CN113992878B - Remote desktop operation auditing method, device and equipment - Google Patents

Remote desktop operation auditing method, device and equipment Download PDF

Info

Publication number
CN113992878B
CN113992878B CN202111164017.7A CN202111164017A CN113992878B CN 113992878 B CN113992878 B CN 113992878B CN 202111164017 A CN202111164017 A CN 202111164017A CN 113992878 B CN113992878 B CN 113992878B
Authority
CN
China
Prior art keywords
remote desktop
data
key frame
corresponding relation
picture
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111164017.7A
Other languages
Chinese (zh)
Other versions
CN113992878A (en
Inventor
马合军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba China Co Ltd
Alibaba Cloud Computing Ltd
Original Assignee
Alibaba China Co Ltd
Alibaba Cloud Computing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba China Co Ltd, Alibaba Cloud Computing Ltd filed Critical Alibaba China Co Ltd
Priority to CN202111164017.7A priority Critical patent/CN113992878B/en
Publication of CN113992878A publication Critical patent/CN113992878A/en
Application granted granted Critical
Publication of CN113992878B publication Critical patent/CN113992878B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/70Information retrieval; Database structures therefor; File system structures therefor of video data
    • G06F16/71Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/70Information retrieval; Database structures therefor; File system structures therefor of video data
    • G06F16/74Browsing; Visualisation therefor
    • G06F16/745Browsing; Visualisation therefor the internal structure of a single video sequence
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/70Information retrieval; Database structures therefor; File system structures therefor of video data
    • G06F16/78Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • G06F16/7867Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using information manually generated, e.g. tags, keywords, comments, title and artist information, manually generated time, location and usage information, user ratings
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/0486Drag-and-drop
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N5/00Details of television systems
    • H04N5/76Television signal recording
    • H04N5/91Television signal processing therefor
    • H04N5/93Regeneration of the television signal or of selected parts thereof

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Library & Information Science (AREA)
  • Computer Hardware Design (AREA)
  • Debugging And Monitoring (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The application discloses a remote desktop operation auditing system, a remote desktop operation auditing method, a remote desktop operation auditing device and remote desktop operation auditing equipment. The system comprises a screen recording device and a playback service device. The screen recording device records the received remote desktop data as incremental frames into a screen recording file, and records key frame information into the screen recording file at a proper stage, wherein the key frame comprises context layer information of the remote desktop. In the playback stage, a sequential play mode can be adopted, incremental instruction information is obtained from the screen recording file, and the incremental instruction information is rendered to the screen recording player; and a drag playing mode can also be adopted, corresponding key frames are found according to the drag time point, playing is carried out from the key frames, and layer data in the key frames can be used for playback picture processing based on layer information, such as layer positions and the like needing to determine sensitive operations when coding the sensitive operations. Therefore, the storage and the utilization of multi-layer protocol data are realized, the auditing needs of a user at a higher level in the future are supported, the flexible expansion is realized, and the auditing security can be effectively improved.

Description

Remote desktop operation auditing method, device and equipment
Technical Field
The application relates to the technical field of cloud computing, in particular to a remote desktop operation auditing method and device and electronic equipment.
Background
A tenant of the cloud server may manage its cloud virtual host on the cloud server through a remote desktop system (such as a workbench (orey cloud ECS) terminal operating system). The cloud platform provides the tenant or the person responsible for platform security with a service for auditing the behaviors of the tenant remote control server, for example, a security administrator can know which operations the tenant performs on an instance (such as a cloud virtual host), and a user can self-prove which operations are performed on the instance.
At present, the main mode for auditing the behaviors of the tenant remote control server is that the operation of a user on the server through a remote desktop is recorded in a remote desktop protocol RDP screen recording mode, and then a screen recording picture is played back for the user to review and check. One typical recording playback mode is to record single-layer key frame data of a user performing an operation on a server through a remote desktop, and perform positioning playback based on the single-layer key frame data.
However, in the implementation of the present invention, the inventors found that there are at least the following problems with the solution: 1) In the process of playing back the recorded screen content, if the time progress bar is dragged to play, processing such as coding (mosaic) and the like cannot be performed on sensitive operations (such as passwords) based on single-layer key frame data, so that audit security is low; 2) The screen recording can not be carried out on control interactions such as approval flows and the like of dangerous commands executed by users; 3) When the RDP screen size of the remote desktop system is changed, the screen recording is re-recorded after the screen recording is interrupted, the number of screen recording files is 2, and the number of remote desktop operations displayed outwards is 2; 4) RDP recordings have no sound information on the picture, and cannot know what sound is played on the table at the time. In summary, how to improve the security of remote desktop operation audit, record and playback the full amount of operation information of the remote desktop, avoid the re-recording problem caused by recording interruption due to adjusting the screen size of the user, and become the urgent problem to be solved by the developer in the field.
Disclosure of Invention
The application provides a remote desktop operation auditing method to solve the problem of low auditing security in the prior art. The application provides remote desktop operation audit device in addition, electronic equipment.
The application provides a remote desktop operation auditing method, which comprises the following steps:
the screen recording device is used for receiving remote desktop data of the server instance; storing the remote desktop data as incremental frame data to a screen recording file of the current remote desktop operation; generating key frame data at least comprising context remote desktop layer information according to a plurality of increment frame data, and storing the key frame data into the screen recording file;
the playback service device is used for determining a target time point of screen recording playback; acquiring a target key frame associated with a target time point; and generating remote desktop rendering data corresponding to the target time point according to the layer information of the target key frame and related incremental frame data.
Optionally, the method further comprises:
the remote desktop simulation device is used for determining a first corresponding relation between the picture data stream channel and the picture data stream and a second corresponding relation between the picture layer and the synthesized picture of the picture data stream according to the remote desktop data; displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation;
And the remote desktop rendering device is used for generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
The application also provides a remote desktop operation auditing method, which comprises the following steps:
receiving remote desktop data of a server instance;
storing the remote desktop data as incremental frame data to a screen recording file of the current remote desktop operation;
generating key frame data at least comprising context remote desktop layer information according to the plurality of incremental frame data;
and storing the key frame data to the screen recording file.
Optionally, the method further comprises:
determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a layer and a synthesized picture of the picture data stream according to the remote desktop data;
displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation;
and if the size of the user screen of the remote desktop operation is changed, generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation.
Optionally, generating key frame data including at least context remote desktop layer information according to the plurality of delta frame data includes:
And generating the key frame data according to the first corresponding relation and the second corresponding relation.
Optionally, the method further comprises:
creating a simulator of the remote desktop operation, wherein the simulator is used for executing the steps of determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a picture layer and a synthesized picture of the picture data stream according to the remote desktop data; executing the step of displaying the simulation picture of the remote desktop operation according to the first corresponding relation and the second corresponding relation; and executing the step of generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
Optionally, the creating the simulator of the remote desktop operation includes:
acquiring the resolution of the user screen;
and creating a drawing board for displaying the simulation picture according to the resolution, wherein the drawing board comprises a plurality of layers.
Optionally, the method further comprises:
and judging whether key frame data is generated or not according to the generation time information of the last key frame and the increment frame accumulation amount after the last key frame.
Optionally, the remote desktop data further includes: approval interaction data for executing dangerous commands by a user, user interaction data and sound data;
the generating key frame data at least including context remote desktop layer information according to the plurality of delta frame data includes:
and generating key frame data comprising context remote desktop layer information, approval interaction information, user interaction information and sound information according to the plurality of incremental frame data.
Optionally, the method further comprises:
determining a target time point when the screen recording file is played;
acquiring a target key frame associated with a target time point;
determining position information of sensitive operation according to the layer information of the target key frame;
and coding the sensitive operation according to the position information.
Optionally, the method further comprises:
generating index data of the key frame;
and acquiring a target key frame associated with the target time point according to the index data.
The application also provides a remote desktop operation auditing method, which comprises the following steps:
acquiring a screen recording file of a remote desktop of a server instance, wherein the screen recording file comprises incremental frame data and key frame data of the remote desktop, and the key frame data comprises context remote desktop layer information;
Determining a target time point of screen recording playback;
acquiring a target key frame associated with a target time point;
and generating remote desktop rendering data corresponding to the target time point according to the layer information of the target key frame and related incremental frame data.
The application also provides a remote desktop operation audit device, including:
the data receiving unit is used for receiving remote desktop data of the server instance;
the incremental frame storage unit is used for storing the remote desktop data as incremental frame data to a screen recording file of the remote desktop operation;
the key frame generation unit is used for generating key frame data at least comprising context remote desktop layer information according to the plurality of incremental frame data;
and the key frame storage unit is used for storing the key frame data to the screen recording file.
The application also provides an electronic device comprising:
a processor and a memory; and the memory is used for storing a program for realizing the method, and the device is powered on and runs the program of the method through the processor.
The present application also provides a computer-readable storage medium having instructions stored therein that, when executed on a computer, cause the computer to perform the various methods described above.
The present application also provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the various methods described above.
Compared with the prior art, the application has the following advantages:
the remote desktop operation auditing system provided by the embodiment of the application comprises a screen recording device and a playback service device. In the recording stage, after the user side is connected to the server instance, remote desktop data are distributed to a user side browser and a screen recording device, the screen recording device records the received remote desktop data into a screen recording file, the remote desktop data are recorded as incremental frames, key frame information is recorded into the screen recording file in a proper stage, and the key frame at least comprises context layer information of the remote desktop; and after the session is ended, the user end ends the screen recording operation. In the playback stage, a sequential play mode can be adopted, incremental instruction information is obtained from the screen recording file, and the incremental instruction information is rendered to the screen recording player; meanwhile, a drag playing mode can be adopted, corresponding key frames are found according to the drag time point, playing is carried out from the key frames, layer data in the key frames can be used for playback picture processing based on layer information, such as layer positions and the like needing to determine sensitive operations when coding the sensitive operations. Therefore, the storage and the utilization of multi-layer protocol data are realized, the auditing needs of a user at a higher level in the future are supported, flexible expansion is realized, if sensitive operations can be distinguished in the drawing process, coding can be carried out on the sensitive operations, and meanwhile, the original protocol can be audited for an administrator; therefore, the auditing safety can be effectively improved.
Drawings
FIG. 1 is a schematic diagram of an embodiment of an audit system provided herein;
FIG. 2 is a schematic view of an application scenario of an embodiment of an audit system provided herein;
FIG. 3 is a schematic diagram of device interactions for an embodiment of an audit system provided herein;
FIG. 4 is a remote desktop multi-layer schematic diagram of an embodiment of an audit system provided herein;
FIG. 5 is a schematic drawing of a drag-and-play based on multi-layer information for an embodiment of an audit system provided herein;
fig. 6 is a schematic view of approval flow interactions for an embodiment of an auditing system provided herein.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application. This application is, however, susceptible of embodiment in many other ways than those herein described and similar generalizations can be made by those skilled in the art without departing from the spirit of the application and the application is therefore not limited to the specific embodiments disclosed below.
In the application, a remote desktop operation auditing system, a remote desktop operation auditing method, a remote desktop operation auditing device and electronic equipment are provided. The various schemes are described in detail one by one in the examples below.
First embodiment
Referring to FIG. 1, a schematic diagram of an embodiment of a remote desktop operation auditing system of the present application is shown. In this embodiment, the system includes a screen recording apparatus 1 and a playback service apparatus 2.
The screen recording device and the playback service device can be deployed on a remote desktop monitoring standby side. In addition, the system can also comprise a playback device which can be deployed on the end device side of the auditing user.
Refer to fig. 2, which is a schematic view of an application scenario of an embodiment of a remote desktop operation auditing system of the present application. In this embodiment, the tenant of the cloud server may manage the server instance in a remote desktop manner through a browser on its personal computer. In the process that the tenant operates the server instance through the remote desktop, the remote desktop monitoring equipment can simultaneously distribute the received remote desktop data between the browser and the server instance to the remote desktop rendering device and the screen recording device. The rendering device renders the remote desktop data to display the remote desktop in the tenant browser; the screen recording device records remote desktop data, and the system provided by the embodiment is used for recording not only the received remote desktop protocol instruction (serving as incremental frame data) but also key frame data comprising remote desktop context layer information so as to support the higher-level audit needs of a user in the future, flexibly expand, distinguish sensitive operations (such as passwords) in the process of drawing the desktop when the remote desktop is played back, code the sensitive operations, and audit the remote desktop operations of original users for audit users. In addition, watermark data such as tenant identification, audit user identification and the like can be added when the screen recording file is played back.
Turning to FIG. 3, a schematic device interaction diagram of an embodiment of a remote desktop operation auditing system of the present application is shown. In this embodiment, the screen recording device is configured to receive remote desktop data of a server instance; storing the remote desktop data as incremental frame data to a screen recording file of the current remote desktop operation; generating key frame data at least comprising context remote desktop layer information according to a plurality of increment frame data, and storing the key frame data into the screen recording file; the playback device is used for sending a play request aiming at a target time point; the playback service device is used for acquiring a target key frame corresponding to the target time point; generating remote desktop rendering data according to the layer information of the target key frame; the playback device is also used for playing the remote desktop from the target key frame according to the rendering data.
The server instance may be a virtual machine, a container, a local disk bare metal instance, etc.
The remote desktop data includes various protocol data transmitted between a user terminal (such as a browser) and a server instance, including, but not limited to, remote desktop RDP protocol data (which may include voice data), browser protocol data, and custom protocol data. Among them, the RDP protocol data may include sound data, image data, video data, and the like. The browser protocol data may include an zoom-in protocol, a zoom-out protocol, a mobile protocol, a mute protocol, a lock protocol, a heartbeat protocol, an approval protocol, a file upload protocol, a file download protocol, a keyboard protocol, an audio protocol, and the like. The custom protocol data may include approval interaction protocol data for a user to execute a dangerous command, a watermark protocol, a local zoom-in/out protocol, a mute protocol, a mobile protocol, etc. In specific implementation, various image drawing instruction algorithms, such as protocols of a cursor layer, copy layer replication, transfer rectangular transformation, rect drawing rectangle, transformation layer deformation, cfill filling of a designated area, arc circular function, clip cutting area, line, mouse and the like, can be realized. In this way, the remote desktop data can include the full amount of instruction data to promote the accuracy of the audit service.
One screen recording file corresponds to one process of the tenant using the remote desktop to operate the server instance. The file name of the screen file may include an instance ID, a session ID, a time stamp of the end of the session, a sequence number, etc.
Turning to FIG. 4, a remote desktop multi-layer schematic of an embodiment of a remote desktop operation auditing system of the present application is shown. For a remote desktop, there may be three views, a protocol view, a user view, and a recording view, respectively. In the view of the protocol, all protocols (such as RDP protocol, custom protocol, etc.) are sent in increment, each protocol instruction only has the data information of the current protocol, and no context information, if only has the protocol information, when playing back, the context information cannot be found, so that the playback needs to be started from the beginning, and the playback cannot be performed from the middle time period, i.e. the time progress bar cannot be dragged for positioning. In the user (tenant or audit user) perspective, the user sees a superposition of all layer protocols, sees a picture, and is not perceived for the layers making up the desktop. In the view angle of the screen recording, all increment protocols can be recorded, and at the same time, key frame extraction is carried out at a certain time point and recorded in the screen recording file. The key frame records detailed context information, so that at the time of playback, playback can be started by the latest key frame without starting playback from the beginning. Table 1 shows the contents of the screen file in this embodiment.
Figure BDA0003290763210000071
Figure BDA0003290763210000081
As can be seen from table 1, delta frames are raw protocol data. In the implementation, the channel identification, the real-time picture drawing and the channel identification record can be distinguished according to different protocol types. In the protocol data analysis stage, for image drawing of a plurality of image layers forming a remote desktop, mainly taking an image img instruction and an image content blob instruction as main, establishing a data stream by each img instruction, then starting to transmit data along the stream by the blob instruction, wherein the image content of each blob instruction can be a part of a complete image (such as a portrait comprising a head, an upper half and a lower half sub-image), drawing the image on the appointed image layer according to a drawing mode appointed by the img instruction after receiving the data analysis, and ending the data stream by an image ending end instruction.
The key frames shown in table 1 include at least layer information. Wherein the layer information includes, but is not limited to: layer identification, layer position, layer size, and layer corresponding image data. In addition, the key frame may further include data stream information (such as channel identifier, picture data stream, etc.), sound information, control information, custom information (such as approval protocol data, etc.), and may also include browser-side protocol data (such as user interaction data).
In one example, the recording apparatus is further configured to determine whether to generate the key frame data according to the generation time information of the previous key frame and the delta frame accumulation amount after the previous key frame. By adopting the processing mode, the data quantity of the increment frame and the time stamp of the last key frame are subjected to double verification, and if certain conditions are met, all layer information, data stream information, sound information and control information can be obtained, and then the obtained data quantity and the time stamp of the last key frame are packaged into the key frame and recorded in a screen recording file. By doubly adding the key frames from two dimensions of time and space, the effects of real-time audit and quick breakpoint play can be achieved.
For example, the conditions to be satisfied for generating a key frame are: in terms of time, every 30 seconds and the current instruction is a sync instruction, one frame of key frame is added; spatially, delta frame data is full of 4G data and the current instruction is a sync instruction, one frame of key frame is added. Wherein the sync instruction indicates to the server that the given timestamp is the current timestamp of all previous operations, and the parameter is timestamp: the active server relative time stamp is mainly used for recording the time stamp of the previous instruction.
The playback device may carry information such as the target instance ID and session time in the request when sending the playback request. When the playback device sends a play request aiming at a target time point, the request can carry time point information; accordingly, the playback service device may parse the play request to obtain a target time point.
In this embodiment, when the playback service device obtains the target key frame corresponding to the target time point, the following manner may be adopted: and finding out a previous similar target key frame according to the target time point, and generating remote desktop rendering data corresponding to the target time point according to layer information in the target key frame and incremental frame data between the target key frame and the target time point.
Taking table 1 as an example, assume that the target point in time dragged by the auditing user corresponds to delta frame 5: the blob delta frame, which is the data stream data2 of the data stream channel 1.3, can now be located to the close key frame 3, the key frame 3 includes the relevant layer information and data stream channel information. The layer information includes a layer identifier, a position and a size, the data flow channel information includes a data flow channel identifier (1.3) and a data flow (data 1), and at this time, since the context information of the layer level and the data flow channel level is acquired, the subsequent incremental frames 4 and 5 can be normally drawn, the data1, the data2 and the data3 are synthesized into a picture, and the picture is drawn into the layer 1, so that remote desktop rendering data is generated, and remote desktops corresponding to the target time point are displayed. If the key frame 3 has no data1 and only the delta frame 5 has data3, the drawn picture is incomplete, and the layer to be drawn is not known, so that the remote desktop at the rendering position is an incomplete picture.
For another example, the target time point corresponds to delta frame 16 in table 1: the approval stream delta frame is an SSH approval stream interactive instruction, and can be positioned to a close key frame 14, wherein the key frame 14 comprises information, sound information and control information of a plurality of layers. The information of the layer 1 and the layer 2 is included, the layer 1 corresponds to the picture a, the layer 2 corresponds to the picture B, at this time, since context information such as the layer, the sound and the like is obtained, the subsequent incremental frames 15 and 16 can be normally subjected to picture drawing, a high-risk instruction executed by a user is drawn into a cursor layer, the picture a is drawn in the layer 1, the picture B is drawn in the layer 2, and a complete remote desktop is rendered according to the pictures of multiple layers. If the key frame 14 does not have the information of layer 1 and layer 2, and only the SSH in the delta frame 16 approves the stream interaction instruction, the remote desktop is not completely drawn without the picture a and the picture B as shown in the RDP protocol view of fig. 4. In addition, since the key frame 14 further includes sound information, the remote desktop corresponding to the rendered target time point can also reproduce the sound played by the remote desktop when the tenant originally operates.
In one example, the recording device is specifically configured to generate key frame data including not only the context remote desktop layer information but also at least one of approval interaction information, user interaction information, and sound information according to at least one of the approval interaction data, user interaction data, and sound data. When the remote desktop data of the full type are included, the remote desktop including the full operation information can be drawn, and the auditing accuracy can be effectively improved.
The approval protocol related to fig. 6 is a custom protocol, when it is found that the user executes the dangerous command, the approval protocol is sent to the browser and the screen recording device, the browser displays the corresponding approval stream interaction action according to the protocol, and the screen recording device records the approval protocol and the subsequent protection protocol. When the player plays back, the player can analyze the custom protocol, so that the corresponding approval stream action can be popped up, and the current operation of the user can be completely simulated. The approval interaction information of the context can be recorded in the key frame, so that the approval stream interaction action can be displayed when the play is positioned from any point.
In specific implementation, the key frame may include information of a mapping channel of a data stream where the sound data is located, and may further include information of a frame number of the sound at the time.
In one example, the playback service device is further configured to determine a target time point when the screen file is played; acquiring a target key frame corresponding to a target time point; determining position information of sensitive operation according to the layer information of the target key frame; and coding the sensitive operation according to the position information. Because the system provided by the embodiment of the application adopts a multi-layer drawing mode for the key frames in the playback process of the screen recording file, if sensitive operations (such as inputting passwords) are found in the drawing process, the sensitive operation areas (such as password input boxes) of the corresponding layers can be coded, so that the auditing security is ensured, and the auditing of other contents in a remote desktop is not influenced.
In one example, the recording device is further configured to generate index data for the key frames; determining a target time point when the screen recording file is played; and acquiring a target key frame corresponding to the target time point according to the index data. As shown in fig. 5, the key frames are recorded in the index file at the location of the screen file (e.g., key frame identification) and a time stamp. In the playing, if the playing is sequential, the key frames have no effect. However, when the user drags, the index file can be traversed according to the dragged timestamp (i.e. the target time point), the index of the similar timestamp is found, then the offset position of the previous similar key frame in the screen recording file is obtained, then the key frame is read from the screen recording file according to the offset position of the key frame, and meanwhile, the subsequent incremental frame is read according to the offset position of the key frame, so that the playback device can rapidly locate and play.
In one example, when drawing an image, a discard priority high flag is set for consecutive similar frame images, and if the layer relative position is found to be adjacent, the discard priority is set to 80% and the default priority is set to 0%. Therefore, if the flow is blocked when the browser rendering speed is low, the high-priority frame can be actively discarded, so that the stability and smoothness of the operation of a user can be ensured.
In particular, the voice frame may be discarded, and when the server instruction is received, the discarding priority is set to be 50% by analyzing the protocol type and if the voice protocol is the voice protocol. In the case of network congestion, when a protocol stack is found, the highest priority protocol is checked and discarded at this time, and if backlog is found, the protocol stack is further discarded according to the array priority.
In one example, the system may further include a remote desktop simulation device and a remote desktop rendering device. The remote desktop simulation device is used for determining a first corresponding relation between the picture data stream channel and the picture data stream and a second corresponding relation between the picture layer and the synthesized picture of the picture data stream according to the remote desktop data; displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation; the remote desktop rendering device is configured to generate remote desktop rendering data according to the first corresponding relationship and the second corresponding relationship if a user screen size of a remote desktop operation changes.
The remote desktop simulator, also called a simulator, and the browser side can simultaneously display the remote desktop of the user instance. The auditing user can audit the current remote desktop operation of the tenant in real time through the simulator, and display a simulation picture of the remote desktop operation, so that the auditing can be performed without a post.
In a specific implementation, the first correspondence may be stored in a data stream channel mapping table, and the second correspondence may be stored in a layer data mapping table. The data in the mapping table is derived from the delta frames and the mapping table data is generated by analyzing and processing the delta frames. Tables 2 and 3 show the data stream channel map and layer data map, respectively, in this embodiment.
Figure BDA0003290763210000111
Table 2, data stream map
Layer id Picture picture
9 Synthetic picture A (data 1+ data2+ data 3)
10 Synthetic picture B (data 4+ data 5)
Table 3, layer data mapping table
The remote desktop monitoring device in fig. 2 receives the server command a, and distributes the command a to the remote desktop simulation device and the screen recording device. The simulator receives the instruction A, analyzes the instruction A, if the instruction A is a picture instruction, then updates a data flow channel mapping table (the mapping is the first corresponding relation), then the blob instruction starts to transmit data along the stream, after receiving the data analysis, draws the graph on a designated layer according to the drawing mode designated by the img instruction, the end instruction ends the data stream, and can update the generated synthesized picture into a layer mapping table (the mapping is the second corresponding relation) at the same time, and release the corresponding data of the data flow mapping table, for example, after the data flow processing of the 1.3 channel is finished, the first 3 data related to the 1.3 channel can be deleted. It can be seen that the delta frames are incrementally successive, and the mapping table data is continually added, deleted, and updated according to the algorithm.
It should be noted that, the screen recording file and the key frame index table are files stored in the disk, the data stream channel mapping table and the layer data mapping table are temporary data, which can be stored in the memory, and can be cleared after the session is ended, and the multi-layer information and the data stream information of the key frame can be obtained only according to the screen recording file during subsequent playback.
In this embodiment, the screen recording device may generate the key frame data according to the first correspondence and the second correspondence, that is, perform key frame extraction on the simulator at a certain time point, extract, through the simulator mapping table, all layer information, data stream information, sound information, and control information, and record the obtained layer information, data stream information, sound information, and control information in a screen recording file. The screen recording device receives the instruction A, the instruction A is an incremental frame, the instruction A is analyzed and recorded in a screen recording file, and meanwhile, if a certain condition is met by double checking of the data quantity of the incremental frame and the time stamp of the last key frame, all layer information and channel mapping relation of the current time can be derived through a simulator according to a data flow mapping table and a layer data mapping table, and then the data quantity of the incremental frame and the time stamp of the last key frame are packaged into the key frame A and recorded in the screen recording file. In this way, multi-layer information and data flow information related to the key frame can be rapidly acquired.
In this embodiment, the simulator may further record the current latest sound data and the data stream mapping channel where the sound data is located during real-time audit, and the screen recording device may acquire the sound data from the simulator, may also acquire control information, and may write them into the key frame. In addition, the screen recording file can also record all voice protocol data.
The remote desktop rendering device is used for generating remote desktop rendering data according to the received remote desktop data so as to display the remote desktop in the user browser. In this embodiment, the remote desktop simulation device performs real-time audit on the current remote desktop operation of the tenant, and displays a simulation picture of the remote desktop operation; meanwhile, the remote desktop rendering device may be further configured to generate remote desktop rendering data according to the first corresponding relationship and the second corresponding relationship if a user screen size of the remote desktop operation changes.
In the prior art, when the screen size of the user side browser changes, the remote desktop is disconnected, and then reconnected, and a new screen recording activity is generated by reconnecting, so that a plurality of screen recording files are generated. In the system provided by the embodiment of the application, since the simulator is running in the background, the simulator can store the mapping relation of all protocol data, including the first corresponding relation, the second corresponding relation, the sound information and the like, so that when the screen size is changed, the connection between the simulator and the server is not disconnected, all the information can be extracted through the simulator and rendered to the browser at one time, the connection is not disconnected, and therefore, a new screen recording file is not generated, and the system more accords with the operation view angle of a user.
In one example, the system may further comprise simulator creation means for creating a simulator of the present remote desktop operation. The simulator creation device may be specifically configured to obtain a resolution of the user screen (e.g., browser); based on the resolution, a palette is created for displaying the simulated screen (real-time audit screen), which may include multiple layers, such as a default layer, a cursor layer, and the like.
When the method is implemented, after the recording device is successfully connected with the cloud server, a real-time desktop simulator buffer zone is created, and the simulator is created so as to monitor protocol data between the desktop and the browser in real time; after the session is ended, the layer can be destroyed, and the real-time desktop simulator buffer area is released.
As can be seen from the above embodiments, the remote desktop operation auditing system provided in the embodiments of the present application includes a screen recording device and a playback service device. In the recording stage, after the user side is connected to the server instance, remote desktop data are distributed to a user side browser and a screen recording device, the screen recording device records the received remote desktop data into a screen recording file, the remote desktop data are recorded as incremental frames, key frame information is recorded into the screen recording file in a proper stage, and the key frame at least comprises context layer information of the remote desktop; and after the session is ended, the user end ends the screen recording operation. In the playback stage, a sequential play mode can be adopted, incremental instruction information is obtained from the screen recording file, and the incremental instruction information is rendered to the screen recording player; meanwhile, a drag playing mode can be adopted, corresponding key frames are found according to the drag time point, playing is carried out from the key frames, layer data in the key frames can be used for playback picture processing based on layer information, such as layer positions and the like needing to determine sensitive operations when coding the sensitive operations. Therefore, the storage and the utilization of multi-layer protocol data are realized, the auditing needs of a user at a higher level in the future are supported, flexible expansion is realized, if sensitive operations can be distinguished in the drawing process, coding can be carried out on the sensitive operations, and meanwhile, the original protocol can be audited for an administrator; therefore, the auditing safety can be effectively improved.
Second embodiment
In the foregoing embodiments, a remote desktop operation auditing system is provided, and in response, the present application further provides a remote desktop operation auditing method, where an execution body includes, but is not limited to, a remote desktop monitoring device, such as a server. The method corresponds to the embodiment of the system described above. Since the method embodiments are substantially similar to the system embodiments, the description is relatively simple, and reference should be made to the description of the system embodiments for relevant points. The method embodiments described below are merely illustrative.
The application additionally provides a remote desktop operation auditing method, comprising the following steps:
step 1: remote desktop data for a server instance is received.
Step 2: and storing the remote desktop data as incremental frame data to a screen recording file of the current remote desktop operation.
Step 3: key frame data including at least contextual remote desktop layer information is generated from the plurality of delta frame data.
Step 4: and storing the key frame data to the screen recording file.
In one example, the method may further comprise the steps of:
step 5: determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a layer and a synthesized picture of the picture data stream according to the remote desktop data;
Step 6: displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation;
step 7: and if the size of the user screen of the remote desktop operation is changed, generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation.
In one example, step 3 may be implemented as follows: and generating the key frame data according to the first corresponding relation and the second corresponding relation.
In one example, the method may further comprise the steps of:
creating a simulator of the remote desktop operation, wherein the simulator is used for executing the steps of determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a picture layer and a synthesized picture of the picture data stream according to the remote desktop data; executing the step of displaying the simulation picture of the remote desktop operation according to the first corresponding relation and the second corresponding relation; and executing the step of generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
In one example, the simulator for creating the remote desktop operation may include the following sub-steps: acquiring the resolution of the user screen; and creating a drawing board for displaying the simulation picture according to the resolution, wherein the drawing board comprises a plurality of layers.
In one example, the method may further comprise the steps of: and judging whether key frame data is generated or not according to the generation time information of the last key frame and the increment frame accumulation amount after the last key frame.
In one example, the remote desktop data further includes: approval interaction data for executing dangerous commands by a user, user interaction data and sound data; step 3 may be implemented as follows: and generating key frame data comprising context remote desktop layer information, approval interaction information, user interaction information and sound information according to the plurality of incremental frame data.
In one example, the method may further comprise the steps of:
step 8: determining a target time point when the screen recording file is played;
step 9: acquiring a target key frame associated with a target time point;
step 10: determining position information of sensitive operation according to the layer information of the target key frame;
step 11: and coding the sensitive operation according to the position information.
In one example, the method may further comprise the steps of: generating index data of the key frame; and acquiring a target key frame associated with the target time point according to the index data.
Third embodiment
In the above embodiment, a remote desktop operation auditing method is provided, and correspondingly, the application also provides a remote desktop operation auditing device. The device corresponds to the embodiment of the method described above. Since the apparatus embodiments are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The device embodiments described below are merely illustrative.
The application additionally provides a remote desktop operation audit device, including:
the data receiving unit is used for receiving remote desktop data of the server instance;
the incremental frame storage unit is used for storing the remote desktop data as incremental frame data to a screen recording file of the remote desktop operation;
the key frame generation unit is used for generating key frame data at least comprising context remote desktop layer information according to the plurality of incremental frame data;
and the key frame storage unit is used for storing the key frame data to the screen recording file.
Optionally, the apparatus may further include:
a mapping data unit is determined and used for determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a picture layer and a synthesized picture of the picture data stream according to the remote desktop data;
The display simulation picture unit is used for displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation;
and the rendering unit is used for generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
Optionally, the key frame generating unit is specifically configured to generate the key frame data according to the first correspondence and the second correspondence.
Optionally, the apparatus may further include:
the simulator creation unit is used for creating a simulator of the remote desktop operation, and the simulator is used for executing the steps of determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a picture layer and a synthesized picture of the picture data stream according to the remote desktop data; executing the step of displaying the simulation picture of the remote desktop operation according to the first corresponding relation and the second corresponding relation; and executing the step of generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
Optionally, the simulator creation unit is specifically configured to obtain a resolution of the user screen; and creating a drawing board for displaying the simulation picture according to the resolution, wherein the drawing board comprises a plurality of layers.
Optionally, the apparatus may further include:
and the key frame generation judging unit is used for judging whether key frame data is generated or not according to the generation time information of the last key frame and the increment frame accumulation amount after the last key frame.
Optionally, the remote desktop data further includes: approval interaction data for executing dangerous commands by a user, user interaction data and sound data;
the key frame generation unit is specifically configured to generate key frame data including context remote desktop layer information, approval interaction information, user interaction information, and sound information according to the plurality of incremental frame data.
Optionally, the apparatus may further include:
the time determining unit is used for determining a target time point when the screen recording file is played;
a key frame acquisition unit for acquiring a target key frame associated with a target time point;
the position determining unit is used for determining position information of sensitive operation according to the layer information of the target key frame;
And the coding unit is used for coding the sensitive operation according to the position information.
Optionally, the apparatus may further include:
an index generating unit, configured to generate index data of the key frame;
and the key frame acquisition unit is specifically used for acquiring the target key frame associated with the target time point according to the index data.
Fourth embodiment
In the above embodiment, a remote desktop operation auditing system is provided, and correspondingly, the application also provides a remote desktop operation auditing method, and an execution subject of the remote desktop operation auditing method includes, but is not limited to, a terminal device of a remote desktop auditing user, such as a personal computer. The method corresponds to the embodiment of the system described above. Since the method embodiments are substantially similar to the system embodiments, the description is relatively simple, and reference should be made to the description of the system embodiments for relevant points. The method embodiments described below are merely illustrative.
The application additionally provides a remote desktop operation auditing method, comprising the following steps:
step 1: and acquiring a screen recording file of a remote desktop of the server instance.
The screen recording file can be generated by adopting the method provided by the second embodiment, and comprises incremental frame data and key frame data of a remote desktop, wherein the key frame data comprises context remote desktop layer information.
In this embodiment, an audit user of the remote desktop sends a playback request for the target remote desktop operation to the remote desktop monitoring device through the terminal device of the audit user, and the request can carry information such as a target instance ID and session time. The playback service device in the remote desktop monitoring device sends the corresponding screen recording file to the terminal device of the auditing user, and the terminal device side analyzes and plays back the screen recording file, and the specific processing mode is the same as the analysis process of the playback service device in the first embodiment, and is not repeated here.
Step 2: determining a target time point of screen recording playback;
step 3: acquiring a target key frame associated with a target time point;
step 4: and generating remote desktop rendering data corresponding to the target time point according to the layer information of the target key frame and related incremental frame data.
Fifth embodiment
In the above embodiment, a remote desktop operation auditing method is provided, and correspondingly, the application also provides a remote desktop operation auditing device. The device corresponds to the embodiment of the method described above. Since the apparatus embodiments are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The device embodiments described below are merely illustrative.
The application additionally provides a remote desktop operation audit device, including:
the system comprises a screen recording file acquisition unit, a remote desktop image acquisition unit and a remote desktop image acquisition unit, wherein the screen recording file acquisition unit is used for acquiring a screen recording file of a remote desktop of a server instance, the screen recording file comprises incremental frame data and key frame data of the remote desktop, and the key frame data comprises context remote desktop image layer information;
the time determining unit is used for determining a target time point of the screen recording playback;
a key frame acquisition unit for acquiring a target key frame associated with a target time point;
and the rendering unit is used for generating remote desktop rendering data corresponding to the target time point according to the layer information of the target key frame and the related incremental frame data.
Sixth embodiment
In the above embodiment, a remote desktop operation auditing method is provided, and corresponding to the remote desktop operation auditing method, the application also provides an electronic device. The device corresponds to an embodiment of the method described above. Since the apparatus embodiments are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points. The device embodiments described below are merely illustrative.
The present application additionally provides an electronic device comprising: a processor and a memory. The memory is used for storing a program for realizing the remote desktop operation auditing method provided by the method embodiment, and the terminal is electrified and runs the program of the method through the processor.
While the preferred embodiment has been described, it is not intended to limit the invention thereto, and any person skilled in the art may make variations and modifications without departing from the spirit and scope of the present invention, so that the scope of the present invention shall be defined by the claims of the present application.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
1. Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer readable media, as defined herein, does not include non-transitory computer readable media (transmission media), such as modulated data signals and carrier waves.
2. It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Claims (14)

1. A remote desktop operation auditing system, comprising:
the screen recording device is used for receiving remote desktop data of the server instance; storing the remote desktop data as incremental frame data to a screen recording file of the current remote desktop operation; generating key frame data at least comprising context remote desktop layer information according to a plurality of increment frame data, and storing the key frame data into the screen recording file; the remote desktop data comprises remote desktop protocol data transmitted between a user terminal and a server instance;
the playback service device is used for determining a target time point of screen recording playback; acquiring a target key frame associated with a target time point; and generating remote desktop rendering data corresponding to the target time point according to the layer information of the target key frame and related incremental frame data.
2. The system of claim 1, further comprising:
the remote desktop simulation device is used for determining a first corresponding relation between the picture data stream channel and the picture data stream and a second corresponding relation between the picture layer and the synthesized picture of the picture data stream according to the remote desktop data; displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation;
and the remote desktop rendering device is used for generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
3. A remote desktop operation auditing method, comprising:
receiving remote desktop data of a server instance; the remote desktop data comprises remote desktop protocol data transmitted between a user terminal and a server instance;
storing the remote desktop data as incremental frame data to a screen recording file of the current remote desktop operation;
generating key frame data at least comprising context remote desktop layer information according to the plurality of incremental frame data;
and storing the key frame data to the screen recording file.
4. A method according to claim 3, further comprising:
Determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a layer and a synthesized picture of the picture data stream according to the remote desktop data;
displaying a simulation picture of remote desktop operation according to the first corresponding relation and the second corresponding relation;
and if the size of the user screen of the remote desktop operation is changed, generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation.
5. The method according to claim 4, wherein,
the generating key frame data at least including context remote desktop layer information according to the plurality of delta frame data includes:
and generating the key frame data according to the first corresponding relation and the second corresponding relation.
6. The method of claim 4, further comprising:
creating a simulator of the remote desktop operation, wherein the simulator is used for executing the steps of determining a first corresponding relation between a picture data stream channel and a picture data stream and a second corresponding relation between a picture layer and a synthesized picture of the picture data stream according to the remote desktop data; executing the step of displaying the simulation picture of the remote desktop operation according to the first corresponding relation and the second corresponding relation; and executing the step of generating remote desktop rendering data according to the first corresponding relation and the second corresponding relation if the size of the user screen of the remote desktop operation changes.
7. The method according to claim 6, wherein,
the simulator for creating the remote desktop operation comprises the following steps:
acquiring the resolution of the user screen;
and creating a drawing board for displaying the simulation picture according to the resolution, wherein the drawing board comprises a plurality of layers.
8. A method according to claim 3, further comprising:
and judging whether key frame data is generated or not according to the generation time information of the last key frame and the increment frame accumulation amount after the last key frame.
9. A method according to claim 3, wherein,
the remote desktop data further includes: approval interaction data for executing dangerous commands by a user, user interaction data and sound data;
the generating key frame data at least including context remote desktop layer information according to the plurality of delta frame data includes:
and generating key frame data comprising context remote desktop layer information, approval interaction information, user interaction information and sound information according to the plurality of incremental frame data.
10. A method according to claim 3, further comprising:
determining a target time point when the screen recording file is played;
Acquiring a target key frame associated with a target time point;
determining position information of sensitive operation according to the layer information of the target key frame;
and coding the sensitive operation according to the position information.
11. A method according to claim 3, further comprising:
generating index data of the key frame;
and acquiring a target key frame associated with the target time point according to the index data.
12. A remote desktop operation auditing method, comprising:
acquiring a screen recording file of a remote desktop of a server instance, wherein the screen recording file comprises incremental frame data and key frame data of the remote desktop, and the key frame data comprises contextual remote desktop layer information generated according to a plurality of incremental frame data; the incremental frame data comprises remote desktop protocol data transmitted between a user terminal and a server instance;
determining a target time point of screen recording playback;
acquiring a target key frame associated with a target time point;
and generating remote desktop rendering data corresponding to the target time point according to the layer information of the target key frame and related incremental frame data.
13. A remote desktop operation auditing device, comprising:
The data receiving unit is used for receiving remote desktop data of the server instance; the remote desktop data comprises remote desktop protocol data transmitted between a user terminal and a server instance;
the incremental frame storage unit is used for storing the remote desktop data as incremental frame data to a screen recording file of the remote desktop operation;
the key frame generation unit is used for generating key frame data at least comprising context remote desktop layer information according to the plurality of incremental frame data;
and the key frame storage unit is used for storing the key frame data to the screen recording file.
14. An electronic device, comprising:
a processor; and
a memory for storing a program for implementing a remote desktop operation auditing method according to any of claims 3-12, the device being powered on and running the program of the method by the processor.
CN202111164017.7A 2021-09-30 2021-09-30 Remote desktop operation auditing method, device and equipment Active CN113992878B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111164017.7A CN113992878B (en) 2021-09-30 2021-09-30 Remote desktop operation auditing method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111164017.7A CN113992878B (en) 2021-09-30 2021-09-30 Remote desktop operation auditing method, device and equipment

Publications (2)

Publication Number Publication Date
CN113992878A CN113992878A (en) 2022-01-28
CN113992878B true CN113992878B (en) 2023-07-07

Family

ID=79737551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111164017.7A Active CN113992878B (en) 2021-09-30 2021-09-30 Remote desktop operation auditing method, device and equipment

Country Status (1)

Country Link
CN (1) CN113992878B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571773A (en) * 2011-12-27 2012-07-11 浙江省电力公司 Information security comprehensive audit system and method
CN106470345A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 Video-encryption transmission method and decryption method, apparatus and system
CN107733901A (en) * 2017-10-23 2018-02-23 成都安恒信息技术有限公司 A kind of Windows remote desktops file for O&M auditing system transmits auditing method
CN108076377A (en) * 2017-12-26 2018-05-25 浙江大华技术股份有限公司 A kind of storage of video, playback method, device, electronic equipment and storage medium
CN112584087A (en) * 2021-02-25 2021-03-30 浙江华创视讯科技有限公司 Video conference recording method, electronic device and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468426B2 (en) * 2008-07-02 2013-06-18 Apple Inc. Multimedia-aware quality-of-service and error correction provisioning
US9113132B2 (en) * 2009-07-13 2015-08-18 Genesys Telecommunications Laboratories, Inc. System and methods for recording a compressed video and audio stream
US9185149B2 (en) * 2012-06-25 2015-11-10 Salesforce.Com, Inc. Systems, methods, and apparatuses for implementing frame aggregation with screen sharing
WO2018098912A1 (en) * 2016-11-29 2018-06-07 华为技术有限公司 Recording and playing method for screen video, and screen recording terminal and playing terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571773A (en) * 2011-12-27 2012-07-11 浙江省电力公司 Information security comprehensive audit system and method
CN106470345A (en) * 2015-08-21 2017-03-01 阿里巴巴集团控股有限公司 Video-encryption transmission method and decryption method, apparatus and system
CN107733901A (en) * 2017-10-23 2018-02-23 成都安恒信息技术有限公司 A kind of Windows remote desktops file for O&M auditing system transmits auditing method
CN108076377A (en) * 2017-12-26 2018-05-25 浙江大华技术股份有限公司 A kind of storage of video, playback method, device, electronic equipment and storage medium
CN112584087A (en) * 2021-02-25 2021-03-30 浙江华创视讯科技有限公司 Video conference recording method, electronic device and storage medium

Also Published As

Publication number Publication date
CN113992878A (en) 2022-01-28

Similar Documents

Publication Publication Date Title
JP6472898B2 (en) Recording / playback method and system for online education
CN112437342B (en) Video editing method and device
KR20210069711A (en) Courseware recording and playback methods, devices, smart interactive tablets and storage media
JP5813767B2 (en) Media recognition and synchronization to motion signals
US20210327150A1 (en) Data sterilization for post-capture editing of artificial reality effects
CN112148571A (en) Method and device for recording and playing back webpage operation process
CN112423095A (en) Game video recording method and device, electronic equipment and storage medium
CN112511818B (en) Video playing quality detection method and device
CN114584821B (en) Video processing method and device
CN113987393A (en) Web page operation recorder, system, device and method
CN113992878B (en) Remote desktop operation auditing method, device and equipment
KR100834543B1 (en) Method and apparatus for sharing a live presentation file over a network
CN114245036B (en) Video production method and device
CN111726701B (en) Information implantation method, video playing method, device and computer equipment
US10049158B1 (en) Analyzing user behavior relative to media content
CN106792219B (en) It is a kind of that the method and device reviewed is broadcast live
JP4429353B2 (en) Capture image recording apparatus and capture image recording program
JP6545439B2 (en) Operation recording apparatus, operation recording and reproducing system, and program
CN112601129A (en) Video interaction system, method and receiving end
KR101833592B1 (en) System and method for configuring a personalized educational content via collect intention of learners
JP2006325082A5 (en)
KR20090128746A (en) Client system, server system, method and data frame for managing screen shot with regard to virtual space
CN114666668B (en) Video playback method, system, equipment and storage medium
JP2022126153A (en) Editorial processing device, editorial processing method, and program
KR20230060916A (en) Realistic contents virtual reality platform server, realistic contents virtual reality system including the same, and method of operating realistic contents virtual reality platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40067038

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant