CN112307456A - Computer terminal protection method and device - Google Patents
Computer terminal protection method and device Download PDFInfo
- Publication number
- CN112307456A CN112307456A CN201910681172.2A CN201910681172A CN112307456A CN 112307456 A CN112307456 A CN 112307456A CN 201910681172 A CN201910681172 A CN 201910681172A CN 112307456 A CN112307456 A CN 112307456A
- Authority
- CN
- China
- Prior art keywords
- access
- authorization information
- server
- terminal
- control management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000013475 authorization Methods 0.000 claims abstract description 21
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 17
- 238000007726 management method Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000007723 transport mechanism Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007667 floating Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the disclosure provides a computer terminal protection method and device, which are used for improving the terminal safety. The method comprises the following steps: the access equipment initiates a terminal access request; the server analyzes the request to obtain an authorization information storage path corresponding to the access address; the server sends the authorization information corresponding to the authorization information storage path to a Microsoft domain control management server; the server receives an authentication result of the Microsoft domain control management server; the server signs the access permission and returns the access permission to the access equipment; and the access equipment completes the remote access of the terminal.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a method and an apparatus for protecting a computer terminal.
Background
Along with the development of power informatization construction, the criticality of a power dispatching control system and other business background systems is increasingly highlighted, and the requirement on safety is higher and higher. The current terminal security management means lacks support for the microsoft domain control technology, and certain risks exist.
Disclosure of Invention
To this end, the present disclosure provides a computer terminal protection method, apparatus, in an attempt to solve or at least alleviate at least one of the problems presented above.
According to an aspect of an embodiment of the present disclosure, there is provided a computer terminal protection method, including:
the access equipment initiates a terminal access request;
the server analyzes the request to obtain an authorization information storage path corresponding to the access address;
the server sends the authorization information corresponding to the authorization information storage path to a Microsoft domain control management server;
the server receives an authentication result of the Microsoft domain control management server;
the server signs the access permission and returns the access permission to the access equipment;
and the access equipment completes the remote access of the terminal.
According to an aspect of the embodiments of the present disclosure, there is provided a computer terminal protection apparatus including:
the first receiving module is used for receiving a terminal access request;
the analysis module is used for analyzing the request to obtain an authorization information storage path corresponding to the access address;
the sending module is used for sending the authorization information corresponding to the authorization information storage path to the Microsoft domain control management server;
the second receiving module is used for receiving the authentication result of the Microsoft domain control management server;
and the signing module is used for signing the access permission and returning the access permission to the access equipment.
According to still another aspect of the embodiments of the present disclosure, there is provided a readable storage medium having executable instructions thereon, which when executed, cause a computer to perform operations included in the above-mentioned computer terminal protection method.
According to yet another aspect of embodiments of the present disclosure, there is provided a computing device comprising: a processor; and a memory storing executable instructions that, when executed, cause the processor to perform operations included in the above-described computer terminal protection method.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the disclosure and together with the description serve to explain the principles of the disclosure.
FIG. 1 is a block diagram of an exemplary computing device 100;
fig. 2 is a flow chart of a computer terminal protection method according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a block diagram of an example computing device 100 arranged to implement a computer terminal protection method according to the present disclosure. In a basic configuration 102, computing device 100 typically includes system memory 106 and one or more processors 104. A memory bus 108 may be used for communication between the processor 104 and the system memory 106.
Depending on the desired configuration, the processor 104 may be any type of processing, including but not limited to: the processor 104 may include one or more levels of cache, such as a level one cache 110 and a level two cache 112, a processor core 114, and registers 116. the example processor core 114 may include an Arithmetic Logic Unit (ALU), a Floating Point Unit (FPU), a digital signal processing core (DSP core), or any combination thereof.
Depending on the desired configuration, system memory 106 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 106 may include an operating system 120, one or more programs 122, and program data 124. In some implementations, the program 122 can be configured to execute instructions on an operating system by one or more processors 104 using program data 124.
Computing device 100 may also include an interface bus 140 that facilitates communication from various interface devices (e.g., output devices 142, peripheral interfaces 144, and communication devices 146) to the basic configuration 102 via the bus/interface controller 130. The example output device 142 includes a graphics processing unit 148 and an audio processing unit 150. They may be configured to facilitate communication with various external devices, such as a display terminal or speakers, via one or more a/V ports 152. Example peripheral interfaces 144 may include a serial interface controller 154 and a parallel interface controller 156, which may be configured to facilitate communication with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 158. An example communication device 146 may include a network controller 160, which may be arranged to facilitate communications with one or more other computing devices 162 over a network communication link via one or more communication ports 164.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in such a manner as to encode information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
Computing device 100 may be implemented as part of a small-form factor portable (or mobile) electronic device such as a cellular telephone, a Personal Digital Assistant (PDA), a personal media player device, a wireless web-watch device, a personal headset device, an application specific device, or a hybrid device that include any of the above functions. Computing device 100 may also be implemented as a personal computer including both desktop and notebook computer configurations.
Wherein the one or more programs 122 of the computing device 100 include instructions for performing a computer terminal protection method according to the present disclosure.
Fig. 2 illustrates a flow chart of a method 200 of protecting a computer terminal according to the present disclosure, the method 200 starting at step S210.
S210, the access equipment initiates a terminal access request;
s220, the server analyzes the request to obtain an authorization information storage path corresponding to the access address;
s230, the server sends the authorization information corresponding to the authorization information storage path to a Microsoft domain control management server;
s240, the server receives the authentication result of the Microsoft domain control management server;
s250, the server signs access permission and returns the access permission to the access equipment;
and S260, the access equipment completes the remote access of the terminal.
The embodiment of the present disclosure provides a computer terminal protection device, including:
the first receiving module is used for receiving a terminal access request;
the analysis module is used for analyzing the request to obtain an authorization information storage path corresponding to the access address;
the sending module is used for sending the authorization information corresponding to the authorization information storage path to the Microsoft domain control management server;
the second receiving module is used for receiving the authentication result of the Microsoft domain control management server;
and the signing module is used for signing the access permission and returning the access permission to the access equipment.
It should be understood that the various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present disclosure, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the disclosure.
In the case of program code execution on programmable computers, the computing device will generally include a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to perform the various methods of the present disclosure according to instructions in the program code stored in the memory.
By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer-readable media includes both computer storage media and communication media. Computer storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of computer readable media.
It should be appreciated that in the foregoing description of exemplary embodiments of the disclosure, various features of the disclosure are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that is, the claimed disclosure requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this disclosure.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Moreover, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the disclosure and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the disclosure has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the disclosure as described herein. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the disclosed subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The disclosure of the present disclosure is intended to be illustrative, but not limiting, of the scope of the disclosure, which is set forth in the following claims.
Claims (4)
1. A computer terminal protection method, comprising:
the access equipment initiates a terminal access request;
the server analyzes the request to obtain an authorization information storage path corresponding to the access address;
the server sends the authorization information corresponding to the authorization information storage path to a Microsoft domain control management server;
the server receives an authentication result of the Microsoft domain control management server;
the server signs the access permission and returns the access permission to the access equipment;
and the access equipment completes the remote access of the terminal.
2. A computer terminal protection device, comprising:
the first receiving module is used for receiving a terminal access request;
the analysis module is used for analyzing the request to obtain an authorization information storage path corresponding to the access address;
the sending module is used for sending the authorization information corresponding to the authorization information storage path to the Microsoft domain control management server;
the second receiving module is used for receiving the authentication result of the Microsoft domain control management server;
and the signing module is used for signing the access permission and returning the access permission to the access equipment.
3. A readable storage medium having executable instructions thereon that, when executed, cause a computer to perform the operations included in claim 1 or 2.
4. A terminal device, comprising:
a processor; and
a memory storing executable instructions that, when executed, cause the processor to perform the operations included in claim 1 or 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910681172.2A CN112307456A (en) | 2019-07-26 | 2019-07-26 | Computer terminal protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910681172.2A CN112307456A (en) | 2019-07-26 | 2019-07-26 | Computer terminal protection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112307456A true CN112307456A (en) | 2021-02-02 |
Family
ID=74329576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910681172.2A Pending CN112307456A (en) | 2019-07-26 | 2019-07-26 | Computer terminal protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112307456A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1168763A2 (en) * | 2000-06-30 | 2002-01-02 | Microsoft Corporation | Systems and methods for delegated digest access authorization |
| CN202059438U (en) * | 2011-05-18 | 2011-11-30 | 湖南省烟草公司长沙市公司 | Information protection system of enterprise computer terminal |
-
2019
- 2019-07-26 CN CN201910681172.2A patent/CN112307456A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1168763A2 (en) * | 2000-06-30 | 2002-01-02 | Microsoft Corporation | Systems and methods for delegated digest access authorization |
| CN202059438U (en) * | 2011-05-18 | 2011-11-30 | 湖南省烟草公司长沙市公司 | Information protection system of enterprise computer terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111107503A (en) | Short message fallback method, device and system for converged communication message platform service | |
| CN111563024B (en) | Method and device for monitoring container process on host machine and computing equipment | |
| CN113434205B (en) | Operating system starting method and computing device | |
| CN110633100A (en) | Method, device, storage medium and computing equipment for providing data service | |
| US20140033311A1 (en) | Method and apparatus for determining virus-infected files | |
| CN110795343A (en) | Test system, test method and computing device | |
| CN112860240B (en) | Script verification method, script signature method and computing device | |
| CN114691226A (en) | Multi-operating-system switching operation method, computing device and storage medium | |
| US9626676B2 (en) | Secured online transactions | |
| CN111447178B (en) | Access control method, system and computing device | |
| CN113204385A (en) | Plug-in loading method and device, computing equipment and readable storage medium | |
| CN110719590B (en) | One-key login method, device, equipment and storage medium based on mobile phone number | |
| CN112307456A (en) | Computer terminal protection method and device | |
| CN108173716B (en) | Method for identifying network equipment manufacturer and computing equipment | |
| CN113961086B (en) | Shortcut key implementation method, computing device and storage medium | |
| CN114546678A (en) | Method for copying and pasting data, computing equipment and readable storage medium | |
| CN114510706A (en) | Permission control method and device based on physical interface and computing equipment | |
| CN113254951B (en) | Data processing method and computing device | |
| CN112181516A (en) | Application software execution method and computing device | |
| CN112311547A (en) | Terminal security authentication method and device based on domestic cryptographic technology | |
| CN113536361A (en) | Method and device for realizing trusted reference library and computing equipment | |
| CN114510685B (en) | Authorization state resetting method, authorization state updating method and system | |
| CN111383373B (en) | Vault door authorization method | |
| CN113656347B (en) | File directory export method, file directory import method and computing device | |
| WO2018063783A1 (en) | Methods and apparatus for managing access to file content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210809 Address after: 510700 3rd, 4th and 5th floors of building J1 and 3rd floor of building J3, No.11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province Applicant after: ELECTRIC POWER Research Institute CHINA SOUTHERN POWER GRID Address before: No.11 Kexiang Road, Huangpu District, Guangzhou, Guangdong 510670 Applicant before: ELECTRIC POWER Research Institute CHINA SOUTHERN POWER GRID Applicant before: POWER GRID TECHNOLOGY RESEARCH CENTER. CHINA SOUTHERN POWER GRID |
|
| TA01 | Transfer of patent application right | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210202 |
|
| RJ01 | Rejection of invention patent application after publication |