CN111726328A - Method, system and related device for remotely accessing a first device - Google Patents

Abstract

The invention discloses a method, a system and a related device for remotely accessing a first device. The method comprises the following steps: creating a session between a first device and a second device in response to a received remote access request from the second device for the first device; receiving a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device; and sending the first equipment login request to the first equipment so as to log in the first equipment based on the user login information, wherein a user account corresponding to the first equipment login request is different from a user account currently logged in locally by the first equipment. Therefore, remote access and control of the first device are safely and conveniently realized.

Description

Method, system and related device for remotely accessing a first device

Technical Field

The present invention relates to the field of internet technologies, and in particular, to a method and a system for remotely accessing a first device, and a related device, a computing device, and a storage medium.

Background

With the continuous deepening of social informatization, key tasks of key industries increasingly depend on Industrial Personal computers, and low-cost Industrial control automation based on Industrial control computers (Industrial Personal computers, IPCs for short) is becoming mainstream. As more and more devices are put into use, various problems inevitably occur in the process of using the devices by users, and how to effectively solve the problems encountered by the users becomes an important problem faced by various manufacturers.

At present, most terminal devices in an industrial server are based on a windows operating system, when a terminal device fails, a technician is usually required to go to the location of the failed device or use some third-party tools to perform problem troubleshooting, and the problem is also faced when the edge computing is applied to an industrial personal computer. However, in these failure solutions, either a third-party tool needs to be installed on the device side, or each device occupies one network port of the server, and a complicated configuration needs to be performed on the server side, and the server provides related services to the outside, which may not only guarantee the security, but also facilitate failure analysis for a large number of devices, resulting in low detection and control efficiency.

Thus, there is still a need for an efficient and secure solution.

Disclosure of Invention

It is an object of the present disclosure to provide a method, system and related device for remote access to a first device to address at least one of the problems set forth above.

According to one aspect of the present disclosure, there is provided a method for remotely accessing a first device, applied to a server, the method including: creating a session between a first device and a second device in response to a received remote access request from the second device for the first device; receiving a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device; and sending the first equipment login request to the first equipment so as to log in the first equipment based on the user login information, wherein a user account corresponding to the first equipment login request is different from a user account currently logged in locally by the first equipment.

Optionally, the user account corresponding to the first device login request and the local user account of the first device login request simultaneously login to the first device, and access to the first device independently and without mutual influence.

Optionally, a plurality of user accounts are set on the first device, and the method further includes: during the session between one second device and the first device, a session between another second device and the first device is created, the user account corresponding to the another second device is different from the user account corresponding to the one second device and is different from the user account currently logged in locally by the first device, and the user account corresponding to the one second device, the user account corresponding to the another second device and the user account local to the first device are logged in the first device simultaneously, and the first device is accessed independently and independently of each other.

Optionally, the step of creating a session between the first device and the second device includes: creating and recording a session identifier of the session; and returning a handshake response to the second device, wherein the handshake response comprises the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

Optionally, the step of creating a session between the first device and the second device further includes: sending a session creation request to the first device; and acquiring a password from a session establishing response from the first equipment, wherein the handshake response further comprises the password, and the passwords are carried in messages from the first equipment and the second equipment during the session.

According to another aspect of the present disclosure, there is also provided a device access management method applied to a first device to be accessed, the method including: logging in the first device with a first user account based on first user login information of the first user account locally input at the first device; receiving a first device login request initiated by a second device, wherein the first device login request comprises second user login information of a second user account on the first device; and under the condition that the first device is logged in by a first user account, logging in the first device by a second user account based on the second user login information, wherein the second user account is different from the first user account currently logged in locally by the first device.

Optionally, the first user account and the second user account are logged in the first device at the same time, and access to the first device is independent of each other and does not affect each other.

Optionally, a plurality of user accounts are set on the first device, and the method further includes: when a first device is logged in through a first user account and the first device is logged in through a second user account, the first device is logged in through a third user account corresponding to another second device, the third user account is different from the first user account and the second user account, the first user account, the second user account and the third user account are logged in the first device at the same time, and the first device is accessed independently and independently of one another.

According to one aspect of the present disclosure, there is provided a method for remotely accessing a first device, applied to a server, the method including: receiving a remote access request from a second device for a first device, the remote access request including device association information of the first device; verifying the remote access authority of the second device to the first device based on the device association information; creating a session between the first device and the second device if the second device has a right to remotely access the first device.

Optionally, the step of creating a session between the first device and the second device includes: creating and recording a session identifier of the session; and returning a handshake response to the second device, wherein the handshake response comprises the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

Optionally, during the session, based on a session identifier carried in a message, message forwarding is performed between the second device and the first device.

Optionally, the step of creating a session between the first device and the second device further includes: sending a session creation request to the first device; and acquiring a password from a session establishing response from the first equipment, wherein the handshake response further comprises the password, and the passwords are carried in messages from the first equipment and the second equipment during the session.

Optionally, during the session, the messages from the first device and the second device comprise messages corresponding to a plurality of service types, wherein the service types comprise at least one of: SSH service; an HTTP service; FTP service; telnet service; a remote desktop service; link Edge service; and no service.

Optionally, after creating the session between the first device and the second device, the method further includes: receiving a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device; and sending the first equipment login request to the first equipment so as to login the first equipment based on the user login information.

Optionally, a plurality of user accounts are set on the first device, a user account corresponding to a first device login request is different from a user account currently logged in locally by the first device, and the user account corresponding to the first device login request and the first device local user account are logged in the first device simultaneously, and access to the first device is independent of each other and does not affect each other.

Optionally, the method further comprises: during the session between one second device and the first device, a session between another second device and the first device is created, the user account corresponding to the another second device is different from the user account corresponding to the one second device and the user account currently logged in locally by the first device, and the user account corresponding to the one second device, the user account corresponding to the another second device and the user account locally logged in the first device are logged in the first device simultaneously, and the first device is accessed independently and independently from each other.

Optionally, the method further comprises: receiving a registration request from the first device, the registration request including device association information of the first device; verifying whether the first device is allowed to be remotely accessed based on the device association information.

Optionally, the step of verifying the remote access right of the second device to the first device includes: sending the device association information included in the remote access request to an internet of things server so that the internet of things server can verify the remote access authority of the second device to the first device; and receiving a verification result of the Internet of things server for the equipment association information included in the remote access request.

Optionally, the step of verifying whether the first device is allowed to be remotely accessed comprises: sending the device association information included in the registration request to an internet of things server so that the internet of things server verifies whether the first device is allowed to be remotely accessed; and receiving a verification result of the Internet of things server for the equipment association information included in the registration request.

Optionally, the device association information of the first device is pre-stored locally in the internet of things server or on a device accessible by the internet of things server, and when the signature verification of the device association information carried in the remote access request and the pre-stored device association information is successful, it is determined that the second device has a remote access right item for the first device; and/or under the condition that the signature verification of the device association information carried in the registration request and the pre-stored device association information is successful, judging that the first device is allowed to be remotely accessed.

Optionally, the device association information of the first device includes device information, service access information, and a character string to be signed, where the service access information is allocated to the first device by a base station to which the first device accesses when the first device accesses the internet of things.

Optionally, the method may further include: establishing a bidirectional communication connection with the first equipment based on a websocket protocol; and/or establishing a bidirectional communication connection with the second equipment based on a websocket protocol.

Optionally, the method may further include: sending a session release instruction to the first equipment in response to a request for closing the websocket connection from the second equipment; and receiving session closing confirmation information returned by the first equipment.

According to another aspect of the present disclosure, there is also provided a method for remotely accessing a first device, applied to a second device, the method may include: sending a remote access request for a first device to a server in response to a remote access operation for the first device, the remote access request including device association information of the first device; receiving a handshake response returned by the server, wherein the handshake response corresponds to a session between the first device and the second device, which is created by the server under the condition that the second device has the right of remote access to the first device; and during the session, performing message interaction with the first device through the server.

Optionally, the handshake response includes the session identifier, and the messages from the first device and the second device during the session both carry the session identifier.

Optionally, the method may further include: sending a first device login request to a server, wherein the first device login request comprises user login information of a user account on the first device; and receiving a response returned by the server for logging in the first equipment based on the user login information.

Optionally, a plurality of user accounts are set on the first device, and a user account corresponding to the first device login request is different from a user account currently logged in locally by the first device.

Optionally, the method may further include: and establishing a bidirectional communication connection with the server based on a websocket protocol.

Optionally, the method may further include: and responding to the operation of closing the session, and sending a request for closing the websocket connection to the server.

According to another aspect of the present disclosure, there is also provided a method of being remotely accessed, applied to a first device, the method may include: receiving a session creation request sent by a server to create a session between a second device and the first device, wherein the session creation request is issued by the server when the second device has a right to remotely access the first device; establishing a service connection between the first device and a system service thereon in the case that the first device is allowed to be remotely accessed; and sending a session creation response to the server.

Optionally, the method may further include: sending a registration request to a server, the registration request including device association information of the first device, so that the server verifies whether the first device is allowed to be remotely accessed based on the device association information; and receiving a handshake response returned by the server.

Optionally, the method may further include: during the present session, performing message interaction with the second device via the server.

Optionally, the session creation response includes a password generated by the first device in response to the session creation request, and during the session, messages from the first device and the second device both carry the password.

Optionally, the method may further include: receiving an instruction from a server to release a session between the second device and the first device; disconnecting the service connection between the first device and the system service on the first device; and returning session closing confirmation information to the server.

Optionally, the method may further include: and establishing a bidirectional communication connection with the server based on a websocket protocol.

According to another aspect of the present disclosure, there is also provided a server for remote access to a first device, including: session creation means for creating a session between a first device and a second device in response to a received remote access request for the first device from the second device; a first remote login device, configured to receive a first device login request from the second device, where the first device login request includes user login information of a user account on the first device; and the second remote login device is used for sending the first equipment login request to the first equipment so as to log in the first equipment based on the user login information, wherein a user account corresponding to the first equipment login request is different from a user account currently logged in locally by the first equipment.

According to another aspect of the present disclosure, there is also provided a first device for performing device access management, including: first login means for logging in the first device with a first user account based on first user login information of the first user account locally input at the first device; the login information receiving device is used for receiving a first equipment login request initiated by second equipment, wherein the first equipment login request comprises second user login information of a second user account on the first equipment; and a second login device, configured to log in the first device with a second user account based on the second user login information when logging in the first device with the first user account, where the second user account is different from the first user account. According to another aspect of the present disclosure, there is also provided a remote access system, the system including a server, a second device, and a first device, the second device transmitting a remote access request for the first device to the server, the remote access request including device association information of the first device; the server verifies the remote access authority of the second device to the first device based on the device association information, and creates a session between the first device and the second device if the second device has the authority of remote access to the first device and the first device is allowed to be accessed.

According to another aspect of the present disclosure, there is also provided a server for remote access to a first device, including: a remote access means for receiving a remote access request from a second device for a first device, the remote access request including device association information of the first device; the permission verification device is used for verifying the remote access permission of the second equipment to the first equipment based on the equipment association information; session creation means for creating a session between the first device and the second device when the second device has a right to remotely access the first device.

According to another aspect of the present disclosure, there is also provided a second device for remote access to a first device, including: a remote access means for sending a remote access request for a first device to a server in response to a remote access operation for the first device, the remote access request including device association information of the first device; session means, configured to receive a handshake response returned by the server, where the handshake response corresponds to a session between the first device and the second device that is created by the server when the second device has a right to remotely access the first device; and the interaction device is used for carrying out message interaction with the first equipment through the server during the session.

According to another aspect of the present disclosure, there is also provided a first device to be remotely accessed, including: a session device, configured to receive a session creation request sent by a server to create a session between a second device and a first device, where the session creation request is issued by the server when the second device has a right to remotely access the first device; service connection means for establishing a service connection between the first device and a system service above the first device, in a case where the first device is allowed to be remotely accessed; and a session response means for sending a session creation response to the server.

According to another aspect of the present disclosure, there is also provided a computing device comprising: a processor; and a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method as described above.

According to another aspect of the present disclosure, there is also provided a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method as described above.

Therefore, by the remote access scheme disclosed by the invention, remote access, detection and control for a large number of terminal devices can be safely and efficiently realized. In addition, the scheme is simple in configuration and small in occupied resource, and the operation and maintenance cost of the equipment can be greatly reduced.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.

Fig. 1 shows a schematic structural diagram of a remote access system according to one embodiment of the present disclosure.

FIG. 2 shows a flow diagram of remote access according to one embodiment of the present disclosure.

Fig. 3 shows a flow diagram of a remote access method applied to a server according to one embodiment of the present disclosure.

Fig. 4 shows a schematic block diagram of a server according to one embodiment of the present disclosure.

Fig. 5 shows a flow diagram of a remote access method applied to a second device according to one embodiment of the present disclosure.

Fig. 6 shows a schematic block diagram of a second device according to an embodiment of the present disclosure.

Fig. 7 shows a flowchart diagram of a method of being remotely accessed applied to a first device according to one embodiment of the present disclosure.

Fig. 8 shows a schematic block diagram of a first device according to one embodiment of the present disclosure.

FIG. 9 shows a schematic structural diagram of a computing device, according to one embodiment of the present disclosure.

Detailed Description

Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

FIG. 1 shows a schematic diagram of a remote access system according to one embodiment of the present disclosure.

As shown in fig. 1, the remote access system 100 of the present disclosure may include a server 110, a second device 120, and a first device 130.

The server 110 may be any server capable of providing information required for an interactive service through a network. In a preferred embodiment, the server may be a cloud server, which can provide simple, efficient, secure, reliable, and processing-capacity scalable computing services for users.

The second device 120 and/or the first device 130 are any suitable electronic device that may be used for network access, including but not limited to a smartphone, tablet, internet of things device, or other portable client.

The network may be a network for information transfer in a broad sense and may include one or more communication networks such as a wireless communication network, the internet, a private network, a local area network, a metropolitan area network, a wide area network, or a cellular data network, among others.

In one embodiment, the second device 120 and/or the first device 130 may have an operating system installed or running thereon, which may include, but is not limited to, a Linux system, an Android system, an IOS system, a Windows system, FreeBSD, MacOS X, and the like. The operating system installed or running may be different for different device types. Furthermore, tool software, application programs, network protocols and the like can be run on the operating system so as to provide relevant services for the equipment.

It should be understood that the description herein and of the disclosure as "first" or "second" below is intended to distinguish between the objects described, and not to specify any order or magnitude explicitly or implicitly. In the embodiment of the present disclosure, the "first device" and the "second device" may be the same device or different devices.

In the embodiment of the present disclosure, the first device is used as a target terminal that is allowed to be remotely accessed, and the second device is used as a control terminal for remotely accessing the first device.

The first device that is allowed to be remotely accessed is any suitable electronic device that can be used for network access, and the first device can be made to have a function that is allowed to be remotely accessed, for example, by deploying a remote terminal service on the first device.

The remote terminal service can be implemented in various forms. For example, the application or the client installed and running on the device independently may be a functional service embedded in another application, or may be a browser installed and running on the device, which is not limited in this disclosure. In one embodiment, the remote terminal service of the first device side of the present disclosure may be based on a C/S architecture, i.e., the remote terminal service may be implemented as a client installed and running on the device.

The Remote terminal service may communicate with a system service on the first device side to allow processing of first device Data, such as RDS (Remote Data Services) and a series of Services involved.

The first device may be, for example, a computer, or may also include various devices related to various fields, such as a control site, a road and bridge control charging system, a medical instrument, environmental protection monitoring, communication security, an intelligent traffic control system, building monitoring security, a voice call center, a queuing machine, a POS counter cash register, a numerical control machine, a fuel dispenser, financial information processing, petrochemical data acquisition processing, geophysical prospecting, field portable work, environmental protection, military, electric power, railways, highways, aerospace, subways, intelligent buildings, and the like.

In one embodiment, the first device may be an edge device (edge device) that provides an entry point to an enterprise or service provider core network. For example: routers, routing switches, Integrated Access Devices (IADs), multiplexers, and various Metropolitan Area Network (MAN) and Wide Area Network (WAN) access devices. The edge device may also provide connectivity to operator and service provider networks.

The second device for remote access to the first device is a control terminal that can interact with an operator and can remotely access, detect and control the first device. Preferably, the second device may have computer properties and features, such as having a computer motherboard, CPU, hard disk, memory, peripherals and interfaces, and may have an operating system, control networks and protocols, computing capabilities, friendly human-machine interfaces, etc. The second device may be, for example, a computer, a smartphone, a tablet, an industrial control computer, or the like.

The first device and/or the second device may be determined according to an actual application scenario, which is not limited by the present disclosure.

Fig. 1 shows only a single server, a single second device and a single first device, and details are given in the following description only for the single server, the single second device and the single first device at least for convenience of explanation, and no limitation is implied on the type or function or location, etc. of the first device, the second device and the server. It should be understood by those skilled in the art that the remote access system of the present disclosure may include at least one server, at least one control terminal, i.e., the second device, and a large number of target terminals, i.e., the first devices, existing in a real network, and the present disclosure is not limited thereto.

For a better understanding of the functions implemented by the remote access system of the present disclosure with the servers and associated devices in the system, a detailed description will follow in conjunction with the flow chart shown in fig. 2.

The related parties involved in the whole interaction process of the remote access scheme may include not only the server, the first device and the second device included in the remote access system, but also, for example, an operator performing a remote access operation on the second device side, a related server (e.g., an internet of things server) associated with the server, and a system service layer providing a remote terminal service for the first device. Moreover, the whole process may also be divided into different processing stages according to the interaction timing sequence, for example, a remote terminal service starting stage at the first device side, a window opening stage at the second device side, a message interaction stage between the second device and the first device, and a window closing stage at the second device side.

It should be understood that the references to, for example, an operating system, a control network and protocol, a control flow, etc., in the following embodiments are merely examples and are not intended to limit the present disclosure in any way, nor are the order in which the various steps referenced herein are performed.

Referring to fig. 2, a remote terminal service may first be deployed and launched (activated) on the first device 130 so that the first device 130 may act as a target terminal that is allowed to be remotely accessed.

In step S100, the first device 130 establishes a bidirectional communication connection between it and the server 110. In one embodiment, the bi-directional communication connection between the first device 130 and the server 110 may be established based on the websocket protocol, which may be a long connection.

Specifically, the first device 130 may send a websocket handshake request to the server 110. The server 110 may receive the websocket handshake request sent by the first device 130, generate response information based on the websocket handshake request, and send the response information to the first device 130. Thus, the communication connection between the first device 130 and the server 110 is successfully established, and both subsequent interaction operations can be performed through the communication connection, for example, the server 110 can send, for example, a control instruction to the first device 130, and the first device 130 can feed back a response or other information to the server 110.

In step S101, the first device 130 sends a handshake request (for requesting initiation of a remote terminal service on the first device 130, which may also be referred to as a registration request at this stage) to the server 110 in order to deploy the remote terminal service on the first device 130 side (or initiate the remote terminal service on the first device side) to obtain authorization to allow remote access to the first device.

The registration request carries the device association information of the first device 130. In step S102, the server 110 may verify whether the first device 130 is allowed to remotely access based on the device association information carried in the registration request.

The device-related information of the first device 130 may include parameters such as device information, service access information, and a character string to be signed. The device information may include, for example, a device identification for identifying the device, device supported service list information, device supported signature algorithms, and so on. The service access information may be assigned to the first device 130 by a base station or a gateway that the first device accesses when accessing a related network (e.g., the internet of things), and may include, for example, an assigned product model (product _ key), a device identifier (device _ name), a version number, and the like. In other embodiments, the device association information may also include, for example, networking IP address information, MAC addresses, etc. of the devices. It should be understood that the above-mentioned device association information is only an illustrative example and is not limited thereto, and the device association information of the present disclosure may also include other information for authentication of the first device or the service deployed thereon, and the like.

The device-related information of the first device 130, particularly the device information and the service access information, may be pre-stored in a related network server corresponding to a related network to which the first device 130 is connected or a device that can be accessed by the related network server, and a device key (device _ secret) may be stored in the related network server or the device that can be accessed by the related network server in an associated manner, so as to perform signature verification on the device-related information of the first device 130.

In one embodiment, the server 110 may communicate with an associated network server (e.g., an internet of things server) to authenticate the first device 130 desiring to initiate the remote terminal service to verify whether the first device 130 is allowed to be remotely accessed, thereby enabling the first device 130 to be remotely accessed.

Specifically, for example, the server 110 may send the device association information included in the registration request to the internet of things server. The internet of things server may compare the device association information carried in the registration request with the device association information of the first device 130 pre-stored in the internet of things server or the device accessible thereto, sign and verify the device association information, and return authentication response information, for example, a verification result of the internet of things server for the device association information included in the registration request, to the server 110.

The internet of things server may perform signature verification on the device association information carried in the registration request based on the device key information corresponding to the first device, and if the verification is successful, determine that the first device 130 is allowed to be remotely accessed, and return response information indicating that the authentication is successful to the server 110. In case of the verification failure, it is determined that the first device 130 is not allowed to be remotely accessed, and response information of authentication failure, which may further include a detailed error reason, etc., is returned to the server 110.

As an example, the internet of things server of the present disclosure may perform authentication verification based on a signature algorithm of a gateway triplet corresponding to the first device as follows.

For example, the gateway triplet corresponding to the first device may be:

“product_key”:“a1NCDGc4lkw”

“device_name”:“zhangsan_gateway”

“device_secret”:“6x8bMz4GeeqTrx4cX66DYts1udwkxWhU”

the string to be signed is:

clientIdalibaba_iotdeviceNamezhangsan_gatewayproduct_keya1NCDGc4lkwtimestamep1541070000

after that, the server 110 returns a handshake response to the first device 130 at step S103. Wherein, under the condition that the authentication verification is successful in the step S102, a successful handshake response is returned in the step S103; in the case where the authentication verification fails at step S102, a handshake failure response is returned at step S10, and failure details are notified.

Thus, by deploying the remote terminal service on the first device 130 and simply configuring, the authorization of being allowed to remotely access is obtained so that other devices (e.g., the control terminal, i.e., the second device) can remotely access it, thereby implementing remote detection, remote control, remote file management, etc., thereby reducing operation and maintenance costs. In addition, the deployed remote terminal services occupy less resources and have high safety factors, and the server is not required to provide services to the outside. The remote terminal service can be deployed in a large number of devices, so that the control terminal can conveniently realize remote access and control on the mass devices, the control cost can be greatly reduced, and the control rate can be improved.

The above description describes a process of deploying a remote terminal service on the first device 130 in a remote access process. It should be understood by those skilled in the art that the first device 130 described in the embodiment of the present disclosure may communicate with the server in advance and deploy a remote terminal service thereon (for example, during an on-line stage of the device), so that the first device 130 has a function capable of being remotely accessed, and then, in the case that another device (for example, a control terminal) has a remote access requirement for the first device 130, the server 110 can conveniently communicate with the first device 130 so as to establish a remote access connection channel between the other device and the first device 130, so as to realize remote access to the first device 130.

For example, when the first device is deployed with a remote terminal service (or at any time before remote access is performed by other remote devices), a plurality of user accounts capable of logging in on the first device side may be created through configuration, so that when the other devices have a need for remote access to the first device, after authentication verification, the other devices may log in the first device remotely based on any of the plurality of user accounts, thereby facilitating invocation of related services on the first device side (details will be described later).

In the case where other devices (e.g., the second device 120) have a need for remote access to the first device 130, an operator on the side of the second device 120 may initiate a remote access request by interacting with displaying an associated control interface (e.g., a management window) on the second device 120 at step S200. For example, the operator performs a remote access operation by clicking a remote access control displayed on the display interface of the second device.

The remote access request may correspond to a specific service type, or may include a plurality of service types, for example, may include at least one SSH service as described below; an HTTP service; FTP service; telnet service; a remote desktop service; a LinkEdge service; and no service. And, the messages from the first device and the second device may include messages corresponding to a plurality of service types.

On the second device 120 side, for example, the browser-based B/S architecture or the client-based C/S architecture may be used. In order to facilitate remote access and management of the plurality of target terminals, in one embodiment, the operator may log in a management account capable of managing the plurality of target terminals in advance in a browser or a client, and the related control interfaces may be interfaces corresponding to the management account. The present disclosure is not limited to a particular manner of management.

Thereafter, at step S201, the remote access control interface is presented to the operator at the second device 120.

And, in step S202, the second device 120 establishes a bidirectional communication connection between it and the server 110.

In one embodiment, the bi-directional communication connection between second device 120 and server 110 may be established based on the websocket protocol. The details of establishing the connection are the same as those of the first device, and may specifically refer to the above related description, which is not described herein again.

In step S203, the second device 120 sends a handshake request (i.e., a remote access request for the first device) to the server 110 to establish a remote access communication connection with the first device 130. The remote access request may include device association information of the first device 130, and the information may be recorded in the management account in advance, or may be obtained based on the management account, or may be input or selected by an operator in advance and on the second device side, which is not limited by the present disclosure.

In step S204, the server 110 verifies the remote access right of the second device 120 to the first device 130 based on the device association information carried in the remote access request.

Similar to the authentication verification of the identity of the first device 130, here, the server 110 may also communicate with the internet of things server to enable verification of the remote access rights of the second device 120 to the first device 130.

Specifically, for example, the server 110 may send the device association information carried in the remote access request to the internet of things server. The internet of things server may compare the device association information carried in the remote access request with the device association information of the first device 130 pre-stored in the internet of things server or the device accessible thereto, sign and verify the device association information, and return authentication response information to the server 110, for example, a verification result of the internet of things server for the device association information included in the remote access request.

The internet of things server may perform signature verification on the device-associated information carried in the remote access request based on the device key information corresponding to the first device, and determine that the second device has the right to perform remote access on the first device when the verification is successful, and return response information indicating that the authentication is successful to the server 110. In case of the verification failure, it is determined that the second device 120 does not have the right to remotely access the first device 130, and response information of the authentication failure is returned to the server 110, where the response information may further include a detailed error reason and the like. For details, see the above description of the authentication verification of the first device 130, which is not described herein again.

Thereafter, in step S205, in the case that the second device 120 has the right to remotely access the first device, the server 110 sends a create Session request to the first device 130 to request to create a Session (Session) between the first device 130 and the second device 120, so as to facilitate the remote access of the second device to the first device.

After receiving the create session request, the first device 130 establishes a service connection with a remote terminal service layer (including related services involved in the remote access) so that the second device 120 can invoke the device service when performing the remote access to the first device 130 at step S206.

In step S207, the first device 130 returns a session creation response to the server 110. The session creation response includes the password returned from the first device 130, and may further include a session identifier created for the session by the first device 130.

The server 110 returns a handshake response to the second device 120 at step S208.

Wherein, the server 110 obtains the password and the session identification from the session creating response from the first device 130 after receiving the session response from the first device, and records the password and the session identification. And obtains the password on the server side by calling a predetermined interface (e.g., startdevicedubug interface) to verify the password returned by the first device 130.

In the case where the authentication for the password fails, the session creation between the first device and the second device fails, and the server 110 returns a failure handshake response to the second device 120 and informs of the details of the failure.

In case the password authentication is successful, the session creation between the first device and the second device is successful, and the server 110 includes the password and the session identification in the handshake response returned to the second device 120.

After the session between the second device 120 and the first device 130 is established, during the session, the second device 120 and the first device 130 may perform message interaction based on the established communication connection, so as to implement remote access and remote control of the second device 120 to the first device 130. During the session, the password and the session identifier may be carried in a message (e.g., a message header summary) interacted between the first device and the second device, so that the receiving party can correctly parse the message. And during the session, the server 110 can forward the message between the second device and the first device based on the session identifier carried in the message, so as to implement message interaction between the two devices.

In the process of remotely accessing the first device 130 by the second device 120, in order not to affect the use and control of the user on the first device 130 side on the first device 130, the embodiment of the present disclosure further provides a remote login function, so that an operator on the second device 120 side can remotely log in the first device 130 by using the user account on the first device 130.

Method for remote logging in of an operator of a second device to a first device

The user account may be pre-established and configured at the first device 130 (e.g., at the time the remote terminal service is deployed on the first device or at any time prior to remote access by other remote devices), and invocation of the relevant service running on the device may be enabled based on the established user account login. The login information corresponding to the user account may be notified to the operator on the second device 120 side in advance, or may be stored in advance in the second device 120 or a device that can be acquired by the operator.

After the first device is successfully remotely logged in based on the user account, the operator at the second device side can realize remote access to the first device and call of related services on the first device based on the user account.

In the case where the first device side has currently logged in one user account locally, the user account used by the operator on the second device side to remotely log in the first device (i.e., the user account corresponding to the first device login request from the second device) is different from the user account currently logged in locally at the first device 130, and the user account corresponding to the first device login request from the second device may log in the first device simultaneously with the local user account of the first device, and the two user accounts may access the first device independently and independently of each other.

Therefore, in the case that the first device side has deployed the remote terminal service to allow remote access, when various problems such as a first device failure occur (or periodic check on the first device is required), the relevant maintenance personnel can log in the relevant management account through a network device (such as a smart phone, a tablet computer, a notebook computer, a desktop computer and the like) with a display screen through a browser, and create a session between the network device and the first device and realize remote login on the first device through some simple operations of relevant controls of a management window on the display screen, so that the maintenance personnel can remotely log in the first device and realize remote call on the relevant service of the first device side, thereby conveniently realizing detection and investigation on the device failure reason and the like.

Therefore, a third-party tool does not need to be installed or operated on the networking equipment side, and a maintenance person does not need to go to an equipment site, so that the operation and maintenance cost of the first equipment can be greatly reduced, and the service quality and the user experience of the first equipment side user are improved.

Moreover, due to the verification of the remote access right of the second device, the remote access can be allowed and the session can be established only when the verification of the remote access right of the second device is successful, and the session and the remote access are forbidden to be established when the verification of the remote access right of the second device is failed, so that the device security of the first device is guaranteed. The establishment of the session between the second device and the first device and the request for remote access do not need to be approved or operated by the user on the first device, and even if the first device 130 is unattended, the remote access of the second device to the first device 130 is not affected, which facilitates the smooth proceeding of the remote access process.

In addition, during the remote access, since the user account used for the remote login is different from the user account currently logged in the first device locally and can log in the first device simultaneously and the accesses are independent and independent from each other, the remote access of the second device 120 to the first device 130 will not affect the operation and control of the user on the first device 130 side, and under the condition that the user on the first device side is unknown, the detection and the troubleshooting of various problems of the first device can be conveniently realized in a manner similar to the device background operation detection.

For convenience of distinction, in the embodiment of the present disclosure, the user account currently logged in locally by the first device 130 may also be referred to as a "first user account", and the login information corresponding to the "first user account" may also be referred to as "first user login information". Accordingly, a user account that one second device desires to remotely log in to the first device is called a "second user account", and login information corresponding to the "second user account" is called "second user login" information. The first and second elements mentioned above and in the embodiments of the present disclosure are only for convenience of distinction and are not intended to limit the order or function thereof in any way. It should be understood that in the case where there is also another device (e.g., another second device described below) that desires to remotely log in at the first device, the user account used for the remote login at the other device may be referred to as a "third user account", and the login information corresponding to the "second user account" may be referred to as "third user login" information.

In one embodiment, a plurality of user accounts may be pre-provisioned on the first device 130, and may allow a session to be established between each of the plurality of second devices and the first device, respectively, and allow the plurality of second devices 120 to remotely log into the first device 130 based on the plurality of user accounts, respectively, to enable remote access to the first device 130 by different second devices, respectively. It is desirable that the user accounts used for remote login on the first device are different from each other (and different from the user account used for local login on the first device), and the first device can be logged in at the same time and accessed independently and independently from each other.

In other words, on the first device side, the first device may be logged in with the first user account and the related service on the first device side may be conveniently invoked based on the first user login information of the first user account locally input on the first device. When other devices have the requirement of remote access, the first device can be simultaneously logged in based on other user accounts which are provided by other devices and belong to the first device. During the period of logging in the first device based on different user accounts at the same time, the different user accounts can access the first device independently, the different user accounts do not influence each other, and wrong message analysis and instruction analysis can not occur.

Therefore, under some conditions, for example, when a plurality of devices all have a requirement for remote access to the first device, or for example, when a maintenance worker needs to call a plurality of services on the side of the first device, the maintenance worker can respectively realize remote login to the first device through a plurality of second devices and a plurality of different user accounts, and respectively call different services (for example, SSH service, FTP service, Telnet service, remote desktop service, and the like) based on different user accounts, so as to respectively realize detection and troubleshooting of problems of each service, so that a plurality of detections for the first device can be respectively realized independently and without mutual influence, thereby greatly shortening detection time and improving detection efficiency.

As mentioned above, the first device can be logged in simultaneously based on a plurality of user accounts, and the first device can be accessed independently and independently from each other by different user accounts. Therefore, during the session between one second device and the first device, if a session between another second device and the first device is created, the user account corresponding to the another second device, namely the third user account, is different from the user account corresponding to the one second device, namely the second user account, and is also different from the user account currently logged in the first device, namely the first user account, and the first user account, the second user account and the third user account can access the first device independently and independently from each other.

In other words, in the same time period (which may be a completely corresponding time period or a time period with time overlap), if there are sessions between a plurality of second devices and the first device, respectively, user accounts corresponding to first device login requests from different second devices are different and different from a user account currently logged in locally by the first device, and the user account corresponding to the first device login request from different second devices and the user account currently logged in locally by the first device each access the first device independently of each other. And, messages between different second devices and the first device can be identified and parsed based on their respective passwords and session identifications. Therefore, the remote access and control of the target equipment by the control terminals and the use and control of the target equipment by the local user of the target equipment are not mutually influenced, and the control of multiple users on the same equipment can be safely and conveniently realized. Returning to the flowchart shown in fig. 2, in one embodiment, after the session establishment between the second device 120 and the first device 130 is completed, a telnet interface may be displayed on the second device 120 side so that an operator on the second device 120 side provides (e.g., inputs) user login information that he desires to telnet on the first device. For example, the device-side user name required for invoking the device service, the password corresponding to the device-side user name required for invoking the device service, and the like.

In step S209, the operator on the second device 120 side performs a telnet operation by interacting with the telnet interface, including inputting user account information, clicking a submit control, and the like.

In step S210, the second device 120 may present a waiting interface for remote login to the operator, for example.

Also, the second device 120 transmits a first device telnet request to the server 110 to request telnet onto the first device 130 at step S211. The remote login request may include user login information of the user account on the first device 130, for example, a device-side user name required for invoking the device service, and a password corresponding to the device-side user name required for invoking the device service.

In step S212, the server 110 sends the first device login request to the first device 130 to log in the first device based on the user login information.

In step S213, after successfully logging in the first device based on the user login information in the first device remote login request from the second device side, a service connection between the second device and the system service of the first device side is established, so that the second device 120 can invoke the relevant service of the first device 130 side when remotely accessing the first device 130. At this point, if the login is not successful, the service connection is not successfully established.

In step S214, the first device 130 returns login response information including login success information or login failure information and detailed error reasons of the failure, and the like, to the server 110.

In step S215, the server 110 returns a handshake response corresponding to the login response, including login success information or login failure information, and a detailed error cause of the failure, and the like, to the second device 120.

In the case that the first device is successfully remotely logged in based on the user login information input by the operator, the operator on the second device 120 side may obtain an authorization to invoke the relevant service on the first device 130 side based on the user account corresponding to the user login information, thereby implementing services related to remote access to the first device, such as remote failure analysis, remote file management, and the like.

In the above flow, for clearly illustrating the implementation of session establishment and remote login between the first device and the second device in the embodiment of the present disclosure, details are described based on steps S200 to S208 and steps S209 to S215, respectively. It will be appreciated by those skilled in the art that the process of telnet may also be implemented in a process that merges in creating a session.

For example, the remote access request sent by the second device 120 to the server 110 in step S203 may carry user login information of a user account for remote login in the first device 130 (the user login information may be obtained in step S200 or step S201). In step S206, the first device 130 may log in the user account based on the user login information carried in the session creation request, so as to establish a service connection with a system service layer corresponding to the remote terminal service on the first device 130 side, so that the second device can remotely invoke the service on the first device side during the session, so as to implement remote access and control on the first device. The details are the same or similar to those described above and are not repeated herein.

Returning to the flowchart shown in fig. 2, after the second device has successfully remotely logged into the first device, during the session, the message interaction between the second device and the first device may be as shown in steps S3.0-S3.6 in fig. 2. Here and throughout this disclosure, messages transmitted over a communication channel are transmitted in a binary manner. Each message may consist of a header and a payload. Different message types and message headers can be in a JSON format, and the load formats can be slightly different. The content of the message header may include, for example, a message type, a service type to be accessed, a length of payload content, timestamp information, and a session identifier and a password (if any, or if not, if not).

Returning to the flowchart shown in fig. 2, the message interaction during the current session between the second device and the first device may specifically be:

in step S300, an operator on the second device side may send a control instruction to the second device through an interactive operation with the second device; in step S301, the second device may transparently transmit a control instruction to the server; in step S302, the server may transparently transmit the control instruction to the first device; in step S303, the first device transparently transmits a control instruction to the system service, so that the system service executes a control operation corresponding to the control instruction; thereafter, in step S304, the system service transparently transmits a response corresponding to the control instruction to the first device; in step S305, the first device transparently transmits a response corresponding to the control instruction to the server; in step S306, the server transparently transmits a response corresponding to the control instruction to the second device. The transparent transmission (pass-through) is used for transmitting the transmitted content from a source address to a destination address without any change to the content of the service data, regardless of the content of the transmitted service in the communication. The instructions and the corresponding responses involved in the interaction are original messages of the service, and no specific format specification exists.

Therefore, during the session, the remote access and control of the second device to the first device are realized through the original messages transmitted among the second device, the server, the first device and the system service on the first device. Based on this, the operator on the second device side can safely and conveniently realize services such as remote failure analysis, remote file management and the like for the first device.

When the operator on the second device 120 side desires to end the remote access to the first device, the operator may perform an operation of closing the window at step S400. In step S401, in response to the closing operation, the second device 120 sends a request for closing the session to the server 110, that is, requests to disconnect the websocket connection between the second device and the first device; in step S402, the server 110 sends a request to release the session to the first device 130; after receiving the request for releasing the session from the server 110 at step S403, the first device 130 disconnects the service connection with the remote terminal service at step S403, for example, logging out of the user account of the remote login; and returns a response message (ack) to the server for the close confirmation at S404. At this point, the session between the second device and the first device is released, the communication connection between the second device and the first device is disconnected, and the message interaction corresponding to the remote access cannot be performed between the second device and the first device.

So far, the remote access function implemented by the remote access system of the present disclosure has been described in detail with reference to the flowchart illustrated in fig. 2.

The remote access system of the present disclosure is applicable to any form of communication protocol and operating system. Based on the remote access scheme, the server is not required to provide services to the outside, a plurality of network ports of the server are not required to be occupied, remote access services to a large number of terminal devices can be simply and safely realized, the equipment operation and maintenance cost can be greatly reduced, and the equipment operation and maintenance efficiency can be improved.

The above-described remote access scheme may be implemented as a method performed by a server. Fig. 3 shows a flow diagram of a remote access method applied to a server according to one embodiment of the present disclosure. Fig. 4 shows a schematic block diagram of a server according to one embodiment of the present disclosure. Wherein the server shown in fig. 4 can be used to implement the method shown in fig. 3.

Referring to fig. 3, at step S310, a remote access request from a second device for a first device may be received, for example, by the remote access apparatus 410 shown in fig. 4, where the remote access request includes device association information of the first device.

In step S320, the remote access right of the second device to the first device may be verified based on the device association information, for example, by the right verifying apparatus 420 shown in fig. 4.

In step S330, for example, the session creating apparatus 430 shown in fig. 4 may create a session between the first device and the second device when the second device has the right to remotely access the first device.

Optionally, the step of the server creating the session between the first device and the second device may include: creating and recording a session identifier of the session; and returning a handshake response to the second device, wherein the handshake response comprises the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

Optionally, during the session, the server may forward the message between the second device and the first device based on a session identifier carried in the message.

Optionally, the step of the server creating the session between the first device and the second device may further include: sending a session creation request to the first device; and acquiring a password from a session establishing response from the first equipment, wherein the handshake response further comprises the password, and the passwords are carried in messages from the first equipment and the second equipment during the session.

Optionally, during the session, the messages from the first device and the second device comprise messages corresponding to a plurality of service types, wherein the service types comprise at least one of: SSH service; an HTTP service; FTP service; telnet service; a remote desktop service; link Edge service; and no service.

Optionally, after creating the session between the first device and the second device, the method further includes: receiving a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device; and sending the first equipment login request to the first equipment so as to login the first equipment based on the user login information.

Optionally, a plurality of user accounts are set on the first device, and a user account corresponding to the first device login request is different from a user account currently logged in locally by the first device.

Optionally, during the session between one second device and the first device, the server may also create a session between another second device and the first device, where a user account corresponding to the another second device is different from a user account corresponding to the one second device.

Optionally, the server may receive a registration request from the first device, the registration request including device association information of the first device; verifying whether the first device is allowed to be remotely accessed based on the device association information.

Optionally, the step of verifying the remote access right of the second device to the first device may include: sending the device association information included in the remote access request to an internet of things server so that the internet of things server can verify the remote access authority of the second device to the first device; and receiving a verification result of the Internet of things server for the equipment association information included in the remote access request.

Optionally, the step of verifying whether the first device is allowed to be remotely accessed may include: sending the device association information included in the registration request to an internet of things server so that the internet of things server verifies whether the first device is allowed to be remotely accessed; and receiving a verification result of the Internet of things server for the equipment association information included in the registration request.

Optionally, the device-related information of the first device is pre-stored locally in the internet of things server or on a device accessible by the internet of things server, and when the signature verification of the device-related information carried in the remote access request and the pre-stored device-related information is successful, it is determined that the second device has a remote access right to the first device and/or when the signature verification of the device-related information carried in the registration request and the pre-stored device-related information is successful, it is determined that the first device is allowed to be remotely accessed.

Optionally, the device association information of the first device includes a device identifier and service access information, where the service access information is allocated to the first device by a base station to which the first device accesses when the first device accesses the internet of things.

Optionally, the server may establish a bidirectional communication connection with the first device based on a websocket protocol, and may establish a bidirectional communication connection with the second device based on the websocket protocol.

Optionally, the server may send a session release instruction to the first device in response to a request for closing the websocket connection from the second device, and may further receive session close confirmation information returned by the first device.

The above-described remote access scheme may be implemented as a method performed by the second device. Fig. 5 shows a flow diagram of a remote access method applied to a second device according to one embodiment of the present disclosure. Fig. 6 shows a schematic block diagram of a second device according to an embodiment of the present disclosure. Wherein the second device shown in fig. 6 may be used to implement the method shown in fig. 5.

Referring to fig. 5, in step S510, a remote access request for a first device is sent to a server in response to a remote access operation for the first device, for example, by the remote access apparatus 610 shown in fig. 6, where the remote access request includes device association information of the first device.

In step S520, for example, the session device 620 shown in fig. 6 may receive a handshake response returned by the server, where the handshake response corresponds to a session created by the server between the first device and the second device when the second device has a right to remotely access the first device.

In step S530, the interacting device 630 shown in fig. 6 may be used to perform message interaction with the first device via the server during the session.

Optionally, the handshake response may include the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

Optionally, the second device may send a first device login request to the server, the first device login request including user login information of a user account on the first device. The second device can also receive a response returned by the server and based on the user login information, the response logs in the first device.

Optionally, the first device may be provided with a plurality of user accounts, and a user account corresponding to a first device login request from the second device is different from a user account currently logged in locally by the first device.

Optionally, the second device may establish a bidirectional communication connection with the server based on the websocket protocol.

Optionally, the second device may send a request to close the websocket connection to the server in response to closing the session.

The above-described remote access scheme may also be implemented as a method performed by the first device. Fig. 7 shows a flowchart diagram of a method of being remotely accessed applied to a first device according to one embodiment of the present disclosure. Fig. 8 shows a schematic block diagram of a first device according to one embodiment of the present disclosure. Wherein the first device shown in fig. 8 may be used to implement the method shown in fig. 7.

Referring to fig. 7, in step S710, a session creating request sent by a server to create a session between a second device and the first device may be received, for example, by the session device 810 shown in fig. 8, where the session creating request is issued by the server when the second device has a right to remotely access the first device.

In step S720, for example, by the service connection apparatus 820 shown in fig. 8, in the case that the first device is allowed to be remotely accessed, a service connection between the first device and its corresponding system service is established.

In step S730, a session creation response may be sent to the server, for example, by the session responding apparatus 830 shown in fig. 8.

Optionally, the first device may send a registration request to a server, the registration request including device association information of the first device, so that the server verifies whether the first device is allowed to be remotely accessed based on the device association information; and receiving a handshake response returned by the server.

Optionally, during the session, the first device may perform message interaction with the second device via the server.

Optionally, the session creation response may include a password generated by the first device in response to the session creation request, and during the session, messages from the first device and the second device both carry the password.

Optionally, the first device may further receive an instruction from the server to release the session between the second device and the first device; disconnecting a service connection between the first device and a remote access service; and returning session closing confirmation information to the server.

In addition, the above remote access scheme may also be implemented as a method for remotely accessing the first device, which may be implemented by the above server.

In one embodiment, the session between the first device and the second device may be created, for example, by a session creation means in the server, in response to a received remote access request for the first device from the second device. Then, a first remote login device in the server receives a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device. And then, sending the first device login request to the first device by a second remote login device in the server so as to log in the first device based on the user login information, wherein a user account corresponding to the first device login request is different from a user account currently logged in locally by the first device.

Optionally, the user account corresponding to the first device login request and the local user account of the first device login request simultaneously login to the first device, and access to the first device independently and without mutual influence.

Optionally, the first device may be provided with a plurality of user accounts, and the method may further include: during the session between one second device and the first device, a session between another second device and the first device is created, the user account corresponding to the another second device is different from the user account corresponding to the one second device and is different from the user account currently logged in locally by the first device, and the user account corresponding to the one second device, the user account corresponding to the another second device and the user account local to the first device are logged in the first device simultaneously, and the first device is accessed independently and independently of each other.

Optionally, the step of creating a session between the first device and the second device includes: creating and recording a session identifier of the session; and returning a handshake response to the second device, wherein the handshake response comprises the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

Optionally, the step of creating a session between the first device and the second device further includes: sending a session creation request to the first device; and acquiring a password from a session establishing response from the first equipment, wherein the handshake response further comprises the password, and the passwords are carried in messages from the first equipment and the second equipment during the session.

The above remote access scheme may also be implemented as a device access management method, which may be implemented by the above first device.

In one embodiment, the first device may be logged in with the first user account based on first user login information for the first user account entered locally at the first device, for example, by a first login means of the first device. Then, a first device login request initiated by a second device may be received by the login information receiving apparatus of the first device, where the first device login request includes second user login information of a second user account on the first device. Then, the first device may be logged in with a second user account based on the second user login information by a second login device of the first device when the first device is logged in with the first user account, where the second user account is different from the first user account.

Optionally, the first user account and the second user account are logged in the first device at the same time, and access to the first device is independent of each other.

Optionally, the first device may be provided with a plurality of user accounts, and the method may further include: when the first device is logged in with a first user account and the first device is logged in with the second user account, the first device is logged in with a third user account corresponding to another second device, the third user account is different from the first user account and the second user account, the first user account, the second user account and the third user account are logged in the first device at the same time, and the first device is accessed independently of one another.

The specific implementation of the remote access scheme respectively implemented by the server or the related device shown in fig. 3 to fig. 8 is the same as or similar to the description of the remote access system, and may specifically refer to the above related description, and is not described herein again.

FIG. 9 shows a schematic structural diagram of a computing device according to an embodiment of the invention.

Referring to fig. 9, computing device 900 includes memory 910 and processor 920.

The processor 920 may be a multi-core processor or may include multiple processors. In some embodiments, processor 920 may include a general-purpose main processor and one or more special purpose coprocessors such as a Graphics Processor (GPU), Digital Signal Processor (DSP), or the like. In some embodiments, processor 920 may be implemented using custom circuits, such as Application Specific Integrated Circuits (ASICs) or Field Programmable Gate Arrays (FPGAs).

The memory 910 may include various types of storage units, such as system memory, Read Only Memory (ROM), and permanent storage. Wherein the ROM may store static data or instructions for the processor 920 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered off. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at runtime. In addition, the memory 910 may include any combination of computer-readable storage media, including various types of semiconductor memory chips (DRAM, SRAM, SDRAM, flash memory, programmable read-only memory), magnetic and/or optical disks, may also be employed. In some embodiments, memory 910 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), a digital versatile disc read only (e.g., DVD-ROM, dual layer DVD-ROM), a Blu-ray disc read only, an ultra-dense disc, a flash memory card (e.g., SD card, min SD card, Micro-SD card, etc.), a magnetic floppy disk, or the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.

The memory 910 has stored thereon processable code that, when processed by the processor 920, causes the processor 920 to perform the remote access methods described above.

The remote access scheme according to the present invention has been described in detail above with reference to the accompanying drawings.

Furthermore, the method according to the invention may also be implemented as a computer program or computer program product comprising computer program code instructions for carrying out the above-mentioned steps defined in the above-mentioned method of the invention.

Alternatively, the invention may also be embodied as a non-transitory machine-readable storage medium (or computer-readable storage medium, or machine-readable storage medium) having stored thereon executable code (or a computer program, or computer instruction code) which, when executed by a processor of an electronic device (or computing device, server, etc.), causes the processor to perform the steps of the above-described method according to the invention.

Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (43)

1. A method for remotely accessing a first device, the method being applied to a server and comprising:

creating a session between a first device and a second device in response to a received remote access request from the second device for the first device;

receiving a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device;

and sending the first equipment login request to the first equipment so as to log in the first equipment based on the user login information, wherein a user account corresponding to the first equipment login request is different from a user account currently logged in locally by the first equipment.

2. The method of claim 1,

and simultaneously logging in the first equipment by the user account corresponding to the first equipment login request and the local user account of the first equipment, and accessing the first equipment independently and without mutual influence.

3. The method of claim 2, wherein the first device has a plurality of user accounts disposed thereon, the method further comprising:

creating a session of another second device with the first device during the session of the one second device with the first device, the another second device corresponding to a user account different from the user account corresponding to the one second device and different from a user account currently logged in locally to the first device, and,

and simultaneously logging in the first equipment by the user account corresponding to the second equipment, the user account corresponding to the other second equipment and the local user account of the first equipment, and accessing the first equipment independently and without mutual influence.

4. The method of claim 2, wherein the step of creating the session between the first device and the second device comprises:

creating and recording a session identifier of the session;

and returning a handshake response to the second device, wherein the handshake response comprises the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

5. The method of claim 4, wherein the step of creating the session between the first device and the second device further comprises:

sending a session creation request to the first device;

and acquiring a password from a session establishing response from the first equipment, wherein the handshake response further comprises the password, and the passwords are carried in messages from the first equipment and the second equipment during the session.

6. A device access management method applied to a first device to be accessed, the method comprising:

logging in the first device with a first user account based on first user login information of the first user account locally input at the first device;

receiving a first device login request initiated by a second device, wherein the first device login request comprises second user login information of a second user account on the first device; and

and under the condition that the first device is logged in with a first user account, logging in the first device with a second user account based on the second user login information, wherein the second user account is different from the first user account currently logged in locally by the first device.

7. The method of claim 6,

the first user account and the second user account are logged in the first device at the same time, and the first device is accessed independently and independently without influencing each other.

8. The method of claim 7, wherein the first device has a plurality of user accounts disposed thereon, the method further comprising:

in the case where the first device is logged in with a first user account and the first device is logged in with the second user account, logging in the first device with a third user account corresponding to another second device, the third user account being different from the first user account and the second user account, and,

the first user account, the second user account and the third user account are logged in the first device at the same time, and the first device is accessed independently and independently without influencing each other.

9. A method for remotely accessing a first device, the method being applied to a server and comprising:

receiving a remote access request from a second device for a first device, the remote access request including device association information of the first device;

verifying the remote access authority of the second device to the first device based on the device association information;

creating a session between the first device and the second device if the second device has a right to remotely access the first device.

10. The method of claim 9, wherein the step of creating the session between the first device and the second device comprises:

creating and recording a session identifier of the session;

and returning a handshake response to the second device, wherein the handshake response comprises the session identifier, and the session identifier is carried in messages from the first device and the second device during the session.

11. The method of claim 10, wherein the step of determining the target position is performed by a computer

And during the session, forwarding the message between the second device and the first device based on the session identifier carried in the message.

12. The method of claim 10, wherein the step of creating the session between the first device and the second device further comprises:

sending a session creation request to the first device;

and acquiring a password from a session establishing response from the first equipment, wherein the handshake response further comprises the password, and the passwords are carried in messages from the first equipment and the second equipment during the session.

13. The method of claim 10,

the messages from the first device and the second device include messages corresponding to a plurality of service types,

wherein the service type comprises at least one of: SSH service; an HTTP service; FTP service; telnet service; a remote desktop service; link Edge service; and no service.

14. The method of claim 9, after creating the session between the first device and the second device, further comprising:

receiving a first device login request from the second device, wherein the first device login request comprises user login information of a user account on the first device;

and sending the first equipment login request to the first equipment so as to login the first equipment based on the user login information.

15. The method of claim 14, wherein a plurality of user accounts are provided on the first device, wherein the user account to which the first device login request corresponds is different from a user account currently logged in locally to the first device, and wherein,

and simultaneously logging in the first equipment by the user account corresponding to the first equipment login request and the local user account of the first equipment, and accessing the first equipment independently and without mutual influence.

16. The method of claim 14, further comprising:

creating a session of another second device with the first device during the session of the one second device with the first device, the another second device corresponding to a user account different from the user account corresponding to the one second device and the user account currently logged in locally to the first device, and,

and simultaneously logging in the first equipment by the user account corresponding to the second equipment, the user account corresponding to the other second equipment and the local user account of the first equipment, and accessing the first equipment independently and without mutual influence.

17. The method of claim 9, further comprising:

receiving a registration request from the first device, the registration request including device association information of the first device;

verifying whether the first device is allowed to be remotely accessed based on the device association information.

18. The method of claim 17, wherein the step of verifying the remote access rights of the second device to the first device comprises:

sending the device association information included in the remote access request to an internet of things server so that the internet of things server can verify the remote access authority of the second device to the first device;

and receiving a verification result of the Internet of things server for the equipment association information included in the remote access request.

19. The method of claim 17, wherein the step of verifying whether the first device is allowed to be remotely accessed comprises:

sending the device association information included in the registration request to an internet of things server so that the internet of things server verifies whether the first device is allowed to be remotely accessed;

and receiving a verification result of the Internet of things server for the equipment association information included in the registration request.

20. The method of claim 18 or 19, wherein the device association information of the first device is pre-stored locally to the IOT server or on a device accessible to the IOT server,

under the condition that the signature verification of the device association information carried in the remote access request and the pre-stored device association information is successful, judging that the second device has a remote access right item for the first device; and/or

And under the condition that the signature verification of the device association information carried in the registration request and the pre-stored device association information is successful, judging that the first device is allowed to be remotely accessed.

21. The method of claim 18 or 19,

the device association information of the first device comprises device information, service access information and a character string to be signed, wherein the service access information is distributed to the first device by a base station accessed by the first device when the first device accesses the internet of things.

22. The method of claim 9, further comprising:

establishing a bidirectional communication connection with the first equipment based on a websocket protocol; and/or

And establishing a bidirectional communication connection with the second equipment based on a websocket protocol.

23. The method of claim 22, further comprising:

sending a session release instruction to the first equipment in response to a request for closing the websocket connection from the second equipment; and

and receiving session closing confirmation information returned by the first equipment.

24. A method for remote access to a first device, applied to a second device, the method comprising:

in response to a remote access operation for the first device, sending a remote access request for the first device to a server, the remote access request including device association information of the first device;

receiving a handshake response returned by the server, wherein the handshake response corresponds to a session between the first device and the second device, which is created by the server under the condition that the second device has the right of remote access to the first device; and

during the present session, performing message interaction with the first device via the server.

25. The method of claim 24,

the handshake response includes the session identifier, and the messages from the first device and the second device both carry the session identifier during the session.

26. The method of claim 24, further comprising:

sending a first device login request to a server, wherein the first device login request comprises user login information of a user account on the first device;

and receiving a response returned by the server for logging in the first equipment based on the user login information.

27. The method of claim 26,

the first device is provided with a plurality of user accounts, and the user account corresponding to the first device login request is different from the user account currently logged in locally by the first device.

28. The method of claim 24, further comprising:

and establishing a bidirectional communication connection with the server based on a websocket protocol.

29. The method of claim 28, further comprising:

and responding to the operation of closing the session, and sending a request for closing the websocket connection to the server.

30. A method of being remotely accessed, as applied to a first device, the method comprising:

receiving a session creation request sent by a server to create a session between a second device and the first device, wherein the session creation request is issued by the server when the second device has a right to remotely access the first device;

establishing a service connection between the first device and a system service thereon in the case that the first device is allowed to be remotely accessed; and

sending a session creation response to the server.

31. The method of claim 30, further comprising:

sending a registration request to a server, the registration request including device association information of the first device, so that the server verifies whether the first device is allowed to be remotely accessed based on the device association information;

and receiving a handshake response returned by the server.

32. The method of claim 30, further comprising:

during the present session, performing message interaction with the second device via the server.

33. The method of claim 30, wherein the session creation response includes a password generated by the first device in response to the session creation request, and wherein the password is carried in messages from both the first device and the second device during the current session.

34. The method of claim 30, further comprising:

receiving an instruction from a server to release a session between the second device and the first device;

disconnecting the service connection between the first device and the system service on the first device; and

and returning session closing confirmation information to the server.

35. The method of claim 30, further comprising:

and establishing a bidirectional communication connection with the server based on a websocket protocol.

36. A server for remote access to a first device, comprising:

session creation means for creating a session between a first device and a second device in response to a received remote access request for the first device from the second device;

a first remote login device, configured to receive a first device login request from the second device, where the first device login request includes user login information of a user account on the first device;

and the second remote login device is used for sending the first equipment login request to the first equipment so as to log in the first equipment based on the user login information, wherein a user account corresponding to the first equipment login request is different from a user account currently logged in locally by the first equipment.

37. A first device for performing device access management, comprising:

first login means for logging in the first device with a first user account based on first user login information of the first user account locally input at the first device;

the login information receiving device is used for receiving a first equipment login request initiated by second equipment, wherein the first equipment login request comprises second user login information of a second user account on the first equipment; and

and the second login device is used for logging in the first equipment with a second user account based on the second user login information under the condition that the first equipment is logged in with the first user account, wherein the second user account is different from the first user account.

38. A remote access system, comprising a server, a second device and a first device,

the second device sends a remote access request for the first device to the server, wherein the remote access request comprises device association information of the first device;

the server verifies the remote access authority of the second device to the first device based on the device association information, and creates a session between the first device and the second device if the second device has the authority of remote access to the first device and the first device is allowed to be accessed.

39. A server for remote access to a first device, comprising:

a remote access means for receiving a remote access request from a second device for a first device, the remote access request including device association information of the first device;

the permission verification device is used for verifying the remote access permission of the second equipment to the first equipment based on the equipment association information;

session creation means for creating a session between the first device and the second device when the second device has a right to remotely access the first device.

40. A second device for remote access to a first device, comprising:

a remote access means for sending a remote access request for a first device to a server in response to a remote access operation for the first device, the remote access request including device association information of the first device;

session means, configured to receive a handshake response returned by the server, where the handshake response corresponds to a session between the first device and the second device that is created by the server when the second device has a right to remotely access the first device; and

and the interaction device is used for performing message interaction with the first equipment through the server during the session.

41. A first device capable of being remotely accessed, comprising:

a session device, configured to receive a session creation request sent by a server to create a session between a second device and a first device, where the session creation request is issued by the server when the second device has a right to remotely access the first device;

service connection means for establishing a service connection between the first device and a system service above the first device, in a case where the first device is allowed to be remotely accessed; and

and the session response device is used for sending a session creation response to the server.

42. A computing device, comprising:

a processor; and

a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method of any of claims 1-35.

43. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method of any of claims 1-35.

Images