CN110688647A - Computer task judging method and server system suitable for same - Google Patents
Computer task judging method and server system suitable for same Download PDFInfo
- Publication number
- CN110688647A CN110688647A CN201810734864.4A CN201810734864A CN110688647A CN 110688647 A CN110688647 A CN 110688647A CN 201810734864 A CN201810734864 A CN 201810734864A CN 110688647 A CN110688647 A CN 110688647A
- Authority
- CN
- China
- Prior art keywords
- black
- white list
- computer
- computer task
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Abstract
The invention discloses a computer task judging method suitable for a computer, which comprises the steps of modifying a black and white list by the computer according to a control instruction, wherein the modification program comprises the steps of decrypting the black and white list to obtain the content of the black and white list, modifying the content of the black and white list, and encrypting the modified black and white list after modifying the content of the black and white list. When executing the computer task, the modified black-and-white list is subjected to another decryption program to read the content of the black-and-white list. And judging whether the computer task is related to the restricted options on the black and white list according to the read contents of the black and white list. If so, the computer allows the computer task to be performed. If not, the computer refuses to execute the computer task. The invention also discloses a server system with the computer task judging function.
Description
Technical Field
The present invention relates to a computer task routing (authorization) method and a server system with a computer task routing function, and more particularly, to a computer task routing method using a black and white list and a server system with a computer task routing function.
Background
Generally, in order to meet the specific requirements of customers, manufacturers design and assemble servers, and set the servers to limit the functions of certain software and hardware. For example, for a company enterprise, it is necessary to limit some functions of a computer used by employees in order to manage and avoid the concern of leakage of confidential data of the company, such as prohibiting installation or execution of social software or limiting computer connections to only specific routers inside the company, and prohibiting routers connected to external networks.
However, the related settings for limiting the software and hardware functions are compiled and set in advance at an initial stage, and if the customer needs to change the related settings for limiting the software and hardware functions due to some factors, it is a difficult point in terms of practical operation. In other words, in the prior art, a perfect management mechanism is not planned for the type of function, so that the function has the characteristics of secrecy, easiness in use, incapability of being modified by a user and the like. Furthermore, the mechanism also needs to be compatible with industrial Mobile Device Management (MDM) requirements, which can be remotely modified. Therefore, without the above-mentioned perfect unified management scheme, as the number of options and functions to be modified increases, the scattered program codes will cause a great burden in the subsequent development and maintenance.
Disclosure of Invention
In view of the above, the present invention provides a computer task determination method and a server system having a computer task determination function, which mainly unifies related restriction functions to summarize a black and white list suitable for most restriction condition formats, stores the black and white list in a storage space that is not easy to read, performs encryption for secondary protection, and simultaneously allows dynamic modification requirements at a local end and a remote end.
The invention discloses a computer task judging method suitable for a computer, which comprises the steps of modifying a black and white list by the computer according to a control instruction, wherein the modification program comprises a decryption program for the black and white list to obtain the content of the black and white list, modifying the content of the black and white list, and encrypting the modified black and white list after modifying the content of the black and white list. Then, when executing the computer task, another decryption procedure is performed on the modified black-and-white list to read the content of the black-and-white list. And judging whether the executed computer task is associated with the restricted option on the black-and-white list according to the read content of the black-and-white list. If the computer task is not associated with the restricted options on the black and white list, the computer is allowed to execute the computer task. If the computer task is associated with the restricted options on the black and white list, the computer refuses to execute the computer task.
The invention discloses a server system with a computer task judging function, which comprises a local server and a management server. The local server includes a storage space for storing a black and white list. The local server is used for selectively providing hardware function instructions to modify the black and white list. The management server is in communication connection with the local server and is used for selectively providing a remote instruction to perform another modification procedure on the black and white list. When the local server executes the computer task, the local server decrypts the modified black-and-white list to read the content of the black-and-white list, so as to judge whether the executed computer task is associated with the limited option on the black-and-white list. If the computer task is not associated with the limited options on the black and white list, the local server allows the computer task to be executed, and if the computer task is associated with the limited options on the black and white list, the local server refuses to execute the computer task.
In the method and the server system with the computer task judgment function, a black and white list suitable for most of restriction condition formats is mainly summarized by unifying related restriction functions, the black and white list is stored in a storage space which is not easy to read, encryption is carried out for secondary protection, and the requirements of dynamic modification at a local end and a remote end are allowed.
The foregoing summary of the invention, as well as the following detailed description of the embodiments, is provided to illustrate and explain the principles and spirit of the invention, and to provide further explanation of the invention as claimed.
Drawings
Fig. 1 is a functional block diagram of a server system with an application program determining function according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a method for determining an application program of a computer according to an embodiment of the present invention.
Wherein, the reference numbers:
1 server system
10 local server
101 storage space
103 system controller
12 management server
CMD2 remote command
BK black and white list
Detailed Description
The detailed features and advantages of the present invention are described in detail in the following embodiments, which are sufficient for those skilled in the art to understand the technical contents of the present invention and to implement the same, and the related objects and advantages of the present invention can be easily understood by those skilled in the art from the disclosure of the present specification, claims and drawings. The following examples further illustrate aspects of the present invention in detail, but are not intended to limit the scope of the present invention in any way.
Referring to fig. 1, fig. 1 is a functional block diagram of a server system with a computer task determination function according to an embodiment of the present invention. As shown in fig. 1, the server system 1 includes a local server 10 and a management server 12. The local server 10 has a storage space 101 for storing the black-and-white list BK. In practice, the storage space 101 may be a storage memory in the local server 10, which has a function of storing data or data, and has a characteristic of being not easy to read. The local server 10, e.g. an internal processor, may be configured to selectively provide hardware function commands CMD1 (not shown) to perform a procedure for modifying the black and white list BK.
The management server 12 is communicatively connected to the local server 10 and the management server 12 (e.g., an internal processor) may be used to selectively provide remote commands CMD2 to perform another modification procedure on the black and white list BK. In this embodiment, when the local server 10 intends to execute a computer task, the local server 10 performs a decryption procedure on the modified black-and-white list BK ' to read the content of the black-and-white list BK ', so as to determine whether the application program to be executed is associated with the restricted option on the black-and-white list BK '. In practice, if the local server 10 determines that the application is not associated with the restricted option, the local server 10 allows the computer task to be executed or installed. Otherwise, if the local server 10 determines that the computer task is associated with the restricted option, the local server 10 refuses to execute the computer task. The computer task may be, for example, an installation task of some specific social/communication software/application APP, a connection task to a specific router, or a task related to a system.
In one example, during the modification process according to the hardware function command CMD1, the local server 10 accesses the storage space 101 to perform a decryption process on the black-and-white list BK, so as to obtain the content of the black-and-white list BK. The local server 10 may then modify the content of the black and white list BK. After the local server 10 has modified the content of the black-and-white list BK (i.e. after the black-and-white list BK 'is generated), the local server 10 then performs an encryption procedure on the modified black-and-white list BK'. In practice, the encryption program is implemented by using an encryption algorithm with high security, so that the content protection of the black and white list BK' can be improved, and the content is not easy to tamper.
In another example, in the modification process performed according to the remote command CMD2, the management server 12 issues a remote command CMD2 to the local server 10 through a remote connection, so that the local server 10 can access the storage space 101 according to the remote command CMD2 to perform a decryption process on the black-and-white list BK, thereby obtaining the content of the black-and-white list BK. In analogy to the foregoing example, the local server 10 modifies the content of the black-and-white list BK, and further performs an encryption procedure on the modified black-and-white list BK' after modifying the content of the black-and-white list BK. In one embodiment, the management server 12, through a mechanism of Mobile Device Management (MDM), transmits the remote command CMD2 to the agent APK of the local server 10, and further modifies the content of the black-and-white list BK by the system controller 103 (i.e. black-and-white list controller) of the computer.
In practice, the local server 10 may be considered a local computer, such as a computer assigned to employees by the enterprise, and the management server 12 may be considered a remote administrator computer, such as a computer at the central control end of the enterprise. Specifically, when a user of the local server 10, such as a staff of a business, wants to modify the black-and-white list, a hardware function command CMD1 can be generated by the local server 10, and the modification or change of the black-and-white list BK can be performed according to the hardware function command CMD 1. On the other hand, when a user of the management server 12, for example, a manager of the enterprise computer, wants to modify the black-and-white list, a remote command CMD2 can be sent to the local server 10 through the management server 12 to modify or change the black-and-white list BK. In other words, the server system provided by the present invention has the function of dynamically modifying the black and white list of the local end and the remote path.
In an example of application, the local server 10 or the management server 12 is configured to add at least one option to the content of the black-and-white list BK or remove at least one option from the content of the black-and-white list BK according to the hardware function command CMD1 or the remote command CMD2, respectively. Specifically, the contents of the black-and-white list BK are preset and stored in the storage space 101. The content of the black-and-white list BK may comprise a plurality of black-list options (i.e. restricted options) for use as a basis for determining whether the execution of the computer task is prohibited. For example, the blacklist option of the black-and-white list BK may default to a restriction option associated with a communication software/application proposed by a certain manufacturer (e.g. the Name of the communication software) or a restriction option of a certain router installed outside the company network (e.g. the Name (Name) or Service Set Identifier (SSID)) as an example.
That is, the local server 10 is preset to disallow the installation task of the communication software and to forbid the wiring task of wiring to the router. However, the user of the local server 10 or the management server 12 may change the preset content of the black-and-white list BK according to the actual requirement, and remove the option of the communication software of the manufacturer or the option of the router outside the company network from the black-and-white list BK. In this way, the originally restricted communication software or router connectivity external to the company is changed to be not associated with the restricted option. In this case, the local server 10 may install the communication software/application or perform the connection task to connect to the external router. In another example, the user of the local server 10 or the management server 12 may also change the preset content of the black-and-white list BK according to the actual requirement, and add the originally unrestricted application program or function option to the black-list option for restriction.
In other words, the black and white list BK is mainly used to remotely perform computer related operation tasks, such as installation and removal of software program (APP) restriction, designation of specific WIFI connection, or whether customized special functions can be used. In one embodiment, the system may further incorporate GPS/network positioning restriction functions. In practice, when the black and white list is modified or changed by an unknown user to cause the server to execute a restricted (i.e., "illegal") computer task, such as executing an installer of social software/application program with security concerns or executing a connection task to connect to an unknown router, the confidential files inside the company and enterprise may be leaked and lost. To avoid the above problem, in one embodiment, the user of the local server 10 or the user of the management server 12 must be an authorized user with a key (key) to execute the black-and-white list modification procedure. In other words, in this embodiment, either the user of the local server 10 or the user of the management server 12 must obtain the corresponding key in advance, so that the user can obtain the specific right to modify the black-and-white list.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for determining a computer task suitable for a computer according to an embodiment of the present invention. The computer task judgment method can be applied to the server system 1 in the embodiment of fig. 1. As shown in fig. 2, in step S201, the computer (i.e., "local server 10") modifies the black-and-white list BK according to the control command. Wherein the modification procedure comprises the following sub-steps I to III. In sub-step I, the computer decrypts the black-and-white list BK to obtain the content of the black-and-white list BK, in sub-step II, the computer modifies the content of the black-and-white list BK, and in sub-step III, after modifying the content of the black-and-white list BK, the computer further encrypts the modified black-and-white list BK'.
Next, in step S202, when the computer intends to execute a computer task, the computer performs another decryption procedure on the modified black-and-white list BK 'to read the content of the black-and-white list BK'. In step S203, the computer determines whether the executed computer task is associated with the restricted option based on the contents of the read black-and-white list BK'. If the computer task is not associated with the restricted option, in step S204, the computer allows the computer task to be executed. If the computer task is determined to be associated with the restricted option, in step S205, the computer refuses to execute the computer task. The computer tasks comprise installation tasks of certain specific social/communication software/application programs APP, connection tasks of a certain router or tasks related to system setting.
In an embodiment, the step of performing the procedure of modifying the black-and-white list BK by the control command includes performing the procedure of modifying the black-and-white list BK by the hardware function command CMD1 from the computer (i.e., the local server 10) or the remote command CMD2 from the management server 12. In one embodiment, the step of performing the modification procedure on the black and white list BK by the remote command CMD2 from the remote server 12 includes sending a remote command CMD2 to the system controller 103 by the remote server 12, and then performing the modification procedure on the black and white list BK by the system controller 103 according to the remote command CMD 2. Specifically, the remote server 12 may transmit the remote command CMD2 to the agent APK of the computer (i.e., the local server 10) through a mechanism of Mobile Device Management (MDM), and the agent APK forwards the remote command CMD2 to the system controller 103 (i.e., the black-and-white-list controller) of the computer to modify the content of the black-and-white list BK.
In an embodiment, the modification of the content of the black-and-white list BK includes adding at least one option to the content of the black-and-white list BK or removing at least one option included in the content of the black-and-white list BK. In practice, the content of the black and white list BK includes options of the relevant devices to be restricted, such as a Name (Name) and a Service Set Identifier (SSID) of the router. In practice, the local server 10 will look up the black and white list to determine whether there are related options associated with the computer task (such as the router's connection task), and further filter the limited related options to disable the computer task.
In one embodiment, the control command is from a user with authority to key. Specifically, the user of the local server 10 or the user of the management server 12 must be an authorized user having a key to execute the aforementioned black-and-white list modification procedure. In other words, in this embodiment, either the user of the local server 10 or the user of the management server 12 must obtain the corresponding key in advance to be authenticated as a user with specific rights, so that the black-and-white list content can be modified.
To summarize, in the computer task determination method and the server system having the computer task determination function provided by the present invention, the related restriction option function is mainly unified to summarize a black and white list suitable for most restriction condition formats, and the black and white list is stored in a storage space that is not easy to read, and is encrypted to be used as a secondary protection, and simultaneously, the local and remote servers are allowed to perform a dynamic modification requirement of the black and white list, thereby completing a management mechanism of software and hardware related functions with high security and high practicability, so as to overcome the problem that the traditional server cannot modify the related settings of the software and hardware functions.
Although the present invention has been described with reference to the above embodiments, it should be understood that various changes and modifications can be made therein by those skilled in the art without departing from the spirit and scope of the invention.
Claims (10)
1. A computer task judging method is suitable for a computer, and is characterized in that the computer task judging method comprises the following steps:
the computer performs a modification procedure on a black and white list according to a control instruction, wherein the modification procedure comprises:
carrying out a decryption procedure on the black and white list to obtain the content of the black and white list;
modifying the content of the black and white list; and
after the content of the black and white list is modified, an encryption program is carried out on the modified black and white list;
when executing a computer task, carrying out another decryption program on the modified black and white list to read the content of the black and white list;
judging whether the executed computer task is related to a restricted option on the black and white list according to the read content of the black and white list;
if the computer task is not associated with the restricted option on the black and white list, the computer is allowed to execute the computer task; and
and if the computer task is associated with the limited option on the black and white list, the computer refuses to execute the computer task.
2. The method as claimed in claim 1, wherein the modifying the black and white list with the control command comprises modifying the black and white list with a hardware function command from the computer or a remote command from a management server.
3. The computer task determination method of claim 2, wherein the modifying the black and white list with the remote command from the management server comprises:
sending the remote command to a system controller by the management server; and
and the system controller is used for carrying out the modification program on the black and white list according to the remote instruction.
4. The computer task determination method of claim 1, wherein modifying the content of the black-and-white list comprises adding at least one option to the content of the black-and-white list or removing at least one option included in the content of the black-and-white list.
5. The method of claim 1, wherein the control command is from an authorized user having a key.
6. A server system having a computer task execution function, comprising:
the local server comprises a storage space, a control unit and a processing unit, wherein the storage space is used for storing a black and white list, and the local server is used for selectively providing a hardware function instruction to modify the black and white list; and
the management server is in communication connection with the local server and is used for selectively providing a remote instruction to perform another program modification on the black and white list;
when the local server executes a computer task, the local server carries out a decryption program on the modified black-and-white list to read the content of the black-and-white list so as to judge whether the executed computer task is related to a restricted option on the black-and-white list;
if the computer task is not related to the limited option on the black and white list, the local server allows the computer task to be executed, and if the computer task is related to the limited option on the black and white list, the local server refuses to execute the computer task.
7. The server system with computer task determination function of claim 6, wherein in the modification program, the local server performs another decryption process on the black-and-white list to obtain the content of the black-and-white list to modify the content of the black-and-white list, and after modifying the content of the black-and-white list, the local server further performs an encryption process on the modified black-and-white list.
8. The server system according to claim 6, wherein in the another modification program, the local server performs another decryption program on the black-and-white list according to the remote command of the management server to obtain the contents of the black-and-white list, so as to modify the contents of the black-and-white list, and after modifying the contents of the black-and-white list, the local server further performs an encryption program on the modified black-and-white list.
9. The server system with computer task determination function as claimed in claim 6, wherein the local server or the management server is respectively configured to add at least one option to or remove at least one option from the content of the black-and-white list according to the hardware function command or the remote command.
10. The server system with computer task judgment function according to claim 6, wherein the user of the local server or the user of the management server is an authorized user having a key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810734864.4A CN110688647A (en) | 2018-07-06 | 2018-07-06 | Computer task judging method and server system suitable for same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810734864.4A CN110688647A (en) | 2018-07-06 | 2018-07-06 | Computer task judging method and server system suitable for same |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110688647A true CN110688647A (en) | 2020-01-14 |
Family
ID=69107361
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810734864.4A Pending CN110688647A (en) | 2018-07-06 | 2018-07-06 | Computer task judging method and server system suitable for same |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110688647A (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
CN103870306A (en) * | 2014-02-21 | 2014-06-18 | 北京奇虎科技有限公司 | Method and device for installing application program on basis of intelligent terminal equipment |
CN105656945A (en) * | 2016-03-28 | 2016-06-08 | 北京天地和兴科技有限公司 | Industrial control host safe storage verifying method and system |
CN105740725A (en) * | 2016-01-29 | 2016-07-06 | 北京大学 | File protection method and system |
CN106452721A (en) * | 2016-10-14 | 2017-02-22 | 牛毅 | Method and system for instruction identification of intelligent device based on identification public key |
CN106951781A (en) * | 2017-03-22 | 2017-07-14 | 福建平实科技有限公司 | Extort software defense method and apparatus |
US20170353460A1 (en) * | 2016-06-03 | 2017-12-07 | Honeywell International Inc. | Apparatus and method for preventing file access by nodes of a protected system |
-
2018
- 2018-07-06 CN CN201810734864.4A patent/CN110688647A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
CN103870306A (en) * | 2014-02-21 | 2014-06-18 | 北京奇虎科技有限公司 | Method and device for installing application program on basis of intelligent terminal equipment |
CN105740725A (en) * | 2016-01-29 | 2016-07-06 | 北京大学 | File protection method and system |
CN105656945A (en) * | 2016-03-28 | 2016-06-08 | 北京天地和兴科技有限公司 | Industrial control host safe storage verifying method and system |
US20170353460A1 (en) * | 2016-06-03 | 2017-12-07 | Honeywell International Inc. | Apparatus and method for preventing file access by nodes of a protected system |
CN106452721A (en) * | 2016-10-14 | 2017-02-22 | 牛毅 | Method and system for instruction identification of intelligent device based on identification public key |
CN106951781A (en) * | 2017-03-22 | 2017-07-14 | 福建平实科技有限公司 | Extort software defense method and apparatus |
Non-Patent Citations (1)
Title |
---|
柴欣等: "《大学计算机基础教程(第5版)》", 31 July 2011, 中国铁道出版社 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220198047A1 (en) | Process Control Software Security Architecture Based On Least Privileges | |
US9602549B2 (en) | Establishing trust between applications on a computer | |
US10255446B2 (en) | Clipboard management | |
US9106406B2 (en) | Communication apparatus and key managing method | |
WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
US20130247147A1 (en) | Creating a virtual private network (vpn) for a single app on an internet-enabled device or system | |
JP2017527919A (en) | Preserve data protection with policies | |
JP2017511619A (en) | Secure voice and data method and system | |
US20180063088A1 (en) | Hypervisor network profiles to facilitate vpn tunnel | |
WO2017166362A1 (en) | Esim number writing method, security system, esim number server, and terminal | |
EP4350554A2 (en) | Secure count in cloud computing networks | |
RU2546585C2 (en) | System and method of providing application access rights to computer files | |
WO2016206393A1 (en) | Method and apparatus for managing application and method and apparatus for implementing read-write operation | |
KR102542213B1 (en) | Real-time encryption/decryption security system and method for data in network based storage | |
KR101203722B1 (en) | Apparatus and method for data protection | |
CN110688647A (en) | Computer task judging method and server system suitable for same | |
TWI668633B (en) | Method of authorization for computer tasks and server system with funtion of authorization for computer tasks | |
CN111753263A (en) | Non-inductive encryption and decryption method based on macOS system | |
KR20160102915A (en) | Security platform management device for smart work based on mobile virtualization | |
JP2006190050A (en) | Multitask execution system and multitask execution method | |
US11784978B2 (en) | Method for establishing remote work environment to ensure security of remote work user terminal and apparatus using the same | |
CN117034330B (en) | macOS-based safety protection method, macOS-based safety protection equipment and storage medium | |
KR101236991B1 (en) | Apparatus and method for encrypting hard disk | |
CN116450293A (en) | Method for improving cloud native application safety | |
EP2750068B1 (en) | System and method for protecting computer resources from unauthorized access using isolated environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200114 |