proprietary cloud network are shown in interface Also the fields such as network identity, device identification, device class, cryptographic state and operation be may include.Due under proprietary cloud network The associate device that all associate devices may include the associate device for belonging to a-quadrant and belong to B area, therefore, of the invention real Applying in example can be referred to as to take by list information constructed by the attribute information as all associate devices under the proprietary cloud network Business device list.In other words, which can be used for recording the association in the proprietary cloud network in one or more regions The attribute information of equipment, so, maintenance personnel can default aobvious after successfully logging in target application in Password Management equipment Show the attribute information of all associate devices in the server list.Optionally, maintenance personnel successfully log in target application it Afterwards, the attribute information for showing and belonging to all associate devices in predeterminable area under the proprietary cloud network can be defaulted, so as to Reduce the data loading capacity of Password Management equipment, under the proprietary cloud network to improve the loading efficiency of visualization interface.

For ease of understanding, the embodiment of the present invention is only with maintenance personnel after successfully logging in target application, in Password Management For default shows the attribute information of all associate devices in the server list in equipment, to illustrate from all associate devices The middle detailed process for obtaining the network equipment.In other words, maintenance personnel can be to region (example shown in Password Management interface Such as, the region A in above-mentioned Password Management interface 100a shown in Fig. 3) execute trigger action (for example, clicking operation), thus Available search instruction corresponding with region A, so as to based on the search instruction to being shown in server list All associate devices scan for, so as to obtain the network under region A recorded in equipment state list shown in Fig. 3 The attribute information of equipment.At this point, region A can be interpreted as a kind of target search letter for carrying out quick search according to region Breath, the Password Management equipment get for this by clicking operation performed by the A of region after, can be generated and region A The corresponding search instruction of associated clicking operation, so as to related from the institute under the proprietary cloud network according to the search instruction The associate device being consistent with the target search information is screened in connection equipment, as the network equipment, and according to all nets filtered out The attribute information of network equipment determines the equipment state list for obtaining having incidence relation with each network equipment.It can be seen that dimension Shield personnel by after to trigger action performed by the region A being shown in the 100a of the Password Management interface, can quickly from The associate device for belonging to region A is filtered out in all associate devices that server list is included, as the network equipment.Institute With in embodiments of the present invention, can be by the network address 1 for being included in Password Management interface 100a shown in Fig. 3, network Address 2, network address 3, network address 4, network address 5 ... associate device corresponding to the network identities such as network address n is referred to as For the network equipment.

It is understood that the Password Management equipment can in all associate devices that the server list is included, By above-mentioned search instruction (instruction generated by the operating area where triggering region A shown in Fig. 3), from server The associate device for belonging to other regions (for example, region B) is filtered out in all associate devices that list is included, so as to incite somebody to action Remaining associate device is referred to as the network equipment that is consistent with target search information in all associate devices, so as to by this The list information that the attribute information of the network equipment filtered out a bit is constituted is referred to as equipment state list, it can obtains Fig. 3 Shown in the list of the attribute information comprising multiple network equipments that is presented in the 100a of Password Management interface, so as to pass through Above-mentioned Password Management interface 100a shown in Fig. 3 carries out the password of any one network equipment in the equipment state list Password Management.At this point it is possible to which target network will be referred to as by one or more identified network equipment from multiple network equipments Network equipment.

Optionally, multiple network equipments can also be obtained by another way of search in embodiments of the present invention, i.e., such as Shown in Fig. 3, maintenance personnel, can be to input one in region of search 200a shown in Fig. 3 after successful log target application A or multiple IP address, so as to which one or more IP address of typing is referred to as target search information, so as to To be screened in the all-network address that server list is included and the target search information phase based on the target search information Matched network address, so as to which associate device corresponding to the network address filtered out is referred to as the network equipment, thus Pointedly certain equipment to be managed can be scanned in the 100a of Password Management interface, to improve search efficiency.Its In, if the target search information is multiple IP address, pass through label line in region of search 200a that can be shown in Fig. 3 (" | ") is split each IP address, for example, in region of search 200a shown in Fig. 3 institute's typing target search information Are as follows: network address 1 | network address 2 | network address 3 | ... | it, can be from the service comprising all associate devices when network address n Screening includes the associate device of the target search information in device list, as the network equipment, so as in the server list In will filter out the list informations of other network address and be referred to as equipment state list, may include in the equipment state list with Target search information has the attribute information of each network equipment of incidence relation.

Wherein, the network identity in server list can be referred to as being associated with device identification in embodiments of the present invention The identification information of equipment can be with after being screened by target search information to the associate device in the server list Obtaining the shown in Fig. 3 and destination-related information has equipment state list corresponding to multiple network equipments of incidence relation. Network identity i.e. in the case where the network identity of each network equipment in the equipment state list can be the same area, Huo Zhe The device class of each network equipment in the equipment state list can for same device class (for example, be physical machine or Person is virtual machine).In other words, each network equipment in the list of devices carries identical target search information. Wherein it is possible to understand, the embodiment of the present invention can be by the network identity in above-mentioned Password Management interface 100a shown in Fig. 3 The unique identification information of the network equipment under the proprietary cloud network is referred to as with device identification.Wherein, the net in server list Network mark can be understood as the unique network identification information of each associate device affiliated area under the proprietary cloud network, i.e., each IP address belonging to associate device, in other words, network address 1, network address 2 in equipment state list shown in Fig. 3 ..., Network address n can be IP address corresponding to each associate device affiliated area.

Wherein, device identification as shown in Figure 3 can be understood as the unique of each associate device under the proprietary cloud network Identification code (for example, universal identification code of the product ID of physical machine, virtual machine).Device class shown in Fig. 3 can be substantially Two classifications of virtual machine and physical machine are divided into, i.e., virtual machine shown in Fig. 3 or physical machine can be used for describing each network The classification information of equipment.

Wherein, cryptographic state shown in Fig. 3 may include various states, for example, may include four kinds of passwords shown in Fig. 3 State, i.e., non-binning state, key state, long-term password state, temporary password state.Wherein, key state, long-term password shape State, temporary password state can also be referred to as binning state.It is understood that can will show in embodiments of the present invention A variety of cryptographic states in Password Management interface are referred to as cryptographic state information, and are shown in every in the Password Management interface Kind cryptographic state corresponds to different operation data information, and different operation data information can be in the Password Management equipment Different threads is called, so as to claim thread corresponding to these different operation data informations in the Password Management equipment For the sub thread in thread pool.For example, maintenance personnel can in above-mentioned Status Change operating area 300a shown in Fig. 3, Status Change operation is executed to the password of the network equipment corresponding to network address 3, to trigger the offer of the sub thread in thread pool Corresponding service, so as to carry out different operations to the heterogeneous networks equipment being shown in Password Management interface, with basis Operation data information realization in Password Management interface where corresponding network equipment in list column is to the different sub-lines in thread pool The calling of journey.

Wherein, Password Management equipment can respond setting for the equipment state list triggering in the Password Management interface Alternative operation, obtains destination network device, and can be at this from multiple network equipments that the equipment state list is included The attribute information in list corresponding with destination network device column is determined as the target network in equipment state list to set The first standby attribute information；Wherein, the operation data information in the affiliated list column of the destination network device can be used for the column First password status information in table column carries out condition managing.The first password status information can be understood as being currently displayed at close The cryptographic state information of each network equipment in code administration interface, i.e., the cryptographic state of each network equipment can be above-mentioned four One of kind cryptographic state.

For ease of understanding, the embodiment of the present invention can be set using a network equipment in multiple network equipments as target network For standby, it is illustrated with the first attribute information to the destination network device.It is understood that the destination network device Cryptographic state (i.e. cryptographic state information) can be one of above-mentioned 4 kinds of cryptographic states, and can be when current time is T1 When quarter, the cryptographic state information for the destination network device being displayed in Password Management interface is referred to as first password state letter Breath.For example, if the cryptographic state of the destination network device in the Password Management interface is key state, it can be in the password The key state of the destination network device is referred to as first password status information in administration interface.It is understood that when should When Password Management equipment knows that the cryptographic state information of the destination network device is key state, it can call and the key state Associated operation data information, so as to the simultaneous display operation associated with the key state in Password Management interface Data information.Wherein, shown operation data information associated with the key state can be real corresponding to above-mentioned Fig. 3 Apply three kinds of operation datas included in the 1 place list column of network address of destination network device in example.In other words, these three are grasped Make " being set as temporary password " that data can be shown in Password Management interface for the T1 moment, " being set as long-term password ", " downloading is close The operation datas information such as key ".At this point, the first attribute information of the destination network device may include, to be shown in above-mentioned Fig. 3 institute right Answer the network equipment corresponding to the network address 1 in embodiment identification information (i.e. network identity be network address 1 and device identification For device identification 1), classification information (i.e. device class is virtual machine), (i.e. cryptographic state is key shape to first password status information State), operation data information (i.e. operation data is " being set as temporary password ", " being set as long-term password ", " downloading key ") etc..

It similarly, can be upper if the destination network device at the T1 moment is the network equipment corresponding to network address 2 It states in Password Management interface shown in Fig. 3 and the attribute information of the network equipment corresponding to the network address 2 is referred to as the first category Property information and can be close at this at this point, the cryptographic state of the network equipment corresponding to the network address 2 is long-term password state The long-term password state of the network equipment corresponding to the network address 2 is referred to as first password state letter in code administration interface Breath.In other words, which can be in the equipment state list in the Password Management interface In, the attribute information in list column corresponding with destination network device (i.e. the network equipment corresponding to network address 2) is true It is set to the first attribute information of the destination network device, at this point, it is network that first attribute information, which may include identification information, Address 2 and device identification 2, classification information are virtual machine, first password status information is long-term password state and operand it is believed that It ceases for " password for inquiry ", " Modify password ", " being set as temporary password ", " being set as key login " etc..

It similarly, can be upper if the destination network device at the T1 moment is the network equipment corresponding to network address 3 It states in Password Management interface shown in Fig. 3 and the attribute information of the network equipment corresponding to the network address 3 is referred to as the first category Property information and can be in the password at this point, the cryptographic state of the network equipment corresponding to the network address 3 is non-binning state The non-binning state of the network equipment corresponding to the network address 3 is referred to as first password status information in administration interface.It changes Yan Zhi, the data processing equipment (or Password Management equipment) can be in the equipment state lists in the Password Management interface, will Attribute information in list column corresponding with destination network device (i.e. the network equipment corresponding to network address 3) is determined as institute The first attribute information of destination network device is stated, at this point, it is 3 He of network address that first attribute information, which may include identification information, Device identification 3, classification information are virtual machine, first password status information is non-binning state and operation data information is " storage " Deng.

It similarly, can be upper if the destination network device at the T1 moment is the network equipment corresponding to network address 4 It states in Password Management interface shown in Fig. 3 and the attribute information of the network equipment corresponding to the network address 4 is referred to as the first category Property information and can be close at this at this point, the cryptographic state of the network equipment corresponding to the network address 4 is long-term password state The temporary password state of the network equipment corresponding to the network address 4 is referred to as first password state letter in code administration interface Breath.It is understood that for temporary password state for temporary password for, need be arranged automatically update duration (for example, Password update then can be carried out to the temporary password of the operating system of the destination network device automatically at interval of 8 hours), to ensure The reliability and safety of the system of the destination network device.In other words, which can It, will be with destination network device (the i.e. net corresponding to network address 4 in the equipment state list in the Password Management interface Network equipment) attribute information in corresponding list column is determined as the first attribute information of the destination network device, at this point, this One attribute information may include that identification information is network address 4 and device identification 4, classification information are physical machine, first password shape State information is that temporary password state and operation data information are " password for inquiry ", " Modify password ", " being set as long-term password ", " set For key login " etc..

Wherein, it should be understood that in embodiments of the present invention, when maintenance personnel logs in the password pipe by target account information When ought to use (i.e. target application), the class information for the target account information for logging in the target application can be detected, from And different interfaces can be accessed according to the difference of class information, for example, accessible can be to the password of each associate device Carry out the Password Management interface of Password Management.Optionally, it can also access and cipher inquiry is carried out to the password of each management equipment Status inquiry interface.It is understood that the shown interface content in the Password Management interface and status inquiry interface can Be it is identical, be also possible to different.For example, when the shown interface in the Password Management interface and status inquiry interface When content is identical, the data processing equipment can in the target application to the target account information of current institute's typing etc. Grade information is detected, so as to show password pipe when class information reaches highest level information (for example, the first estate) Interface is managed, at this point, the corresponding target account information of the first estate, which has, carries out Password Management to the password of destination network device Permission, so as to further execute step S102.Wherein, the target account information tool corresponding to described the first estate The standby permission that all associate devices in the Password Management interface are managed.

Optionally, when the class information of the target account information for logging in the target application is other grades (for example, the Two grades) when, it is all in the Password Management interface to display that there is the target account information of the second grade will not have for this The permission that the network equipment is managed.At this point it is possible to by Password Management corresponding to the target account information with other grades Interface is referred to as status inquiry interface.It is set at this point, maintenance personnel can see on the status inquiry interface with the Password Management The attribute information of standby multiple network equipments with incidence relation, but the maintenance personnel does not have in the status inquiry interface To the permission of the shown operation data information further progress management in the status inquiry interface.In other words, as maintenance people It, can be corresponding at the status inquiry interface when member executes trigger action for operation data information in the status inquiry interface The prompt informations such as output " current entitlement is insufficient " in subpage frame.

Step S102, Status Change behaviour of the response for the operation data information triggering in the Password Management interface Make, the cryptographic state information of the destination network device is adjusted to the second cryptographic state letter by the first password status information Breath；

Specifically, data processing equipment can be believed according to the cryptographic state of the destination network device in the Password Management interface Breath triggers corresponding Status Change to the operation data information for the destination network device being shown in the Password Management interface and grasps Make, to be neatly adjusted to the cryptographic state information being shown in the Password Management interface.In other words, for different close Code status information, the operation data information triggered are different, because of operation data information corresponding to different cryptographic states It is different, so that when executing Status Change operation in the Password Management interface, the sub-line in thread pool that is triggered Journey is different.

It is understood that since the cryptographic state of each network equipment in Password Management interface can be a variety of close One of code state.For ease of understanding, the embodiment of the present invention will be with the first password status information of the destination network device For one of four kinds of cryptographic states in embodiment corresponding to above-mentioned Fig. 3, the first password state is believed with being specifically described Breath is adjusted to the process of the second cryptographic state information.Wherein, these four cryptographic states be respectively non-binning state, key state, Long-term password state, temporary password state.In these four cryptographic states, for cryptographic state is non-binning state, Can be that key state, long-term password state, temporary password state are referred to as binning state by cryptographic state, so as to The non-binning state in these four cryptographic states is referred to as initial state information in the embodiment of the present invention, and close by what is be put in storage Key state, long-term password state, any one cryptographic state information in temporary password state are referred to as target status information.

It is understood that in embodiments of the present invention, if the first password status information of destination network device is initial Status information (i.e. the cryptographic state of the destination network device be non-binning state), the then corresponding behaviour of the first password status information Date information can be referred to as first operand evidence, and first operand evidence can be used for corresponding to the destination network device List column in first password status information carry out password stock management.In other words, when current time is the T1 moment, if institute Stating the first password status information in the corresponding list column of destination network device is the initial state information, then response is directed to institute First operand associated by initial state information is stated according to the password in-stockroom operation of triggering, by the first operand according to corresponding Password inbound task is added to to-be-processed task list, and activates the first operand according to corresponding first sub thread, and can To change rule and first sub thread further according to cryptographic state, when current time is the T2 moment by the target network The cryptographic state information of network equipment is adjusted to the second cryptographic state information by the initial state information.At this point, second password Determined by status information can be understood as after the initial password typing password database that will have the initial state information Cryptographic state information, the i.e. data processing equipment can be believed in the Password Management interface for object run according to maintenance personnel Breath is password in-stockroom operation performed by " storage " region, by the initial password typing of the destination network device got In password database, and corresponding tag types are set for the initial password in the typing password database, so as to have There is the initial password of respective labels type to be referred to as target password, so as to which the cryptographic state information of the target password to be referred to as For the second cryptographic state information.In view of an operating system corresponds to a set of password, so for label set by initial password Type can log in type for temporary password, long-term password logs in type, key exempts from any one close logged in type.

Wherein, in embodiments of the present invention, the Password Management equipment for being integrated with data processing equipment can detect When new service equipment accesses the region A of the proprietary cloud network, the new association that the service equipment of the new access is referred to as is set It is standby, and can in the target application by the cryptographic state of the new associate device be labeled as non-binning state, so as to The cryptographic state information of the new associate device is shown in Password Management interface.It is understood that the Password Management equipment exists It can also be the new access in the target application when cryptographic state for detecting the new associate device is non-binning state Operation data information corresponding to the non-binning state setting password in-stockroom operation of associate device, i.e. the operation data information can be with Condition managing is carried out for the first password status information where the associate device to the new access in list column.In other words, lead to It crosses and corresponding password in-stockroom operation is set for the initial password of the associate device with non-binning state in the target application, Can the new access associate device as destination network device, and the destination network device be shown in Password Management interface In the network equipment (for example, the corresponding network equipment of network address 3 in embodiment corresponding to above-mentioned Fig. 3) when, can be further In above-mentioned Password Management interface 100a shown in Fig. 3, password performed by the non-binning state for the initial password is received In-stockroom operation, so as to which the initial password of the destination network device is added to code data according to the password in-stockroom operation Library, and corresponding tag types are set for the initial password in the password database, so as in the password database Initial password with respective labels type is referred to as target password, to realize the password stock management to the initial password. It is understood that this can be had non-binning state during carrying out password stock management to the initial password The cryptographic state information of initial password (initial password of password database i.e. to be deposited) is referred to as first password status information, and It can be by the cryptographic state information of the initial password (being stored in the target password in password database) with respective labels Referred to as the second cryptographic state information, to realize response for the shape of the operation data information triggering in above-mentioned Password Management interface It is close by the first password status information to be adjusted to second by state change operation for the cryptographic state information of the destination network device Code status information, for example, cryptographic state in embodiment corresponding to above-mentioned Fig. 3 can be adjusted to be put in storage shape by non-binning state State.

It optionally, can be from the mesh if the first password status information of the destination network device is target status information The corresponding multiple second operand evidences of the target status information are obtained in list column where the mark network equipment；It further can be with Object run data are obtained in from the multiple second operand, and respond the password for object run data triggering The password change is operated corresponding password change task and is added to to-be-processed task list by change operation, and described in activation Corresponding second sub thread of object run data, and according to cryptographic state change rule and second sub thread, in password number The cryptographic state information of the destination network device is adjusted to the second password shape by the target status information according in library State information.

Wherein it is possible to understand, for the cryptographic state being put in storage, maintenance personnel can be in above-mentioned Password Management To cryptographic state (i.e. long-term password state, temporary password state or the key shape being put in storage in the Password Management interface of equipment Any one cryptographic state in state) it is adjusted, so as to the login quickly to the operating system of the destination network device Mode is modified.For example, existing can be logged in the interim of type with temporary password in the Password Management equipment Password carries out cryptographic state change, to obtain the long-term password that there is long-term password to log in type.

Wherein, it should be understood that for the cryptographic state for the destination network device being put in storage, this can be put in storage The cryptographic state of destination network device is referred to as target status information.So when the first password state of the destination network device It, can be simultaneous display be multiple with the dbjective state in list column where the destination network device when information is target status information The associated operation data information of information, and multiple operation data information in the list column can be displayed on and be referred to as the mesh Mark multiple second operand evidences corresponding to status information.In consideration of it, maintenance personnel can be from multiple second operand in Obtain object run data.For example, if the first password status information being shown in the list column be temporary password state, and should Object run data are " being set as long-term password ", then can receive maintenance personnel in Password Management equipment for the object run The password change operation that data are triggered, so as to activate the password change to operate corresponding sub thread (example in thread pool Such as, the second sub thread).Further, which can change rule according to cryptographic state and " should be set as long-term close The corresponding sub thread of code ", obtains the temporary password with temporary password state from password database, so as to by being somebody's turn to do " being set as long-term password " corresponding sub thread and the destination network device establish connection, so as in the Password Management equipment The operating system of the destination network device is logged in, according to the temporary password of the destination network device so as to pass through the target network Cipher change program in network equipment generates the corresponding new password of the temporary password, so as to store in destination network device The corresponding new password of the temporary password, and the new password is added in password database by synchronization, and by the label of the new password Type is set as long-term password and logs in type, so as to which in the Password Management equipment, this is stored in password database The new password cryptographic state information of target password that is referred to as target password, and this is logged in into type with long-term password be referred to as For the second cryptographic state information.It can be seen that by cryptographic state change rule and the second sub thread, it can be in code data The cryptographic state information of the destination network device is adjusted to the second cryptographic state letter by the target status information in library Breath.

It is understood that in embodiments of the present invention, maintenance personnel can be according to practical O&M demand in the target network Select an operation data as object run data in a variety of operation datas of network equipment, for example, when destination network device When cryptographic state is key state, the key state being currently displayed in Password Management interface can be referred to as to dbjective state letter Breath, and can where the destination network device in list column simultaneous display it is corresponding with the target status information it is multiple second grasp Make data, to obtain the corresponding object run data of the target status information in from multiple second operand.For example, if should Object run data are " downloading key ", then Password Management equipment can receive in Password Management interface is directed to the object run The password of data obtains operation (i.e. key obtains operation), operates corresponding key download instruction to generate password acquisition, from And can the key download instruction according to corresponding to the object run data, the target operand is activated in Password Management equipment According to corresponding sub thread, so as to obtain the target from password database according to the corresponding sub thread of object run data The key of the network equipment.It, can be with it is understood that Password Management equipment is after getting the key of the destination network device The above-mentioned network equipment is logged in by the secret key remote.In other words, which can be based on the key downloading received The key of the destination network device is downloaded in instruction from password database, i.e. maintenance personnel can be in the password of Password Management equipment It is triggered in administration interface and operation is obtained to the key of object run information (i.e. downloading key), so as in Password Management equipment Middle activation key, which obtains, operates corresponding sub thread, and obtaining the corresponding sub thread of operation by the key can be from code data The key that the destination network device is obtained in library can log in the target in the Password Management equipment medium-long range by the key The operating system of the network equipment.

Optionally, when the cryptographic state of the destination network device be key state, and the object run data be " be set as facing When password " when, maintenance personnel can also be triggered in the Password Management interface Status Change to " being set as temporary password " behaviour Make, so as to which the cryptographic state of destination network device in the Password Management interface is adjusted to temporary password shape by key state State.Similarly, when the object run data are " being set as long-term password ", maintenance personnel can also touch in the Password Management interface It sends out and another Status Change of " being set as long-term password " is operated, so as to by destination network device in the Password Management interface Cryptographic state information long-term password state is changed to by key state.Wherein, by the cryptographic state of destination network device by close Key state is adjusted to the detailed process of temporary password state or long-term password state, may refer to above-mentioned 4 institute of network address Cryptographic state in list column is adjusted to the process of long-term password state by temporary password state, will not continue to carry out here It repeats.

Step S103, based on second cryptographic state information to first attribute information of the destination network device It is updated, and using updated first attribute information as the second attribute information of the destination network device.

Specifically, the data processing equipment being integrated in Password Management equipment can be according to the second cryptographic state information to setting The first attribute information of destination network device is updated in standby status list.For example, can will be in the equipment state list Cryptographic state is adjusted to long-term password state by temporary password state, it can by the mesh before adjustment in the equipment state list The first password state information updating for marking the network equipment is the second cryptographic state information, at this point it is possible to will include second password The equipment state list of status information is referred to as new equipment state list.At this point, the operation in the new equipment state list Data information, which also synchronizes, to be updated.In other words, which can be according to second cryptographic state information to preceding The first attribute information (i.e. first password status information and operation data information) stated in equipment state list is updated, thus Updated first attribute information can be referred to as to the second attribute of the destination network device in the new equipment state list Information.Wherein, second attribute information can serve to indicate that the Password Management equipment responds the destination network device and examining Password request transmitted when first password status information failure is measured, second cryptographic state information is returned into institute Destination network device is stated, so that the destination network device can be close based on target corresponding to second cryptographic state information Code logs in the operating system of the destination network device (for example, (SuSE) Linux OS, at this point, the Linux of the destination network device Operating system can be referred to as destination OS).In consideration of it, second attribute information can serve to indicate that Password Management is set It is standby that the second cryptographic state information in second attribute information is returned into the target network when getting password request Equipment；The password request is to detect the first password state for carrying out password login in the destination network device To transmitted by the Password Management equipment when information fails；In other words, second attribute information may be used to indicate that mesh The mark network equipment can be returned when detecting first password status information failure based on the Password Management equipment Second cryptographic state information carries out password login.

It should be appreciated that in embodiments of the present invention, Password Management equipment will can successfully be logged in by target account information The shown list in Password Management interface is referred to as server list after the target application, and by institute in the server list Display with Password Management equipment there is the server (or network equipment) of incidence relation to be referred to as the pass under proprietary cloud network Join equipment.In addition, being sorted out by the attribute information to these associate devices, can further be searched according to the target got Rope information filters out the associate device with like attribute from these associate devices and is referred to as the network equipment (i.e. above-mentioned second sets It is standby), so as to further determine have with each network equipment according to the attribute information of these network equipments filtered out The equipment state list of incidence relation.Further, when the Password Management equipment for being integrated with data processing equipment is receiving When maintenance personnel's equipment selection operation performed in the equipment state list, can be included from the equipment state list Obtain destination network device in multiple network equipments, so as in the equipment state list to destination network device column Cryptographic state information in table column is adjusted, and equipment state list adjusted is referred to as to new equipment state list. In consideration of it, the embodiment of the present invention can be by the attribute information of destination network device of the display in the equipment state list before adjustment Referred to as the first attribute information, and the attribute of the destination network device by display adjusted in the new equipment state list Information is referred to as the second attribute information.In order to be distinguished with the first password status information in above-mentioned first attribute information, this Cryptographic state information in second attribute information can be referred to as the second cryptographic state information by inventive embodiments, and this second Cryptographic state information be the operation data information according to corresponding to the first password status information in above-mentioned first attribute information and It obtains.Wherein, if the first password status information is the cryptographic state being put in storage, corresponding to the cryptographic state being put in storage Operation data information may include multiple second operand evidences, specifically, may refer to it is right in embodiment corresponding to above-mentioned Fig. 3 The description of multiple second operand evidences will not continue to repeat here.In consideration of it, maintenance personnel can be according to O&M demand It include that multiple second operands obtain target operand in the equipment state list, so as to be set in the Password Management Sub thread corresponding to standby middle calling object run data carries out spirit so as to the cryptographic state to the destination network device Management living, to improve the efficiency of Password Management.

It is understood that the Password Management equipment can periodically set association recorded in the server list Standby is updated, for example, the new equipment can be referred to as to new access when there is new equipment to access the proprietary cloud network Associate device, when list update duration so as to reach the server list in current duration, in the server list It is middle to increase the new associate device associate device that perhaps deletion is not present or to being wrapped in list column where each associate device The IP address contained is updated.

It should be appreciated that the Password Management equipment in the embodiment of the present invention is to have interface visualization display function and data simultaneously Processing function is sent out in the equipment of one.In other words, aforementioned maintenance personnel can be to one or more in the Password Management interface The initial password of a network equipment (or server) newly accessed carries out password stock management.Implement for example, above-mentioned Fig. 1 is corresponding It, can be by the password of the individual server newly accessed there are when the network equipment newly accessed in proprietary cloud network described in example Password stock management is carried out, or to the bulk service device newly accessed (for example, newly access in server cluster multiple the Two servers) password carry out password stock management.Optionally, maintenance personnel can also be in the Password Management equipment to having entered The password of the individual server in library or multiple servers carries out cipher inquiry operation, to obtain one in the Password Management equipment The password of a or multiple associate devices.

Further, Fig. 4 is referred to, is the process signal of another data processing method provided in an embodiment of the present invention Figure.The method can be applied to Password Management equipment, the method may include:

Step S201 obtains the target account information of target application, and carries out login authentication to the target account information, And the target application is logged in when the authentication is passed, and the output password administration interface in the target application；

Wherein, with the Password Management equipment there is being associated with for incidence relation to set comprising all in the Password Management interface Standby attribute information.

Step S202 obtains the target search information in the Password Management interface, and screens from all associate devices The associate device being consistent with the target search information, as the network equipment, and according to the category of the all-network equipment filtered out Property the determining equipment state list with each network equipment with incidence relation of information；

It wherein, include the attribute information of each network equipment in the equipment state list.

Step S203, response are arranged for the equipment selection operation of equipment state list triggering from the equipment state Destination network device is obtained in multiple network equipments that table is included, and will be with the target network in the equipment state list Attribute information in the corresponding list column of network equipment is determined as the first attribute information of the destination network device；

Wherein, the operation data information in the list column is used for in the corresponding list column of the destination network device First password status information carries out condition managing.

Wherein, when the Password Management equipment for being integrated with data processing equipment is with interface visualization display function and data For concurrent processing function when the equipment of one, which can to the specific implementation of step S201- step S203 To participate in the description in embodiment corresponding to above-mentioned Fig. 2 to step S101, will not continue to repeat here.

It should be appreciated that Password Management equipment in embodiments of the present invention can for interface visualization display function and Data Concurrent processing function is in the equipment of one.Optionally, which can also be mutually independent is set by two Standby composed equipment, i.e. one of equipment in the two equipment can have interface visualization display function, the two Another in equipment has and can have Data Concurrent processing function.At this point it is possible to which this, which is had interface visualization, shows function The equipment of energy is referred to as to manage front end, is referred to as the equipment for having Data Concurrent processing function to manage rear end.After the management Holding can be used for showing above-mentioned visual interface (i.e. Password Management interface), and it is close at this to can be also used for maintenance personnel Human-machine operation is carried out in code administration interface.It should be appreciated that the management front end can be according to the human-machine operation performed by maintenance personnel Scheduling request is sent to management rear end, so that the management rear end is when receiving scheduling request transmitted by management front end, it can be with Data Concurrent processing is carried out on backstage according to the scheduling request.In other words, which can receive management front end institute When the scheduling request of transmission, password pipe is carried out to the cryptographic state for being shown in destination network device in equipment state list on backstage Reason, for example, can be carried out in password of the backstage to any one second server in above-mentioned service terminal cluster shown in FIG. 1 Password stock management, cipher inquiry management or cryptographic state change management (i.e. Status Change management).

In consideration of it, when the Password Management equipment includes two mutually independent equipment (i.e. one management front end and a pipes Manage rear end) when, the detailed process which executes above-mentioned steps S101 can also describe are as follows: management front end can be The target account information of the target application of maintenance personnel institute typing, the i.e. available mesh in the management front end are received in target application The target account information of application is marked, and the target account information is sent to the pipe for having network connection relation with the management front end Rear end is managed, so that the management rear end can carry out login authentication to the target account information on backstage, and when the authentication is passed The management front end is allowed to log in the target application by the target account information, so as to what is installed in the management front end The Password Management interface exported by the management rear end is shown in target application；Wherein, it can wrap in the Password Management interface There is the attribute information of each associate device of incidence relation containing all management rear ends with the Password Management equipment.Further Ground, maintenance personnel can show the Password Management interface management front end in shown function button (for example, above-mentioned figure A corresponding button in region shown in 3) trigger action is executed, so as to will be corresponding to the function button in the management front end Key assignments (i.e. region A) be used as target search information, and by the target search information be sent to management rear end so that after the management End can be when getting the target search information in the Password Management interface, screening and the mesh from all associate devices The associate device that mark search information is consistent, as the network equipment, and it is true according to the attribute information of the all-network equipment filtered out The fixed equipment state list with each network equipment with incidence relation, and the equipment state list is output to Password Management circle In face, so as to which the previously shown server list comprising all associate devices is updated in the Password Management interface For for showing the equipment state list of particular association equipment (network equipment being consistent with target search information)；In other words, It may include the attribute information of each network equipment in the equipment state list.Further, maintenance personnel can be Equipment selection operation is executed to multiple network equipments shown in the equipment state list in the management front end, so as to so that Rear end response is managed for the equipment selection operation of equipment state list triggering, is included from the equipment state list Destination network device is obtained in multiple network equipments, and will be corresponding with the destination network device in the equipment state list List column in attribute information be determined as the first attribute information of the destination network device；Operand in the list column It is believed that breath can serve to indicate that management rear end is receiving management front end for scheduling request transmitted by the operation data information When, state further can be carried out to the first password status information in the corresponding list column of the destination network device on backstage Management.

Wherein, the management front end can be any one user terminal (example in embodiment corresponding to above-mentioned Fig. 1 Such as, user terminal 3000a)；The management rear end can be the first server 2000 in embodiment corresponding to above-mentioned Fig. 1；Clothes Be engaged in the associate device in device list can in the service terminal cluster in embodiment corresponding to above-mentioned Fig. 1 any one second Server (for example, second server 4000a).The network equipment in equipment state list can be real corresponding to above-mentioned Fig. 1 Apply the second server being consistent with target search information filtered out in the service terminal cluster of example.

Step S204 judges whether is first password status information in the corresponding list of devices column of the destination network device For initial state information；

Wherein, it is not to be put in storage that the initial state information, which is cryptographic state described in embodiment corresponding to above-mentioned Fig. 2, Cryptographic state information when state.Optionally, which can also include target status information, the i.e. target Status information can be cryptographic state described in embodiment corresponding to above-mentioned Fig. 2 be binning state when cryptographic state letter Breath.It is right to the target password institute after the initial password setting respective labels type got that the binning state can be understood as The cryptographic state answered.For the destination network device described in the embodiment of the present invention, list where the destination network device Cryptographic state in column then can specifically include key state, long-term password state, temporary password state if binning state One of.

Step S205, if being judged as YES, response is for first operand associated by the initial state information according to touching The first operand is added to to-be-processed task list according to corresponding password inbound task by the password in-stockroom operation of hair, and Activate the first operand according to corresponding first sub thread；

Step S206, according to cryptographic state change rule and first sub thread, by the close of the destination network device Code status information is adjusted to the second cryptographic state information by the initial state information；

Wherein, second cryptographic state information is the initial password typing password number that will have the initial state information According to cryptographic state information identified behind library.It should be appreciated that the Password Management equipment being held to step S205 and step S206 Capable specific implementation may refer to the description in embodiment corresponding to above-mentioned Fig. 3 to password in-stockroom operation, here will no longer Continue to repeat.

Optionally, step S207, if being judged as NO, it is corresponding from the list column to obtain the target status information Multiple second operand evidences；

In other words, which can determine the first password status information for dbjective state letter Breath, and then can be obtained from the list column corresponding to the target status information in the list column of destination network device place Multiple second operand evidences.

Step S208 obtains object run data from the multiple second operand in, and responds and be directed to the target The password change operation of operation data triggering, operates corresponding password change task for the password change and is added to be processed Business list, and activate corresponding second sub thread of the object run data；

Step S209, according to cryptographic state change rule and second sub thread, by the mesh in password database The cryptographic state information of the mark network equipment is adjusted to the second cryptographic state information by the target status information.

Wherein, the specific implementation of step S207- step S209 may refer in embodiment corresponding to above-mentioned Fig. 2 to close The description of code change operation, will not continue to repeat here.

Step S210 is carried out based on the first attribute information of second cryptographic state information to the destination network device It updates, and using updated first attribute information as the second attribute information of the destination network device,

Wherein, second attribute information be used to indicate the Password Management equipment will be described when getting password request The second cryptographic state information in second attribute information returns to the destination network device；The password request is in the mesh The mark network equipment is set when detecting the failure of the first password status information for carrying out password login to the Password Management It is standby transmitted；The i.e. described Password Management equipment can respond the destination network device and detect the first password state Information password request transmitted when failing, returns to the destination network device for second cryptographic state information, so that The destination network device is based on second cryptographic state information and carries out password login.In other words, second attribute information The destination network device is used to indicate when detecting first password status information failure, the password pipe can be based on The second cryptographic state information that reason equipment is returned carries out password login.

Wherein, optionally, when the target status information of the destination network device be the temporary password log in type, and When the object run data got in from the multiple second operand are that cipher inquiry operates, the cipher inquiry is recorded Corresponding application time stamp is operated, and the application time is stabbed in password database described in typing；It further, will be described close The corresponding cipher inquiry task of code inquiry operation is added to to-be-processed task list, and activates the cipher inquiry operation corresponding Timing query procedure；Further, it is obtained from the password database according to the timing query procedure, application time stamp It takes the cipher inquiry to operate corresponding temporary password, and is exported the temporary password as the target password.

It is understood that the timing query procedure in the embodiment of the present invention can be used for being added to waiting task table In any one waiting task be polled, to obtain the processing progress of each waiting task.Wherein, this to be processed Business table can store in timed task database, so as in the timed task database to being added to waiting task Waiting task in table carries out locking operation, executes corresponding task to seize the sub thread in thread pool.For convenient for reason Solution, further, refers to Fig. 5, is a kind of schematic diagram of waiting task table provided in an embodiment of the present invention.As shown in Figure 5 Management rear end can be the first server 2000 in embodiment corresponding to above-mentioned Fig. 1, which can receive Fig. 5 institute Scheduling request transmitted by one or more management terminal (i.e. management front end 1, management terminal 2, management terminal 3) shown, and Further the scheduler task in the scheduling request received can be added in to-be-processed task list shown in fig. 5, it should be to Each scheduler task in processing task list may include password change application task and timing Detection task.

Wherein, password change application task can be understood as above-mentioned first password status information being adjusted to the second password shape The task of state information.Wherein, timing Detection task may include the expired Detection task of cipher inquiry task, temporary password and deadlock Detection task.

Wherein, for ease of understanding, further, Fig. 6 a, Fig. 6 b are referred to together, are one kind provided in an embodiment of the present invention Obtain the schematic diagram of temporary password.It should be appreciated that it is fixed to need for cryptographic state is the temporary password of temporary password state Phase is updated the temporary password, that is, needs that the expired Detection task of temporary password is arranged for the temporary password in management rear end (i.e. expired Detection task), to detect whether the temporary password being stored in Fig. 6 a fails.Wherein, after management as shown in Figure 6 b Hold (for example, management rear end in embodiment corresponding to above-mentioned Fig. 5) can be when current time is the T1 moment, before receiving management The tune for holding the cipher inquiry operation of (for example, management front end 1 in embodiment corresponding to above-mentioned Fig. 5) based on temporary password transmitted Degree request (scheduling request 1 in embodiment corresponding to i.e. above-mentioned Fig. 5).It is received it should be appreciated that working as management rear end shown in Fig. 6 b When to the scheduling request 1, it can recorde the cipher inquiry and operate corresponding application time stamp (for example, T1 moment), and will be described Application time stamp is entered into password database shown in Fig. 6 b, it should be understood that password database shown in Fig. 6 a and Fig. 6 b is Same password database.At this point, if scheduling request (for example, scheduling request 1 shown in fig. 5) instruction received by management rear end Be cipher inquiry task for temporary password, then the cipher inquiry task of the temporary password can be added to be processed Business list, and the cipher inquiry is activated to operate corresponding timing query procedure (i.e. timing query procedure shown in Fig. 6 a), thus It can be stabbed according to the application time and the timing query procedure adds up the cipher inquiry task in to-be-processed task list as wait locate The time duration of reason task.In other words, as shown in Figure 6 b, when current time is the T2 moment, which can be according to close Timing query procedure corresponding to code inquiry operation and application time stamp, add up described in the inactive queue of task The corresponding time duration of cipher inquiry task (can calculate the time interval between T2 moment and T1 moment shown in Fig. 6 b). At the same time, management rear end shown in Fig. 6 b can also be logged according to the temporary password stored in the password database The entry-into-force time stamp (for example, K1 moment) of temporary password corresponding to type updates duration (for example, updating one every 8 hours It is secondary) and application time stamp, determine that the temporary password logs in the remaining effective time of temporary password corresponding to type, So as to judge whether the time duration reaches the remaining effective time in the further schematic diagram shown in Fig. 6 a. If being judged as YES, destination network device shown in Fig. 6 b is connected to by the corresponding update subprocess of the timing query procedure, So as in the management rear end according to the temporary password (for example, Old Password M1 shown in Fig. 6 b) that will be failed inquired The destination OS of the destination network device is logged in, so as to record generated new password in the destination OS M2, and can synchronize and be added to new password M2 in password database according to schematic diagram shown in Fig. 6 a, so as to close The new password is referred to as to new temporary password in code database, so as to further according to schematic diagram shown in Fig. 6 a, The ciphertext password of the new temporary password is referred to as the second ciphertext password in password database shown in Fig. 6 a, so as to The the second ciphertext password got is decrypted in schematic diagram shown in Fig. 6 a, so as to obtain the second ciphertext password pair The temporary password answered, before the temporary password so as to get this returns to the management in embodiment corresponding to above-mentioned Fig. 5 End 1 is shown.

Optionally, if being judged as NO, i.e., the described time duration reaches the scheduling duration, and the time duration is not up to The residue effective time, then can directly obtain the corresponding ciphertext of the temporary password from password database shown in Fig. 6 a Password, and the ciphertext password got at this time can be referred to as to the first ciphertext password, and by asymmetric encryption mode to institute It states the first ciphertext password to be decrypted, obtains the corresponding temporary password of the first ciphertext password, so as to further by institute It states the corresponding temporary password of the first ciphertext password and returns to management front end 1, so as to show that the target is close in management front end 1 Code.

Should be appreciated that if scheduler task entrained in scheduling request shown in Fig. 6 b is password change application task, Rear end can be managed shown in Fig. 6 b can be added to above-mentioned waiting task for the password change application task, and wait locate It manages in task list and locking operation is carried out to the password change application task, so as to seize limited task resource, in turn It can be operated by the corresponding Status Change of password change application task, be temporary password shape by the cryptographic state at above-mentioned T1 moment State is referred to as first password status information, so as to the T2 moment shown in Fig. 6 b by above-mentioned temporary password (i.e. shown in Fig. 6 b Old Password M1) cryptographic state be adjusted to the cryptographic state of new password M2 shown in Fig. 6 b, at this point, the password shape at the T2 moment State can be long-term password state.It should be appreciated that can be together for the detailed process of the adjustment of the cryptographic state of other forms It, here will no longer referring to the description that cryptographic state is adjusted to long-term password state in the embodiment of the present invention by temporary password state Continue to repeat.

Wherein, timing query procedure in embodiments of the present invention can to subprocess corresponding to corresponding operating data into Row automatic regular polling, for example, can be primary to each waiting task poll in to-be-processed task list every one minute.Example Such as, for 3 scheduling requests (i.e. scheduling request 1, scheduling request 2, scheduling request 3) institute in embodiment corresponding to above-mentioned Fig. 5 For corresponding scheduler task, 1 institute of scheduling request shown in fig. 5 can be detected every one minute by timing query procedure The scheduler task of instruction whether there is, and detecting scheduler task indicated by above-mentioned scheduling request 2 shown in fig. 5 every one minute is It is no to deposit, and detected scheduler task indicated by above-mentioned scheduling request 2 shown in fig. 5 every one minute and whether there is.

Wherein, if the management rear end determines time duration, (i.e. the accumulation duration is accumulated according to application time stamp Duration difference between current time stamp and application time stamp) reach scheduling duration (for example, 10 minutes), and the time duration is not Reach the remaining effective time (for example, 60 minutes), then illustrates that the temporary password currently inquired does not fail, so as to To obtain the corresponding first ciphertext password of the temporary password from the password database of the management rear end, and by the temporary password Management terminal 1 corresponding to scheduling request 1 is returned to, so as to show the target password (mesh at this time in management terminal 1 Mark password is that rear obtained clear-text passwords is decrypted to the first ciphertext password).

It should be appreciated that in to-be-processed task list in embodiments of the present invention by each scheduler task can be referred to as to Processing task can carry out each scheduler task during each scheduler task is added to to-be-processed task list Locking operation for ease of understanding, further, refers to Fig. 7, is to seize task resource in the to-be-processed task list The schematic diagram that a kind of pair of scheduler task provided in an embodiment of the present invention is polled.Management front end as shown in Figure 7 can be upper State management front end 1, management front end 2 and the management front end 3 in embodiment corresponding to Fig. 5.As shown in Figure 5 above, these three are managed Front end can send scheduling request to management rear end shown in fig. 5 respectively at the above-mentioned T1 moment, if these three scheduling requests are taken It is respectively corresponding with management terminal 1 with above-mentioned password change application task, then in to-be-processed task list that can be shown in Fig. 7 Task A1, and lockings shown in Fig. 7 mark is arranged in management terminal 2 corresponding task B1 and task C2 corresponding with management terminal 3 Label carry the password change application task for locking label so as to preferentially execute in the to-be-processed task list, at this point, should Password change application task can be understood as the above-mentioned cryptographic state information by destination network device by first password status information It is adjusted to task corresponding to the second cryptographic state information.

It is understood that for all waiting tasks included in the to-be-processed task list, Ke Yitong It crosses timing query procedure to be polled each waiting task in to-be-processed task list, to know each waiting task Time duration or lock duration, it should be understood that for shown in Fig. 7 with the management corresponding task A2 in front end 1, with management end For holding 2 corresponding task B2 and task C1 corresponding with management terminal 3, locking duration is 0, so as in the present invention Found out in embodiment lock duration be greater than deadlock duration threshold value waiting task (for example, task C2 shown in Fig. 7) as to The task of unlock, and processing can be unlocked to the task to be unlocked in inactive queue of task, so as at this Unlock treated task C2 is removed in inactive queue of task, with free system resources.

In embodiments of the present invention, rear end is managed before Password Management interface to be output to management front end and is shown, It can also comprise the steps of: and detect the class information of the target account information in the target application；If detecting described The class information of target account information is the first estate for having Password Management permission, then executes described in the target application The step of output password administration interface；The corresponding target account information of described the first estate has to Password Management circle The permission that all associate devices in face are managed；Optionally, if detecting, the class information of the target account information is Has the second grade of state inquiry authority, then the output state query interface in the target application, and look into the state Ask all associate devices that display in interface has incidence relation with the Password Management equipment；The grade of second grade is believed Breath is lower than the class information of described the first estate, and the corresponding target account information of second grade has to described The permission that all associate devices in status inquiry interface are inquired.

It is understood that for multiple maintenance personnel have logged in target application by corresponding account information, it can To see the Password Management interface with same data content in corresponding management front end.As used in each maintenance personnel Account information is different, so the operation that each maintenance personnel has at the Password Management interface with same data content Permission should be different, for example, only the target account information with highest level information just can be in password database Data content carries out corresponding Password Management operation, and for the target account information of other class informations, then it can be right The data content being shown in Password Management interface is browsed, and therefore, can in embodiments of the present invention be had these and be looked into It askes Password Management interface corresponding to the target account information of permission and is referred to as status inquiry interface.In other words, each maintenance people Member after having logged in Password Management application (i.e. target application) respectively, it can be seen that the Password Management with same data content Interface (for content although identical, operating right is different), it can also be seen that the interface with different data content.For example, aforementioned Data content in status inquiry interface can be different from the data content in Password Management interface.By will be shown after the login Two different interfaces are divided at the interface shown, and the class information of maintenance personnel can be explicitly indicated, it can according to different etc. Grade information shows different interfaces.

Further, Fig. 8 is referred to, is a kind of structural schematic diagram of data processing equipment provided in an embodiment of the present invention, The data processing equipment 1 can be applied to Password Management equipment.As shown in figure 8, the data processing equipment 1 may include: that equipment obtains Modulus block 10, state adjust module 20, attribute update module 30；

Equipment obtains module 10, for obtaining multiple network equipments in target application, and from the multiple network equipment Middle the first attribute information for obtaining destination network device and the destination network device；Comprising the in first attribute information One cryptographic state information and operation data information；The target application includes Password Management interface；

Wherein, it includes: account authenticating unit 101, interface output unit 102, equipment screening that the equipment, which obtains module 10, Unit 103, target determination unit 104, further, it can also include: grade detection unit 105 which, which obtains module 10, Notification unit 106 and query interface output unit 107；

Account authenticating unit 101, for obtaining the target account information of target application, and to the target account information into Row logs in authentication, and the target application is logged in when the authentication is passed；

Interface output unit 102, for the output password administration interface in the target application；The Password Management interface In the attribute information comprising all associate devices with the Password Management equipment with incidence relation；

Equipment screening unit 103, for obtaining the target search information in the Password Management interface, and it is relevant from institute The associate device being consistent with the target search information is screened in equipment, as the network equipment, and according to all nets filtered out The determining equipment state list with each network equipment with incidence relation of the attribute information of network equipment；The equipment state list In include each network equipment attribute information；

Target determination unit 104, for responding the equipment selection operation for being directed to equipment state list triggering, from described Destination network device is obtained in multiple network equipments that equipment state list is included, and will be in the equipment state list Attribute information in the corresponding list column of the destination network device is determined as the first attribute information of the destination network device； Operation data information in the list column is used for the first password state in the corresponding list column of the destination network device Information carries out condition managing.

Optionally, grade detection unit 105, the grade for detecting the target account information in the target application are believed Breath；

Notification unit 106, if the class information for detecting the target account information is to have Password Management permission The first estate, then notify the interface output unit to execute the output password administration interface in the target application；Institute It states the corresponding target account information of the first estate and has and pipe is carried out to all associate devices in the Password Management interface The permission of reason；

Query interface output unit 107, if the class information for detecting the target account information is to have state Second grade of search access right, then the output state query interface in the target application, and in the status inquiry interface Display has all associate devices of incidence relation with the Password Management equipment；The class information of second grade is lower than institute The class information of the first estate is stated, and the corresponding target account information of second grade has in the status inquiry The permission that all associate devices in interface are inquired.

Wherein, account authenticating unit 101, interface output unit 102, equipment screening unit 103, target determination unit 104, The specific implementation of grade detection unit 105, notification unit 106 and query interface output unit 107 can be found in above-mentioned Fig. 4 institute To the description of step S201- step S203 in corresponding embodiment, will not continue to repeat here.

State adjusts module 20, for responding the operation data information being directed in Password Management interface triggering Status Change operation, is adjusted to second by the first password status information for the cryptographic state information of the destination network device Cryptographic state information；

Wherein, the state adjustment module 20 includes: first task adding unit 201, and the first adjustment unit 202 is optional Ground, the state adjustment module 20 can also include: operation acquiring unit 203, the second task adding unit 204, second adjustment Unit 205 further can also include: timestamp typing unit 206, query task unit 207 and password acquiring unit 208；

First task adding unit 201, if close for described first in the corresponding list column of the destination network device Code status information is initial state information, then response is for first operand associated by the initial state information according to triggering The first operand is added to to-be-processed task list according to corresponding password inbound task, and activated by password in-stockroom operation The first operand is according to corresponding first sub thread；

The first adjustment unit 202, for changing rule and first sub thread according to cryptographic state, by the target network The cryptographic state information of network equipment is adjusted to the second cryptographic state information by the initial state information；Second cryptographic state Information is identified cryptographic state information after the initial password typing password database that will have the initial state information.

Optionally, acquiring unit 203 is operated, if being target status information for the first password status information, from The corresponding multiple second operand evidences of the target status information are obtained in the list column；

Second task adding unit 204 for obtaining object run data in from the multiple second operand, and is rung The password change should be operated into corresponding password change task for the password change operation of object run data triggering It is added to to-be-processed task list, and activates corresponding second sub thread of the object run data；

Second adjustment unit 205, for changing rule and second sub thread according to cryptographic state, in password database The middle cryptographic state information by the destination network device is adjusted to the second cryptographic state letter by the target status information Breath.

Optionally, timestamp typing unit 206, when the target status information of the destination network device is described interim close Code logs in type, and from the object run data that the multiple second operand is got in be that cipher inquiry operates when, note It records the cipher inquiry and operates corresponding application time stamp, and the application time is stabbed in password database described in typing；

Query task unit 207, it is to be processed for the corresponding cipher inquiry task of cipher inquiry operation to be added to Task list, and the cipher inquiry is activated to operate corresponding timing query procedure；

Password acquiring unit 208, for being stabbed according to the timing query procedure, the application time from the code data The cipher inquiry is obtained in library and operates corresponding temporary password, and the temporary password is defeated as target password progress Out.

Wherein, the password acquiring unit 208 includes: that duration adds up subelement 2081, and duration determines subelement 2082, the One determines subelement 2083, and first decrypts subelement 2084, optionally, the password acquiring unit further include: second determines son Unit 2085, system access subelement 2086, and password modifies subelement 2087 and the second decryption subelement 2088, optionally, institute State password acquiring unit further include: task locks subelement 2089 and task unlocks subelement 2090；

Duration adds up subelement 2081, for being stabbed according to the timing query procedure, the application time, add up it is described to Handle the corresponding time duration of the cipher inquiry task in task queue；

Duration determines subelement 2082, for logging in class according to the temporary password stored in the password database The entry-into-force time stamp of temporary password corresponding to type updates duration and application time stamp, determines that the temporary password is stepped on Record the remaining effective time of temporary password corresponding to type；

First determines subelement 2083, if reaching the scheduling duration, and the time duration for the time duration The not up to described remaining effective time, then it is close to obtain corresponding first ciphertext of the temporary password from the password database Code；

First decryption subelement 2084, for the first ciphertext password to be decrypted by asymmetric encryption mode, The corresponding temporary password of the first ciphertext password is obtained, and using the corresponding temporary password of the first ciphertext password as target Password is exported.

Optionally, it second determines subelement 2085, if reaching the remaining effective time for the time duration, leads to Crossing the timing query procedure determines the temporary password for failure password；

System accesses subelement 2086, for passing through the failure password and corresponding update of the timing query procedure Thread accesses and controls the destination OS of the destination network device；

Password modifies subelement 2087, for being modified based on the destination OS to the temporary password, and The first ciphertext password in the password database is updated with the ciphertext password of modified temporary password, and will Updated first ciphertext password is determined as the second ciphertext password；

Second decryption subelement 2088, for the second ciphertext password to be decrypted by asymmetric encryption mode, The corresponding temporary password of the second ciphertext password is obtained, and using the corresponding temporary password of the second ciphertext password as target Password is exported.

Optionally, task locks subelement 2089, includes multiple to be processed in the inactive queue of task for working as When business, the corresponding locking duration of each waiting task is obtained by the timing query procedure；The multiple waiting task In include the untreated cipher inquiry task；

Task unlocks subelement 2090, if reaching deadlock duration for there is locking duration in the multiple waiting task Locking duration is then reached to be processed of deadlock duration threshold value in the inactive queue of task by the waiting task of threshold value Business is determined as task to be unlocked, and is unlocked processing to the task to be unlocked in the inactive queue of task, and In the inactive queue of task will unlock treated that the cipher inquiry task is removed

Wherein, the duration adds up subelement 2081, and duration determines subelement 2082, and first determines subelement 2083, the One decryption subelement 2084, second determines subelement 2085, and system accesses subelement 2086, and password modifies subelement 2087, and Second decryption subelement 2088, task locks subelement 2089 and task unlock subelement 2090 may refer to above-mentioned Fig. 6 a and figure Description in embodiment corresponding to 6b to temporary password is obtained, will not continue to repeat here.

Wherein, first task adding unit 201, the first adjustment unit 202 operate acquiring unit 203, the addition of the second task Unit 204, second adjustment unit 205, timestamp typing unit 206, query task unit 207 and password acquiring unit 208 Specific implementation can participate in the description in embodiment corresponding to above-mentioned Fig. 2 to step S102, will not continue to go to live in the household of one's in-laws on getting married here It states.

Attribute update module 30, for based on second cryptographic state information to the destination network device described One attribute information is updated, and is believed updated first attribute information as the second attribute of the destination network device Breath, second attribute information, which is used to indicate the Password Management equipment, believes second attribute when getting password request The second cryptographic state information in breath returns to the destination network device；The password request is in the destination network device To transmitted by the Password Management equipment when detecting the first password status information failure for carrying out password login.

Wherein, the equipment obtains module 10, and state adjusts module 20, and the specific implementation of attribute update module 30 can Referring to the description in embodiment corresponding to above-mentioned Fig. 2 to step S101- step S103, will not continue to repeat here.

Further, Fig. 9 is referred to, is the structural representation of another data processing equipment provided in an embodiment of the present invention Figure.As shown in figure 9, the data processing equipment 1000 can be applied to Password Management equipment, the data processing equipment 1000 It may include: processor 1001, network interface 1004 and memory 1005, in addition, the data processing equipment 1000 can be with It include: user interface 1003 and at least one communication bus 1002.Wherein, communication bus 1002 for realizing these components it Between connection communication.Wherein, user interface 1003 may include display screen (Display), keyboard (Keyboard), optional user Interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include having for standard Line interface, wireless interface (such as WI-FI interface).Memory 1004 can be high speed RAM memory, be also possible to non-labile Memory (non-volatile memory), for example, at least a magnetic disk storage.Memory 1005 optionally can also be to Few one is located remotely from the storage device of aforementioned processor 1001.As shown in figure 9, the storage as a kind of computer storage medium It may include operating system, network communication module, Subscriber Interface Module SIM and equipment control application program in device 1005.

The network interface 1004 in 1000 can also be attached with first server, and optional user interface 1003 is also It may include display screen (Display), keyboard (Keyboard).In data processing equipment 1000 shown in Fig. 9, network interface 1004 can provide network communication function；And user interface 1003 is mainly used for providing the interface of input for user；And processor 1001 can be used for that the equipment stored in memory 1005 is called to control application program, to realize:

Response is operated for the Status Change of the operation data information triggering in the Password Management interface, by the target The cryptographic state information of the network equipment is adjusted to the second cryptographic state information by the first password status information；

It is updated based on first attribute information of second cryptographic state information to the destination network device, and will Second attribute information of updated first attribute information as the destination network device, second attribute information is for referring to Show that the Password Management equipment responds the destination network device and detecting the first password status information failure Shi Suofa Second cryptographic state information is returned to the destination network device by the request sent, so that the destination network device base Password login is carried out in second cryptographic state information.

It should be appreciated that the executable Fig. 2 above or Fig. 4 institute of data processing equipment 1000 described in the embodiment of the present invention is right The description in embodiment to the data processing method is answered, also can be performed in embodiment corresponding to Fig. 8 above to the data The description of device 1 is managed, details are not described herein.In addition, being described to using the beneficial effect of same procedure, also no longer repeated.

In addition, it need to be noted that: the embodiment of the invention also provides a kind of computer storage medium, and the meter Computer program performed by the data processing equipment 1 being mentioned above, and the computer journey are stored in calculation machine storage medium Sequence includes program instruction, when the processor executes described program instruction, is able to carry out the corresponding implementation of Fig. 2 above or Fig. 4 Therefore description in example to the data processing method will be repeated no longer here.In addition, having to using same procedure Beneficial effect description, is also no longer repeated.For undisclosed skill in computer storage medium embodiment according to the present invention Art details please refers to the description of embodiment of the present invention method.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..

The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.

Claims

1. a kind of data processing method, which is characterized in that the method is applied to Password Management equipment, comprising:

Multiple network equipments are obtained in target application, and destination network device and institute are obtained from the multiple network equipment State the first attribute information of destination network device；It include first password status information and operation data in first attribute information Information；The target application includes Password Management interface；

It is updated based on first attribute information of second cryptographic state information to the destination network device, and will Second attribute information of updated first attribute information as the destination network device, second attribute information is for referring to Show that the Password Management equipment returns the second cryptographic state information in second attribute information when getting password request Back to the destination network device；The password request is to detect in the destination network device for carrying out password login To transmitted by the Password Management equipment when first password status information fails.

2. multiple network equipments are obtained in target application the method according to claim 1, wherein described, and The first attribute information of destination network device and the destination network device is obtained from the multiple network equipment, comprising:

The target account information of target application is obtained, and login authentication carried out to the target account information, and the authentication is passed Target application described in Shi Denglu, and the output password administration interface in the target application；Include in the Password Management interface The attribute information of all associate devices with the Password Management equipment with incidence relation；

The target search information in the Password Management interface is obtained, and screening and the target search from all associate devices The associate device that information is consistent, as the network equipment, and it is determining and every according to the attribute information of the all-network equipment filtered out A network equipment has the equipment state list of incidence relation；Comprising each network equipment in the equipment state list Attribute information；

For the equipment selection operation of equipment state list triggering, included from the equipment state list is multiple for response Destination network device is obtained in the network equipment, and will column corresponding with the destination network device in the equipment state list Attribute information in table column is determined as the first attribute information of the destination network device；Operand in the list column it is believed that It ceases for carrying out condition managing to the first password status information in the corresponding list column of the destination network device.

3. according to the method described in claim 2, it is characterized in that, in the target application output password administration interface it Before, further includes:

If detecting, the class information of the target account information is the first estate for having Password Management permission, described in execution In the target application the step of output password administration interface；The corresponding target account information of described the first estate has The permission that all associate devices in the Password Management interface are managed；

If detecting, the class information of the target account information is the second grade for having state inquiry authority, in the mesh Output state query interface in mark application, and show to have with the Password Management equipment in the status inquiry interface and be associated with All associate devices of relationship；The class information of second grade is lower than the class information of described the first estate, and described the The corresponding target account information of two grades, which has, inquires all associate devices in the status inquiry interface Permission.

4. according to the method described in claim 2, it is characterized in that, the response is for described in the Password Management interface The Status Change operation of operation data information triggering, by the cryptographic state information of the destination network device by the first state Information is adjusted to the second cryptographic state information, comprising:

If the first password status information in the corresponding list column of the destination network device is initial state information, ring It should be for first operand associated by the initial state information according to the password in-stockroom operation of triggering, by the first operand It is added to to-be-processed task list according to corresponding password inbound task, and activates the first operand according to corresponding first sub-line Journey；

According to cryptographic state change rule and first sub thread, by the cryptographic state information of the destination network device by institute It states initial state information and is adjusted to the second cryptographic state information；Second cryptographic state information is will have the original state Identified cryptographic state information after the initial password typing password database of information.

5. according to the method described in claim 2, it is characterized in that, the response is for described in the Password Management interface The Status Change operation of operation data information triggering, by the cryptographic state information of the destination network device by the first state Information is adjusted to the second cryptographic state information, comprising:

If the first password status information is target status information, the target status information is obtained from the list column Corresponding multiple second operand evidences；

Object run data are obtained in from the multiple second operand, and are responded for object run data triggering The password change is operated corresponding password change task and is added to to-be-processed task list, and activated by password change operation Corresponding second sub thread of the object run data；

According to cryptographic state change rule and second sub thread, by the institute of the destination network device in password database It states cryptographic state information and the second cryptographic state information is adjusted to by the target status information.

6. according to the method described in claim 5, it is characterized in that, the target status information, second cryptographic state are believed Breath is the corresponding tag types of target password being stored in the password database；The target password is described for logging in The destination OS of destination network device；The tag types log in type comprising temporary password, long-term password logs in type, Key exempts from any one in close login type.

7. according to the method described in claim 6, it is characterized by further comprising:

When the target status information of the destination network device is that the temporary password logs in type, and grasps from the multiple second When to make the object run data got in data be cipher inquiry operation, when recording the cipher inquiry and operating corresponding application Between stab, and will stab the application time described in typing in password database；

The cipher inquiry is operated into corresponding cipher inquiry task and is added to to-be-processed task list, and the password is activated to look into It askes and operates corresponding timing query procedure；

The cipher inquiry operation is obtained from the password database according to the timing query procedure, application time stamp Corresponding temporary password, and exported the temporary password as the target password.

8. the method according to the description of claim 7 is characterized in that it is described according to the timing query procedure, the application when Between stamp obtain the cipher inquiry from the password database and operate corresponding temporary password, and using the temporary password as The target password is exported, comprising:

It is stabbed according to the timing query procedure, the application time, the password added up in the inactive queue of task is looked into The corresponding time duration of inquiry task；

According to when coming into force of temporary password corresponding to the temporary password login type stored in the password database Between stamp, update duration and application time stamp, determine that the temporary password logs in the surplus of temporary password corresponding to type Remaining effective time；

If the time duration reaches the scheduling duration, and the time duration is not up to the remaining effective time, then from The corresponding first ciphertext password of the temporary password is obtained in the password database, and by asymmetric encryption mode to described First ciphertext password is decrypted, and obtains the corresponding temporary password of the first ciphertext password, and by the first ciphertext password Corresponding temporary password is exported as target password.

9. according to the method described in claim 8, it is characterized by further comprising:

If the time duration reaches the remaining effective time, the temporary password is determined by the timing query procedure For the password that fails；

By the failure password and the corresponding update sub thread of the timing query procedure, accesses and control the target network The destination OS of equipment；

It is modified based on the destination OS to the temporary password, and with the ciphertext password of modified temporary password The first ciphertext password in the password database is updated, and updated first ciphertext password is determined as Two ciphertext passwords；

The second ciphertext password is decrypted by asymmetric encryption mode, obtains that the second ciphertext password is corresponding to be faced When password, and exported using the corresponding temporary password of the second ciphertext password as target password.

10. according to the method described in claim 8, it is characterized by further comprising:

When in the inactive queue of task include multiple waiting tasks when, by the timing query procedure obtain each to The corresponding locking duration of processing task；It include the untreated cipher inquiry task in the multiple waiting task；

Reach the waiting task of deadlock duration threshold value if existing in the multiple waiting task and locking duration, it is described to The waiting task that locking duration reaches deadlock duration threshold value is determined as task to be unlocked in processing task queue, and described Processing is unlocked to the task to be unlocked in inactive queue of task, and will be at unlock in the inactive queue of task The cipher inquiry task after reason is removed.

11. a kind of data processing equipment, which is characterized in that described device is applied to Password Management equipment, comprising:

Equipment obtains module, obtains for obtaining multiple network equipments in target application, and from the multiple network equipment First attribute information of destination network device and the destination network device；It include first password in first attribute information Status information and operation data information；The target application includes Password Management interface；

State adjusts module, and the state for responding the operation data information being directed in Password Management interface triggering becomes It more operates, the cryptographic state information of the destination network device is adjusted to the second password shape by the first password status information State information；

Attribute update module, for first attribute based on second cryptographic state information to the destination network device Information is updated, and using updated first attribute information as the second attribute information of the destination network device, described Second attribute information is used to indicate the Password Management equipment will be in second attribute information when getting password request Second cryptographic state information returns to the destination network device；The password request is detected in the destination network device To transmitted by the Password Management equipment when first password status information for carrying out password login fails.

12. device according to claim 11, which is characterized in that the equipment obtains module and includes:

Account authenticating unit is logged in for obtaining the target account information of target application, and to the target account information Authentication, and the target application is logged in when the authentication is passed；

Interface output unit, for the output password administration interface in the target application；Include in the Password Management interface The attribute information of all associate devices with the Password Management equipment with incidence relation；

Equipment screening unit, for obtaining the target search information in the Password Management interface, and from all associate devices The associate device being consistent with the target search information is screened, as the network equipment, and according to the all-network equipment filtered out The determining equipment state list with each network equipment with incidence relation of attribute information；Include in the equipment state list The attribute information of each network equipment；

Target determination unit, for responding the equipment selection operation for being directed to equipment state list triggering, from the equipment shape Destination network device is obtained in multiple network equipments that state list is included, and will be with the mesh in the equipment state list Attribute information in the corresponding list column of the mark network equipment is determined as the first attribute information of the destination network device；The column Operation data information in table column be used for the first password status information in the corresponding list column of the destination network device into Row condition managing.

13. device according to claim 12, which is characterized in that the equipment obtains module further include:

Notification unit, if the class information for detecting the target account information is have Password Management permission first etc. Grade then notifies the interface output unit to execute the output password administration interface in the target application；Described first etc. The corresponding target account information of grade has the permission being managed to all associate devices in the Password Management interface；

Query interface output unit, if the class information for detecting the target account information is to have state inquiry authority The second grade, then the output state query interface in the target application, and display and institute in the status inquiry interface State all associate devices that Password Management equipment has incidence relation；The class information of second grade is lower than described first etc. The class information of grade, and the corresponding target account information of second grade has in the status inquiry interface The permission that all associate devices are inquired.

14. a kind of data processing equipment, which is characterized in that it includes: processor, storage that described device, which is applied to Password Management equipment, Device and network interface；

The processor is connected with memory, network interface, wherein network interface is described to deposit for connecting multiple network equipments Reservoir is for storing program code, and the processor is for calling said program code, to execute as claim 1-10 is any Method described in.

15. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer journey Sequence, the computer program include program instruction, and described program instructs when being executed by a processor, execute such as claim 1-10 Described in any item methods.