CN110336870B

CN110336870B - Method, device and system for establishing remote office operation and maintenance channel and storage medium

Info

Publication number: CN110336870B
Application number: CN201910582416.1A
Authority: CN
Inventors: 陈二虎; 卢道和; 谢波; 朱敏毅; 杨春保; 沈卫华; 杨成旺
Original assignee: WeBank Co Ltd
Current assignee: WeBank Co Ltd
Priority date: 2019-06-27
Filing date: 2019-06-27
Publication date: 2024-03-05
Anticipated expiration: 2039-06-27
Also published as: CN110336870A

Abstract

The invention discloses a method, a device, a system and a storage medium for establishing a remote office operation and maintenance channel, which relate to the field of financial science and technology, and the method comprises the following steps: when an establishment request for establishing a remote office operation and maintenance channel is detected, after the first login identifier passes authentication according to the login two-dimensional code corresponding to the establishment request, a second login identifier is generated through the two-dimensional code server, the second login identifier bound with the login two-dimensional code ID is sent to a remote user dialing authentication system, so that the second login identifier is sent to the two-dimensional code server, and if the second login identifier is successfully authenticated in the two-dimensional code server, user information is sent to the remote user dialing authentication system; and acquiring a VPN account corresponding to the establishment request according to the user information in the remote user dialing authentication system, and establishing a remote office operation and maintenance channel through the VPN account. The invention improves the login success rate of login VPN equipment and improves the login security of login VPN equipment.

Description

Method, device and system for establishing remote office operation and maintenance channel and storage medium

Technical Field

The present invention relates to the field of communication technologies of financial technologies (Fintech), and in particular, to a method, an apparatus, a system, and a storage medium for establishing a remote office operation and maintenance channel.

Background

With the continuous development of financial technology, especially internet technology finance, more and more technologies (such as distributed, blockchain, artificial intelligence, etc.) are applied in the finance field. More and more financial practitioners need to conduct remote office work, so higher requirements are put on the security of remote office work, the login success rate of login to a VPN device corresponding to remote office work and the like.

The existing scheme of logging in VPN (Virtual Private Network, virtual private network, remote office and operation and maintenance channel) is to directly integrate Any Connect software into self-developed software, and establish the remote office operation and maintenance channel with VPN equipment by calling Any Connect component, so as to realize remote office. The mode of logging in the VPN equipment is to input a user name and a password for identity verification. The scheme of logging in the VPN device by using the user name and the password is low in safety, the user name and the password can be input into a remote office operation and maintenance channel through an Any Connect at Any place at Any time, remote office is realized by logging in the VPN device, and the current mode of logging in the VPN device is to input the user name and the password for identity verification, but because the password of logging in the VPN device is complex, the user can easily input errors, and the login success rate of logging in the VPN device is reduced.

Disclosure of Invention

The invention mainly aims to provide a method, a device, a system and a storage medium for establishing a remote office operation and maintenance channel, and aims to solve the technical problems of low safety and low login success rate of the existing login VPN equipment.

In order to achieve the above object, the present invention provides a method for establishing a remote office operation and maintenance channel, the method for establishing a remote office operation and maintenance channel comprising the steps of:

when an establishment request for establishing a remote office operation and maintenance channel triggered by a client is detected, and after a first login identifier corresponding to the establishment request passes authentication according to a login two-dimensional code corresponding to the establishment request, a second login identifier is generated through a two-dimensional code server for generating the login two-dimensional code;

transmitting the second login identification binding the login two-dimensional code identification ID to a remote user dialing authentication system through a remote office terminal and virtual private network VPN equipment corresponding to the client;

transmitting the second login identification to a two-dimensional code server through the remote user dialing authentication system so as to authenticate the second login identification in the two-dimensional code server;

if the authentication of the second login identification in the two-dimension code server is successful, user information corresponding to the login two-dimension code ID is sent to the remote user dialing authentication system through the two-dimension code server;

And acquiring a VPN account corresponding to the establishment request according to the user information in the remote user dialing authentication system, and sending the VPN account to the VPN equipment so as to establish an operation and maintenance channel between the VPN equipment and the remote office terminal through the VPN account in the VPN equipment.

Preferably, when detecting an establishment request for establishing a remote office operation and maintenance channel triggered by a client, and detecting that a first login identifier corresponding to the establishment request passes authentication according to a login two-dimensional code corresponding to the establishment request, the step of generating a second login identifier through a two-dimensional code server for generating the login two-dimensional code includes:

when an establishment request for establishing a remote office operation and maintenance channel triggered by a client is detected, a first login identifier corresponding to the establishment request is obtained, and the first login identifier is sent to a two-dimension code server;

the client scans the login two-dimensional code generated by the two-dimensional code server to obtain a scanning result, and sends the scanning result to the two-dimensional code server;

if the third login identification in the scanning result is detected to be the same as the first login identification in the two-dimensional code server, determining that the first login identification passes authentication, and generating a second login identification through the two-dimensional code server.

Preferably, the step of obtaining, in the remote user dial authentication system, a VPN account corresponding to the establishment request according to the user information, and sending the VPN account to the VPN device includes:

acquiring a VPN account corresponding to the establishment request according to the user information in the remote user dialing authentication system, and detecting whether the VPN account is in a preset second validity period and whether the VPN account is in a locking state;

and if the VPN account is detected to be in the second effective period and the VPN account is not in a locked state, sending the VPN account to the VPN equipment.

Preferably, the step of transmitting the second login identifier to a two-dimensional code server through the remote user dialing authentication system to authenticate the second login identifier in the two-dimensional code server includes:

the second login identification is sent to a two-dimension code server through the remote user dialing authentication system, and a login two-dimension code ID bound by the second login identification is obtained;

detecting whether a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server according to the login two-dimensional code ID, and detecting whether the second login identifier is in a preset third validity period;

If a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server, and the second login identifier is in the third validity period, the second login identifier is confirmed to be successfully authenticated in the two-dimensional code server.

In addition, in order to achieve the above object, the present invention further provides a method for establishing a remote office operation and maintenance channel, where the method for establishing a remote office operation and maintenance channel is applied to a client, and the method for establishing a remote office operation and maintenance channel includes:

after the client receives the establishment request for establishing the remote dimension channel, scanning a login two-dimensional code generated by the two-dimensional code server to obtain a scanning result;

the scanning result is sent to the two-dimension code server side, so that the two-dimension code server side generates a second login identifier after determining that a first login identifier corresponding to the establishment request passes authentication according to the scanning result, and sends the second login identifier binding the login two-dimension code identity identifier ID to a remote user dialing authentication system through a remote office terminal corresponding to the client side and virtual private network VPN equipment;

after the remote user dialing authentication system receives the second login identification, the second login identification is sent to a two-dimensional code server side so that the two-dimensional code server side can authenticate the second login identification, and after the second login identification is successfully authenticated, user information corresponding to a login two-dimensional code ID is returned to the remote user dialing authentication system;

And acquiring a VPN account corresponding to the establishment request according to the user information, and sending the VPN account to the VPN equipment so that the VPN equipment establishes an operation and maintenance channel between the VPN equipment and the remote office terminal through the VPN account.

Preferably, after the client receives the establishment request for establishing the remote dimension channel, the step of scanning the login two-dimensional code generated by the two-dimensional code server to obtain a scanning result includes:

when a client receives an establishment request for establishing a remote dimension channel, acquiring a first login identifier corresponding to the establishment request, and sending the first login identifier to a two-dimension code server;

and scanning the login two-dimensional code generated by the two-dimensional code server to obtain a scanning result.

Preferably, after the client receives the establishment request for establishing the remote dimension channel, the step of obtaining a first login identifier corresponding to the establishment request and sending the first login identifier to the two-dimension code server includes:

after receiving an establishment request for establishing a remote dimension channel, a client acquires a first login identifier corresponding to the establishment request, and detects whether the first login identifier is in a preset first validity period;

If the first login identification is not in the first validity period, login information corresponding to the establishment request is obtained;

and if the login information passes the verification, regenerating the first login identification, and sending the generated first login identification to the two-dimensional code server.

Preferably, after the client receives the establishment request for establishing the remote dimension channel, the method for establishing the remote office operation and maintenance channel further includes:

if the user corresponding to the establishment request is detected to be the remote office terminal started for the first time, acquiring terminal information of the remote office terminal;

and sending the terminal information to an authorized terminal so as to grant the authority of the remote office terminal for remote office operation in the authorized terminal according to the terminal information.

Preferably, after the client receives the establishment request for establishing the remote dimension channel, the step of scanning the login two-dimensional code generated by the two-dimensional code server to obtain a scanning result further includes:

when a login request of a user corresponding to the establishment request for logging in the client for the first time is detected, acquiring a login number corresponding to the login request;

and if the login number is stored in a preset database corresponding to the client, executing the login request so that the user corresponding to the establishment request successfully logs in the client.

In addition, in order to achieve the above object, the present invention further provides a method for establishing a remote office operation and maintenance channel, where the method for establishing a remote office operation and maintenance channel is applied to a remote office terminal, and the method for establishing a remote office operation and maintenance channel includes:

the remote office terminal receives a second login identifier of the binding login two-dimensional code identity ID sent by the two-dimensional code terminal, wherein when the two-dimensional code terminal detects that a first login identifier corresponding to an establishment request for establishing a remote office operation and maintenance channel passes authentication, the second login identifier is generated and sent to the remote office terminal;

transmitting the second login identification to a remote user dialing authentication system through a virtual private network VPN device so that the remote user dialing authentication system transmits the second login identification to a two-dimensional code server;

if the authentication of the second login identifier in the two-dimensional code server is successful, the two-dimensional code server sends user information corresponding to the login two-dimensional code ID to the remote user dialing authentication system; and the remote user dialing authentication system acquires a VPN account corresponding to the establishment request according to the user information, and sends the VPN account to the VPN equipment so that the VPN equipment establishes an operation and maintenance channel between the VPN equipment and the remote office terminal through the VPN account.

In addition, in order to achieve the above object, a system for establishing a remote office operation and maintenance channel includes a client, a two-dimensional code server, a remote user dial authentication system, a remote office terminal, and a virtual private network VPN device:

the client is used for scanning a login two-dimensional code generated by the two-dimensional code server after receiving an establishment request for establishing a remote dimension channel to obtain a scanning result, and sending the scanning result to the two-dimensional code server;

the two-dimension code client is used for generating a second login identifier after determining that the first login identifier corresponding to the establishment request passes authentication according to the scanning result, and sending the second login identifier bound with the login two-dimension code identity identifier ID to a remote user dialing authentication system through the remote office terminal and VPN equipment;

the remote user dialing authentication system is used for sending the second login identification to a two-dimensional code server after receiving the second login identification;

the two-dimension code client is also used for authenticating the second login identifier, and after the second login identifier is successfully authenticated, user information corresponding to the login two-dimension code ID is returned to the remote user dialing authentication system;

The remote user dialing authentication system is further used for acquiring a VPN account corresponding to the establishment request according to the user information and sending the VPN account to the VPN equipment;

the VPN device is used for establishing an operation and maintenance channel between the VPN device and the remote office terminal through the VPN account.

Preferably, the client is further configured to obtain a first login identifier corresponding to a remote dimension channel after receiving a request for establishing the remote dimension channel, and send the first login identifier to a two-dimension code server; scanning a login two-dimensional code generated by the two-dimensional code server to obtain a scanning result; the scanning result is sent to a two-dimension code server;

and the two-dimensional code server is also used for determining that the first login identifier passes authentication and generating a second login identifier if the third login identifier in the scanning result is detected to be the same as the first login identifier.

Preferably, the remote user dialing authentication system is further configured to obtain a VPN account corresponding to the establishment request according to the user information, and detect whether the VPN account is within a preset second validity period, and whether the VPN account is in a locked state; and if the VPN account is detected to be in the second effective period and the VPN account is not in a locked state, sending the VPN account to the VPN equipment.

Preferably, the two-dimension code server is further configured to detect whether a fourth login identifier consistent with the second login identifier exists according to the login two-dimension code ID, and detect whether the second login identifier is within a preset third validity period; and if a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server, and the second login identifier is in the third validity period, determining that the second login identifier is successfully authenticated.

In addition, in order to achieve the above object, the present invention further provides a device for establishing a remote office operation and maintenance channel, where the device for establishing a remote office operation and maintenance channel is applied to a client, and the device for establishing a remote office operation and maintenance channel includes:

the scanning module is used for scanning the login two-dimensional code generated by the two-dimensional code server after receiving the establishment request for establishing the remote dimension channel to obtain a scanning result;

the sending module is used for sending the scanning result to the two-dimension code server side so that the two-dimension code server side can generate a second login identifier after determining that a first login identifier corresponding to the establishment request passes authentication according to the scanning result, and sending the second login identifier binding the login two-dimension code identity identifier ID to a remote user dialing authentication system through a remote office terminal corresponding to the client side and virtual private network VPN equipment;

In addition, in order to achieve the above object, the present invention further provides a device for establishing a remote office operation and maintenance channel, where the device for establishing a remote office operation and maintenance channel is applied to a remote office terminal, and the device for establishing a remote office operation and maintenance channel includes:

the receiving module is used for receiving a second login identifier of the binding login two-dimensional code identity identifier ID sent by the two-dimensional code terminal, wherein when the two-dimensional code terminal detects that a first login identifier corresponding to an establishment request for establishing a remote office operation and maintenance channel passes authentication, the second login identifier is generated and sent to the remote office terminal;

The sending module is used for sending the second login identification to a remote user dialing authentication system through a virtual private network VPN device so that the remote user dialing authentication system can send the second login identification to a two-dimension code server;

In addition, in order to achieve the above object, the present invention also provides a system for establishing a remote office operation and maintenance channel, where the system for establishing a remote office operation and maintenance channel includes a memory, a processor, and a remote office operation and maintenance channel establishment program stored in the memory and capable of running on the processor, where the remote office operation and maintenance channel establishment program, when executed by the processor, implements the steps of the method for establishing a remote office operation and maintenance channel as described above.

In addition, in order to achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a remote office operation and maintenance channel establishment program which, when executed by a processor, implements the steps of the remote office operation and maintenance channel establishment method as described above.

According to the invention, the first login identification corresponding to the remote office channel establishment request is established through login two-dimension code authentication, after the first login identification is successfully authenticated, the second login identification is generated to perform secondary authentication in a background remote user dialing authentication system Radius, a VPN account is obtained, and an operation and maintenance channel between the VPN equipment and the remote office terminal is established through the VPN account. The method and the device have the advantages that in the process of establishing the operation and maintenance channel, a user does not need to input a password to log in the VPN device, the login success rate of logging in the VPN device is improved, in the process of establishing the operation and maintenance channel, the two-dimension code server side and Radius are adopted for identity verification based on the scene that the client side scans the two-dimension code, and the login security of logging in the VPN device is improved.

Drawings

FIG. 1 is a flow chart of a first embodiment of a method for establishing a remote office operation and maintenance channel according to the present invention;

FIG. 2 is a flowchart of a fourth embodiment of a method for creating a remote office operation and maintenance channel according to the present invention;

FIG. 3 is a schematic diagram of a hardware operating environment according to an embodiment of the present invention.

The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.

Detailed Description

It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

The invention provides a method for establishing a remote office operation and maintenance channel, and referring to fig. 1, fig. 1 is a flow chart of a first embodiment of the method for establishing a remote office operation and maintenance channel of the invention.

The embodiments of the present invention provide embodiments of a method of establishing a remote office operation and maintenance channel, it should be noted that although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in an order different from that shown or described herein.

The method for establishing the remote office operation and maintenance channel comprises the following steps:

step S10, when a request for establishing a remote office operation and maintenance channel triggered by a client is detected, and a first login identifier corresponding to the establishment request is detected to pass authentication according to a login two-dimensional code corresponding to the establishment request, a second login identifier is generated through a two-dimensional code server side generating the login two-dimensional code.

When a user needs to remotely office, the user can trigger a request for establishing the remote office operation and maintenance channel in a display interface of the client, and the client detects whether the request for establishing the remote office operation and maintenance channel triggered by the user is received. After receiving an establishment request for establishing a remote office operation and maintenance channel triggered by a user, the client scans a login two-dimensional code corresponding to the establishment request and sends a scanning result obtained by scanning the login two-dimensional code to the two-dimensional code server. And when the two-dimensional code server determines that the first login identifier corresponding to the establishment request passes the authentication according to the scanning result, the two-dimensional code server generates a second login identifier. It should be noted that, the login identifier may exist in the form of a single terminal, or may be installed in a mobile terminal such as a tablet computer, a notebook computer, a palm computer, a personal digital assistant (Personal Digital Assistant, PDA), or a fixed terminal such as a digital TV, a desktop computer, where the two-dimensional code server is a background server.

Further, step S10 includes:

Step a, after detecting an establishment request for establishing a remote office operation and maintenance channel triggered by a client, acquiring a first login identifier corresponding to the establishment request, and sending the first login identifier to a two-dimension code server.

When the client detects a user-triggered establishment request for establishing a remote office operation and maintenance channel, the client acquires a first login identifier corresponding to the establishment request and sends the first login identifier to the two-dimension code server. The first login identifier is generated according to a user name, a Pin code (Personal Identification Number) and/or a Token code of the user logging in the remote office terminal, and specifically, the first login identifier generated by splicing the user name, the Pin code and the Token code can be adopted. Token code is a dynamic password hardware Token with a specific validity time. In this embodiment, each user has only a unique Pin code, and each user has a Token serial number from which a Token code may be generated. The remote office terminal may be a mobile terminal such as a tablet computer, notebook computer, palm top computer, personal digital assistant (Personal Digital Assistant, PDA), etc., as well as a stationary terminal such as a digital TV, desktop computer, etc.

And b, scanning the login two-dimensional code generated by the two-dimensional code server through the client to obtain a scanning result, and sending the scanning result to the two-dimensional code server.

And after the two-dimension code server receives the first login identification, the two-dimension code server generates a login two-dimension code and sends the login two-dimension code to the client. After the client receives the login two-dimensional code, the client can start a camera to scan the login two-dimensional code, a scanning result is obtained, and the scanning result is sent to the two-dimensional code server. It should be noted that, when the client scans the login two-dimensional code, the client will load the first login identifier into the login two-dimensional code to obtain a scanning result. It can be understood that when the client scans the login two-dimensional code, the client can record the user name, the Pin code and the Token code into the login two-dimensional code to obtain a scanning result.

And c, if the third login identifier in the scanning result is detected to be the same as the first login identifier in the two-dimensional code server, determining that the first login identifier passes authentication, and generating a second login identifier through the two-dimensional code server.

After the two-dimensional code server receives the scanning result, the two-dimensional code server extracts the login identification from the scanning result, marks the extracted login identification as a third login identification, and detects whether the third login identification is identical with the first login identification sent by the client. If the third login identifier is detected to be the same as the first login identifier, the two-dimensional code server determines that the first login identifier passes the authentication, and generates a second login identifier. The second login identifier can be generated by the two-dimensional code server according to a specific identifier generation rule, and information such as a user name, a Pin code, a timestamp for generating second login identifier generation time and the like can be carried in the generated second login identifier. The user scans the two-dimension code to carry out identity authentication on the user, so that the identity authentication flow in the process of establishing the remote office operation and maintenance channel is simplified.

Further, step a comprises:

step a1, after detecting an establishment request for establishing a remote office operation and maintenance channel triggered by a client, acquiring a first login identifier corresponding to the establishment request, and detecting whether the first login identifier is in a preset first validity period.

And a step a2 of acquiring login information corresponding to the establishment request if the first login identification is not in the first validity period.

And a step a3 of regenerating the first login identification if the login information passes the verification, and sending the generated first login identification to the two-dimensional code server.

Further, after the client detects the establishment request for establishing the remote office operation and maintenance channel, the client acquires a first login identifier corresponding to the establishment request, and detects whether the first login identifier is within a preset first validity period. The duration corresponding to the first validity period may be set according to specific needs, and the duration of the first validity period is not specifically limited in this embodiment. Specifically, the client acquires the generation time of the first login identifier, acquires the current time, calculates the time difference between the generation time of the first login identifier and the current time, and judges whether the calculated time difference is greater than the duration corresponding to the first validity period. If the calculated time difference is greater than the duration corresponding to the first validity period, the client determines that the first login identification is not in the first validity period, namely the first login identification is in a failure state; if the calculated time difference is smaller than or equal to the duration corresponding to the first validity period, the client determines that the first login identification is in the first validity period. If the first login identification is not in the first validity period, the client acquires login information corresponding to the establishment request and verifies the login information. If the login information is detected to pass the verification, the client regenerates a first login identification according to the login information. The login information includes, but is not limited to, a user name, a Pin code and a Token code, and the login information corresponding to the establishment request is input by the user in the client display interface. After the client acquires the login information, whether the user name, the Pin code and the Token code which are consistent with the acquired login information are found in a database is detected. If the client searches the user name, the Pin code and the Token code which are consistent with the login information in the database, the client determines that the login information passes verification; if the client side does not find the user name, the Pin code and the Token code which are consistent with the login information in the database, the client side determines that the login information is not verified.

Further, if the first login identification is determined to be in the first validity period, the client sends the first login identification to the two-dimensional code server; if the login information is detected to be not verified, the client generates prompt information of failed establishment, and outputs the prompt information to prompt the user that the establishment of the remote office operation and maintenance channel fails.

And step S20, the second login identification of the binding login two-dimensional code identification ID is sent to a remote user dialing authentication system through a remote office terminal and virtual private network VPN equipment corresponding to the client.

After the two-dimensional code client generates the second login identification, the two-dimensional code client associates and binds the second login identification with the ID of the login two-dimensional code, each login two-dimensional code has a unique ID (Identity document, identity identification), and one login two-dimensional code can be uniquely determined through the ID, and in this embodiment, the ID of the login two-dimensional code is recorded as the login two-dimensional code ID. And the two-dimension code client sends a second login identification of the binding login two-dimension code ID to the remote office client, wherein the remote office client integrates an Any Connect which is a VPN (Virtual Private Network ) client pushed by Cisco. And after the remote office terminal receives the second login identification, the remote office terminal sends the second login identification to the VPN equipment. When the VPN device receives the second login identification, the VPN device sends the second login identification to the Radius (Remote Authentication Dial In User Service, remote user dial-up authentication system).

Step S30, the second login identification is sent to a two-dimension code server through the remote user dialing authentication system, so that the second login identification is authenticated in the two-dimension code server.

And after the Radius receives the second login identification, the Radius sends the second login identification to the two-dimensional code server to authenticate the second login identification in the two-dimensional code server.

Further, step S30 includes:

and d, transmitting the second login identification to a two-dimension code server through the remote user dialing authentication system, and acquiring a login two-dimension code ID bound by the second login identification.

And c, detecting whether a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server according to the login two-dimensional code ID, and detecting whether the second login identifier is in a preset third validity period.

Specifically, after the Radius sends the second login identifier to the two-dimensional code server, the two-dimensional code server acquires the login two-dimensional code ID bound by the second login identifier, and detects whether a login identifier corresponding to the login two-dimensional code ID exists in a database in the two-dimensional code server. For convenience of description, in this embodiment, a login identifier corresponding to the login two-dimensional code ID in the two-dimensional code server database is denoted as a fourth login identifier. After the two-dimension code server generates the login identifier, the login identifier and the corresponding login two-dimension code ID are associated and stored in the database. If the fourth login identification exists in the database of the two-dimensional code server, the two-dimensional code server detects whether the fourth login identification is consistent with the second login identification or not, and detects whether the second login identification is in a preset third validity period or not. The duration corresponding to the third validity period may be the same as the duration corresponding to the first validity period, or may be different from the duration corresponding to the first validity period. The process of detecting whether the fourth login identifier is identical to the second login identifier by the two-dimensional code server is similar to the process of detecting whether the first login identifier is identical to the third login identifier, and detailed description thereof is omitted. The process of detecting whether the second login identifier is in the third validity period by the two-dimensional code server is similar to the process of detecting whether the first login identifier is in the first validity period, and detailed description thereof is omitted.

And e, if a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server, and the second login identifier is in the third validity period, determining that the second login identifier is successfully authenticated in the two-dimensional code server.

If the two-dimensional code server detects that a fourth login identifier consistent with the second login identifier exists in the database, and the two-dimensional code client detects that the second login identifier is in a third validity period, the two-dimensional code client determines that the second login identifier is successfully authenticated. If the two-dimensional code server detects that the fourth login identification does not exist in the database, the two-dimensional code server determines that the authentication of the second login identification fails; if the two-dimensional code server detects that the fourth login identifier exists in the database, but the fourth login identifier is inconsistent with the second login identifier, and/or the second login identifier is not in the third validity period, the two-dimensional code server determines that the second login identifier fails authentication.

Further, when the two-dimensional code server determines that the second login identification fails authentication, the two-dimensional code server generates prompt information of failed establishment, and sends the prompt information to Radius and/or the client so as to prompt a user that the establishment of a remote office operation and maintenance channel fails according to the prompt information.

And step S40, if the authentication of the second login identification in the two-dimension code server is successful, transmitting user information corresponding to the login two-dimension code ID to the remote user dialing authentication system through the two-dimension code server.

Step S50, obtaining a VPN account corresponding to the establishment request according to the user information in the remote user dialing authentication system, and sending the VPN account to the VPN equipment so as to establish an operation and maintenance channel between the VPN equipment and the remote office terminal through the VPN account in the VPN equipment.

If the two-dimensional code client determines that the second login identification passes authentication, that is, that the second login identification is successfully authenticated, the two-dimensional code client acquires user information corresponding to the login two-dimensional code ID and sends the user information to Radius, wherein the user information corresponding to the login two-dimensional code ID comprises, but is not limited to, a user name. After receiving user information sent by the two-dimension code client, the Radius acquires a VPN account corresponding to the establishment request according to the user information, and sends the acquired VPN account to VPN equipment. In this embodiment, the VPN account number is stored in the Radius in association with the user information. After the VPN equipment receives the VPN account, the VPN equipment establishes an operation and maintenance channel between the VPN equipment and the remote office terminal through the VPN account. After the operation and maintenance channel between the VPN device and the remote office terminal is established, the user can conduct remote office.

According to the embodiment, the first login identification corresponding to the remote office channel establishment request is established through login two-dimension code authentication, after the first login identification is successfully authenticated, secondary authentication is performed in the background Radius through generating the second login identification, a VPN account is obtained, and an operation and maintenance channel between the VPN equipment and the remote office terminal is established through the VPN account. The method and the device have the advantages that in the process of establishing the operation and maintenance channel, a user does not need to input a password to log in the VPN device, the login success rate of logging in the VPN device is improved, in the process of establishing the operation and maintenance channel, the two-dimension code server side and Radius are adopted for identity verification based on the scene that the client side scans the two-dimension code, and the login security of logging in the VPN device is improved.

Further, a second embodiment of the method for establishing a remote office operation and maintenance channel is provided.

The difference between the second embodiment of the method for establishing a remote office operation and maintenance channel and the first embodiment of the method for establishing a remote office operation and maintenance channel is that the step of obtaining, in the remote user dial-up authentication system, a VPN account corresponding to the establishment request according to the user information, and sending the VPN account to the VPN device includes:

And f, acquiring a VPN account corresponding to the establishment request in the remote user dialing authentication system according to the user information, and detecting whether the VPN account is in a preset second validity period and whether the VPN account is in a locking state.

After the Radius acquires the VPN account corresponding to the establishment request according to the user information, the Radius detects whether the VPN account is in a preset second effective period or not and detects whether the VPN account is in a locking state or not. The duration corresponding to the second validity period may be consistent with the duration corresponding to the first validity period, or may not be consistent with the duration corresponding to the first validity period. The process of detecting whether the VPN account is within the second validity period by using the Radius is similar to the process of detecting whether the first login identifier is within the first validity period by using the client, and will not be described in detail herein. When the VPN account is in a locked state, the VPN account may have a lock identifier, and in this embodiment, the specific form of the lock identifier is not limited, for example, the lock identifier may be represented in a number, a letter, or a combination of a number and a letter.

And h, if the VPN account is detected to be in the second effective period and the VPN account is not in a locked state, sending the VPN account to the VPN equipment.

If the VPN account is detected to be in the second effective period and the VPN account is detected to be not in the locking state, the Radius sends the VPN account to VPN equipment; further, if the VPN account is detected not to be in the second validity period and/or the VPN account is detected to be in the locking state, radius generates a failure notification message of the establishment failure, and sends the failure notification message to the client through the remote office terminal, or sends the failure notification message to the client through the two-dimension code server, so that the client outputs the failure notification message to prompt a user that the establishment of the operation and maintenance channel fails after receiving the failure notification message.

According to the embodiment, after the VPN account is obtained, the VPN account is only sent to the VPN device when the VPN account is detected to be in the second effective period and the VPN account is detected not to be in the locking state, so that the VPN device can establish an operation and maintenance channel with the remote office terminal according to the VPN account, the operation and maintenance channel between the VPN device and the remote office terminal according to the failed VPN account and/or the VPN account in the locking state is avoided, and the safety of the established operation and maintenance channel is improved.

Further, a third embodiment of the method for establishing a remote office operation and maintenance channel is provided.

The difference between the third embodiment of the method for establishing a remote office operation and maintenance channel and the first or second embodiment of the method for establishing a remote office operation and maintenance channel is that the method for establishing a remote office operation and maintenance channel further includes:

and i, if the fact that the user corresponding to the establishment request starts the remote office terminal for the first time is detected, acquiring terminal information of the remote office terminal.

And j, transmitting the terminal information to an authorized terminal so as to grant the authority of the remote office terminal for remote office operation in the authorized terminal according to the terminal information.

After the client receives the establishment request for establishing the remote office operation and maintenance channel, the client detects whether the user corresponding to the establishment request logs in the remote office terminal for the first time. It should be noted that, in the embodiment of the present invention, after the remote office terminal receives the second login identifier sent by the two-dimensional code server, it may be determined that the user successfully logs in the remote office terminal. Specifically, after the client receives the establishment request, the client detects whether the identification information of the remote office terminal is stored in the database thereof. If the client detects that the identification information of the remote office terminal is not stored in the database, the client determines that the user corresponding to the establishment request starts the remote office terminal for the first time, acquires the terminal information of the remote office terminal, and sends the terminal information to the authorization terminal.

The identification information is information capable of uniquely identifying the remote office terminal, such as a device machine code of the remote office terminal. Terminal information includes, but is not limited to, the MAC (Media Access Control ) address of the remote office terminal, operator information, activation code, and device machine code. The operator information includes, but is not limited to, the IP (Internet Protocol, protocol for interconnection between networks) address of the remote office terminal and the operator identification used by which it can be determined whether the remote office terminal is connected, telecommunications, or mobile. The activation code is the information required to activate the tele-office terminal the first time the tele-office terminal is started. The device machine code is generated by a MAC address, an activation code, and the like.

After the authorization terminal receives the terminal information, the authorization terminal outputs authorization prompt information so as to prompt corresponding staff to grant the authority of the remote office terminal to conduct remote office operation according to the terminal information. Further, if the client detects that the identification information of the remote office terminal is stored in the database, the client determines that the user corresponding to the establishment request does not start the remote office terminal for the first time, and the client does not need to acquire the terminal information corresponding to the remote office terminal.

According to the method and the device, when the user corresponding to the establishment request is detected to start the tele-office terminal for the first time, the terminal information of the tele-office terminal is obtained and sent to the authorization terminal, so that the authority of the tele-office terminal for tele-office operation is granted in the authorization terminal, when the user starts the tele-office terminal for the first time, the operation authority of the tele-office terminal for the tele-office is automatically executed, and the tele-office efficiency of the user through the tele-office terminal is improved.

Further, a fourth embodiment of the method for establishing a remote office operation and maintenance channel of the present invention is provided.

The fourth embodiment of the method for establishing a remote office operation and maintenance channel is different from the first, second or third embodiment of the method for establishing a remote office operation and maintenance channel in that, referring to fig. 2, the method for establishing a remote office operation and maintenance channel further includes:

step S60, after detecting the login request of the user corresponding to the establishment request for logging in the client for the first time, obtaining the login number corresponding to the login request.

And step S70, if the login number is stored in a preset database corresponding to the client, executing the login request so that the user corresponding to the establishment request successfully logs in the client.

After receiving the login request, the client detects whether the user corresponding to the establishment request logs in for the first time. Specifically, if the client detects login information of the user corresponding to the establishment request in the login database, the client determines that the user corresponding to the establishment request is not logged in for the first time; if the client side does not detect the login information of the user corresponding to the establishment request in the login database, the client side determines that the user corresponding to the establishment request is logged in for the first time. The login information includes, but is not limited to, a phone number of a user corresponding to the establishment request, an identification card number and a user name used by a login client.

When the client determines that the user corresponding to the establishment request logs in for the first time, the client acquires the login number corresponding to the login request and detects whether the login number is stored in a preset database of the client. The login number is information which can uniquely identify the user, such as a telephone number or an identity card number of the user corresponding to the establishment request. When the login number of a certain user is stored in a preset database, indicating that the user has authority to login the client; when the login number of a certain user is not stored in the preset database, the user is indicated to have no authority to login the client. If in the specific application process, the preset database is used for storing the telephone number of the employee of the company corresponding to the client, when the telephone number of a certain user is stored in the preset database, the user is indicated to be the employee of the company, and the user can log in the client; when a telephone number of a certain user is not stored in the preset database, it indicates that the user is not an employee of a company, and the user cannot log in the client.

After the client detects that the login number is stored in a preset database, the client executes the login request so as to enable the suggestion request to successfully log in by the corresponding user; when the client detects that the login number is not stored in the preset database, the client does not execute the login request and outputs prompt information of login failure so as to prompt establishment of a request corresponding to user login failure according to the prompt information of login failure.

According to the embodiment, when the user is determined to be the first login client, the login number corresponding to the login request is acquired, the user is allowed to login the client only when the login number is stored in the preset database of the client, the illegal user is prevented from logging in the client, and the safety of the client is improved.

In addition, the invention also provides a method for establishing the remote office operation and maintenance channel, which is applied to the client, and comprises the following steps:

Further, after the client receives the establishment request for establishing the remote dimension channel, the step of scanning the login two-dimension code generated by the two-dimension code server to obtain a scanning result includes:

and scanning the login two-dimensional code generated by the two-dimensional code server by the client to obtain a scanning result.

Further, after the client receives the establishment request for establishing the remote dimension channel, the step of obtaining the first login identifier corresponding to the establishment request and sending the first login identifier to the two-dimension code server comprises the following steps:

Further, after the client receives the establishment request for establishing the remote dimension channel, the method for establishing the remote office operation and maintenance channel further comprises the following steps:

Further, after the client receives the establishment request for establishing the remote dimension channel, the step of scanning the login two-dimensional code generated by the two-dimensional code server to obtain a scanning result further includes:

It should be noted that, the embodiments of the method for establishing a remote office operation and maintenance channel applied to the client are the same as the processes executed by the client in the embodiments of the method for establishing a remote office operation and maintenance channel, and are not described in detail herein.

In addition, the invention also provides a method for establishing the remote office operation and maintenance channel, which is applied to the remote office terminal, and comprises the following steps:

It should be noted that, the embodiments of the method for establishing a remote office operation and maintenance channel applied to the remote office terminal are the same as the processes executed by the remote office terminal in the embodiments of the method for establishing a remote office operation and maintenance channel, and are not described in detail herein.

In addition, the invention also provides a system for establishing the remote office operation and maintenance channel, which comprises a client, a two-dimension code server, a remote user dialing authentication system, a remote office terminal and virtual private network VPN equipment:

Further, the client is further configured to obtain a first login identifier corresponding to the establishment request after receiving the establishment request for establishing the remote dimension channel, and send the first login identifier to the two-dimension code server; scanning a login two-dimensional code generated by the two-dimensional code server to obtain a scanning result; the scanning result is sent to a two-dimension code server;

Further, the remote user dialing authentication system is further configured to obtain a VPN account corresponding to the establishment request according to the user information, and detect whether the VPN account is within a preset second validity period and whether the VPN account is in a locked state; and if the VPN account is detected to be in the second effective period and the VPN account is not in a locked state, sending the VPN account to the VPN equipment.

Further, the two-dimension code server is further configured to detect whether a fourth login identifier consistent with the second login identifier exists according to the login two-dimension code ID, and detect whether the second login identifier is within a preset third validity period; and if a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server, and the second login identifier is in the third validity period, determining that the second login identifier is successfully authenticated.

It should be noted that, the embodiments of the system for establishing a remote office operation and maintenance channel are substantially the same as the embodiments of the method for establishing a remote office operation and maintenance channel described above, and will not be described in detail herein.

In addition, the invention also provides a device for establishing the remote office operation and maintenance channel, which is applied to the client, and comprises the following components:

Further, the scanning module includes:

the device comprises an acquisition unit, a control unit and a control unit, wherein the acquisition unit is used for acquiring a first login identifier corresponding to a remote dimension channel after receiving the establishment request for establishing the remote dimension channel;

the sending unit is used for sending the first login identification to the two-dimensional code server;

and the scanning unit is used for scanning the login two-dimensional code generated by the two-dimensional code server to obtain a scanning result.

Further, the obtaining unit is further configured to obtain a first login identifier corresponding to a remote dimension channel after the client receives a setup request for setting up the setup request;

the scanning module further includes:

the detection unit is used for detecting whether the first login identification is in a preset first validity period or not;

the obtaining unit is further configured to obtain login information corresponding to the establishment request if the first login identifier is not in the first validity period;

the scanning module further includes:

The generating unit is used for regenerating the first login identification if the login information passes the verification;

the sending unit is also used for sending the generated first login identification to the two-dimensional code server.

Further, the device for establishing the remote office operation and maintenance channel further comprises:

the first acquisition module is used for acquiring terminal information of the remote office terminal if the user corresponding to the establishment request is detected to be the first starting of the remote office terminal;

the sending module is also used for sending the terminal information to an authorized terminal so as to grant the authority of the remote office terminal for remote office operation in the authorized terminal according to the terminal information.

the second acquisition module is used for acquiring a login number corresponding to the login request after detecting the login request of the client for logging in the user corresponding to the establishment request for the first time;

and the execution module is used for executing the login request if the login number is stored in a preset database corresponding to the client, so that the user corresponding to the establishment request successfully logs in the client.

It should be noted that, the embodiments of the device for establishing a remote office operation and maintenance channel applied to the client are the same as the processes executed by the client in the embodiments of the method for establishing a remote office operation and maintenance channel described above, and will not be described in detail herein.

In addition, the invention also provides a device for establishing the remote office operation and maintenance channel, which is applied to the remote office terminal, and comprises the following components:

It should be noted that, the embodiments of the device for establishing a remote office operation and maintenance channel applied to the remote office terminal are the same as the processes executed by the remote office terminal in the embodiments of the device for establishing a remote office operation and maintenance channel, and will not be described in detail herein.

In addition, the invention also provides equipment for establishing the remote office operation and maintenance channel. As shown in fig. 3, fig. 3 is a schematic structural diagram of a hardware running environment according to an embodiment of the present invention.

It should be noted that fig. 3 is a schematic structural diagram of a hardware running environment of the device for establishing a remote office operation and maintenance channel. The equipment for establishing the remote office operation and maintenance channel in the embodiment of the invention can be terminal equipment such as a PC, a portable computer and the like.

As shown in fig. 3, the device for establishing a remote office operation and maintenance channel may include: a processor 1001, such as a CPU, memory 1005, user interface 1003, network interface 1004, communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.

Optionally, the device for establishing a remote office operation and maintenance channel may further include a camera, an RF (Radio Frequency) circuit, a sensor, an audio circuit, a WiFi module, and so on.

Those skilled in the art will appreciate that the set-up device structure of the tele-office operation and maintenance channel shown in fig. 3 does not constitute a limitation of the set-up device of the tele-office operation and maintenance channel, and may include more or less components than illustrated, or may combine some components, or may be a different arrangement of components.

As shown in fig. 3, an operating system, a network communication module, a user interface module, and a program for establishing a remote office operation and maintenance channel may be included in the memory 1005 as one type of computer storage medium. The operating system is a program for managing and controlling the hardware and software resources of the equipment for establishing the remote office operation and maintenance channel, and supports the establishment program of the remote office operation and maintenance channel and the operation of other software or programs.

In the device for establishing a remote office operation and maintenance channel shown in fig. 3, when the device for establishing is a client, the user interface 1003 is mainly used for connecting a two-dimensional code server and the like, and performing data communication with the two-dimensional code server; when the set-up device is a remote office terminal, the user interface 1003 is mainly used for connecting the two-dimensional code server and the VPN device, and performs data communication with the two-dimensional code server and the VPN device; the network interface 1004 is mainly used for a background server and is in data communication with the background server; the processor 1001 may be configured to call a remote office operation and maintenance channel setup program stored in the memory 1005 and perform the steps of the remote office operation and maintenance channel setup method as described above.

The specific implementation manner of the device for establishing the remote office operation and maintenance channel is basically the same as the above embodiments of the method for establishing the remote office operation and maintenance channel, and will not be described herein.

In addition, the embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a remote office operation and maintenance channel establishment program, and the remote office operation and maintenance channel establishment program realizes the steps of the remote office operation and maintenance channel establishment method when being executed by a processor.

The specific implementation manner of the computer readable storage medium of the present invention is basically the same as the above embodiments of the method for establishing a remote office operation and maintenance channel, and will not be described herein.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.

The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims

1. The method for establishing the remote office operation and maintenance channel is characterized by comprising the following steps of:

if the authentication of the second login identification in the two-dimension code server is successful, user information corresponding to the login two-dimension code identification ID is sent to the remote user dialing authentication system through the two-dimension code server;

2. The method for establishing a remote office operation and maintenance channel according to claim 1, wherein when detecting a request for establishing a remote office operation and maintenance channel triggered by a client, and detecting that a first login identifier corresponding to the establishment request passes authentication according to a login two-dimensional code corresponding to the establishment request, the step of generating a second login identifier through a two-dimensional code server side generating the login two-dimensional code comprises:

3. The method for establishing a remote office operation and maintenance channel according to claim 1, wherein the step of obtaining, in the remote user dial-up authentication system, a VPN account corresponding to the establishment request according to the user information, and transmitting the VPN account to the VPN device includes:

4. A method for establishing a remote office operation and maintenance channel according to any one of claims 1 to 3, wherein the step of transmitting the second login identifier to a two-dimensional code server through the remote user dial-up authentication system to authenticate the second login identifier in the two-dimensional code server comprises:

the second login identification is sent to a two-dimension code server through the remote user dialing authentication system, and a login two-dimension code identity ID bound with the second login identification is obtained;

detecting whether a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server according to the login two-dimensional code identifier ID, and detecting whether the second login identifier is in a preset third validity period;

5. The method for establishing the remote office operation and maintenance channel is characterized by being applied to a client, and comprises the following steps:

after the client receives the establishment request for establishing the remote operation and maintenance channel, scanning a login two-dimensional code generated by the two-dimensional code server to obtain a scanning result;

when the remote user dialing authentication system receives the second login identification, the second login identification is sent to a two-dimension code server side so that the two-dimension code server side can authenticate the second login identification, and after the second login identification is successfully authenticated, user information corresponding to the login two-dimension code identity identification ID is returned to the remote user dialing authentication system;

6. The method for establishing a remote office operation and maintenance channel according to claim 5, wherein the step of scanning the login two-dimensional code generated by the two-dimensional code server after the client receives the establishment request for establishing the remote office operation and maintenance channel to obtain the scanning result comprises:

when a client receives an establishment request for establishing a remote operation and maintenance channel, acquiring a first login identifier corresponding to the establishment request, and sending the first login identifier to a two-dimensional code server;

7. The method for establishing a remote office operation and maintenance channel according to claim 6, wherein the step of obtaining a first login identifier corresponding to the establishment request and sending the first login identifier to the two-dimensional code server after the client receives the establishment request for establishing the remote office operation and maintenance channel comprises:

After receiving an establishment request for establishing a remote operation and maintenance channel, a client acquires a first login identifier corresponding to the establishment request and detects whether the first login identifier is in a preset first validity period;

8. The method for setting up a remote office operation and maintenance channel according to claim 5, wherein after the client receives the request for setting up the remote office operation and maintenance channel, the method for setting up the remote office operation and maintenance channel further comprises:

9. The method for establishing a remote office operation and maintenance channel according to any one of claims 5 to 8, wherein, after the client receives the request for establishing the remote office operation and maintenance channel, the step of scanning the login two-dimensional code generated by the two-dimensional code server to obtain the scanning result further comprises:

10. The method for establishing the remote office operation and maintenance channel is characterized by being applied to a remote office terminal, and comprises the following steps:

the remote office terminal receives a second login identifier of a binding login two-dimensional code identity ID sent by a two-dimensional code server, wherein when the two-dimensional code server detects that a first login identifier corresponding to an establishment request for establishing a remote office operation and maintenance channel passes authentication, the second login identifier is generated and sent to the remote office terminal;

if the authentication of the second login identifier in the two-dimensional code server is successful, the two-dimensional code server sends user information corresponding to the login two-dimensional code identity identifier ID to the remote user dialing authentication system; and the remote user dialing authentication system acquires a VPN account corresponding to the establishment request according to the user information, and sends the VPN account to the VPN equipment so that the VPN equipment establishes an operation and maintenance channel between the VPN equipment and the remote office terminal through the VPN account.

11. The system for establishing the remote office operation and maintenance channel is characterized by comprising a client, a two-dimension code server, a remote user dialing authentication system, a remote office terminal and virtual private network VPN equipment:

the client is used for scanning a login two-dimensional code generated by the two-dimensional code server after receiving an establishment request for establishing a remote operation and maintenance channel to obtain a scanning result, and sending the scanning result to the two-dimensional code server;

the two-dimension code server is used for generating a second login identifier after determining that a first login identifier corresponding to the establishment request passes authentication according to the scanning result, and sending the second login identifier binding the login two-dimension code identity identifier ID to a remote user dialing authentication system through the remote office terminal and VPN equipment;

the two-dimension code server is also used for authenticating the second login identifier, and returning user information corresponding to the login two-dimension code identity identifier ID to the remote user dialing authentication system after the second login identifier is successfully authenticated;

12. The system for building a remote office operation and maintenance channel according to claim 11, wherein the client is further configured to, after receiving a request for building a remote office operation and maintenance channel, obtain a first login identifier corresponding to the building request, and send the first login identifier to a two-dimensional code server;

scanning a login two-dimensional code generated by the two-dimensional code server to obtain a scanning result; the scanning result is sent to a two-dimension code server;

the two-dimensional code server is further used for determining that the first login identifier passes authentication if the third login identifier in the scanning result is detected to be the same as the first login identifier; a second login identification is generated.

13. The system for building a remote office operation and maintenance channel according to claim 11, wherein the remote user dialing authentication system is further configured to obtain a VPN account corresponding to the building request according to the user information, detect whether the VPN account is within a preset second validity period, and determine whether the VPN account is in a locked state; and if the VPN account is detected to be in the second effective period and the VPN account is not in a locked state, sending the VPN account to the VPN equipment.

14. The system for establishing a remote office operation and maintenance channel according to any one of claims 11 to 13, wherein the two-dimensional code server is further configured to detect whether a fourth login identifier consistent with the second login identifier exists according to the login two-dimensional code identifier ID, and detect whether the second login identifier is within a preset third validity period; and if a fourth login identifier consistent with the second login identifier exists in the two-dimensional code server, and the second login identifier is in the third validity period, determining that the second login identifier is successfully authenticated.

15. The utility model provides a remote office operation and maintenance passageway's setting up device, its characterized in that, remote office operation and maintenance passageway's setting up device is applied to the customer end, remote office operation and maintenance passageway's setting up device includes:

the scanning module is used for scanning the login two-dimensional code generated by the two-dimensional code server after receiving the establishment request for establishing the remote operation and maintenance channel to obtain a scanning result;

After the remote user dialing authentication system receives the second login identification, the second login identification is sent to a two-dimensional code server side so that the two-dimensional code server side can authenticate the second login identification, and after the second login identification is successfully authenticated, user information corresponding to a login two-dimensional code identity identification ID is returned to the remote user dialing authentication system;

16. The utility model provides a remote office operation and maintenance passageway's setting up device, its characterized in that, remote office operation and maintenance passageway's setting up device is applied to the remote office terminal, remote office operation and maintenance passageway's setting up device includes:

the receiving module is used for receiving a second login identifier of the binding login two-dimensional code identity identifier ID sent by the two-dimensional code server, wherein when the two-dimensional code server detects that a first login identifier corresponding to an establishment request for establishing a remote office operation and maintenance channel passes authentication, the second login identifier is generated and sent to the remote office terminal;

17. A device for setting up a teleoffice operation and maintenance channel, characterized in that the system for setting up a teleoffice operation and maintenance channel comprises a memory, a processor and a program for setting up a teleoffice operation and maintenance channel stored on the memory and executable on the processor, which program for setting up a teleoffice operation and maintenance channel, when executed by the processor, implements the steps of the method for setting up a teleoffice operation and maintenance channel according to any one of claims 5 to 9.

18. A teleoffice operation and maintenance channel establishment apparatus, characterized in that the teleoffice operation and maintenance channel establishment system comprises a memory, a processor and a teleoffice operation and maintenance channel establishment program stored on the memory and executable on the processor, the teleoffice operation and maintenance channel establishment program realizing the steps of the teleoffice operation and maintenance channel establishment method according to claim 10 when being executed by the processor.

19. A computer-readable storage medium, wherein a program for creating a tele-office operation and maintenance channel is stored on the computer-readable storage medium, and the program for creating a tele-office operation and maintenance channel, when executed by a processor, implements the steps of the method for creating a tele-office operation and maintenance channel according to any one of claims 5 to 9.

20. A computer-readable storage medium, wherein a program for creating a tele-office operation and maintenance channel is stored on the computer-readable storage medium, and the program for creating a tele-office operation and maintenance channel, when executed by a processor, implements the steps of the method for creating a tele-office operation and maintenance channel according to claim 10.