CN112672349A - Management and control method, terminal, system and computer readable storage medium - Google Patents
Management and control method, terminal, system and computer readable storage medium Download PDFInfo
- Publication number
- CN112672349A CN112672349A CN201910983957.5A CN201910983957A CN112672349A CN 112672349 A CN112672349 A CN 112672349A CN 201910983957 A CN201910983957 A CN 201910983957A CN 112672349 A CN112672349 A CN 112672349A
- Authority
- CN
- China
- Prior art keywords
- terminal
- management
- control
- policy
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a management and control method, a terminal, a system and a computer readable storage medium. Wherein, the management and control method comprises the following steps: and the first terminal forms a control message according to the acquired control strategy and sends a first SIP message carrying the control message to the second terminal so that the second terminal performs control operation according to the control strategy. In the embodiment of the application, since the SIP message is transmitted between the first terminal and the second terminal, that is, the first terminal and the second terminal can communicate through the IMS network, direct end-to-end communication between the first terminal and the second terminal can be achieved, so that a special server does not need to be installed, and the flexibility of management and control between the terminals can be improved.
Description
Technical Field
The embodiments of the present application relate to, but not limited to, the field of terminal device control, and in particular, to a management and control method, a terminal, a system, and a computer-readable storage medium.
Background
The popularization and application of the terminal greatly facilitate the life of people, but also bring negative effects. For example, due to the widespread use of mobile phones for pupils and middle school students, many parents and teachers may worry about the influence of using mobile phones to study during the period that children are studying. For another example, due to the widespread application of mobile phones or computers to employees of companies, the enterprise management layer of companies is concerned that the mobile phones will affect the work efficiency of employees and the information security of companies, and therefore, certain restrictions need to be imposed on the internet access behavior of employees during work, such as prohibiting the employees from using tools such as chat software.
In order to solve the above problems, the conventional method installs a management and control application in a terminal to implement management and control of the terminal, but the current method needs to manage the terminal through a server, for example, the current remote control of the internet of things device is implemented by erecting a special server, so the current management and control method is not only inconvenient in application, but also is not flexible in control mode.
Disclosure of Invention
The following is a summary of the subject matter described in detail herein. This summary is not intended to limit the scope of the claims.
In a first aspect, embodiments of the present application provide a management and control method, a terminal, a system, and a computer-readable storage medium, which can implement direct management and control between terminals, so as to improve flexibility of management and control.
In a second aspect, an embodiment of the present application provides a management method, which is applied to a first terminal communicatively connected to a second terminal, including,
acquiring a control strategy;
forming a control message according to the control strategy;
and sending the first SIP message carrying the control message to a second terminal so that the second terminal performs control operation according to the control strategy.
In a third aspect, an embodiment of the present application further provides a management method, which is applied to a second terminal communicatively connected to a first terminal, and includes,
acquiring a first SIP message carrying a control message sent by a first terminal, wherein the control message comprises first authentication information and a control strategy;
and performing authentication processing according to the first authentication information obtained by analyzing the first SIP message, and performing management and control operation according to the management and control strategy when authentication is successful.
In a fourth aspect, an embodiment of the present application further provides a terminal, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the governing method of the second aspect as described above or implementing the governing method of the third aspect as described above when executing the computer program.
In a fifth aspect, an embodiment of the present application further provides a management and control system, including a first terminal and a second terminal, where the first terminal acquires first authentication information, where the first authentication information includes one or more of an equipment identifier, a preset password, and a secret key;
the first terminal acquires a management and control strategy, wherein the management and control strategy comprises one or more of a restriction strategy, an allowance strategy and a monitoring strategy for the use function of the second terminal,
or
The second terminal acquires second authentication information and a management and control request, forms a management and control request message according to the second authentication information and the management and control request, sends a second SIP message carrying the management and control request message to the first terminal, the first terminal acquires the second SIP message and performs authentication processing according to the second authentication information obtained by analyzing the second SIP message, and when authentication is successful, the first terminal acquires a management and control policy according to the management and control request, wherein the management and control policy is the management and control request or is the negation of the management and control request, the management and control request comprises a restriction policy or an allowance policy for the use function of the second terminal, and the second authentication information comprises one or more of a device identification code, a preset password and a secret key;
the first terminal forms a control message according to the first authentication information and the control strategy, and sends a first SIP message carrying the control message to the second terminal;
and the second terminal acquires the first SIP message, performs authentication processing according to the first authentication information obtained by analyzing the first SIP message, and performs management and control operation according to the management and control strategy when authentication is successful.
In a sixth aspect, embodiments of the present application further provide a computer-readable storage medium storing computer-executable instructions for executing the management and control method described above.
The embodiment of the application comprises the following steps: the method includes the steps that SIP (Session Initiation Protocol) messages are transmitted between a first terminal and a second terminal, so that the first terminal sends the SIP messages carrying management and control messages to the second terminal, the second terminal analyzes the SIP messages and obtains management and control strategies and authentication information, authentication processing can be conducted on the authentication information, when authentication is successful, the second terminal can conduct management and control operation according to the management and control strategies, direct management and control of the first terminal on the second terminal are achieved, and management and control flexibility is improved. According to the scheme provided by the embodiment of the application, since the SIP message is transmitted between the first terminal and the second terminal, that is, the first terminal and the second terminal can communicate through an IMS (IP Multimedia Subsystem) network, direct end-to-end communication between the first terminal and the second terminal can be realized, and a special server does not need to be erected; in addition, the control strategy and the authentication information form a self-defined control message, and the control message is filled in the SIP message, so that the flexible control of the first terminal on the second terminal can be realized in a targeted manner, and the control flexibility between the terminals can be improved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the claimed subject matter and are incorporated in and constitute a part of this specification, illustrate embodiments of the subject matter and together with the description serve to explain the principles of the subject matter and not to limit the subject matter.
Fig. 1 is a schematic frame diagram of a system architecture platform for executing a management and control method according to an embodiment of the present application;
fig. 2 is a flowchart of a management and control method applied to a first terminal according to an embodiment of the present application;
fig. 3 is a flowchart illustrating a management and control policy obtained in a management and control method applied to a first terminal according to another embodiment of the present application;
fig. 4 is a flowchart of a management and control method applied to a second terminal according to an embodiment of the present application;
fig. 5 is a flowchart for acquiring a first SIP message in a management and control method applied to a second terminal according to another embodiment of the present application;
fig. 6 is a schematic diagram of a terminal according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It should be noted that although functional blocks are partitioned in a schematic diagram of an apparatus and a logical order is shown in a flowchart, in some cases, the steps shown or described may be performed in a different order than the partitioning of blocks in the apparatus or the order in the flowchart. The terms first, second and the like in the description and in the claims, and the drawings described above, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order.
The application provides a management and control method, a terminal, a system and a computer readable storage medium, wherein the transmission of SIP messages is carried out between a first terminal and a second terminal, so that the first terminal sends the SIP messages carrying the management and control messages to the second terminal, the second terminal analyzes the SIP messages and obtains a management and control strategy and authentication information, the authentication information is authenticated, and when the authentication is successful, the second terminal can carry out management and control operation according to the management and control strategy, so that the first terminal directly manages and controls the second terminal, and the management and control flexibility is improved. Because the SIP message is transmitted between the first terminal and the second terminal, namely the first terminal and the second terminal can communicate through the IMS network, the direct end-to-end communication between the first terminal and the second terminal can be realized, and a special server does not need to be erected; in addition, the control strategy and the authentication information form a self-defined control message, and the control message is filled in the SIP message, so that the flexible control of the first terminal on the second terminal can be realized in a targeted manner, and the control flexibility between the terminals can be improved.
The embodiments of the present application will be further explained with reference to the drawings.
As shown in fig. 1, fig. 1 is a schematic frame diagram of a system architecture platform for executing a management and control method according to an embodiment of the present application.
As shown in fig. 1, the system architecture platform 100 includes a first terminal 110 and a second terminal 120, the first terminal 110 includes a first memory 111 and a first processor 112, and the second terminal 120 includes a second memory 121 and a second processor 122. The first memory 111 and the first processor 112 may be connected by a bus or other means, and fig. 1 illustrates an example of a connection by a bus; the second memory 121 and the second processor 122 may be connected by a bus or other means, and the bus connection is taken as an example in fig. 1. In addition, the first processor 112 and the second processor 122 are respectively constructed with an authentication module, a management policy module, and a management protocol module.
The authentication module is configured to perform mutual authentication by setting specific data, such as the respective device identification codes used by the first terminal 110 and the second terminal 120 as authentication data.
The management and control strategy module is used for realizing the making function, the executing function, the requesting function and the giving function of the management and control strategy. For the management and control policy module of the first terminal 110, policies that can be set by the user can be provided, for example, check boxes used for primary management and content input used for secondary management can be used for setting the management and control policies, wherein all management and control contents can be listed by the check boxes for the user to select, such as whether bluetooth is allowed, wifi is allowed, internet is allowed, and the like; the user can also set the governing policy by using the content input mode, for example, how much traffic is allowed to be used can be limited in the form of the content input. For the governing policy module of the second terminal 120, the governing contents set by the governing policy module of the first terminal 110 may be executed, and a request to change the governing policy may be initiated to the first terminal 110.
The management and control protocol module is used for carrying out protocol encapsulation and analysis on the management and control strategy. In this embodiment, a Personal Mobile Device Management (PMDM) protocol is customized, and the PMDM protocol is used as a request response protocol, and is filled in an information body of an SIP protocol as an application layer protocol, so that the PMDM protocol can be applied to an IMS communication application layer.
In this embodiment, the encapsulation format of the PMDM protocol is: request line-information body-message terminator.
The following is an exemplary illustration of the encapsulation format of the PMDM protocol:
for an example of the encapsulation format of the PMDM protocol described above, an example of the following contents packet data is given:
(1) examples of PMDM protocols for setting governing policies:
PMDM1.0 set 13XXXXXXXXX 15XXXXXXXXX\r\n
XXXXXXX (primary control content) YYYYYYY (secondary control content) equipment identification code r \ n
\r\n
For the above example PMDM protocol for setting a governing policy, the contents thereof are interpreted as follows:
a first part: the protocol number is PMDM1.0, the behavior is set, the first terminal number is 13XXXXXXXXX, the second terminal number is 15XXXXXXXXX, and the behavior of carriage return and vehicle change \ r \ n;
a second part: the primary control content is XXXXXXX, the secondary control content is YYYYY, the authentication information is an equipment identification code, and the carriage return behavior \ r \ n is changed;
and a third part: the end of message symbol is r \ n.
(2) Example PMDM protocol for requesting a change to a governing policy:
PMDM1.0 request 13XXXXXXXXX 15XXXXXXXXX\r\n
XXXXXXX (primary control content) YYYYYYY (secondary control content) equipment identification code r \ n
\r\n
For the above example PMDM protocol for requesting a change to a management policy, the following is explained:
a first part: the protocol number is PMDM1.0, the behavior is request, the first terminal number is 13XXXXXXXXX, the second terminal number is 15 XXXXXXXXXXX, and the behavior of returning to the vehicle is r \ n;
a second part: the primary control content is XXXXXXX, the secondary control content is YYYYY, the authentication information is an equipment identification code, and the carriage return behavior \ r \ n is changed;
and a third part: the end of message symbol is r \ n.
(3) PMDM protocol example for regulatory responses:
PMDM1.0 ack 13XXXXXXXXX 15XXXXXXXXX\r\n
200 reserved item equipment identification code r n
\r\n
For the above example PMDM protocol for governing the response, the contents are interpreted as follows:
a first part: the protocol number is PMDM1.0, the behavior is ack (response), the first terminal number is 13XXXXXXXXX, the second terminal number is 15XXXXXXXXX, and the behavior of returning to the car is r \ n;
a second part: the response result is 200, the item is reserved, the authentication information is the equipment identification code, and the carriage return behavior \ r \ n is changed;
and a third part: the end of message symbol is r \ n.
Wherein, the response result is composed of three digits, the first digit defines the response category and is divided into success and failure categories. For example, the answer result is 1xx, which indicates that the request cannot be correctly answered; the response result is 2xx, which indicates that the request is received and normally replied to. Specifically, there may be the following examples:
the response result is 101, which indicates that the request has a syntax error;
the response result is 102, which indicates that the relevant request content is rejected;
the response result is 103, which indicates that the authentication fails;
the response result is 200, indicating a successful reply.
When the first terminal 110 manages the second terminal 120, the first terminal 110 has the following features and capabilities for the second terminal 120:
1. the first terminal 110 and the second terminal 120 are both registered in the IMS network;
2. the first terminal 110 and the second terminal 120 are correspondingly installed with an application program for management and control, and the application program provides an interface for management and control connection;
3. the first terminal 110 and the second terminal 120 perform message transfer through the SIP protocol.
When the first terminal 110 manages and controls the second terminal 120, the first terminal 110 sends a management and control policy to the second terminal 120, after the second terminal 120 receives the management and control policy, the second terminal 120 parses the content of the management and control policy and performs authentication processing for identity authentication, and after the authentication is successful, the second terminal 120 performs management and control operation according to the management and control policy.
Those skilled in the art will appreciate that the first terminal 110 and the second terminal 120 may be any type of smart terminal, such as a smart phone, a tablet computer, or other handheld mobile device.
The first memory 111 and the second memory 121 are respectively one type of non-transitory computer readable storage medium, and may be used for storing a non-transitory software program and a non-transitory computer executable program, respectively. Further, the first memory 111 and the second memory 121 may each comprise high speed random access memory, and may also comprise non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the first memory 111 optionally includes memory located remotely from the first processor 112, which may be connected to the first terminal 110 via a network. In other embodiments, the second memory 121 may optionally include memory located remotely from the second processor 122, which may be connected to the second terminal 120 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Those skilled in the art will appreciate that the device architecture shown in fig. 1 does not constitute a limitation of the system architecture platform 100 and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
In the system architecture platform 100 shown in fig. 1, the first processor 112 in the first terminal 110 may be configured to call a hypervisor stored in the first memory 111, and the second processor 122 in the second terminal 120 may be configured to call a hypervisor stored in the second memory 121, which cooperate with each other to implement a method for managing the second terminal 120 by the first terminal 110.
Based on the system architecture platform 100, various embodiments of the management and control method of the present application are provided.
As shown in fig. 2, fig. 2 is a flowchart of a policing method applied to a first terminal in communication connection with a second terminal according to an embodiment of the present application, where the policing method includes, but is not limited to, the following steps:
and step S110, acquiring a management and control strategy.
In an embodiment, the management policy includes one or more of a restriction policy, an allowance policy, and a monitoring policy of the first terminal for the usage function of the second terminal. When the governing policy comprises a restriction policy, the restriction policy may be to restrict application networking, for example, prohibit all or part of application networking, restrict application networking time or application networking traffic, and the like; the restriction policy may also be to restrict the connection of external devices, for example to prohibit the connection of any external device or certain external devices; the restriction policy may also be to restrict the installation of applications, e.g. prohibit the installation of any application or certain specific applications, etc.; the restriction policy may also be to restrict the use of the application, e.g. to prohibit the use of any application or certain specific applications, etc. When the governing policy includes an allowing policy, the allowing policy may be to allow the application to be networked, to allow an external device to be connected, to allow the application to be installed, to allow the application to be used, and the like. When the management and control policy includes a monitoring policy, the monitoring policy may be monitoring the running time and running times of the application, monitoring consumption of traffic, and the like.
In an embodiment, the first terminal obtains the management and control policy, and different implementations are possible. For example, a control policy set by a user may be acquired according to an input operation of the user; for another example, the management policy may be obtained according to the management request sent by the second terminal, in this case, the content of the management policy may be the content of the management request, which indicates that the user approves the management policy change request sent by the second terminal, and the content of the management policy may also be the inverse of the content of the management request, which indicates that the user does not approve the management policy change request sent by the second terminal, for example, the second terminal requests to change the management policy to a network to be allowed, and the content of the management policy is the inverse of the content of the management request, that is, the content of the management policy is not allowed to be connected to the network.
And step S120, forming a management and control message according to the management and control strategy.
In an embodiment, the PMDM protocol message body in the foregoing embodiment may be used to encapsulate the management control policy, so as to form a management control message with a custom data format, so as to facilitate management and control processing of the second terminal by the first terminal.
In an embodiment, the authentication information in the first terminal, such as the device identification code of the first terminal, may also be obtained, and the authentication information and the management and control policy are encapsulated into the PMDM protocol message body in the above embodiment together to form a management and control message with a custom data format, so that a subsequent second terminal performs authentication processing on the authentication information in the management and control message, thereby ensuring corresponding matching between the first terminal and the second terminal, and avoiding a problem that a third terminal with unknown source performs management and control processing on the second terminal.
Step S130, sending the first SIP message carrying the management and control message to the second terminal, so that the second terminal performs the management and control operation according to the management and control policy.
In an embodiment, a first terminal fills a management and control message in an information body of an SIP protocol, so that the first SIP message carrying the management and control message can be sent to a second terminal end to end based on an IMS network, and the second terminal can directly and accurately perform management and control operations according to a management and control policy.
In one embodiment, the first SIP message may have two modes of operation: paging mode and session mode. The session mode is used for transmitting messages by establishing a session, and a large amount of information can be transmitted. The paging mode does not need to establish a session, and can directly carry the information content in the SIP message body for transmission.
In an embodiment, according to the above steps S110, S120, and S130, the first terminal and the second terminal may use an SIP message to perform management and control policy transfer, so that direct management and control of the second terminal by the first terminal may be implemented, so as to improve flexibility of management and control. Because the SIP message is transmitted between the first terminal and the second terminal, namely the first terminal and the second terminal can communicate through the IMS network, the direct end-to-end communication between the first terminal and the second terminal can be realized, and a special server does not need to be erected; in addition, the control strategy forms a self-defined control message, and the control message is filled into the SIP message, so that the first terminal can be controlled flexibly to the second terminal, and the control flexibility between the terminals can be improved.
As shown in fig. 3, in an embodiment, step S110 includes, but is not limited to, the following steps:
step S111, acquiring a second SIP message carrying a management and control request message sent by a second terminal, wherein the management and control request message comprises second authentication information and a management and control request;
step S112, the authentication processing is performed according to the second authentication information obtained by analyzing the second SIP message, and when the authentication is successful, the management and control strategy is obtained according to the management and control request.
In an embodiment, the regulation request includes a restriction policy or an allowance policy of the first terminal on the use function of the second terminal. When the regulation request includes a restriction policy, the restriction policy may be to restrict application networking, for example, prohibit all or part of application networking, restrict application networking time or application networking traffic, and the like; the restriction policy may also be to restrict the connection of external devices, for example to prohibit the connection of any external device or certain external devices; the restriction policy may also be to restrict the installation of applications, e.g. prohibit the installation of any application or certain specific applications, etc.; the restriction policy may also be to restrict the use of the application, e.g. to prohibit the use of any application or certain specific applications, etc. When the regulation request includes the permission policy, the permission policy may be to allow the application to be networked, to allow the external device to be connected, to allow the application to be installed, to allow the application to be used, or the like.
In one embodiment, the second authentication information includes one or more of a device identification code, a preset password, and a secret key. When the second authentication information includes any one of the device identification code, the preset password and the secret key, the first terminal may perform authentication processing only once; when the second authentication information includes a combination of at least two or more of the device identification code, the preset password, and the secret key, the first terminal may perform authentication processing for a corresponding number of times, for example, when the second authentication information includes the device identification code and the preset password, the first terminal may perform authentication processing for the device identification code and the preset password, respectively.
In an embodiment, the first terminal may store a corresponding device identifier of the second terminal, and when the second terminal sends a second SIP message carrying second authentication information and a management and control request to the first terminal, where the second authentication information is the device identifier of the second terminal, the first terminal may compare the device identifier of the second terminal stored in the first terminal with the device identifier of the second terminal after parsing the device identifier of the second terminal as the second authentication information, and when the device identifier of the second terminal is consistent with the device identifier of the second terminal stored in the first terminal, the authentication may be considered to be successful.
In an embodiment, the first terminal and the second terminal may store corresponding consistent preset passwords, when the second terminal sends a second SIP message carrying second authentication information and a management and control request to the first terminal, where the second authentication information is the preset password stored in the second terminal, the first terminal may compare the preset password stored in the first terminal with the preset password stored in the first terminal after parsing the preset password stored in the second terminal as the second authentication information by the first terminal, and when the preset password stored in the second terminal is consistent, the authentication may be considered to be successful.
In an embodiment, the first terminal and the second terminal may store corresponding and consistent keys, where the keys may be static keys or dynamic keys, and when the first terminal and the second terminal store corresponding and consistent dynamic keys, the dynamic keys may be updated in the first terminal and the second terminal synchronously, for example, the key value is incremented by 1 synchronously. When the second terminal sends a second SIP message carrying second authentication information and a management and control request to the first terminal, where the second authentication information is a secret key stored in the second terminal, the first terminal may compare the secret key stored in the second terminal with the secret key stored in the first terminal after resolving the secret key stored in the second terminal as the second authentication information, and when the secret key is consistent with the secret key stored in the first terminal, the authentication may be considered to be successful.
In one embodiment, the second SIP message may have two modes of operation: paging mode and session mode. The session mode is used for transmitting messages by establishing a session, and a large amount of information can be transmitted. The paging mode does not need to establish a session, and can directly carry the information content in the SIP message body for transmission.
In an embodiment, different implementations are possible according to the management policy obtained by the management request. For example, when the user agrees with the management and control request sent by the second terminal, the content of the management and control policy is the content of the management and control request; for another example, when the user does not agree with the management request sent by the second terminal, the content of the management policy is the inverse of the content of the management request, for example, the management request of the second terminal is to allow connection to the network, and the content of the management policy is the inverse of the content of the management request, so the content of the management policy is not to allow connection to the network.
In an embodiment, when a first terminal receives a message which is actively sent by a second terminal and requests to change a management and control policy, that is, when the first terminal receives a second SIP message which is sent by the second terminal and carries second authentication information and a management and control request, the first terminal analyzes the second SIP message to acquire the second authentication information and the management and control request; then, the first terminal authenticates the second authentication information, when the authentication is unsuccessful, the first terminal does not process the control request, when the authentication is successful, the first terminal can display the content of the control request to the user through the display screen, when the user agrees to the control request, the user can operate the first terminal to enable the first terminal to use the control request as a new control strategy, and therefore the second terminal can be controlled to perform new control operation according to the new control strategy; when the user disagrees with the management and control request, the user can operate the first terminal to enable the first terminal to take the negation of the management and control request as a new management and control strategy, namely the first terminal keeps the originally set management and control strategy, so that the second terminal can be controlled to maintain the execution of the original management and control operation. Because the first terminal and the second terminal both utilize the SIP message to transmit information, namely, the first terminal and the second terminal communicate through the IMS network, direct end-to-end communication between the first terminal and the second terminal can be realized, so that a special server does not need to be erected, and the management and control flexibility between the terminals can be improved.
Referring to fig. 4, another embodiment of the present application further provides a flowchart of a policing method applied to a second terminal in communication connection with a first terminal, the policing method including, but not limited to, the following steps:
step S210, a first SIP message carrying a management and control message sent by a first terminal is obtained, where the management and control message includes first authentication information and a management and control policy.
In an embodiment, the management policy includes one or more of a restriction policy, an allowance policy, and a monitoring policy of the first terminal for the usage function of the second terminal. When the governing policy comprises a restriction policy, the restriction policy may be to restrict application networking, for example, prohibit all or part of application networking, restrict application networking time or application networking traffic, and the like; the restriction policy may also be to restrict the connection of external devices, for example to prohibit the connection of any external device or certain external devices; the restriction policy may also be to restrict the installation of applications, e.g. prohibit the installation of any application or certain specific applications, etc.; the restriction policy may also be to restrict the use of the application, e.g. to prohibit the use of any application or certain specific applications, etc. When the governing policy includes an allowing policy, the allowing policy may be to allow the application to be networked, to allow an external device to be connected, to allow the application to be installed, to allow the application to be used, and the like. When the management and control policy includes a monitoring policy, the monitoring policy may be monitoring the running time and running times of the application, monitoring consumption of traffic, and the like.
In one embodiment, the first SIP message may have two modes of operation: paging mode and session mode. The session mode is used for transmitting messages by establishing a session, and a large amount of information can be transmitted. The paging mode does not need to establish a session, and can directly carry the information content in the SIP message body for transmission.
Step S220, performing authentication processing according to the first authentication information obtained by parsing the first SIP message, and performing management and control operation according to a management and control policy when the authentication is successful.
In one embodiment, the first authentication information includes one or more of a device identification code, a preset password, and a secret key. When the first authentication information includes any one of the device identification code, the preset password and the secret key, the second terminal may perform authentication processing only once; when the first authentication information includes a combination of at least two or more of the device identification code, the preset password, and the secret key, the second terminal may perform authentication processing a corresponding number of times, for example, when the first authentication information includes the device identification code and the preset password, the second terminal may perform authentication processing on the device identification code and the preset password, respectively.
In an embodiment, the second terminal may store a corresponding device identifier of the first terminal, and when the second terminal receives a first SIP message that is sent by the first terminal and carries the first authentication information and the management and control policy, where the first authentication information is the device identifier of the first terminal, the second terminal may compare the device identifier of the first terminal with the device identifier of the first terminal stored in the second terminal after parsing the device identifier of the first terminal that is the first authentication information, and when the device identifiers are consistent, it may be regarded that the authentication is successful.
In an embodiment, the first terminal and the second terminal may store corresponding consistent preset passwords, when the second terminal receives a first SIP message which is sent by the first terminal and carries first authentication information and a management and control policy, where the first authentication information is the preset password stored in the first terminal, the second terminal may compare the preset password stored in the second terminal with the first authentication information after analyzing the preset password stored in the first terminal, and when the preset passwords are consistent, the authentication may be considered to be successful.
In an embodiment, the first terminal and the second terminal may store corresponding and consistent keys, where the keys may be static keys or dynamic keys, and when the first terminal and the second terminal store corresponding and consistent dynamic keys, the dynamic keys may be updated in the first terminal and the second terminal synchronously, for example, the key value is incremented by 1 synchronously. When the second terminal receives a first SIP message carrying first authentication information and a management and control policy sent by the first terminal, where the first authentication information is a secret key stored in the first terminal, the second terminal may compare the secret key stored in the second terminal with the secret key stored in the second terminal after parsing out the secret key stored in the first terminal as the first authentication information, and when the secret key is consistent with the secret key stored in the first terminal, the authentication is considered to be successful.
In an embodiment, according to the above steps S210 and S220, the first terminal and the second terminal may use an SIP message to perform management and control policy transfer, so that the first terminal may directly manage the second terminal, so as to improve flexibility of management and control. Because the SIP message is transmitted between the first terminal and the second terminal, namely the first terminal and the second terminal can communicate through the IMS network, the direct end-to-end communication between the first terminal and the second terminal can be realized, and a special server does not need to be erected; in addition, the control strategy forms a self-defined control message, and the control message is filled into the SIP message, so that the first terminal can be controlled flexibly to the second terminal, and the control flexibility between the terminals can be improved.
As shown in FIG. 5, in one embodiment, step S210 includes, but is not limited to, the following steps:
step S211, acquiring a management and control request, and forming a management and control request message according to the management and control request;
step S212, sending a second SIP message carrying a management and control request message to the first terminal;
step S213, acquiring a first SIP message carrying a management and control message sent by the first terminal, where the management and control message includes the first authentication information and a management and control policy obtained according to the management and control request.
In an embodiment, the regulation request includes a restriction policy or an allowance policy of the first terminal on the use function of the second terminal. When the regulation request includes a restriction policy, the restriction policy may be to restrict application networking, for example, prohibit all or part of application networking, restrict application networking time or application networking traffic, and the like; the restriction policy may also be to restrict the connection of external devices, for example to prohibit the connection of any external device or certain external devices; the restriction policy may also be to restrict the installation of applications, e.g. prohibit the installation of any application or certain specific applications, etc.; the restriction policy may also be to restrict the use of the application, e.g. to prohibit the use of any application or certain specific applications, etc. When the regulation request includes the permission policy, the permission policy may be to allow the application to be networked, to allow the external device to be connected, to allow the application to be installed, to allow the application to be used, or the like.
In an embodiment, the PMDM protocol message body in the foregoing embodiment may be used to encapsulate the management request, so as to form a management request message with a custom data format, so that the second terminal requests the first terminal to change the management policy.
In an embodiment, the authentication information in the second terminal, such as the device identification code of the second terminal, may also be obtained, and the authentication information and the management and control request are encapsulated into the PMDM protocol message body in the above embodiment together to form a management and control request message with a custom data format, so that the subsequent first terminal performs authentication processing on the authentication information in the management and control request message, thereby ensuring corresponding matching between the first terminal and the second terminal, and avoiding a problem that the second terminal requests a third terminal with an unknown source to change the management and control policy.
In one embodiment, the second SIP message may have two modes of operation: paging mode and session mode. The session mode is used for transmitting messages by establishing a session, and a large amount of information can be transmitted. The paging mode does not need to establish a session, and can directly carry the information content in the SIP message body for transmission.
In an embodiment, different implementations are possible according to the management policy obtained by the management request. For example, when the user agrees with the management and control request sent by the second terminal, the content of the management and control policy is the content of the management and control request; for another example, when the user does not agree with the management request sent by the second terminal, the content of the management policy is the inverse of the content of the management request, for example, the management request of the second terminal is to allow connection to the network, and the content of the management policy is the inverse of the content of the management request, so the content of the management policy is not to allow connection to the network.
In an embodiment, when the second terminal actively sends the second SIP message carrying the management and control request to the first terminal, the first terminal performs related processing on the second SIP message, for example, the management and control request in the second SIP message is analyzed; and then, the first terminal determines a new control policy according to the control request, and forms a self-defined control message by the new control policy and the first authentication information of the first terminal, and the first terminal fills the self-defined control message into the first SIP message and sends the self-defined control message to the second terminal, so that the second terminal can perform corresponding control operation according to the new control policy. Because the first terminal and the second terminal both utilize the SIP message to transmit information, namely, the first terminal and the second terminal communicate through the IMS network, direct end-to-end communication between the first terminal and the second terminal can be realized, so that a special server does not need to be erected, and the management and control flexibility between the terminals can be improved.
In addition, another embodiment of the present application further provides a management and control method applied to a management and control system, where the management and control method includes, but is not limited to, the following steps:
step S310, the first terminal acquires first authentication information;
step S320, the first terminal acquires a management and control strategy;
step S330, the first terminal forms a control message according to the first authentication information and the control strategy, and sends a first SIP message carrying the control message to the second terminal;
step S340, the second terminal obtains the first SIP message, and performs authentication processing according to the first authentication information obtained by parsing the first SIP message, and when the authentication is successful, the second terminal performs management and control operation according to the management and control policy.
In this embodiment, the management policy includes one or more of a restriction policy, an allowance policy, and a monitoring policy for the usage function of the terminal.
In this embodiment, the first authentication information includes one or more of a device identification code, a preset password, and a secret key.
Additionally, in another embodiment, step S320 includes, but is not limited to, the following steps:
step S321, the second terminal acquires the second authentication information and the control request, forms a control request message according to the second authentication information and the control request, and sends a second SIP message carrying the control request message to the first terminal;
step S322, the first terminal obtains the second SIP message, and performs authentication processing according to the second authentication information obtained by parsing the second SIP message, and when the authentication is successful, the first terminal obtains a management and control policy according to the management and control request.
In this embodiment, the management policy is a management request or a negation of the management request; the regulation request includes a restriction policy or an allowance policy for the usage function of the second terminal.
In this embodiment, the second authentication information includes one or more of a device identification code, a preset password, and a secret key.
It should be noted that, the management and control method applied to the management and control system in the above-mentioned embodiment is based on the same inventive concept, and the difference between the management and control method applied to the first terminal in the above-mentioned embodiment and the management and control method applied to the second terminal in the above-mentioned embodiment is only that the main body of the weight is different, where the main body of the weight is the first terminal in the above-mentioned embodiment, the main body of the weight is the second terminal in the above-mentioned embodiment, and the main body of the weight is the management and control system including the first terminal and the second terminal in the above-mentioned embodiment. Therefore, the three have the same beneficial effects that the SIP message can be utilized to transmit information between the first terminal and the second terminal, so that the first terminal and the second terminal can communicate through the IMS network, and direct end-to-end communication between the first terminal and the second terminal can be realized, and a special server does not need to be erected; in addition, by forming a customized control message carrying a control policy and first authentication information, and by forming a customized control request message carrying a control request and second authentication information, and filling the control message and the control request message into different SIP messages, flexible control of the first terminal over the second terminal can be achieved in a targeted manner, and thus control flexibility between terminals can be improved. In addition, since the three methods have similar principles and are different only in terms of the main emphasis, the principle of the method applied to the management and control system in the embodiment is not described in detail herein.
As shown in fig. 6, an embodiment of the present application provides a terminal, and the terminal 200 may be any type of smart terminal, such as a smart phone, a tablet computer, a laptop computer, or a desktop computer.
Specifically, the terminal 200 includes: a memory 201, a processor 202, and a computer program stored on the memory 201 and executable on the processor 202, and the processor 202 is constructed with an authentication module, a policing policy module, and a policing protocol module.
The processor 202 and the memory 201 may be connected by a bus or other means, such as the bus connection in fig. 6.
It should be noted that, the terminal 200 in this embodiment and the system architecture platform 100 in the embodiment shown in fig. 1 are based on the same inventive concept, and the terminal 200 in this embodiment may form a part of the system architecture platform 100 in the embodiment shown in fig. 1, so that both have the same implementation principle and beneficial effects, and are not described in detail herein.
Non-transitory software programs and instructions required to implement the management and control method applied to the first terminal or the second terminal in the above-described embodiment are stored in the memory 201, and when executed by the processor 202, the management and control method applied to the first terminal or the second terminal in the above-described embodiment is performed, for example, the method steps S110 to S130 in fig. 2, the method steps S111 to S112 in fig. 3, the method steps S210 to S220 in fig. 4, and the method steps S211 to S213 in fig. 5 described above are performed.
In addition, an embodiment of the present application further provides a management and control system, including a first terminal and a second terminal, wherein:
the method comprises the steps that a first terminal acquires first authentication information, wherein the first authentication information comprises one or more of an equipment identification code, a preset password and a secret key;
the first terminal acquires a management and control strategy, wherein the management and control strategy comprises one or more of a restriction strategy, an allowance strategy and a monitoring strategy for the use function of the second terminal,
or
The second terminal acquires second authentication information and a control request, forms a control request message according to the second authentication information and the control request, sends a second SIP message carrying the control request message to the first terminal, the first terminal acquires the second SIP message and performs authentication processing according to the second authentication information obtained by analyzing the second SIP message, and when the authentication is successful, the first terminal obtains a control strategy according to the control request, wherein the control strategy is the control request or is the reverse of the control request, the control request comprises a restriction strategy or an allowance strategy for the use function of the second terminal, and the second authentication information comprises one or more of a device identification code, a preset password and a secret key;
the first terminal forms a control message according to the first authentication information and a control strategy, and sends a first SIP message carrying the control message to the second terminal;
and the second terminal acquires the first SIP message, performs authentication processing according to the first authentication information obtained by analyzing the first SIP message, and performs management and control operation according to the management and control strategy when the authentication is successful.
It should be noted that the management and control system in the above-mentioned embodiment is based on the same inventive concept as the management and control method applied to the management and control system in the above-mentioned embodiment, and therefore, the corresponding content of the management and control method applied to the management and control system in the above-mentioned embodiment is also applicable to the management and control system in the above-mentioned embodiment, and is not described in detail herein.
Furthermore, an embodiment of the present application further provides a computer-readable storage medium, which stores computer-executable instructions, which are executed by a processor or a controller, for example, by one processor 202 in fig. 6, and can enable the processor 202 to execute the control method applied to the first terminal or the second terminal in the above-described embodiment, for example, execute the above-described method steps S110 to S130 in fig. 2, method steps S111 to S112 in fig. 3, method steps S210 to S220 in fig. 4, and method steps S211 to S213 in fig. 5. For another example, when executed by a first processor 112 and a second processor 122 in fig. 1, the first processor 112 and the second processor 122 may be caused to execute the policing method applied to the policing system in the above embodiment in cooperation, for example, execute the above-described method steps S310 to S340 and the method steps S321 to S322.
The above-described embodiments of the apparatus are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
While the preferred embodiments of the present invention have been described, the present invention is not limited to the above embodiments, and those skilled in the art can make various equivalent modifications or substitutions without departing from the spirit of the present invention, and such equivalent modifications or substitutions are included in the scope of the present invention defined by the claims.
Claims (13)
1. A management method is applied to a first terminal which is in communication connection with a second terminal, and comprises the following steps,
acquiring a control strategy;
forming a control message according to the control strategy;
and sending the first SIP message carrying the control message to a second terminal so that the second terminal performs control operation according to the control strategy.
2. The management and control method according to claim 1, wherein the obtaining of the management and control policy comprises:
acquiring a second SIP message carrying a management and control request message sent by a second terminal, wherein the management and control request message comprises second authentication information and a management and control request;
and carrying out authentication processing according to the second authentication information obtained by analyzing the second SIP message, and obtaining a management and control strategy according to the management and control request when the authentication is successful.
3. The management and control method according to claim 1, wherein the management and control policy includes one or more of a restriction policy, an allowance policy, and a monitoring policy for a usage function of the second terminal.
4. The management and control method according to claim 2, wherein the management policy is the management request or is a negation of the management request; the regulation request includes a restriction policy or an allowance policy for the usage function of the second terminal.
5. The management and control method according to claim 2, wherein the second authentication information includes at least one of:
a device identification code;
presetting a password;
a key.
6. A management method is applied to a second terminal which is in communication connection with a first terminal, and comprises the following steps,
acquiring a first SIP message carrying a control message sent by a first terminal, wherein the control message comprises first authentication information and a control strategy;
and performing authentication processing according to the first authentication information obtained by analyzing the first SIP message, and performing management and control operation according to the management and control strategy when authentication is successful.
7. The method according to claim 6, wherein the obtaining a first SIP message carrying a management control message sent by a first terminal, where the management control message includes first authentication information and a management control policy, includes:
acquiring a management and control request, and forming a management and control request message according to the management and control request;
sending a second SIP message carrying the management and control request message to the first terminal;
and acquiring a first SIP message carrying a control message sent by a first terminal, wherein the control message comprises first authentication information and a control strategy obtained according to the control request.
8. The management and control method according to claim 6, wherein the management and control policy includes one or more of a restriction policy, an allowance policy, and a monitoring policy for the usage function of the second terminal.
9. The management and control method according to claim 7, wherein the management policy is the management request or is a negation of the management request; the regulation request includes a restriction policy or an allowance policy for the usage function of the second terminal.
10. The management and control method according to claim 6 or 7, wherein the first authentication information includes at least one of:
a device identification code;
presetting a password;
a key.
11. A terminal, comprising: memory, processor and computer program stored on the memory and executable on the processor, characterized in that the processor implements the managing method according to any one of claims 1 to 5 or implements the managing method according to any one of claims 6 to 10 when executing the computer program.
12. The utility model provides a management and control system, includes first terminal and second terminal, its characterized in that:
the first terminal acquires first authentication information, wherein the first authentication information comprises one or more of an equipment identification code, a preset password and a secret key;
the first terminal acquires a management and control strategy, wherein the management and control strategy comprises one or more of a restriction strategy, an allowance strategy and a monitoring strategy for the use function of the second terminal,
or
The second terminal acquires second authentication information and a management and control request, forms a management and control request message according to the second authentication information and the management and control request, sends a second SIP message carrying the management and control request message to the first terminal, the first terminal acquires the second SIP message and performs authentication processing according to the second authentication information obtained by analyzing the second SIP message, and when authentication is successful, the first terminal acquires a management and control policy according to the management and control request, wherein the management and control policy is the management and control request or is the negation of the management and control request, the management and control request comprises a restriction policy or an allowance policy for the use function of the second terminal, and the second authentication information comprises one or more of a device identification code, a preset password and a secret key;
the first terminal forms a control message according to the first authentication information and the control strategy, and sends a first SIP message carrying the control message to the second terminal;
and the second terminal acquires the first SIP message, performs authentication processing according to the first authentication information obtained by analyzing the first SIP message, and performs management and control operation according to the management and control strategy when authentication is successful.
13. A computer-readable storage medium storing computer-executable instructions for performing the method of managing of any one of claims 1 to 5 or performing the method of managing of any one of claims 6 to 10.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910983957.5A CN112672349A (en) | 2019-10-16 | 2019-10-16 | Management and control method, terminal, system and computer readable storage medium |
| PCT/CN2020/119977 WO2021073447A1 (en) | 2019-10-16 | 2020-10-09 | Management and control method, terminal, system and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910983957.5A CN112672349A (en) | 2019-10-16 | 2019-10-16 | Management and control method, terminal, system and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112672349A true CN112672349A (en) | 2021-04-16 |
Family
ID=75400355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910983957.5A Pending CN112672349A (en) | 2019-10-16 | 2019-10-16 | Management and control method, terminal, system and computer readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112672349A (en) |
| WO (1) | WO2021073447A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115208933A (en) * | 2022-07-07 | 2022-10-18 | 成都域卫科技有限公司 | Software application control method, device and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| NO319422B1 (en) * | 2003-05-23 | 2005-08-08 | Tandberg Telecom As | Procedure for handling data rate changes |
| JP2006237996A (en) * | 2005-02-24 | 2006-09-07 | Nec Infrontia Corp | Remote maintenance/maintenance system, sip mounting apparatus, and maintenance/maintenance equipment and method |
| CN107318003A (en) * | 2014-06-24 | 2017-11-03 | 海信集团有限公司 | A kind of monitoring device and security-protecting and monitoring method and system |
| CN104243482A (en) * | 2014-09-24 | 2014-12-24 | 海信集团有限公司 | Control method and device of intelligent device |
| CN108574776A (en) * | 2018-03-26 | 2018-09-25 | 努比亚技术有限公司 | A kind of terminal management method, mobile terminal and computer readable storage medium |
-
2019
- 2019-10-16 CN CN201910983957.5A patent/CN112672349A/en active Pending
-
2020
- 2020-10-09 WO PCT/CN2020/119977 patent/WO2021073447A1/en active Application Filing
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021073447A1 (en) | 2021-04-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10965690B2 (en) | Method for managing the status of a connected device | |
| CN110881184B (en) | Communication method and device | |
| US9853960B2 (en) | Peer applications trust center | |
| CN109196841B (en) | Method and apparatus for issuing assertions in distributed databases of a mobile telecommunications network and for personalizing internet of things devices | |
| KR101985118B1 (en) | Method for supporting negotiation service at a service layer | |
| CN103152400A (en) | Method and system for logging in through mobile terminal and cloud server | |
| CN110602216A (en) | Method and device for using single account by multiple terminals, cloud server and storage medium | |
| KR20190030367A (en) | Electronic device for processing a message and operating method thereof | |
| CN103327013A (en) | Contact person information sharing method and equipment based on sharing permission level | |
| CN112615753A (en) | Link abnormity tracking method, first node, second node and link | |
| CN103152401A (en) | Mobile terminal, login method and system through mobile terminal, and cloud server | |
| CN112672349A (en) | Management and control method, terminal, system and computer readable storage medium | |
| CN115396866A (en) | Method, device and system for sending terminal strategy | |
| CN105306577A (en) | Data sharing system and method between handheld devices based on APP | |
| CN111542033A (en) | Near-field data transmission method and device and computer readable storage medium | |
| CN107635229A (en) | A kind of method and apparatus shared WIFI | |
| CN103546873A (en) | Push-to-talk processing method and device | |
| US20130159526A1 (en) | Method of handling access control information and related communication device | |
| CN103517267A (en) | System, method and device for determining actual code number | |
| CN113342811A (en) | HBase table data processing method and device | |
| CN109429226B (en) | Temporary user certificate generation method, user card, terminal and network equipment | |
| CN111212062B (en) | Information completion method and device, storage medium and electronic equipment | |
| CN114080004B (en) | Private network access method and device | |
| CN114928834B (en) | Method for downloading user identification card profile of communication module, device, equipment and medium thereof | |
| CN111465019B (en) | Capability reporting and key negotiation methods and devices, terminal, communication equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |