CN112202711B - Network access control method and device of terminal, electronic equipment and storage medium - Google Patents

Network access control method and device of terminal, electronic equipment and storage medium Download PDF

Info

Publication number
CN112202711B
CN112202711B CN202010871582.6A CN202010871582A CN112202711B CN 112202711 B CN112202711 B CN 112202711B CN 202010871582 A CN202010871582 A CN 202010871582A CN 112202711 B CN112202711 B CN 112202711B
Authority
CN
China
Prior art keywords
network
access
target
terminal
access rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010871582.6A
Other languages
Chinese (zh)
Other versions
CN112202711A (en
Inventor
吕伟
彭国洲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Original Assignee
Secworld Information Technology Beijing Co Ltd
Qax Technology Group Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Secworld Information Technology Beijing Co Ltd, Qax Technology Group Inc filed Critical Secworld Information Technology Beijing Co Ltd
Priority to CN202010871582.6A priority Critical patent/CN112202711B/en
Publication of CN112202711A publication Critical patent/CN112202711A/en
Application granted granted Critical
Publication of CN112202711B publication Critical patent/CN112202711B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/148Migration or transfer of sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a network access control method and device of a terminal, electronic equipment and a storage medium. The network access control method of the terminal comprises the following steps: selecting a target access rule from a plurality of preset access rules according to a target network to be accessed, wherein each access rule in the plurality of access rules is respectively associated with one network in the plurality of networks, and each access rule is configured with the access authority of the associated network; and switching the access rule which is currently operated into the target access rule so as to switch the network card of the terminal from the network which is currently connected to the target network according to the target access rule, so that the terminal accesses the target network. According to the embodiment of the invention, the purpose that the terminal only allows access to one network at the same time can be realized through one network card, the hardware cost is reduced, and the terminal is effectively ensured not to be connected with a plurality of networks at the same time.

Description

终端的网络访问控制方法、装置、电子设备及存储介质Terminal network access control method, device, electronic device and storage medium

技术领域technical field

本发明涉及计算机网络技术领域,尤其涉及一种终端的网络访问控制方法、装置、电子设备及存储介质。The present invention relates to the technical field of computer networks, in particular to a terminal network access control method, device, electronic equipment and storage medium.

背景技术Background technique

企业的网络环境可能存在多个网络,例如:业务网、研发网等,出于如安全等方面的考虑,通常企业内的终端不允许可以同时访问多个网络,采取的应对方式为:通过对终端中配置多个网卡进行多个网络同时访问的限制,需要较大的硬件成本。There may be multiple networks in the network environment of the enterprise, such as: business network, research and development network, etc., due to security considerations, usually the terminals in the enterprise are not allowed to access multiple networks at the same time. The limitation of configuring multiple network cards in the terminal to access multiple networks at the same time requires a large hardware cost.

发明内容Contents of the invention

针对现有技术中的问题,本发明实施例提供一种终端的网络访问控制方法、装置、电子设备及存储介质。To solve the problems in the prior art, embodiments of the present invention provide a terminal network access control method, device, electronic equipment, and storage medium.

具体地,本发明实施例提供了以下技术方案:Specifically, the embodiments of the present invention provide the following technical solutions:

第一方面,本发明实施例提供了一种终端的网络访问控制方法,包括:In a first aspect, an embodiment of the present invention provides a terminal network access control method, including:

根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,所述多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限;According to the target network to be accessed, a target access rule is selected from a plurality of preset access rules, wherein each access rule in the plurality of access rules is respectively associated with one of the plurality of networks, and each access rule configures have access rights to associated networks;

将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,以便所述终端访问所述目标网络。Switching the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to connect to the target network according to the target access rule, so that the terminal can access the target network.

进一步地,还包括创建所述多个访问规则的步骤,具体包括:Further, it also includes the step of creating the multiple access rules, specifically including:

获取多个网络中每个网络的网络信息;Obtain network information for each of the plurality of networks;

根据每个网络的网络信息,通过所述终端的操作系统配置每个网络的访问权限,并根据每个网络的访问权限创建一个访问规则,并将创建好的访问规则存储在所述终端中预设的客户端中。According to the network information of each network, the access authority of each network is configured through the operating system of the terminal, and an access rule is created according to the access authority of each network, and the created access rule is stored in the terminal in advance set client.

进一步地,所述网络信息包括网络ID所在的网段信息,Further, the network information includes network segment information where the network ID is located,

根据每个网络的网络信息,通过所述终端的操作系统配置每个网络的访问权限,并根据每个网络的访问权限创建一个访问规则,包括:According to the network information of each network, configure the access rights of each network through the operating system of the terminal, and create an access rule according to the access rights of each network, including:

根据每个网络的网段信息,通过所述终端的操作系统创建具有对应的网段的访问权限的访问规则。According to the network segment information of each network, the operating system of the terminal creates an access rule with the access authority of the corresponding network segment.

进一步地,在将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接之前,还包括:Further, before switching the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to the target network according to the target access rule, the method further includes:

创建网络过滤驱动;Create a network filter driver;

将所述网络过滤驱动与所述网卡进行绑定;Binding the network filter driver to the network card;

相应地,所述将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,包括:Correspondingly, the switching the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to the target network according to the target access rule, includes:

所述网络过滤驱动阻断当前连接的网络,并将所述网卡由所述当前连接的网络切换到与所述目标网络连接。The network filter driver blocks the currently connected network, and switches the network card from the currently connected network to connect to the target network.

进一步地,所述每个访问规则还配置有应用程序访问权限,Further, each of the access rules is also configured with application access rights,

相应地,在所述终端访问所述目标网络之后,还包括:Correspondingly, after the terminal accesses the target network, the method further includes:

根据所述应用程序访问权限,对所述终端中的应用程序进行所述目标网络的访问控制。Perform access control on the target network to the application program in the terminal according to the application program access right.

进一步地,所述根据所述应用程序访问权限,对所述终端中的应用程序进行所述目标网络的访问控制,包括:Further, the performing the access control of the target network on the application program in the terminal according to the application program access authority includes:

根据所述应用程序访问权限,确定所述终端的授权的应用程序和非授权的应用程序;determining an authorized application program and an unauthorized application program of the terminal according to the application program access authority;

当所述终端中的目标应用程序访问所述目标网络时,如果所述目标应用程序为非授权的应用程序,则拦截所述目标应用程序对所述目标网络的访问,否则通过所述目标应用程序对所述目标网络的访问。When the target application program in the terminal accesses the target network, if the target application program is an unauthorized application program, intercept the target application program’s access to the target network, otherwise, pass the target application program Program access to the target network.

第二方面,本发明实施例还提供了一种终端的网络访问控制装置,包括:In a second aspect, an embodiment of the present invention further provides a network access control device for a terminal, including:

访问规则选择模块,用于根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,所述多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限;An access rule selection module, configured to select a target access rule from a plurality of preset access rules according to the target network to be accessed, wherein each access rule in the plurality of access rules is respectively associated with one of the plurality of networks Association, each access rule is configured with the access rights of the associated network;

网络切换模块,用于将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,以便所述终端访问所述目标网络。A network switching module, configured to switch the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to the target network according to the target access rule, so that the terminal can access the target network.

第三方面,本发明实施例还提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如第一方面所述的终端的网络访问控制方法的步骤。In the third aspect, the embodiment of the present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and operable on the processor. When the processor executes the program, the first The steps of the terminal network access control method described in the aspect.

第四方面,本发明实施例还提供了一种非暂态计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如第一方面所述的终端的网络访问控制方法的步骤。In a fourth aspect, an embodiment of the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the network access control of the terminal as described in the first aspect is implemented. method steps.

第五方面,本发明实施例还提供了一种计算机程序产品,所计算机程序产品包括有计算机程序,该计算机程序被处理器执行时实现如第一方面所述的终端的网络访问控制方法的步骤。In a fifth aspect, an embodiment of the present invention further provides a computer program product, the computer program product includes a computer program, and when the computer program is executed by a processor, the steps of the terminal network access control method described in the first aspect are implemented. .

由上面技术方案可知,本发明实施例提供的终端的网络访问控制方法、装置、电子设备及存储介质,可以根据待访问的目标网络,选择对应的目标访问规则,从而,根据目标访问规则实现对终端的网卡的网络管控,实现终端在同一时间只允许访问一个网络的目的,提升网络访问的安全性。相比于通过多个网卡进行多个网络访问限制的方式,应用一个网卡便可以实现终端在同一时间只允许访问一个网络的要求,降低了硬件成本,且有效地保证了终端不能同时连接多个网络。It can be seen from the above technical solutions that the terminal network access control method, device, electronic equipment, and storage medium provided by the embodiments of the present invention can select the corresponding target access rules according to the target network to be accessed, so that the target network can be accessed according to the target access rules. The network management and control of the network card of the terminal realizes the purpose that the terminal is only allowed to access one network at a time, and improves the security of network access. Compared with the way of restricting access to multiple networks through multiple network cards, the application of one network card can realize the requirement that the terminal is only allowed to access one network at the same time, which reduces the hardware cost and effectively ensures that the terminal cannot be connected to multiple networks at the same time. network.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1为本发明一实施例提供的终端的网络访问控制方法的流程图;FIG. 1 is a flowchart of a terminal network access control method provided by an embodiment of the present invention;

图2为本发明一实施例提供的终端的网络访问控制方法的网络访问控制示意图;FIG. 2 is a schematic diagram of network access control of a terminal network access control method provided by an embodiment of the present invention;

图3为本发明一实施例提供的终端的网络访问控制装置的结构示意图;FIG. 3 is a schematic structural diagram of a terminal network access control device provided by an embodiment of the present invention;

图4为本发明一实施例提供的电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

现有通用技术为通过对终端中配置多个网卡进行多个网络同时访问的限制,实现终端不允许同时访问多个网络的目的。本发明无需使用多个网卡,是根据待访问的目标网络,选择对应的目标访问规则,从而,根据目标访问规则实现对终端的网卡的网络管控,实现终端在同一时间只允许访问一个网络的目的,提升网络访问的安全性。相比于通过多个网卡进行多个网络访问限制的方式,应用一个网卡便可以实现终端在同一时间只允许访问一个网络的要求,降低了硬件成本,且有效地保证了终端不能同时连接多个网络。下面将通过具体实施例对本发明提供的终端的网络访问控制方法进行详细解释和说明。The existing common technology is to realize the purpose that the terminal does not allow simultaneous access to multiple networks by configuring multiple network cards in the terminal to restrict simultaneous access to multiple networks. The present invention does not need to use multiple network cards, and selects the corresponding target access rules according to the target network to be accessed, so that the network control of the terminal network card is realized according to the target access rules, and the purpose of allowing the terminal to only access one network at the same time , to improve the security of network access. Compared with the way of restricting access to multiple networks through multiple network cards, the application of one network card can realize the requirement that the terminal is only allowed to access one network at the same time, which reduces the hardware cost and effectively ensures that the terminal cannot be connected to multiple networks at the same time. network. The terminal network access control method provided by the present invention will be explained and described in detail below through specific embodiments.

图1示出了本发明实施例提供的终端的网络访问控制方法的流程图。如图1所示,本发明实施例提供的终端的网络访问控制方法,包括如下步骤:Fig. 1 shows a flowchart of a terminal network access control method provided by an embodiment of the present invention. As shown in Figure 1, the terminal network access control method provided by the embodiment of the present invention includes the following steps:

步骤101:根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限。Step 101: According to the target network to be accessed, select a target access rule from multiple preset access rules, wherein each of the multiple access rules is associated with one of the multiple networks, and each access rule Configure access permissions for associated networks.

如图2所示,多个网络包括网络1至网络n,n为大于1的正整数。则预设的多个访问规则包括访问规则1至访问规则n,其中,访问规则1至访问规则n一一对应地与网络1至网络n关联,访问规则1至访问规则n一一对应地配置有网络1至网络n的访问权限。As shown in FIG. 2 , the multiple networks include network 1 to network n, where n is a positive integer greater than 1. The preset multiple access rules include access rule 1 to access rule n, wherein access rule 1 to access rule n are associated with network 1 to network n in one-to-one correspondence, and access rule 1 to access rule n are configured in one-to-one correspondence Has access to network 1 to network n.

其中,访问权限指具有对应的网络的访问权限,即:可以访问对应的网络的权限,例如:通过访问规则1可以实现网络1的访问,通过访问规则2可以实现网络2的访问,同理,访问规则n可以实现网络n的访问。Among them, the access authority refers to the access authority of the corresponding network, that is, the authority to access the corresponding network, for example, access to network 1 can be achieved through access rule 1, and access to network 2 can be achieved through access rule 2. Similarly, Access rule n can implement access to network n.

其中,多个访问规则可以由终端中创建,并将多个访问规则保存在终端中的预设的客户端中。如图2所示,访问规则1至访问规则n也成为网络1策略至网络n策略,终端可以称为网络策略中心。终端例如为笔记本电脑、PC机等。Wherein, multiple access rules can be created in the terminal, and the multiple access rules can be saved in a preset client in the terminal. As shown in FIG. 2 , access rule 1 to access rule n also become network 1 policy to network n policy, and the terminal can be called a network policy center. The terminal is, for example, a notebook computer, a PC, and the like.

在本发明的一个实施例中,预设的多个访问规则是预先创建得到的,并保存在终端中的相应的客户端中,其中,创建多个访问规则的步骤,具体包括:获取多个网络中每个网络的网络信息;通过所述终端的操作系统根据每个网络的网络信息,配置每个网络的访问权限,并根据每个网络的访问权限创建一个访问规则,并将创建好的访问规则存储在终端中的预设的客户端中。In one embodiment of the present invention, the preset multiple access rules are pre-created and stored in the corresponding client in the terminal, wherein the step of creating multiple access rules specifically includes: obtaining multiple The network information of each network in the network; through the operating system of the terminal, according to the network information of each network, configure the access rights of each network, and create an access rule according to the access rights of each network, and the created Access rules are stored in preset clients in the terminal.

进一步而言,网络信息例如包括网络ID所在的网段信息,则根据每个网络的网络信息,通过所述终端的操作系统配置每个网络的访问权限,并根据每个网络的访问权限创建一个访问规则,包括:根据每个网络的网段信息,通过所述终端的操作系统创建具有对应的网段的访问权限的访问规则。也就是说,不同的网络所在的网段不同,因此,可以根据网络的网络ID所在的网段信息,确定网络所在的网段,进而,能够在相应的访问规则中配置对该网段的访问控制权限。这样,应用该访问规则时,可以实现对该网络的访问。Further, the network information includes, for example, the network segment information where the network ID is located, then according to the network information of each network, configure the access rights of each network through the operating system of the terminal, and create a The access rule includes: according to the network segment information of each network, create an access rule with the access authority of the corresponding network segment through the operating system of the terminal. That is to say, the network segments of different networks are different. Therefore, the network segment of the network can be determined according to the network segment information of the network ID of the network, and then the access to the network segment can be configured in the corresponding access rules. Control permissions. In this way, when the access rule is applied, access to the network can be realized.

在以上描述中,操作系统例如为windows操作系统,即:通过windows操作系统设置多个访问规则,然后将多个访问规则存储在终端上的客户端中,其中,客户端指安装在终端中的一个特定的应用程序。这样,可以从客户端中快速地调用到相应的访问规则,提升该方法的执行效率。另外,可以直接通过终端上的操作系统创建访问规则,这样,可以在搭载多种操作系统的终端上实现该方法,提升该方法的通用性。In the above description, the operating system is, for example, the windows operating system, that is, multiple access rules are set through the windows operating system, and then the multiple access rules are stored in the client on the terminal, where the client refers to the a specific application. In this way, the corresponding access rules can be quickly called from the client, improving the execution efficiency of the method. In addition, the access rule can be created directly through the operating system on the terminal, so that the method can be implemented on a terminal equipped with multiple operating systems, and the generality of the method can be improved.

步骤102:将当前运行的访问规则切换为目标访问规则,以根据目标访问规则将终端的网卡由当前连接的网络切换到与目标网络连接,以便终端访问目标网络。Step 102: Switch the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to connect to the target network according to the target access rule, so that the terminal can access the target network.

作为一个具体的示例,在将当前运行的访问规则切换为目标访问规则,以根据目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接之前,还包括:创建网络过滤驱动;将网络过滤驱动与网卡进行绑定,这样,可以通过网络过滤驱动实现终端中网络的快速切换。相应地,将当前运行的访问规则切换为目标访问规则,以根据目标访问规则将终端的网卡由当前连接的网络切换到与目标网络连接,包括:网络过滤驱动阻断当前连接的网络,并将网卡由当前连接的网络切换到与目标网络连接。如图2所示,目标网络以网络1为例,则目标访问规则为访问规则1,访问规则1中配置的访问权限为网络1的访问权限,即:通过访问规则1可以实现网络1的访问。在本发明的具体示例中,访问规则之间的切换可以通过客户端中创建的网络过滤驱动程序实现,例如:首先将创建的网络过滤驱动程序与终端的网卡进行绑定,以便对该网卡进行网络管控。在网卡绑定成功之后,网络过滤驱动程序接收终端派发的访问规则1,网络过滤驱动程序关闭正在使用的访问规则,正在使用的访问规则失效,实现了访问规则的切换,即:阻断了网卡与正在连接的网络的连接,然后切换到访问规则1,访问规则1生效,网卡与网络1连接,从而实现了终端对网络1的访问,并且保证了终端通过网卡在一个时间只允许访问一个网络的目的。As a specific example, before switching the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to the target network according to the target access rule, it also includes: creating a network filter driver ; Bind the network filter driver with the network card, so that the network in the terminal can be quickly switched through the network filter driver. Correspondingly, switch the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to connect to the target network according to the target access rule, including: the network filter driver blocks the currently connected network, and The network card is switched from the currently connected network to the target network. As shown in Figure 2, the target network takes network 1 as an example, then the target access rule is access rule 1, and the access rights configured in access rule 1 are the access rights of network 1, that is, access to network 1 can be realized through access rule 1 . In a specific example of the present invention, the switching between access rules can be realized through the network filter driver created in the client, for example: first bind the created network filter driver with the network card of the terminal, so as to Network management and control. After the network card is successfully bound, the network filter driver receives the access rule 1 distributed by the terminal, the network filter driver closes the access rule in use, the access rule in use becomes invalid, and the switch of the access rule is realized, that is, the network card is blocked The connection with the network being connected, and then switch to access rule 1, access rule 1 takes effect, and the network card is connected to network 1, thereby realizing the terminal’s access to network 1 and ensuring that the terminal is only allowed to access one network at a time through the network card the goal of.

在具体应用中,网络1例如是企业的业务网、网络2例如是企业的研发网,假设企业内不允许终端可以同时访问业务网和研发网,此时,应用本发明实施例的终端的网络访问控制方法,可以避免终端能够同时访问业务网和研发网,进而,满足合规访问的要求。In a specific application, network 1 is, for example, the business network of the enterprise, and network 2 is, for example, the research and development network of the enterprise. The access control method can prevent the terminal from being able to access the business network and the research and development network at the same time, thereby satisfying the requirements for compliant access.

根据本发明实施例的终端的网络访问控制方法,可以根据待访问的目标网络,选择对应的目标访问规则,从而,根据目标访问规则实现对终端的网卡的网络管控,实现终端在同一时间只允许访问一个网络的目的,提升网络访问的安全性。相比于通过多个网卡进行多个网络访问限制的方式,应用一个网卡便可以实现终端在同一时间只允许访问一个网络的要求,降低了硬件成本,且有效地保证了终端不能同时连接多个网络。According to the network access control method of the terminal in the embodiment of the present invention, the corresponding target access rule can be selected according to the target network to be accessed, so that the network control of the network card of the terminal can be realized according to the target access rule, and the terminal can only allow The purpose of accessing a network is to improve the security of network access. Compared with the way of restricting access to multiple networks through multiple network cards, the application of one network card can realize the requirement that the terminal is only allowed to access one network at the same time, which reduces the hardware cost and effectively ensures that the terminal cannot be connected to multiple networks at the same time. network.

在本发明的一个实施例中,每个访问规则还配置有应用程序访问权限。进一步地,在终端访问目标网络之后,还包括:根据应用程序访问权限,对终端中的应用程序进行目标网络的访问控制,例如:根据应用程序访问权限,确定终端的授权的应用程序和非授权的应用程序;当终端中的目标应用程序访问目标网络时,如果目标应用程序为非授权的应用程序,则拦截目标应用程序对目标网络的访问,否则通过目标应用程序对目标网络的访问。In one embodiment of the present invention, each access rule is also configured with application program access rights. Further, after the terminal accesses the target network, it also includes: according to the application program access authority, performing access control on the target network to the application program in the terminal, for example: according to the application program access authority, determining the authorized application program and the unauthorized application program of the terminal application program; when the target application program in the terminal accesses the target network, if the target application program is an unauthorized application program, then intercept the target application program's access to the target network, otherwise, pass the target application program's access to the target network.

如图2所示,假设应用程序APP1为业务处理软件,APP2为聊天软件,APP3为游戏客户端,网络1例如为业务网,则在终端连接到业务网时,通常来说是处于办公时间,不允许进行网络聊天以及进行网络游戏,因此,访问规则中配置有应用程序访问权限,例如:访问规则1中配置APP1为授权的应用程序,APP2和APP3为非授权的应用程序,此时,网卡连接上网络1后,当终端中启动APP2和APP3时,也是不能进行上网的,从而,防止人员在工作时间进行与业务无关的事情,进一步满足了合规访问的要求。As shown in Figure 2, assuming that the application program APP1 is business processing software, APP2 is chat software, APP3 is a game client, and network 1 is, for example, a business network, when the terminal is connected to the business network, it is usually during office hours. Internet chatting and online games are not allowed. Therefore, the access rules are configured with application access permissions. For example: in access rule 1, configure APP1 as an authorized application, and APP2 and APP3 as unauthorized applications. At this time, the network card After connecting to network 1, when APP2 and APP3 are activated in the terminal, the Internet cannot be accessed, thereby preventing personnel from doing things unrelated to business during working hours, and further meeting the requirements for compliant access.

图3示出了本发明实施例提供的终端的网络访问控制装置的结构示意图。如图3所示,本实施例提供的终端的网络访问控制装置,包括:访问规则选择模块31和网络切换模块32,其中:Fig. 3 shows a schematic structural diagram of an apparatus for network access control of a terminal provided by an embodiment of the present invention. As shown in FIG. 3, the terminal network access control device provided in this embodiment includes: an access rule selection module 31 and a network switching module 32, wherein:

访问规则选择模块31,用于根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,所述多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限;An access rule selection module 31, configured to select a target access rule from a plurality of preset access rules according to the target network to be accessed, wherein each access rule in the plurality of access rules is respectively associated with one of the plurality of networks Network association, each access rule is configured with the access rights of the associated network;

网络切换模块32,用于将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,以便所述终端访问所述目标网络。A network switching module 32, configured to switch the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to connect to the target network according to the target access rule, so that the terminal access the target network.

基于上述各实施例的内容,在本实施例中,还包括:创建模块(图3中没有示出),创建模块用于创建所述多个访问规则的步骤,具体为:Based on the content of each of the above embodiments, in this embodiment, it also includes: a creation module (not shown in FIG. 3 ), the creation module is used to create the steps of the plurality of access rules, specifically:

获取多个网络中每个网络的网络信息;Obtain network information for each of the plurality of networks;

根据每个网络的网络信息,配置每个网络的访问权限,并根据每个网络的访问权限创建一个访问规则。According to the network information of each network, configure the access rights of each network, and create an access rule based on the access rights of each network.

基于上述各实施例的内容,在本实施例中,所述网络信息包括网络ID所在的网段信息,所述创建模块具体用于:Based on the content of each of the above embodiments, in this embodiment, the network information includes the network segment information where the network ID is located, and the creation module is specifically used for:

根据每个网络的网段信息,创建具有对应的网段的访问权限的访问规则。According to the network segment information of each network, create an access rule with the access rights of the corresponding network segment.

基于上述各实施例的内容,在本实施例中,所述每个访问规则还配置有应用程序访问权限。Based on the contents of the foregoing embodiments, in this embodiment, each access rule is further configured with an application program access right.

基于上述各实施例的内容,在本实施例中,在所述终端访问所述目标网络之后,网络切换模块32还用于:Based on the contents of the foregoing embodiments, in this embodiment, after the terminal accesses the target network, the network switching module 32 is further configured to:

根据所述应用程序访问权限,对所述终端中的应用程序进行所述目标网络的访问控制。Perform access control on the target network to the application program in the terminal according to the application program access right.

基于上述各实施例的内容,在本实施例中,网络切换模块32根据所述应用程序访问权限,对所述终端中的应用程序进行所述目标网络的访问控制,包括:Based on the contents of the foregoing embodiments, in this embodiment, the network switching module 32 performs access control of the target network on the application program in the terminal according to the application program access authority, including:

根据所述应用程序访问权限,确定所述终端的授权的应用程序和非授权的应用程序;determining an authorized application program and an unauthorized application program of the terminal according to the application program access authority;

当所述终端中的目标应用程序访问所述目标网络时,如果所述目标应用程序为非授权的应用程序,则拦截所述目标应用程序对所述目标网络的访问,否则通过所述目标应用程序对所述目标网络的访问。When the target application program in the terminal accesses the target network, if the target application program is an unauthorized application program, intercept the target application program’s access to the target network, otherwise, pass the target application program Program access to the target network.

由于本发明实施例提供的终端的网络访问控制装置,可以用于执行上述实施例所述的终端的网络访问控制方法,其工作原理和有益效果类似,故此处不再详述,具体内容可参见上述实施例的介绍。Since the terminal network access control device provided in the embodiment of the present invention can be used to implement the terminal network access control method described in the above embodiment, its working principle and beneficial effect are similar, so it will not be described in detail here, and the specific content can be found in Introduction to the above examples.

在本实施例中,需要说明的是,本发明实施例的装置中的各个模块可以集成于一体,也可以分离部署。上述模块可以合并为一个模块,也可以进一步拆分成多个子模块。In this embodiment, it should be noted that the various modules in the device of the embodiment of the present invention can be integrated into one body, or can be deployed separately. The above modules can be combined into one module, or can be further split into multiple sub-modules.

基于相同的发明构思,本发明又一实施例提供了一种电子设备,参见图4,所述电子设备具体包括如下内容:处理器401、存储器402、通信接口403和通信总线404;Based on the same inventive concept, another embodiment of the present invention provides an electronic device. Referring to FIG. 4 , the electronic device specifically includes the following: a processor 401, a memory 402, a communication interface 403, and a communication bus 404;

其中,所述处理器401、存储器402、通信接口403通过所述通信总线404完成相互间的通信;Wherein, the processor 401, the memory 402, and the communication interface 403 complete mutual communication through the communication bus 404;

所述处理器401用于调用所述存储器402中的计算机程序,所述处理器执行所述计算机程序时实现上述终端的网络访问控制方法的全部步骤,例如,所述处理器执行所述计算机程序时实现下述过程:根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,所述多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限;将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,以便所述终端访问所述目标网络。The processor 401 is used to call the computer program in the memory 402, and when the processor executes the computer program, all the steps of the above terminal network access control method are implemented, for example, the processor executes the computer program At this time, the following process is implemented: according to the target network to be accessed, a target access rule is selected from a plurality of preset access rules, wherein each access rule in the plurality of access rules is respectively associated with one of the plurality of networks , each access rule is configured with the access authority of the associated network; switch the currently running access rule to the target access rule, so as to switch the network card of the terminal from the currently connected network to the target access rule according to the target access rule network connection, so that the terminal accesses the target network.

可以理解的是,所述计算机程序可以执行的细化功能和扩展功能可参照上面实施例的描述。It can be understood that, for the detailed functions and extended functions that the computer program can execute, reference can be made to the description of the above embodiments.

基于相同的发明构思,本发明又一实施例提供了一种非暂态计算机可读存储介质,该非暂态计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述终端的网络访问控制方法的全部步骤,例如,所述处理器执行所述计算机程序时实现下述过程:根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,所述多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限;将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,以便所述终端访问所述目标网络。Based on the same inventive concept, another embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the above-mentioned All the steps of the terminal network access control method, for example, when the processor executes the computer program, the following process is implemented: according to the target network to be accessed, a target access rule is selected from a plurality of preset access rules, wherein, Each of the plurality of access rules is associated with one of the plurality of networks, and each access rule is configured with the access authority of the associated network; the currently running access rule is switched to the target access rule to Switching the network card of the terminal from the currently connected network to connecting with the target network according to the target access rule, so that the terminal can access the target network.

可以理解的是,所述计算机程序可以执行的细化功能和扩展功能可参照上面实施例的描述。It can be understood that, for the detailed functions and extended functions that the computer program can execute, reference can be made to the description of the above embodiments.

基于相同的发明构思,本发明又一实施例提供了一种计算机程序产品,所计算机程序产品包括有计算机程序,该计算机程序被处理器执行时实现上述终端的网络访问控制方法的全部步骤,例如,所述处理器执行所述计算机程序时实现下述过程:根据待访问的目标网络,从预设的多个访问规则中选择目标访问规则,其中,所述多个访问规则中每个访问规则分别与多个网络中的一个网络关联,每个访问规则配置有关联的网络的访问权限;将当前运行的访问规则切换为所述目标访问规则,以根据所述目标访问规则将终端的网卡由当前连接的网络切换到与所述目标网络连接,以便所述终端访问所述目标网络。Based on the same inventive concept, another embodiment of the present invention provides a computer program product, the computer program product includes a computer program, and when the computer program is executed by a processor, all the steps of the above terminal network access control method are implemented, for example , when the processor executes the computer program, the following process is implemented: according to the target network to be accessed, a target access rule is selected from a plurality of preset access rules, wherein each access rule in the plurality of access rules Each access rule is associated with one of the multiple networks, and each access rule is configured with the access authority of the associated network; the currently running access rule is switched to the target access rule, so that the network card of the terminal is controlled by the target access rule according to the target access rule. The currently connected network is switched to be connected to the target network, so that the terminal accesses the target network.

可以理解的是,所述计算机程序可以执行的细化功能和扩展功能可参照上面实施例的描述。It can be understood that, for the detailed functions and extended functions that the computer program can execute, reference can be made to the description of the above embodiments.

此外,上述的存储器中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。In addition, the above logic instructions in the memory can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc, etc., which can store program codes. .

以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本发明实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solutions of the embodiments of the present invention. It can be understood and implemented by those skilled in the art without any creative efforts.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的流量审计方法。Through the above description of the implementations, those skilled in the art can clearly understand that each implementation can be implemented by means of software plus a necessary general hardware platform, and of course also by hardware. Based on this understanding, the essence of the above technical solution or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic Disk, CD, etc., including several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the traffic auditing method described in each embodiment or some parts of the embodiment.

此外,在本发明中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。In addition, in the present invention, relational terms such as first and second, etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. Any such actual relationship or sequence. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.

此外,在本发明中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。Furthermore, in the present disclosure, description referring to the terms "one embodiment," "some embodiments," "example," "specific examples," or "some examples" means that specific features described in connection with the embodiment or example are , structure, material or characteristic is included in at least one embodiment or example of the present invention. In this specification, the schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the described specific features, structures, materials or characteristics may be combined in any suitable manner in any one or more embodiments or examples. In addition, those skilled in the art can combine and combine different embodiments or examples and features of different embodiments or examples described in this specification without conflicting with each other.

最后应说明的是:以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present invention.

Claims (8)

1. A network access control method of a terminal, comprising:
selecting a target access rule from a plurality of preset access rules according to a target network to be accessed, wherein each access rule in the plurality of access rules is respectively associated with one network in the plurality of networks, and each access rule is configured with the access authority of the associated network;
switching the access rule currently operated into the target access rule so as to switch the network card of the terminal from the currently connected network to be connected with the target network according to the target access rule, so that the terminal accesses the target network;
before switching the access rule currently operated into the target access rule so as to switch the network card of the terminal from the currently connected network to be connected with the target network according to the target access rule, the method further comprises the following steps:
creating a network filtering driver;
binding the network filtering driver with the network card;
correspondingly, the switching the access rule currently operated into the target access rule to switch the network card of the terminal from the currently connected network to be connected with the target network according to the target access rule includes:
and the network filtering driver blocks the currently connected network and switches the network card from the currently connected network to the target network.
2. The network access control method of a terminal according to claim 1, further comprising the step of creating the plurality of access rules, specifically comprising:
acquiring network information of each network in a plurality of networks;
according to the network information of each network, configuring access authority of each network through an operating system of the terminal, creating an access rule according to the access authority of each network, and storing the created access rule in a preset client in the terminal.
3. The method for controlling network access of a terminal according to claim 2, wherein the network information includes network segment information in which a network ID is located,
configuring access rights of each network through an operating system of the terminal according to network information of each network, and creating an access rule according to the access rights of each network, wherein the access rule comprises the following steps:
and creating an access rule with the access authority of the corresponding network segment through the operating system of the terminal according to the network segment information of each network.
4. A network access control method for a terminal according to any one of claims 1 to 3, wherein each access rule is further configured with an application access right,
accordingly, after the terminal accesses the target network, the method further comprises:
and according to the access authority of the application program, performing access control on the target network on the application program in the terminal.
5. The network access control method of the terminal according to claim 4, wherein the performing access control of the target network on the application in the terminal according to the application access right includes:
determining authorized application programs and unauthorized application programs of the terminal according to the application program access rights;
when a target application program in the terminal accesses the target network, if the target application program is an unauthorized application program, the access of the target application program to the target network is intercepted, otherwise, the access of the target application program to the target network is performed.
6. A network access control device of a terminal, comprising:
the access rule selection module is used for selecting a target access rule from a plurality of preset access rules according to a target network to be accessed, wherein each access rule in the plurality of access rules is respectively associated with one network in the plurality of networks, and each access rule is configured with the access authority of the associated network;
the network switching module is used for switching the access rule which is currently operated into the target access rule so as to switch the network card of the terminal from the network which is currently connected to the target network according to the target access rule, so that the terminal accesses the target network;
the network switching module is further configured to, before switching a currently running access rule to the target access rule, switch a network card of a terminal from a currently connected network to be connected with the target network according to the target access rule: creating a network filtering driver; binding the network filtering driver with the network card; correspondingly, the switching the access rule currently operated into the target access rule to switch the network card of the terminal from the currently connected network to be connected with the target network according to the target access rule includes: and the network filtering driver blocks the currently connected network and switches the network card from the currently connected network to the target network.
7. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the network access control method of the terminal according to any one of claims 1-5 when the program is executed by the processor.
8. A non-transitory computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when executed by a processor, implements the steps of the network access control method of a terminal according to any one of claims 1 to 5.
CN202010871582.6A 2020-08-26 2020-08-26 Network access control method and device of terminal, electronic equipment and storage medium Active CN112202711B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010871582.6A CN112202711B (en) 2020-08-26 2020-08-26 Network access control method and device of terminal, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010871582.6A CN112202711B (en) 2020-08-26 2020-08-26 Network access control method and device of terminal, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112202711A CN112202711A (en) 2021-01-08
CN112202711B true CN112202711B (en) 2023-04-25

Family

ID=74005063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010871582.6A Active CN112202711B (en) 2020-08-26 2020-08-26 Network access control method and device of terminal, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112202711B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113076567B (en) * 2021-04-13 2023-07-25 浪潮电子信息产业股份有限公司 Communication management method, device and equipment
CN115695191B (en) * 2022-08-29 2024-12-06 中国工商银行股份有限公司 Terminal network switching method and device, and electronic device

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108574693A (en) * 2018-04-17 2018-09-25 四川斐讯信息技术有限公司 A kind of access management method and wireless router of wireless router

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7334255B2 (en) * 2002-09-30 2008-02-19 Authenex, Inc. System and method for controlling access to multiple public networks and for controlling access to multiple private networks
CN105635312B (en) * 2016-01-25 2019-03-22 株洲南车时代电气股份有限公司 The method for realizing more local area network communications based on WinCE system Single NIC
CN107426168A (en) * 2017-05-23 2017-12-01 国网山东省电力公司电力科学研究院 A kind of Secure Network Assecc processing method and processing device
CN111147425A (en) * 2018-11-05 2020-05-12 成都鼎桥通信技术有限公司 Data access processing method, device, equipment and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108574693A (en) * 2018-04-17 2018-09-25 四川斐讯信息技术有限公司 A kind of access management method and wireless router of wireless router

Also Published As

Publication number Publication date
CN112202711A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
US11159453B2 (en) Fabric-based storage-server connection
US9558343B2 (en) Methods and systems for controlling access to resources and privileges per process
US10897466B2 (en) System and method for externally-delegated access control and authorization
US9367703B2 (en) Methods and systems for forcing an application to store data in a secure storage location
US10110635B1 (en) Device policy composition and management system
US8635686B2 (en) Integrated privilege separation and network interception
US10757079B2 (en) Method and system for controlling remote session on computer systems using a virtual channel
CN107643940A (en) Container creation method, relevant device and computer-readable storage medium
CN112202750B (en) Control method for policy execution, policy execution system and computing device
GB2521722A (en) Computer device and method for isolating untrusted content
WO2016048544A1 (en) Non-invasive whitelisting
US11636228B2 (en) Policy based persistence
CN112202711B (en) Network access control method and device of terminal, electronic equipment and storage medium
CN104704506A (en) System control
US10114779B2 (en) Isolating a redirected USB device to a set of applications
CN108255542B (en) Serial port and parallel port control method and device of virtual machine
US20100057911A1 (en) Enhanced User Control Over Processing Parameters
KR102321930B1 (en) Apparatus and method for communication based on dual zero client
US11748505B2 (en) Secure data processing in a third-party cloud environment
CN113946798A (en) Method and system for sharing files among multiple operating system terminals
CN113656355A (en) File processing method and device, non-volatile storage medium, and processor
CA2854540C (en) Managing cross perimeter access
CN118133266B (en) Authority control method, device, equipment, medium and product based on function level
WO2025140271A1 (en) Cross-domain access control method based on cloud management platform, and cloud management platform
US20220171833A1 (en) Device Protection Using Configuration Lockdown Mode

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 100044 2nd floor, building 1, yard 26, Xizhimenwai South Road, Xicheng District, Beijing

Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd.

Applicant after: QAX Technology Group Inc.

Address before: 100097 No. 202, 203, 205, 206, 207, 208, 2nd floor, block D, No. 51, Kunming Hunan Road, Haidian District, Beijing

Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc.

Applicant before: QAX Technology Group Inc.

GR01 Patent grant
GR01 Patent grant