CN112422865A - User access monitoring method and system - Google Patents

User access monitoring method and system Download PDF

Info

Publication number
CN112422865A
CN112422865A CN202011227048.8A CN202011227048A CN112422865A CN 112422865 A CN112422865 A CN 112422865A CN 202011227048 A CN202011227048 A CN 202011227048A CN 112422865 A CN112422865 A CN 112422865A
Authority
CN
China
Prior art keywords
frame
video file
virtual interface
encryption
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011227048.8A
Other languages
Chinese (zh)
Inventor
陈飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Miluoxing Technology Group Co ltd
Original Assignee
Hangzhou Miluoxing Technology Group Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Miluoxing Technology Group Co ltd filed Critical Hangzhou Miluoxing Technology Group Co ltd
Priority to CN202011227048.8A priority Critical patent/CN112422865A/en
Publication of CN112422865A publication Critical patent/CN112422865A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/433Content storage operation, e.g. storage operation in response to a pause request, caching operations
    • H04N21/4334Recording operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Television Signal Processing For Recording (AREA)

Abstract

The invention provides a monitoring method and a system for user access, which relate to the technical field of communication and comprise the following steps: firstly, generating a virtual interface through a monitoring module at the starting moment of a session; the time attribute of the session comprises a starting time and an ending time, the starting time is the starting time when the user accesses the target server through the client, and the virtual interface is used for recording the real operation of the user; and then acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the end time so as to enable a third party to acquire the video files. According to the invention, the corresponding video file can be directly generated by acquiring the image frame from the virtual interface through the screen recording module, the video file can intuitively display the operation performed by the user, and the video file does not depend on the bastion machine, so that the video file can still be normally read even if the bastion machine fails or is hung up.

Description

User access monitoring method and system
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and a system for monitoring user access.
Background
The existing bastion machine is provided with a monitoring module and a database, wherein the monitoring module is used for monitoring session data (including instructions input by a user and data fed back by a server) generated by a specific server in a server cluster in a local area network after the user on the bastion machine logs in a domain name of the bastion machine and accesses the domain name of the bastion machine through a springboard machine, and then the session data is encrypted by key information (such as passwords, accounts and the like) and then stored in the database. On the one hand, since the data itself is not a video file but a stack of programs, even if it is called, it is not possible to intuitively see what operations the user has done. On the other hand, since the encrypted data depends on the bastion machine itself, that is, the encrypted data cannot be separated from the system, the data cannot be read when the bastion machine fails or hangs up.
Disclosure of Invention
The invention aims to provide a user access monitoring method and a user access monitoring system, which are used for solving the technical problems that in the prior art, which operations are performed by a user and data cannot be read after a bastion machine fails or is hung up cannot be visually seen.
In a first aspect, the present invention provides a method for monitoring user access, including: generating a virtual interface by a monitoring module at the starting moment of the session; the time attribute of the session comprises the starting time and the ending time, the starting time is the starting time when a user accesses a target server through a client, and the virtual interface is used for recording the real operation of the user; and acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the ending moment so as to enable a third party to acquire the video files.
Further, after the corresponding video file is recorded, the method further comprises: storing the video file in a target storage area; wherein the target storage area comprises an encryption bucket and a cloud storage area.
Further, when the target storage area is the encryption bucket, storing the video file in the target storage area includes: sending a storage request to a lobby server through the encryption bucket; after the lobby server passes the storage request, receiving a token sent by the lobby server through the screen recording module; sending the token to the encryption bucket through the screen recording module so that the encryption bucket stores the video file based on the token; after the video file is stored, generating a certificate through the encryption barrel, and sending the certificate to the lobby server.
Further, the method further comprises: receiving an acquisition request of the video file sent by a third party; performing identity verification and authority authentication on the third party, and passing the acquisition request after the identity verification and the authority authentication are passed; after the acquisition request is passed, transmitting a certificate to the third party, so that the third party acquires the video file corresponding to the certificate from the encryption bucket according to the certificate.
Further, the method further comprises: after the third party obtains the video file corresponding to the certificate from the encryption barrel according to the certificate, determining the certificate as a failure state, and generating a new certificate through the encryption barrel; feeding back a credential update result to the lobby server through the encryption bucket; wherein the credential update result is used to represent: the credential is in an invalid state and the new credential is in a valid state.
Further, the image frame includes: key frame I frame, difference frame P frame and bidirectional difference frame B frame; acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the ending moment, wherein the method comprises the following steps: acquiring the I frame from the virtual interface through the screen recording module, and recording a corresponding video file based on the I frame until the ending moment; or acquiring the I frame and the P frame from the virtual interface through the screen recording module, and recording a corresponding video file based on the I frame and the P frame until the ending moment; or acquiring the I frame and the B frame from the virtual interface through the screen recording module, and recording a corresponding video file based on the I frame and the B frame until the ending moment; or acquiring the I frame, the P frame and the B frame from the virtual interface through the screen recording module, and recording corresponding video files based on the I frame, the P frame and the B frame until the end time.
Further, the method further comprises: and displaying the video file through the screen recording module.
In a second aspect, the present invention provides a monitoring system for user access, including: the system comprises a target server, a monitoring module and a screen recording module; the monitoring module is used for generating a virtual interface at the starting moment of the session; the time attribute of the session comprises the starting time and the ending time, the starting time is the starting time when the user accesses the target server through the client, and the virtual interface is used for recording the real operation of the user; and the screen recording module is used for acquiring image frames from the virtual interface and recording the image frames into corresponding video files until the ending moment so as to enable a third party to acquire the video files.
In a third aspect, the present invention further provides an electronic device, including a memory and a processor, where the memory stores a computer program operable on the processor, and the processor implements the steps of the method for monitoring user access when executing the computer program.
In a fourth aspect, the present invention also provides a computer readable medium having non-volatile program code executable by a processor, wherein the program code causes the processor to perform the method for monitoring user access.
The invention provides a method and a system for monitoring user access, which comprise the following steps: firstly, generating a virtual interface through a monitoring module at the starting moment of a session; the time attribute of the session comprises a starting time and an ending time, the starting time is the starting time when the user accesses the target server through the client, and the virtual interface is used for recording the real operation of the user; and then acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the end time so as to enable a third party to acquire the video files. According to the invention, the corresponding video file can be directly generated by acquiring the image frame from the virtual interface through the screen recording module, the video file can intuitively display the operation performed by the user, and the video file does not depend on the bastion machine, so that the video file can still be normally read even if the bastion machine fails or is hung up.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a monitoring method for user access according to an embodiment of the present invention;
FIG. 2 is a flow chart of storing a video file to a target storage area;
FIG. 3 is a flow chart of a third party obtaining a video file;
fig. 4 is a schematic structural diagram of a monitoring system for user access according to an embodiment of the present invention.
Icon:
11-a monitoring module; 12-screen recording module; 13-a virtual interface; 14-an encryption bucket; 15-lobby Server.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, data is not a video file but a stack of programs, so that the user can not visually see what operation is performed even if the data is called out, and the encrypted data depends on the bastion machine, namely, the encrypted data cannot be separated from the system, and the data cannot be read after the bastion machine breaks down or is hung up. Based on this, the invention aims to provide a user access monitoring method and system, which can intuitively display what operations a user does, and the video file does not depend on the bastion machine, and can still be normally read even if the bastion machine fails or is hung up.
For the convenience of understanding the embodiment, a detailed description will be first given of a user access monitoring method disclosed in the embodiment of the present invention.
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for monitoring user access, it should be noted that the steps illustrated in the flowchart of the accompanying drawings may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that presented herein.
Fig. 1 is a flowchart of a monitoring method for user access according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S101, at the starting time of the session, a virtual interface is generated through the monitoring module.
In the embodiment of the invention, the time attribute of the session comprises a starting time and an ending time, the starting time is the starting time when the user accesses the target server through the client, and the virtual interface is used for recording the real operation of the user. The real operation of the user refers to any operation of the user on the client, including but not limited to: inputting, deleting, sending and exiting. The time when the session starts is the start time, and the time when the session ends is the end time. There are two ways to end a session: one way is for the user to input an end/restart instruction, such as an end instruction Exit, a restart instruction Reboot, and the other way is for the target server to end the session primarily.
And step S102, acquiring image frames from the virtual interface through the screen recording module, and recording the image frames into corresponding video files until the end time so as to enable a third party to acquire the video files.
The recording module obtains the image frame from the virtual interface in the application, and records the corresponding video file, which can be simply understood as: one camera is aimed at the display screen of the target server to capture the whole process of the user operation. The image frames may be acquired at a frequency of 24 frames per 1 second, or may be acquired at any other frequency. The screen recording module can be integrated with the fort machine and can also be an independent functional module. When the conversation starts, the virtual interface starts to be generated, and after the conversation is finished, the virtual interface automatically disappears. The fort in this application has both recording and playback functions. The recorded video file may be separate from the system of the bastion machine. The session corresponds to a video file one to one, for example: and the user logs in the bastion machine, then selects a target server from the server list for access through the trigger, generates a first video file after the access is finished, and then selects another target server from the server list for access again, and generates a second video file after the access is finished.
Before accessing the target server, the target server should be logged in, and the process of logging in the target server is as follows: the account number, the password and the secret key are firstly input to access the bastion machine, then a welcome interface and a prompt interface are displayed after the bastion machine, wherein the prompt interface can display the unique identification of all target servers, so that a user can search the target servers according to the unique identification. The prompt interface can also provide a position for inputting an IP address so that a user can search a corresponding target server according to the IP address, and then the target server authorizes the user to further guide the user to log in the target server.
The video file in the application can restore the process of user operation and various information returned by the target server in percentage. It should be noted that the video file in the present application may be played back or live. The video file can be separated from the system of the bastion machine, and users with authority can watch the video file. The video type of the video file is not particularly limited in the present application, and may be in the MP4 format, or may be in other formats.
In addition, video files contain more information, such as: the time interval between input a and input B can be seen, and it can also be seen whether the user is a one-time-out input, a hesitant input, or an unskilled input, so that some detailed information of the user can be easily determined according to the video file in the present application. In public security, the existing bastion machine plays back based on a system, and played back data is not a video, a film or a pile of programs, so that the playing back process is difficult. When current fortress machine is recorded, the recording mode is comparatively complicated, for example: a user logs in a target server at 7 points 59, enters an interface A of the target server at 8 points and enters an interface B of the target server at 9 points, and the traditional recording mode is as follows: the method is characterized in that the time of logging in the target server is taken as a reference, then the target server enters the interface A after one minute, and enters the interface B after 61 minutes, so that the conventional recording mode also easily causes the playback difficulty of the conventional bastion machine.
The method for monitoring the user access provided by the embodiment of the invention comprises the following steps: firstly, generating a virtual interface through a monitoring module at the starting moment of a session; the time attribute of the session comprises a starting time and an ending time, the starting time is the starting time when the user accesses the target server through the client, and the virtual interface is used for recording the real operation of the user; and then acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the end time so as to enable a third party to acquire the video files. According to the embodiment of the invention, the corresponding video file can be directly generated in a mode that the screen recording module acquires the image frame from the virtual interface, the video file can intuitively display the operation performed by the user, the video file does not depend on the bastion machine, and the video file can still be normally read even if the bastion machine fails or is hung up.
In an optional embodiment, after recording the corresponding video file, the method further comprises: storing the video file in a target storage area; wherein the target storage area comprises an encryption bucket and a cloud storage area.
In this application, the video file itself is not encrypted, but is placed in an encrypted area (i.e., a target storage area). The target storage area is not specifically limited, and may be an encryption Bucket, or a cloud storage area, where the cloud storage area includes but is not limited to: arriyun, amazon, and the like.
In an alternative embodiment, when the target storage area is an encryption bucket, as shown in fig. 2, storing the video file in the target storage area includes:
step S201, sending a storage request to a hall server through an encryption bucket;
step S202, after the lobby server passes the storage request, receiving a token sent by the lobby server through a screen recording module;
step S203, a token is sent to the encryption barrel through the screen recording module, so that the encryption barrel stores the video file based on the token;
and step S204, after the video file is stored, generating a certificate through the encryption barrel, and sending the certificate to the lobby server.
In the embodiment of the invention, during storage, an encryption barrel firstly sends a storage request to a hall server, then the hall server receives a token sent by the hall server through the storage request, a screen recording module sends the token to the encryption barrel, the encryption barrel stores a video file based on the token, and after the video file is stored, the encryption barrel generates a certificate and sends the certificate to the hall server so as to enable a third party to obtain the certificate.
In an alternative embodiment, after performing step S204, as shown in fig. 3, the method further includes:
step S301, receiving a video file acquisition request sent by a third party;
step S302, identity verification and authority authentication are carried out on a third party, and after the identity verification and the authority authentication pass, the request is obtained;
step S303, after passing the obtaining request, sending the certificate to the third party, so that the third party obtains the video file corresponding to the certificate from the encryption bucket according to the certificate.
In the embodiment of the invention, the identity verification and the authority authentication can ensure the reading safety of the video file, and a third party can directly acquire the video file corresponding to the certificate from the encryption barrel through the certificate, so that the acquisition mode is simple and the operation is convenient.
In an alternative embodiment, as shown in fig. 3, after performing step S303, the method further includes:
step S304, after the third party obtains the video file corresponding to the certificate from the encryption barrel according to the certificate, the certificate is determined to be in a failure state, and a new certificate is generated through the encryption barrel;
step S305, feeding back a certificate updating result to the lobby server through the encryption barrel; wherein the credential update result is used to represent: the credential is in an invalid state and the new credential is in a valid state.
In this embodiment, one video file corresponds to one voucher, the voucher is disposable and carries a service life, and after the voucher is determined to be in a failure state, a new voucher is generated, so that a next third party can obtain the video file conveniently.
In an alternative embodiment, the image frame comprises: key frame I frame, difference frame P frame and bidirectional difference frame B frame; acquiring image frames from the virtual interface through a screen recording module, recording the image frames into corresponding video files until the end time, wherein the method comprises the following steps: mode 1: acquiring an I frame from the virtual interface through a screen recording module, and recording a corresponding video file based on the I frame until the end time; the second method comprises the following steps: acquiring an I frame and a P frame from a virtual interface through a screen recording module, and recording a corresponding video file based on the I frame and the P frame until the end moment; the third method comprises the following steps: acquiring an I frame and a B frame from a virtual interface through a screen recording module, and recording a corresponding video file based on the I frame and the B frame until the end moment; the method is as follows: and acquiring an I frame, a P frame and a B frame from the virtual interface through a screen recording module, and recording corresponding video files based on the I frame, the P frame and the B frame until the end moment.
The meaning of the key frame I frame, the difference frame P frame and the bidirectional difference frame B frame is not described in detail in the embodiment of the present invention, and when the key frame I frame is obtained from the virtual interface, the key frame I frame needs to be obtained no matter how the key frame I frame is obtained.
In an optional embodiment, the method further comprises: and displaying the video file through the screen recording module.
According to the method and the device, playback can be achieved after recording is completed, the recording interface can be sent to the mobile terminal with the permission to be sent in real time and live broadcast, and a third party can read the video file conveniently.
In summary, in the embodiment of the present invention, the video frame is acquired in the virtual interface by the screen recording module, so that the corresponding video file can be directly generated, the video file can intuitively display what operations the user has performed, and the video file does not depend on the bastion machine, so that the video file can still be normally read even if the bastion machine fails or hangs up.
Example 2:
the embodiment of the present invention provides a monitoring system for user access, which is mainly used for executing the monitoring method for user access provided in the foregoing content of embodiment 1, and the following provides a specific description of the monitoring system for user access provided in the embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a monitoring system for user access according to an embodiment of the present invention. As shown in fig. 4, the method mainly includes: monitoring module 11, record screen module 12 and virtual interface 13, wherein:
the monitoring module 11 is configured to generate a virtual interface 13 at a start time of a session; the time attribute of the session comprises a starting time and an ending time, the starting time is the starting time when the user accesses the target server through the client, and the virtual interface 13 is used for recording the real operation of the user;
and the screen recording module 12 is configured to acquire image frames from the virtual interface 13 and record the image frames into corresponding video files until the end time, so that a third party acquires the video files.
In the monitoring system for user access provided by the embodiment of the invention, at the beginning of a session, a virtual interface 13 is generated by using a monitoring module 11; then, the image frame is obtained from the virtual interface 13 through the screen recording module 12, and the image frame is recorded into a corresponding video file until the end time, so that a third party can obtain the video file. According to the embodiment of the invention, the corresponding video file can be directly generated in a mode that the screen recording module 12 acquires the image frame from the virtual interface 13, the video file can intuitively display what operations are performed by a user, the video file does not depend on the bastion machine, and the video file can still be normally read even if the bastion machine fails or is hung up.
In addition, the monitoring system for the user access further comprises: the encryption barrel 14 and the lobby server 15, wherein the encryption barrel 14 interacts with the lobby server 15 to store the video file, and the specific process includes the above monitoring method for the user access, which is not described herein again.
In an optional embodiment, the present embodiment further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program operable on the processor, and the processor executes the computer program to implement the steps of the method of the foregoing method embodiment.
In an alternative embodiment, the present embodiment also provides a computer readable medium having non-volatile program code executable by a processor, wherein the program code causes the processor to perform the method of the above method embodiment.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "connected" and "connected" should be interpreted broadly, e.g., as being fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
In the description of the present embodiment, it should be noted that the terms "middle", "upper", "lower", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, which are only for convenience in describing the present invention and simplifying the description, but do not indicate or imply that the system or element referred to must have a specific orientation, be configured in a specific orientation, and operate, and thus, should not be construed as limiting the present embodiment. Furthermore, the terms "first," "second," "third," and "fourth" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the module described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in this embodiment, it should be understood that the disclosed method and system may be implemented in other ways. The above-described system embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and there may be other divisions in actual implementation, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of systems or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present embodiment or parts of the technical solution may be essentially implemented in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein.

Claims (10)

1. A method for monitoring user access, comprising:
generating a virtual interface by a monitoring module at the starting moment of the session; the time attribute of the session comprises the starting time and the ending time, the starting time is the starting time when a user accesses a target server through a client, and the virtual interface is used for recording the real operation of the user;
and acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the ending moment so as to enable a third party to acquire the video files.
2. The method of claim 1, wherein after recording the corresponding video file, the method further comprises:
storing the video file in a target storage area; wherein the target storage area comprises an encryption bucket and a cloud storage area.
3. The method of claim 2, wherein storing the video file to a target storage area when the target storage area is the encrypted bucket comprises:
sending a storage request to a lobby server through the encryption bucket;
after the lobby server passes the storage request, receiving a token sent by the lobby server through the screen recording module;
sending the token to the encryption bucket through the screen recording module so that the encryption bucket stores the video file based on the token;
after the video file is stored, generating a certificate through the encryption barrel, and sending the certificate to the lobby server.
4. The method of claim 3, further comprising:
receiving an acquisition request of the video file sent by a third party;
performing identity verification and authority authentication on the third party, and passing the acquisition request after the identity verification and the authority authentication are passed;
after the acquisition request is passed, transmitting a certificate to the third party, so that the third party acquires the video file corresponding to the certificate from the encryption bucket according to the certificate.
5. The method of claim 4, further comprising:
after the third party obtains the video file corresponding to the certificate from the encryption barrel according to the certificate, determining the certificate as a failure state, and generating a new certificate through the encryption barrel;
feeding back a credential update result to the lobby server through the encryption bucket; wherein the credential update result is used to represent: the credential is in an invalid state and the new credential is in a valid state.
6. The method of claim 1, wherein the image frame comprises: key frame I frame, difference frame P frame and bidirectional difference frame B frame; acquiring image frames from the virtual interface through a screen recording module, and recording the image frames into corresponding video files until the ending moment, wherein the method comprises the following steps:
acquiring the I frame from the virtual interface through the screen recording module, and recording a corresponding video file based on the I frame until the ending moment;
or acquiring the I frame and the P frame from the virtual interface through the screen recording module, and recording a corresponding video file based on the I frame and the P frame until the ending moment;
or acquiring the I frame and the B frame from the virtual interface through the screen recording module, and recording a corresponding video file based on the I frame and the B frame until the ending moment;
or acquiring the I frame, the P frame and the B frame from the virtual interface through the screen recording module, and recording corresponding video files based on the I frame, the P frame and the B frame until the end time.
7. The method of claim 1, further comprising:
and displaying the video file through the screen recording module.
8. A system for monitoring user access, comprising: the system comprises a monitoring module and a screen recording module;
the monitoring module is used for generating a virtual interface at the starting moment of the session; the time attribute of the session comprises the starting time and the ending time, the starting time is the starting time when a user accesses a target server through a client, and the virtual interface is used for recording the real operation of the user;
and the screen recording module is used for acquiring image frames from the virtual interface and recording the image frames into corresponding video files until the ending moment so as to enable a third party to acquire the video files.
9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable medium having non-volatile program code executable by a processor, the program code causing the processor to perform the method of any of claims 1 to 7.
CN202011227048.8A 2020-11-05 2020-11-05 User access monitoring method and system Pending CN112422865A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011227048.8A CN112422865A (en) 2020-11-05 2020-11-05 User access monitoring method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011227048.8A CN112422865A (en) 2020-11-05 2020-11-05 User access monitoring method and system

Publications (1)

Publication Number Publication Date
CN112422865A true CN112422865A (en) 2021-02-26

Family

ID=74827816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011227048.8A Pending CN112422865A (en) 2020-11-05 2020-11-05 User access monitoring method and system

Country Status (1)

Country Link
CN (1) CN112422865A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130054977A1 (en) * 2011-08-30 2013-02-28 Microsoft Corporation Encrypted chunk-based rapid data encryption policy compliance
US9154304B1 (en) * 2013-03-14 2015-10-06 Emc Corporation Using a token code to control access to data and applications in a mobile platform
CN105847222A (en) * 2015-01-14 2016-08-10 中国移动通信集团浙江有限公司 Graphic auditing method and device and electronic device
CN108521419A (en) * 2018-04-04 2018-09-11 广州赛姆科技资讯股份有限公司 Access processing method, device and the computer equipment of observation system file
US10193844B1 (en) * 2015-12-11 2019-01-29 Amazon Technologies, Inc. Secure cloud-based messaging and storage
US20190236547A1 (en) * 2018-02-01 2019-08-01 Moxtra, Inc. Record and playback for online collaboration sessions
US10609077B1 (en) * 2016-12-16 2020-03-31 Amazon Technologies, Inc. Event-restricted credentials for resource allocation
CN111400704A (en) * 2020-03-20 2020-07-10 广州赛讯信息技术有限公司 Method, device and equipment for realizing web access security audit and computer readable medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130054977A1 (en) * 2011-08-30 2013-02-28 Microsoft Corporation Encrypted chunk-based rapid data encryption policy compliance
US9154304B1 (en) * 2013-03-14 2015-10-06 Emc Corporation Using a token code to control access to data and applications in a mobile platform
CN105847222A (en) * 2015-01-14 2016-08-10 中国移动通信集团浙江有限公司 Graphic auditing method and device and electronic device
US10193844B1 (en) * 2015-12-11 2019-01-29 Amazon Technologies, Inc. Secure cloud-based messaging and storage
US10609077B1 (en) * 2016-12-16 2020-03-31 Amazon Technologies, Inc. Event-restricted credentials for resource allocation
US20190236547A1 (en) * 2018-02-01 2019-08-01 Moxtra, Inc. Record and playback for online collaboration sessions
CN108521419A (en) * 2018-04-04 2018-09-11 广州赛姆科技资讯股份有限公司 Access processing method, device and the computer equipment of observation system file
CN111400704A (en) * 2020-03-20 2020-07-10 广州赛讯信息技术有限公司 Method, device and equipment for realizing web access security audit and computer readable medium

Similar Documents

Publication Publication Date Title
US9485146B1 (en) Providing services using a device capabilities service
EP3691215A1 (en) Access token management method, terminal and server
CN106998494B (en) Video recording method and related device
CN111030812A (en) Token verification method, device, storage medium and server
CN107196909B (en) Invitation registration method and device
CN108650526B (en) Identification method, computer equipment and storage medium
CN110224851B (en) Account information merging method and device, computer equipment and computer storage medium
CN102368230A (en) Mobile memory and access control method thereof as well as system
CN109829321B (en) Method, device, equipment and storage medium for authenticating identity
JP5687455B2 (en) Server, terminal, program, and service providing method
JP5487374B2 (en) Service providing method and online service system
CN115904296B (en) Double-record screen-throwing signing service system
CN112422865A (en) User access monitoring method and system
JP2003178022A (en) Identification information issuing apparatus and method therefor, storage medium with identification information issuing program stored therein, identification information issuing program, information processing device and method therefor, storage medium with information processing program stored therein, and information processing program
CN110933014B (en) Cloud service access method, device and computer-readable storage medium
CN112351048B (en) Interface access control method, device, equipment and storage medium
CN112084485B (en) Data acquisition method, device, equipment and computer storage medium
CN110992022B (en) Verification result acquisition method and device
CN107844983B (en) Information anti-counterfeiting identification method and system
KR101331575B1 (en) Method and system blocking for detour hacking of telephone certification
US20200301591A1 (en) Information processing system and non-transitory computer readable medium
KR20100001811A (en) Method for generating one time password and system therefor
CN111767576A (en) User matching method and system based on privacy information and readable storage medium
JP4242112B2 (en) Software installation authentication method, software installation authentication program, and computer-readable recording medium recording the software installation authentication program
KR20160011863A (en) Authentication system and Method for second authenticating with QR cord with 2 channels

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210226