WO2018036233A1 - Information processing method, device and computer storage medium - Google Patents

Information processing method, device and computer storage medium Download PDF

Info

Publication number
WO2018036233A1
WO2018036233A1 PCT/CN2017/086016 CN2017086016W WO2018036233A1 WO 2018036233 A1 WO2018036233 A1 WO 2018036233A1 CN 2017086016 W CN2017086016 W CN 2017086016W WO 2018036233 A1 WO2018036233 A1 WO 2018036233A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
identity information
terminal device
user identity
information
Prior art date
Application number
PCT/CN2017/086016
Other languages
French (fr)
Chinese (zh)
Inventor
宋云霞
Original Assignee
深圳市中兴微电子技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市中兴微电子技术有限公司 filed Critical 深圳市中兴微电子技术有限公司
Publication of WO2018036233A1 publication Critical patent/WO2018036233A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • H04L65/403Arrangements for multi-party communication, e.g. for conferences

Definitions

  • the present invention relates to information processing technologies in the field of communications, and in particular, to an information processing method, apparatus, and computer storage medium.
  • the embodiment of the invention provides an information processing method, a device and a computer storage medium, which can effectively solve the data leakage problem existing in the existing conference scheme.
  • an embodiment of the present invention provides an information processing method, where the method includes:
  • the verifying the user identity information and sending the verification result to the first server includes:
  • the user identity information is in the preset identity information, determining that the user identity information is successfully verified.
  • the method further includes:
  • the embodiment of the present invention provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
  • an embodiment of the present invention provides an information processing method, where the method includes:
  • the method further includes:
  • determining whether the terminal device meets the preset condition includes:
  • the determining, according to the identifier information, whether the terminal device meets a preset condition includes:
  • the embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
  • an embodiment of the present invention provides an information processing apparatus, where the apparatus includes: a first receiving unit, a first sending unit, a second receiving unit, a third receiving unit, and a first processing unit; wherein:
  • the first receiving unit is configured to receive user identity information sent by the first server
  • the first sending unit is configured to verify the user identity information, and send a verification result to the first server;
  • the second receiving unit is configured to: if the user identity information is successfully verified, receive a determination result of the terminal device sent by the first server;
  • the third receiving unit is configured to receive an operation request sent by the first server if the terminal device meets a preset condition
  • the first processing unit is configured to determine whether the first operation corresponding to the operation request is within the preset authority, and send the determination result that the first operation is within the preset authority to the first server.
  • the first sending unit includes: a first determining module and a processing module; wherein:
  • the first determining module is configured to determine whether the user identity information is in the preset identity information, and send the determination result to the first server;
  • the processing module is configured to determine that the terminal device is successfully verified if the user identity information is in the preset identity information.
  • the apparatus further includes an acquisition unit; wherein:
  • the acquiring unit is configured to acquire the preset identity information, and store the preset identity information.
  • an embodiment of the present invention provides an information processing apparatus, where the apparatus includes: a second processing unit, a fourth receiving unit, a determining unit, a second sending unit, a third processing unit, and a fourth processing unit; wherein:
  • the second processing unit is configured to acquire user identity information, and send the user identity information to the second server;
  • the fourth receiving unit is configured to receive the user identity sent by the second server The verification result of the information
  • the determining unit is configured to determine, if the user identity information is successfully verified, whether the terminal device meets a preset condition
  • the second sending unit is configured to send a determination result to the second server
  • the third processing unit is configured to: if the terminal device meets a preset condition, receive an operation request sent by the terminal device, and forward the operation request to the second server;
  • the fourth processing unit is configured to receive a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, perform the first operation.
  • the apparatus further includes: a generating unit; wherein:
  • the generating unit is configured to generate an alarm message if the verification of the user identity information fails.
  • the determining unit includes: an obtaining module and a second determining module; wherein:
  • the acquiring module is configured to acquire the identifier information of the terminal device if the user identity information is successfully verified;
  • the second determining module is configured to determine, according to the identifier information, whether the terminal device meets the preset condition.
  • the second determining module is further configured to determine whether the identifier information matches the preset identifier information; if the identifier information matches the preset identifier information, determining that the terminal device is consistent Preset conditions.
  • the second server after receiving the user identity information sent by the first server, the second server verifies the user identity information, and sends the verification result to the first server, if the user identity information If the verification succeeds, the first server determines whether the terminal device meets the preset condition. If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the operation request to the second server, and then the second server determines the operation.
  • the security server can judge the authority of the operation request sent by the terminal device under the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable, thereby ensuring the security of the participating conference personnel and the terminal used for the conference.
  • the reliability of the device can further monitor the operations of the participating conference personnel, effectively solve the data leakage problem existing in the existing conference solution, thereby reducing the risk of data leakage and improving the information security of the office system.
  • FIG. 1 is a schematic flowchart of an information processing method according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart diagram of another information processing method according to an embodiment of the present disclosure.
  • FIG. 3 is a schematic flowchart diagram of still another information processing method according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic flowchart diagram of still another information processing method according to an embodiment of the present disclosure.
  • FIG. 5 is a schematic structural diagram of a system according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of an information processing apparatus according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of another information processing apparatus according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of still another information processing apparatus according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of an information processing apparatus according to another embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of another information processing apparatus according to another embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of still another information processing apparatus according to another embodiment of the present invention.
  • An embodiment of the present invention provides an information processing method. Referring to FIG. 1, the method includes the following steps:
  • Step 101 Receive user identity information sent by the first server.
  • the step 101 of receiving the user identity information sent by the first server may be implemented by the second server.
  • the user identity information may be fingerprint information, iris information, face recognition information, and the like of the participating conference personnel.
  • the first server can be a conference server and the second server can be a secure server.
  • Step 102 Verify user identity information, and send the verification result to the first server.
  • step 102 validates the user identity information and sends the verification result to the first server, which can be implemented by the second server.
  • the second server may perform matching analysis on the received user identity information with the preset identity information in the preset identity information database to verify the user identity information.
  • Step 103 If the user identity information is successfully verified, receiving a determination result of the terminal device sent by the first server.
  • the determination result of receiving the terminal device sent by the first server may be implemented by the second server.
  • the conference server can determine the reliability of the terminal device, and send the determination result to the security server, which can be implemented by determining whether the terminal device meets the preset condition.
  • Step 104 Receive an operation request sent by the first server if the terminal device meets the preset condition.
  • the operation request sent by the first server may be implemented by the second server.
  • the operation request is sent by the participating conference personnel to the conference server by using the terminal device, and the operation request may be sent by the participating conference personnel by voice, touch screen, keyboard input, or the like.
  • Step 105 Determine whether the first operation corresponding to the operation request is within the preset authority, and send the determination result of whether the first operation is within the preset authority to the first server.
  • step 105 determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server, and may be performed by the second
  • the server is implemented.
  • the conference server can run in a secure environment with a processor with security isolation function, and can manage the conference process and store conference information, be responsible for reliability authentication and login of the terminal device, update stored conference records and data, and update user identity information.
  • a mobile router can also be integrated in the conference server to form a local area network between the terminal device that can log in to the conference server and the conference server.
  • the preset authority may be an operation that is allowed to be performed in advance according to the company's confidentiality regulations, and the preset authority may restrict the permission of some operation requests, and may be stored in the security server.
  • the second server receives the user identity information sent by the first server and verifies the user identity information, and then sends the verification result to the first server, and when the user identity information is successfully verified, receiving The judgment result of the terminal device sent by the first server, when the terminal device also meets the preset condition, receives an operation request sent by the first server, and determines whether the first operation corresponding to the operation request is within the preset authority, and then the first Whether the operation result is sent to the first server in the preset authority, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can be legal in the identity information of the participating conference personnel.
  • the authority of the operation request sent by the terminal device is judged to ensure the security of the participants and the reliability of the terminal device used for the conference, thereby monitoring the operation of the participating conference personnel and effectively solving the problem.
  • Information leaks in existing conference programs Thereby reducing the risk of data leakage, improve information security office system.
  • the embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
  • An embodiment of the present invention provides an information processing method. Referring to FIG. 2, the method includes the following steps:
  • Step 201 Acquire user identity information, and send user identity information to the second server.
  • step 201 acquires user identity information, and sending the user identity information to the second server may be implemented by the first server.
  • Step 202 Receive a verification result of user identity information sent by the second server.
  • the verification result that the step 202 receives the user identity information sent by the second server may be implemented by the first server.
  • Step 203 If the user identity information is successfully verified, determine whether the terminal device meets the preset condition, and send the determination result to the second server.
  • the terminal device that meets the preset condition may be a security intelligent terminal based on the TrustZone technology produced by a specific manufacturer, for example, a security intelligent terminal such as a smart phone or a tablet computer.
  • Step 204 If the terminal device meets the preset condition, receive an operation request sent by the terminal device and forward the request to the second server.
  • step 204 if the terminal device meets the preset condition, receiving the operation request sent by the terminal device and forwarding to the second server may be implemented by the first server.
  • Step 205 Receive a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, perform the first operation.
  • the step 205 receives the determination result of the operation request sent by the second server. If the first operation corresponding to the operation request is within the preset authority, the performing the first operation may be implemented by the second server.
  • the security server can run in a secure environment with a processor with security isolation. It can securely monitor all conference servers in the company and collect all conference information.
  • the security server has the highest operational authority and can operate conference records (such as deleting Or finding, etc., when it is found that a terminal device connected to the conference server has a confidential behavior, it may issue an alarm, terminate the conference, or conduct internal company notification according to the confidentiality level corresponding to the confidentiality behavior of the terminal device.
  • the conference server After the conference server receives the judgment result of the operation request sent by the security server, the conference server performs the operation The processing flow corresponding to the request judgment result is sent, and the judgment result of the operation request can be sent to the terminal device, so that the user can know whether the first operation corresponding to the operation request initiated by the user can be performed.
  • the judgment result of the operation request may be that the authority of the first operation is within the preset authority, or the authority of the first operation may exceed the preset authority.
  • the first server receives the user identity information and sends the user identity information to the second server, and then receives the verification result of the user identity information sent by the second server, and when the user identity information is successfully verified, Determining whether the terminal device meets the preset condition and sending the determination result to the second server, receiving the operation request sent by the terminal device and forwarding the operation request to the second server when the terminal device meets the preset condition, and finally receiving the operation request sent by the second server
  • the security server may perform the operation on the terminal device under the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable.
  • the requested authority is judged to ensure the security of the participants and the reliability of the terminal equipment used for the conference, and thus the operation of the participating conference personnel can be monitored, and the data leakage problem existing in the existing conference scheme can be solved, thereby reducing the data.
  • the embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
  • An embodiment of the present invention provides an information processing method. Referring to FIG. 3, the method includes the following steps:
  • Step 301 The first server acquires user identity information, and sends the user identity information to the second server.
  • the terminal device may send a communication request message to the conference server, and establish a communication connection with the conference server after receiving the response information of the conference server for the communication request message.
  • the terminal device can To send the user identity information to the first server, and the first server forwards the user identity information to the second server, for example, the communication request message may be a hello message.
  • the command for collecting the identity information of the user may be sent to the user identity information collection device to collect the identity information of the user.
  • the user identity information is the fingerprint information of the user
  • the user identity information collection device may be a fingerprint collection device.
  • the fingerprint collection device sends the fingerprint information of the participant to the conference server, and then the conference server can send the fingerprint information of the participant to the conference. server.
  • Step 302 The second server receives user identity information sent by the first server.
  • Step 303 The second server verifies the user identity information, and sends the verification result to the first server.
  • Step 304 The first server receives a verification result of the user identity information sent by the second server.
  • Step 305 If the user identity information is successfully verified, the first server determines whether the terminal device meets the preset condition, and sends the determination result to the second server.
  • the first server may determine whether the terminal device meets the preset condition.
  • Step 306 The second server receives a determination result of the terminal device sent by the first server.
  • Step 307 If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the request to the second server.
  • the security server receives the judgment result of the terminal device sent by the conference server that the terminal device meets the preset condition, that is, the terminal device is reliable, and the security server continues to receive the operation request sent by the conference server.
  • the terminal device may encrypt and transmit the operation request to the conference server by using the private key of the user, and the conference server decrypts the encrypted operation request by using the public key of the terminal device to obtain the operation request.
  • the operation request is then forwarded to the secure server.
  • Step 308 The second server receives an operation request sent by the first server.
  • Step 309 The second server determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server.
  • the conference server sends an operation request for accessing the first file and the second file in the remote computer to the security server, and the security server determines the conference. Whether the server can remotely log in to the computer, if the security server determines that the computer can log in remotely, the conference server is notified that the computer can log in to the computer, and then the conference server establishes a communication connection with the computer; meanwhile, the security server determines whether the first file and the second file are Allow access and send the judgment to the conference server.
  • Step 310 The first server receives a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, performing the first operation.
  • the first server if the first operation corresponding to the operation request is not within the preset authority, the first server generates the alarm information. If the access right of the first file is within the preset permission range, the conference server drives the projection device to project the first file onto the large screen or send to the terminal device; if the access right of the second file exceeds the range of the preset permission The second file is not allowed to access the confidential file. At this time, the security server stores the record and sends the information that the second file does not allow access to the conference server. After receiving the information, the conference server generates an alarm message to drive the alarm. The system alarms and drives the projection device to project the cause of the alarm onto a large screen or to the terminal device.
  • the second server after receiving the user identity information sent by the first server, the second server verifies the user identity information, and sends the verification result to the first service. If the user identity information is successfully verified, the first server determines whether the terminal device meets the preset condition. If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the request to the second server, and then the second The server determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server, so that the first server may be within the preset authority when the first operation is The first operation is performed.
  • the security server can judge the authority of the operation request sent by the terminal device under the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable, thereby ensuring the security of the participating conference personnel and participating in the conference.
  • the reliability of the terminal device can further monitor the operation of the participating conference personnel, and can effectively solve the problem of data leakage in the existing conference solution, thereby reducing the risk of data leakage and improving the information security of the office system.
  • the embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
  • An embodiment of the present invention provides an information processing method. Referring to FIG. 4, the method includes the following steps:
  • Step 401 The first server acquires user identity information, and sends the user identity information to the second server.
  • Step 402 The second server receives user identity information sent by the first server.
  • Step 403 The second server acquires preset identity information, and stores preset identity information.
  • the preset identity information may be the identity information of all the employees of the company, and may be obtained by the conference server controlling the user identity information collection device, and the conference server may store the collected user identity information in a non-secure security. In the volatile database.
  • Step 404 The second server determines whether the user identity information is in the preset identity information, and sends the determination result to the first server.
  • the user identity information is fingerprint information
  • the security server can retrieve the pre-stored finger.
  • the feature value of the fingerprint information in the database is compared with the fingerprint information feature value of the participating conference personnel and the fingerprint information feature value in the pre-stored fingerprint database, if the fingerprint information feature value of the participating conference personnel and the pre-stored fingerprint database are The at least one fingerprint information feature value is the same, indicating that the identity information of the person is legal; if the feature value of the fingerprint information of the participating conference personnel is different from the feature value of all the fingerprint information in the pre-stored fingerprint database, the identity information of the person is illegal.
  • the fingerprint information feature value comparison verification method can be implemented by referring to the prior art, and details are not described herein again.
  • Step 405 The first server receives a determination result of the user identity information sent by the second server.
  • Step 406 If the user identity information is not in the preset identity information, the first server generates an alarm message.
  • Step 407 If the user identity information is in the preset identity information, the first server acquires the identity information of the terminal device.
  • the identifier information of the terminal device may be a digital certificate of the terminal device.
  • the identification information of the terminal device may be information of the manufacturer of the terminal device carried in the digital certificate.
  • the terminal device can encrypt the digital certificate carrying the manufacturer information and send it to the conference server.
  • the encryption processing technology for the digital certificate of the terminal device can refer to the implementation method of the prior art, and details are not described herein.
  • Step 408 The first server determines, according to the identifier information, whether the terminal device meets the preset condition.
  • step 408 can be implemented in the following specific manner:
  • the first server determines whether the identification information matches the preset identification information.
  • the conference server receives the digital certificate sent by the terminal device, decrypts it, obtains the information of the manufacturer in the digital certificate of the terminal device, and then determines whether the manufacturer information of the terminal device is in the manufacturer information of the terminal device stored in advance. If the manufacturer information of the terminal device is in the manufacturer information of the terminal device pre-stored in advance, the conference server determines The terminal device meets the preset condition. If the manufacturer information of the terminal device is not in the manufacturer information of the terminal device pre-stored in advance, the conference server determines that the terminal device does not meet the preset condition.
  • Step 409 The first server sends the determination result of the terminal device to the second server.
  • Step 410 The second server receives a determination result of the terminal device sent by the first server.
  • Step 411 If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the request to the second server.
  • the first server if the terminal device does not meet the preset condition, the first server generates an alarm message.
  • the terminal device receives the operation request for recording the conference issued by the participating conference personnel and encrypts the operation request using its own private key. Then, it is sent to the conference server, and the conference server receives the operation request and decrypts with the public key of the terminal device to obtain an operation request for recording the conference, and sends the operation request to the security server.
  • the operation request for recording the conference sent by the terminal device may further include information about department information, conference topic information, and leadership of the conference.
  • Step 412 The second server receives an operation request sent by the first server.
  • Step 413 The second server determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server.
  • the security server determines whether the conference can be recorded by the conference, and can determine whether the information of the department participating in the conference, the content of the conference, and/or the leadership of the conference meet the recording requirements. For example, if the content of the meeting involves company confidential documents and/or the department participating in the meeting is the core department of the company, etc., the meeting at this time cannot be recorded.
  • Step 414 The first server receives the determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, performing the first operation.
  • the conference server receives the judgment sent by the security server, it is allowed to The video is recorded in the conference, and the conference server drives the camera device controlled by the conference server to record; the conference server sends the video information to the security server in real time, and the security server uses the video security analysis software to analyze the video. If the security server analyzes the video information, it finds that the video server analyzes the video information. When the actual participation of the conference personnel information does not match the preset personnel information, the security server sends an alarm message and sends the alarm information to the conference server.
  • the conference server can directly send a command to the camera device to stop recording and drive the projection device to stop. The reason for the recording is projected onto the large screen or the reason for stopping the recording can be sent to the terminal device and the recording is stopped.
  • the security server analyzes the recording information and finds that the actual participating conference personnel and the preset personnel information completely match, the conference is finished after the conference recording is finished.
  • the server can encrypt the recorded video by using the public key of the terminal device, save the encrypted video to the non-volatile memory, and send a message to the terminal device that the recording is completed and saved successfully.
  • the terminal device wants to view the video of the corresponding conference, it needs to send an application to the conference server. After the conference server passes the application, the terminal device can use the private key to decrypt the video and view the video.
  • the terminal device, the first server, and the second server may be connected through a limited network, a wireless network, a virtual private network (VPN), a File Transfer Protocol (FTP), or the like. Communicate.
  • VPN virtual private network
  • FTP File Transfer Protocol
  • the information processing method of the present invention can be applied to the system shown in FIG. 5, the system can include a terminal device, a conference server, and a security server;
  • the conference server includes: an input module, configured to receive an operation request sent by the terminal device, and distribute and receive The operation request to the security confirmation module, the security control module and the audio and video codec;
  • the shared memory is used for data transmission between the terminal device and the conference server;
  • the fingerprint information collection device is mainly used to adopt the feature value of the user fingerprint information;
  • security control The module is configured to receive an operation request sent by the terminal device and information sent by the security server, and perform an operation corresponding to the information sent by the security server, for example, driving the camera to perform video recording by using a camera driver, and driving the alarm to drive the alarm; Module for ensuring the legitimacy of the terminal device and the security of the transmitted data; secure storage module, data
  • the library and the non-volatile storage device are mainly used for storing conference information, conference records, conference recordings, conference materials, and the like of
  • the sound is driven by the speaker driver of the conference server to drive the speaker.
  • the screen part can be projected to the VGA interface of the video graphics array (VGA) line and the conference server. Displayed on a connected projector or TV terminal; the network communication module is used for intranet data and command transmission with the secure server.
  • VGA video graphics array
  • the security server includes: a security display module, configured to display a certain conference of interest when a conference keyword is input, or display a conference leader and conference information when a terminal device in the conference server has a confidential behavior;
  • the module is used to store fingerprint information of all employees in the company, and verify the fingerprint information sent by the conference server and return the verification result;
  • the security control module is used to monitor the operation request of the terminal device sent by the conference server, when the operation request exceeds the preset When the authority is granted, the warning message is sent;
  • the network communication module is used for intranet data and command transmission with the conference server;
  • the conference record processing module is used to export the conference record, search for a conference record according to the keyword or delete some Meeting minutes, etc.
  • the second server after receiving the user identity information sent by the first server, the second server verifies the user identity information, and sends the verification result to the first server. If the user identity information is successfully verified, the first server Determining whether the terminal device meets the preset condition, if the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the operation request to the second server, and then the second server determines whether the first operation corresponding to the operation request is preset.
  • the security server can participate in the conference
  • the identity information of the personnel is legal and the terminal equipment is reliable before
  • the authority of the operation request sent by the terminal device is judged to ensure the security of the participants and the reliability of the terminal equipment used for the conference, thereby monitoring the operation of the participating conference personnel, and effectively solving the existing conference solution.
  • There is a problem of data leakage which reduces the risk of data leakage and improves the information security of the office system.
  • the embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
  • the embodiment of the present invention provides a second server 5, which can be applied to an information processing method provided by the embodiment corresponding to FIG. 1 and FIG. 3, and the device includes: a first receiving unit 51, The first transmitting unit 52, the second receiving unit 53, the third receiving unit 54, and the first processing unit 55, wherein:
  • the first receiving unit 51 is configured to receive user identity information sent by the first server.
  • the first sending unit 52 is configured to verify user identity information and send the verification result to the first server.
  • the second receiving unit 53 is configured to receive the determination result of the terminal device sent by the first server if the user identity information is successfully verified.
  • the third receiving unit 54 is configured to receive an operation request sent by the first server if the terminal device meets the preset condition.
  • the first processing unit 55 is configured to determine whether the first operation corresponding to the operation request is within the preset authority, and send the determination result of whether the first operation is within the preset authority to the first server.
  • the second server receives the user identity information sent by the first server and verifies the user identity information, and then sends the verification result to the first server, and when the user identity information is successfully verified, receiving The judgment result of the terminal device sent by the first server, when the terminal device also meets the preset condition, receives an operation request sent by the first server, and determines whether the first operation corresponding to the operation request is within the preset authority, and then the first Fuck Whether the result of the determination within the preset authority is sent to the first server, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can be legal in the identity information of the participating conference personnel
  • the authority of the operation request sent by the terminal device is judged to ensure the security of the participants and the reliability of the terminal device used for the conference, thereby monitoring the operation of the participating conference personnel and effectively solving the problem.
  • the first sending unit 52 includes: a first determining module 521 and a processing module 522, where:
  • the first determining module 521 is configured to determine whether the user identity information is in the preset identity information, and send the determination result to the first server.
  • the processing module 522 is configured to determine that the terminal device is successfully verified if the user identity information is in the preset identity information.
  • the apparatus further includes: an obtaining unit 56, wherein:
  • the obtaining unit 56 is configured to acquire preset identity information, and store preset identity information.
  • the second server receives the user identity information sent by the first server and verifies the user identity information, and then sends the verification result to the first server, and when the user identity information is successfully verified, receiving The judgment result of the terminal device sent by the first server, when the terminal device also meets the preset condition, receives an operation request sent by the first server, and determines whether the first operation corresponding to the operation request is within the preset authority, and then the first Whether the operation results in the preset authority are sent to the first server, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can participate in Under the premise that the identity information of the conference personnel is legal and the terminal equipment is reliable, the authority for the operation request sent by the terminal device is judged, so as to ensure the security of the participants and the reliability of the terminal equipment used for the conference, and thus the participation in the conference can be monitored.
  • the operation of personnel can effectively solve the problem of data leakage in existing conference programs, thereby reducing
  • the embodiment of the present invention provides a first server 6, which can be applied to an information processing method provided by the embodiment corresponding to FIG. 2 to FIG. 4.
  • the device includes: a second processing unit 61, and a fourth The receiving unit 62, the determining unit 63, the second transmitting unit 64, the third processing unit 65, and the fourth processing unit 66, wherein:
  • the second processing unit 61 is configured to acquire user identity information and send the user identity information to the second server.
  • the fourth receiving unit 62 is configured to receive a verification result of the user identity information sent by the second server.
  • the determining unit 63 is configured to determine whether the terminal device meets the preset condition if the user identity information is successfully verified.
  • the second sending unit 64 is configured to send the determination result to the second server.
  • the third processing unit 65 is configured to receive an operation request sent by the terminal device and forward the request to the second server if the terminal device meets the preset condition.
  • the fourth processing unit 66 is configured to receive a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, perform the first operation.
  • the first server receives the user identity information and sends the user identity information to the second server, and then receives the verification result of the user identity information sent by the second server, and when the user identity information is successfully verified, Determining whether the terminal device meets the preset condition and sending the determination result to the second server, and receiving the operation request sent by the terminal device when the terminal device meets the preset condition, and forwarding the operation request to the second server, and finally receiving the second server to send If the first operation corresponding to the operation request is within the preset authority, the first operation is performed; thus, the security server can perform the first operation on the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable.
  • the authority of the operation request sent by the device is judged, which ensures the security of the participants and the reliability of the terminal devices used in the conference, and can monitor the operations of the participating conference personnel, and can effectively solve the data leakage in the existing conference solution.
  • the problem is to reduce the risk of data leakage and improve the information security of the office system.
  • the apparatus further includes: a generating unit 67, wherein:
  • the generating unit 67 is configured to generate an alarm message if the verification of the user identity information fails.
  • the determining unit 63 includes: an obtaining module 631 and a second determining module 632, where:
  • the obtaining module 631 is configured to obtain the identifier information of the terminal device if the user identity information is successfully verified.
  • the second determining module 632 is configured to determine, according to the identifier information, whether the terminal device meets the preset condition.
  • the second determining module 632 is further configured to: determine whether the identifier information matches the preset identifier information. If the identification information matches the preset identification information, it is determined that the terminal device meets the preset condition.
  • the first server receives the user identity information and sends the user identity information to the second server, and then receives the verification result of the user identity information sent by the second server, and when the user identity information is successfully verified, Determining whether the terminal device meets the preset condition and sending the determination result to the second server, and receiving the operation request sent by the terminal device when the terminal device meets the preset condition, and forwarding the operation request to the second server, and finally receiving the second server to send If the first operation corresponding to the operation request is within the preset authority, the first operation is performed; thus, the security server can perform the first operation on the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable.
  • the authority of the operation request sent by the device is judged to ensure the security of the participants and the reliability of the terminal devices used for the conference.
  • the operations of the participating conference personnel can be monitored, and the data leakage in the existing conference solution can be effectively solved.
  • the problem is to reduce the risk of data leakage and improve the information security of the office system.
  • the second processing unit 61, the fourth receiving unit 62, the determining unit 63, the second transmitting unit 64, the third processing unit 65, the fourth processing unit 66, the generating unit 67, the obtaining module 631, and the second determining module 632 may all be located in the wireless
  • FPGA Field Programmable Gate Array
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Multimedia (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Disclosed in the embodiments of the present invention are an information processing method, device and computer storage medium, the method comprising: receiving user identity information sent by a first server; verifying the user identity information, and sending a verification result to the first server; receiving a determination result of a terminal device sent by the first server if the user identity information is verified successfully; receiving an operation request sent by the first server if the terminal device meets a preset condition; and determining whether a first operation corresponding to the operation request is within a preset permission, and sending a determination result of whether the first operation is within the preset permission to the first server.

Description

一种信息处理方法、装置及计算机存储介质Information processing method, device and computer storage medium
相关申请的交叉引用Cross-reference to related applications
本申请基于申请号为201610700845.0、申请日为2016年08月22日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。The present application is based on a Chinese patent application filed on Jan. 22, 2016, the filing date of
技术领域Technical field
本发明涉及通信领域中的信息处理技术,尤其涉及一种信息处理方法、装置及计算机存储介质。The present invention relates to information processing technologies in the field of communications, and in particular, to an information processing method, apparatus, and computer storage medium.
背景技术Background technique
随着互联网技术的高速发展以及各种智能移动终端的不断普及,基于智能移动终端的开发应用得到极大的推广,尤其是移动办公过程中智能移动终端开发应用的使用。移动会议是每个公司各个管理部门及各个工作环节做出重要决策的主要形式,目前移动会议的主要形式是会议服务器控制所有参会人员的终端,实现会议网络内部音频、视频的传输或者视频的共享等。现有会议服务器安全性改进的方案中,主要在终端和会议服务器传输数据时采用密钥来提高数据传输的安全性或者优化会议服务器的结构保证会议的安全性。With the rapid development of Internet technology and the increasing popularity of various intelligent mobile terminals, the development and application based on intelligent mobile terminals has been greatly promoted, especially the development and application of intelligent mobile terminals in the mobile office process. Mobile conferences are the main form of important decisions made by each management department and each work link of each company. At present, the main form of mobile conferences is that the conference server controls the terminals of all participants, and realizes the transmission of audio or video inside the conference network or video. Sharing, etc. In the existing solution for improving the security of the conference server, the key is used to improve the security of the data transmission or the structure of the conference server to ensure the security of the conference when the terminal and the conference server transmit data.
但是,现有技术方案中会议方案中,参与会议人员通过会议服务器访问外网或公司网络时易被病毒程序获得会议服务器的控制权使服务器受到攻击,或者参与会议人员访问公司内部数据时,导致公司重要资料泄露的风险,严重影响办公系统的信息安全。 However, in the conference solution in the prior art solution, when the conference participant accesses the external network or the company network through the conference server, it is easy for the virus program to obtain the control of the conference server to cause the server to be attacked, or when the conference personnel access the internal data of the company, The risk of leakage of important information of the company seriously affects the information security of the office system.
发明内容Summary of the invention
本发明实施例提供一种信息处理方法、装置及计算机存储介质,能够有效解决现有会议方案中存在的资料泄露问题。The embodiment of the invention provides an information processing method, a device and a computer storage medium, which can effectively solve the data leakage problem existing in the existing conference scheme.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is implemented as follows:
第一方面,本发明实施例提供一种信息处理方法,所述方法包括:In a first aspect, an embodiment of the present invention provides an information processing method, where the method includes:
接收第一服务器发送的用户身份信息;Receiving user identity information sent by the first server;
验证所述用户身份信息,并发送验证结果至所述第一服务器;Verifying the user identity information and transmitting the verification result to the first server;
若所述用户身份信息验证成功,则接收所述第一服务器发送的终端设备的判断结果;Receiving, by the first server, a determination result of the terminal device, if the user identity information is successfully verified;
若所述终端设备符合预设条件,则接收所述第一服务器发送的操作请求;Receiving an operation request sent by the first server, if the terminal device meets a preset condition;
判断所述操作请求对应的第一操作是否在预设权限内,并将所述第一操作是否在预设权限内的判断结果发送至所述第一服务器。Determining whether the first operation corresponding to the operation request is within the preset authority, and sending the determination result that the first operation is within the preset authority to the first server.
在一实施例中,所述验证所述用户身份信息,并发送验证结果至所述第一服务器,包括:In an embodiment, the verifying the user identity information and sending the verification result to the first server includes:
判断所述用户身份信息是否在预设身份信息中,并发送判断结果至所述第一服务器;Determining whether the user identity information is in the preset identity information, and sending the determination result to the first server;
若所述用户身份信息在所述预设身份信息中,则确定所述用户身份信息验证成功。If the user identity information is in the preset identity information, determining that the user identity information is successfully verified.
在一实施例中,所述方法还包括:In an embodiment, the method further includes:
获取所述预设身份信息,并存储所述预设身份信息。Obtaining the preset identity information, and storing the preset identity information.
本发明实施例提供一种计算机可读介质,所述计算机可读介质中存储有可执行指令,所述可执行指令用于执行本发明实施例所述的信息处理方法。The embodiment of the present invention provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
第二方面,本发明实施例提供一种信息处理方法,所述方法包括: In a second aspect, an embodiment of the present invention provides an information processing method, where the method includes:
获取用户身份信息,并发送所述用户身份信息至第二服务器;Obtaining user identity information, and sending the user identity information to the second server;
接收所述第二服务器发送的所述用户身份信息的验证结果;Receiving a verification result of the user identity information sent by the second server;
若所述用户身份信息验证成功,则判断终端设备是否符合预设条件,并发送判断结果至所述第二服务器;If the user identity information is successfully verified, determining whether the terminal device meets the preset condition, and sending the determination result to the second server;
若所述终端设备符合预设条件,则接收所述终端设备发送的操作请求并转发至所述第二服务器;Receiving, by the terminal device, an operation request sent by the terminal device, and forwarding the operation request to the second server;
接收所述第二服务器发送的操作请求的判断结果,若所述操作请求对应的第一操作在所述预设权限内,则执行所述第一操作。Receiving a determination result of the operation request sent by the second server, if the first operation corresponding to the operation request is within the preset authority, performing the first operation.
在一实施例中,所述方法还包括:In an embodiment, the method further includes:
若所述用户身份信息验证失败,则产生报警信息。If the verification of the user identity information fails, an alarm message is generated.
在一实施例中,所述若所述用户身份信息验证成功,则判断终端设备是否符合预设条件,包括:In an embodiment, if the user identity information is successfully verified, determining whether the terminal device meets the preset condition includes:
若所述用户身份信息验证成功,则获取所述终端设备的标识信息;Obtaining identification information of the terminal device if the user identity information is successfully verified;
基于所述标识信息,判断所述终端设备是否符合所述预设条件。And determining, according to the identifier information, whether the terminal device meets the preset condition.
在一实施例中,所述基于所述标识信息,判断所述终端设备是否符合预设条件,包括:In an embodiment, the determining, according to the identifier information, whether the terminal device meets a preset condition, includes:
判断所述标识信息是否与预设标识信息匹配;Determining whether the identification information matches the preset identification information;
若所述标识信息与所述预设标识信息匹配,则确定所述终端设备符合预设条件。And if the identifier information matches the preset identifier information, determining that the terminal device meets a preset condition.
本发明实施例又提供一种计算机可读介质,所述计算机可读介质中存储有可执行指令,所述可执行指令用于执行本发明实施例所述的信息处理方法。The embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
第三方面,本发明实施例提供一种信息处理装置,所述装置包括:第一接收单元、第一发送单元、第二接收单元、第三接收单元和第一处理单元;其中: In a third aspect, an embodiment of the present invention provides an information processing apparatus, where the apparatus includes: a first receiving unit, a first sending unit, a second receiving unit, a third receiving unit, and a first processing unit; wherein:
所述第一接收单元,配置为接收第一服务器发送的用户身份信息;The first receiving unit is configured to receive user identity information sent by the first server;
所述第一发送单元,配置为验证所述用户身份信息,并发送验证结果至所述第一服务器;The first sending unit is configured to verify the user identity information, and send a verification result to the first server;
所述第二接收单元,配置为若所述用户身份信息验证成功,则接收所述第一服务器发送的终端设备的判断结果;The second receiving unit is configured to: if the user identity information is successfully verified, receive a determination result of the terminal device sent by the first server;
所述第三接收单元,配置为若所述终端设备符合预设条件,则接收所述第一服务器发送的操作请求;The third receiving unit is configured to receive an operation request sent by the first server if the terminal device meets a preset condition;
所述第一处理单元,配置为判断所述操作请求对应的第一操作是否在预设权限内,并将所述第一操作是否在预设权限内的判断结果发送至所述第一服务器。The first processing unit is configured to determine whether the first operation corresponding to the operation request is within the preset authority, and send the determination result that the first operation is within the preset authority to the first server.
在一实施例中,所述第一发送单元包括:第一判断模块和处理模块;其中:In an embodiment, the first sending unit includes: a first determining module and a processing module; wherein:
所述第一判断模块,配置为判断所述用户身份信息是否在预设身份信息中,并发送判断结果至所述第一服务器;The first determining module is configured to determine whether the user identity information is in the preset identity information, and send the determination result to the first server;
所述处理模块,配置为若所述用户身份信息在所述预设身份信息中,则确定所述终端设备验证成功。The processing module is configured to determine that the terminal device is successfully verified if the user identity information is in the preset identity information.
在一实施例中,所述装置还包括获取单元;其中:In an embodiment, the apparatus further includes an acquisition unit; wherein:
所述获取单元,配置为获取所述预设身份信息,并存储所述预设身份信息。The acquiring unit is configured to acquire the preset identity information, and store the preset identity information.
第四方面,本发明实施例提供一种信息处理装置,所述装置包括:第二处理单元、第四接收单元、判断单元、第二发送单元、第三处理单元和第四处理单元;其中:In a fourth aspect, an embodiment of the present invention provides an information processing apparatus, where the apparatus includes: a second processing unit, a fourth receiving unit, a determining unit, a second sending unit, a third processing unit, and a fourth processing unit; wherein:
所述第二处理单元,配置为获取用户身份信息,并发送所述用户身份信息至第二服务器;The second processing unit is configured to acquire user identity information, and send the user identity information to the second server;
所述第四接收单元,配置为接收所述第二服务器发送的所述用户身份 信息的验证结果;The fourth receiving unit is configured to receive the user identity sent by the second server The verification result of the information;
所述判断单元,配置为若所述用户身份信息验证成功,则判断终端设备是否符合预设条件;The determining unit is configured to determine, if the user identity information is successfully verified, whether the terminal device meets a preset condition;
所述第二发送单元,配置为发送判断结果至所述第二服务器;The second sending unit is configured to send a determination result to the second server;
所述第三处理单元,配置为若所述终端设备符合预设条件,则接收所述终端设备发送的操作请求并转发至所述第二服务器;The third processing unit is configured to: if the terminal device meets a preset condition, receive an operation request sent by the terminal device, and forward the operation request to the second server;
所述第四处理单元,配置为接收所述第二服务器发送的操作请求的判断结果,若所述操作请求对应的第一操作在所述预设权限内,则执行所述第一操作。The fourth processing unit is configured to receive a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, perform the first operation.
在一实施例中,所述装置还包括:产生单元;其中:In an embodiment, the apparatus further includes: a generating unit; wherein:
所述产生单元,配置为若所述用户身份信息验证失败,则产生报警信息。The generating unit is configured to generate an alarm message if the verification of the user identity information fails.
在一实施例中,所述判断单元包括:获取模块和第二判断模块;其中:In an embodiment, the determining unit includes: an obtaining module and a second determining module; wherein:
所述获取模块,配置为若所述用户身份信息验证成功,则获取所述终端设备的标识信息;The acquiring module is configured to acquire the identifier information of the terminal device if the user identity information is successfully verified;
所述第二判断模块,配置为基于所述标识信息,判断所述终端设备是否符合所述预设条件。The second determining module is configured to determine, according to the identifier information, whether the terminal device meets the preset condition.
在一实施例中,所述第二判断模块,还配置为判断所述标识信息是否与预设标识信息匹配;若所述标识信息与所述预设标识信息匹配,则确定所述终端设备符合预设条件。In an embodiment, the second determining module is further configured to determine whether the identifier information matches the preset identifier information; if the identifier information matches the preset identifier information, determining that the terminal device is consistent Preset conditions.
本发明实施例所提供的信息处理方法、装置及计算机存储介质,第二服务器接收第一服务器发送的用户身份信息后对用户身份信息进行验证,并发送验证结果至第一服务器,若用户身份信息验证成功,第一服务器判断终端设备是否符合预设条件,若终端设备符合预设条件,第一服务器接收终端设备发送的操作请求并转发至第二服务器,之后第二服务器判断操 作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器,如此第一操作在预设权限内时第一服务器可以执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在的资料泄露问题,进而降低资料被泄露的风险,提高办公系统的信息安全。The information processing method and device and the computer storage medium provided by the embodiment of the present invention, after receiving the user identity information sent by the first server, the second server verifies the user identity information, and sends the verification result to the first server, if the user identity information If the verification succeeds, the first server determines whether the terminal device meets the preset condition. If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the operation request to the second server, and then the second server determines the operation. Whether the first operation corresponding to the request is within the preset authority, and the determination result of whether the first operation is within the preset authority is sent to the first server, so that the first server can execute the first operation when the first operation is within the preset authority In this way, the security server can judge the authority of the operation request sent by the terminal device under the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable, thereby ensuring the security of the participating conference personnel and the terminal used for the conference. The reliability of the device can further monitor the operations of the participating conference personnel, effectively solve the data leakage problem existing in the existing conference solution, thereby reducing the risk of data leakage and improving the information security of the office system.
附图说明DRAWINGS
图1为本发明实施例提供的一种信息处理方法的流程示意图;1 is a schematic flowchart of an information processing method according to an embodiment of the present invention;
图2为本发明实施例提供的另一种信息处理方法的流程示意图;FIG. 2 is a schematic flowchart diagram of another information processing method according to an embodiment of the present disclosure;
图3为本发明实施例提供的又一种信息处理方法的流程示意图;FIG. 3 is a schematic flowchart diagram of still another information processing method according to an embodiment of the present disclosure;
图4为本发明实施例提供的再一种信息处理方法的流程示意图;FIG. 4 is a schematic flowchart diagram of still another information processing method according to an embodiment of the present disclosure;
图5为本发明实施例提供的一种系统结构示意图;FIG. 5 is a schematic structural diagram of a system according to an embodiment of the present disclosure;
图6为本发明实施例提供的一种信息处理装置的结构示意图;FIG. 6 is a schematic structural diagram of an information processing apparatus according to an embodiment of the present disclosure;
图7为本发明实施例提供的另一种信息处理装置的结构示意图;FIG. 7 is a schematic structural diagram of another information processing apparatus according to an embodiment of the present disclosure;
图8为本发明实施例提供的又一种信息处理装置的结构示意图;FIG. 8 is a schematic structural diagram of still another information processing apparatus according to an embodiment of the present disclosure;
图9为本发明另一实施例提供的一种信息处理装置的结构示意图;FIG. 9 is a schematic structural diagram of an information processing apparatus according to another embodiment of the present invention;
图10为本发明另一实施例提供的另一种信息处理装置的结构示意图;FIG. 10 is a schematic structural diagram of another information processing apparatus according to another embodiment of the present invention;
图11为本发明另一实施例提供的又一种信息处理装置的结构示意图。FIG. 11 is a schematic structural diagram of still another information processing apparatus according to another embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings.
本发明实施例提供一种信息处理方法,参照图1所示,该方法包括以下步骤: An embodiment of the present invention provides an information processing method. Referring to FIG. 1, the method includes the following steps:
步骤101、接收第一服务器发送的用户身份信息。Step 101: Receive user identity information sent by the first server.
具体的,步骤101接收第一服务器发送的用户身份信息可以由第二服务器来实现。用户身份信息可以是参与会议人员的指纹信息、虹膜信息、脸部识别信息等。第一服务器可以是会议服务器,第二服务器可以是安全服务器。Specifically, the step 101 of receiving the user identity information sent by the first server may be implemented by the second server. The user identity information may be fingerprint information, iris information, face recognition information, and the like of the participating conference personnel. The first server can be a conference server and the second server can be a secure server.
步骤102、验证用户身份信息,并发送验证结果至第一服务器。Step 102: Verify user identity information, and send the verification result to the first server.
具体的,步骤102验证用户身份信息,并发送验证结果至第一服务器可以由第二服务器来实现。第二服务器可以将接收到的用户身份信息与预设身份信息库中的预设身份信息进行匹配分析来验证用户身份信息。Specifically, step 102 validates the user identity information and sends the verification result to the first server, which can be implemented by the second server. The second server may perform matching analysis on the received user identity information with the preset identity information in the preset identity information database to verify the user identity information.
步骤103、若用户身份信息验证成功,则接收第一服务器发送的终端设备的判断结果。Step 103: If the user identity information is successfully verified, receiving a determination result of the terminal device sent by the first server.
具体的,步骤103若用户身份信息验证成功,则接收第一服务器发送的终端设备的判断结果可以由第二服务器来实现。用户身份信息验证成功后,会议服务器可以对终端设备的可靠性进行判断,并将该判断结果发送至安全服务器,具体可以通过判断终端设备是否符合预设条件来实现。Specifically, if the user identity information is successfully verified in step 103, the determination result of receiving the terminal device sent by the first server may be implemented by the second server. After the user identity information is successfully verified, the conference server can determine the reliability of the terminal device, and send the determination result to the security server, which can be implemented by determining whether the terminal device meets the preset condition.
步骤104、若终端设备符合预设条件,则接收第一服务器发送的操作请求。Step 104: Receive an operation request sent by the first server if the terminal device meets the preset condition.
具体的,步骤104若终端设备符合预设条件,则接收第一服务器发送的操作请求可以由第二服务器来实现。其中,操作请求是参与会议人员通过终端设备发送至会议服务器的,该操作请求可以是参与会议人员通过语音、触屏、键盘输入等方式发出的。Specifically, if the terminal device meets the preset condition, the operation request sent by the first server may be implemented by the second server. The operation request is sent by the participating conference personnel to the conference server by using the terminal device, and the operation request may be sent by the participating conference personnel by voice, touch screen, keyboard input, or the like.
步骤105、判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器。Step 105: Determine whether the first operation corresponding to the operation request is within the preset authority, and send the determination result of whether the first operation is within the preset authority to the first server.
具体的,步骤105判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器可以由第二 服务器来实现。会议服务器可以运行在具有安全隔离功能的处理器的安全环境中,能够管理会议过程以及存储会议信息、负责终端设备的可靠性认证及登录、更新存储的会议记录和资料、更新用户身份信息等,会议服务器中还可以集成移动路由器,使能够登录会议服务器的终端设备与会议服务器之间形成一个局域网。预设权限可以是提前根据公司的保密规定设置的允许执行的操作,该预设权限可以对一些操作请求的权限进行限制,可以存储在安全服务器中。Specifically, step 105 determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server, and may be performed by the second The server is implemented. The conference server can run in a secure environment with a processor with security isolation function, and can manage the conference process and store conference information, be responsible for reliability authentication and login of the terminal device, update stored conference records and data, and update user identity information. A mobile router can also be integrated in the conference server to form a local area network between the terminal device that can log in to the conference server and the conference server. The preset authority may be an operation that is allowed to be performed in advance according to the company's confidentiality regulations, and the preset authority may restrict the permission of some operation requests, and may be stored in the security server.
本发明实施例所提供的信息处理方法,第二服务器接收第一服务器发送的用户身份信息并对用户身份信息进行验证,之后将验证结果发送至第一服务器,当用户身份信息验证成功时,接收第一服务器发送的终端设备的判断结果,当终端设备也符合预设条件时,接收第一服务器发送的操作请求,并判断操作请求对应的第一操作是否在预设权限内,然后将第一操作是否在预设权限内的判断结果发送至第一服务器,以便于第一操作在预设权限内时第一服务器可以执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在的资料泄露问题,进而降低资料被泄露的风险,提高办公系统的信息安全。In the information processing method provided by the embodiment of the present invention, the second server receives the user identity information sent by the first server and verifies the user identity information, and then sends the verification result to the first server, and when the user identity information is successfully verified, receiving The judgment result of the terminal device sent by the first server, when the terminal device also meets the preset condition, receives an operation request sent by the first server, and determines whether the first operation corresponding to the operation request is within the preset authority, and then the first Whether the operation result is sent to the first server in the preset authority, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can be legal in the identity information of the participating conference personnel. On the premise that the terminal device is reliable, the authority of the operation request sent by the terminal device is judged to ensure the security of the participants and the reliability of the terminal device used for the conference, thereby monitoring the operation of the participating conference personnel and effectively solving the problem. Information leaks in existing conference programs , Thereby reducing the risk of data leakage, improve information security office system.
本发明实施例又提供一种计算机可读介质,所述计算机可读介质中存储有可执行指令,所述可执行指令用于执行本发明实施例所述的信息处理方法。The embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
本发明实施例提供一种信息处理方法,参照图2所示,该方法包括以下步骤:An embodiment of the present invention provides an information processing method. Referring to FIG. 2, the method includes the following steps:
步骤201、获取用户身份信息,并发送用户身份信息至第二服务器。 Step 201: Acquire user identity information, and send user identity information to the second server.
具体的,步骤201获取用户身份信息,并发送用户身份信息至第二服务器可以由第一服务器来实现。Specifically, step 201 acquires user identity information, and sending the user identity information to the second server may be implemented by the first server.
步骤202、接收第二服务器发送的用户身份信息的验证结果。Step 202: Receive a verification result of user identity information sent by the second server.
具体的,步骤202接收第二服务器发送的用户身份信息的验证结果可以由第一服务器来实现。Specifically, the verification result that the step 202 receives the user identity information sent by the second server may be implemented by the first server.
步骤203、若用户身份信息验证成功,则判断终端设备是否符合预设条件,并发送判断结果至第二服务器。Step 203: If the user identity information is successfully verified, determine whether the terminal device meets the preset condition, and send the determination result to the second server.
具体的,步骤203若用户身份信息验证成功,则判断终端设备是否符合预设条件,并发送判断结果至第二服务器可以由第一服务器来实现。符合预设条件的终端设备可以是预设的特定厂商生产的基于TrustZone技术的安全智能终端,例如可以是智能手机、平板电脑等安全智能终端。Specifically, if the user identity information is successfully verified in step 203, it is determined whether the terminal device meets the preset condition, and the sending of the determination result to the second server may be implemented by the first server. The terminal device that meets the preset condition may be a security intelligent terminal based on the TrustZone technology produced by a specific manufacturer, for example, a security intelligent terminal such as a smart phone or a tablet computer.
步骤204、若终端设备符合预设条件,则接收终端设备发送的操作请求并转发至第二服务器。Step 204: If the terminal device meets the preset condition, receive an operation request sent by the terminal device and forward the request to the second server.
具体的,步骤204若终端设备符合预设条件,则接收终端设备发送的操作请求并转发至第二服务器可以由第一服务器来实现。Specifically, in step 204, if the terminal device meets the preset condition, receiving the operation request sent by the terminal device and forwarding to the second server may be implemented by the first server.
步骤205、接收第二服务器发送的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作。Step 205: Receive a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, perform the first operation.
具体的,步骤205接收第二服务器发送的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作可以由第二服务器来实现。安全服务器可以运行在具有安全隔离功能的处理器的安全环境中,可以对公司内部所有的会议服务器进行安全监控、并统计所有会议信息;安全服务器具有最高的操作权限,可以操作会议记录(例如删除或查找等),当发现连接会议服务器的某一个终端设备有涉密行为时,可以根据终端设备涉密行为对应的涉密等级发出报警、终止会议或者进行公司内部通报等。会议服务器接收到安全服务器发送的操作请求的判断结果后,执行与该操 作请求判断结果对应的处理流程,同时可以将该操作请求的判断结果发送至终端设备,这样用户就可以知道自己发起的操作请求对应的第一操作是否可以进行。其中,操作请求的判断结果可以是第一操作的权限在预设权限内,也可以是第一操作的权限超出预设权限。Specifically, the step 205 receives the determination result of the operation request sent by the second server. If the first operation corresponding to the operation request is within the preset authority, the performing the first operation may be implemented by the second server. The security server can run in a secure environment with a processor with security isolation. It can securely monitor all conference servers in the company and collect all conference information. The security server has the highest operational authority and can operate conference records (such as deleting Or finding, etc., when it is found that a terminal device connected to the conference server has a confidential behavior, it may issue an alarm, terminate the conference, or conduct internal company notification according to the confidentiality level corresponding to the confidentiality behavior of the terminal device. After the conference server receives the judgment result of the operation request sent by the security server, the conference server performs the operation The processing flow corresponding to the request judgment result is sent, and the judgment result of the operation request can be sent to the terminal device, so that the user can know whether the first operation corresponding to the operation request initiated by the user can be performed. The judgment result of the operation request may be that the authority of the first operation is within the preset authority, or the authority of the first operation may exceed the preset authority.
本发明实施例所提供的信息处理方法,第一服务器接收用户身份信息并将用户身份信息发送给第二服务器,然后接收第二服务器发送的用户身份信息的验证结果,当用户身份信息验证成功,判断终端设备是否符合预设条件并将判断结果发送至第二服务器,在终端设备符合预设条件时接收终端设备发送的操作请求并转发至第二服务器,最后接收第二服务器发送的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够解决现有会议方案中存在的资料泄露问题,进而降低资料被泄露的风险,提高办公系统的信息安全。In the information processing method provided by the embodiment of the present invention, the first server receives the user identity information and sends the user identity information to the second server, and then receives the verification result of the user identity information sent by the second server, and when the user identity information is successfully verified, Determining whether the terminal device meets the preset condition and sending the determination result to the second server, receiving the operation request sent by the terminal device and forwarding the operation request to the second server when the terminal device meets the preset condition, and finally receiving the operation request sent by the second server As a result of the judgment, if the first operation corresponding to the operation request is within the preset authority, the first operation is performed; thus, the security server may perform the operation on the terminal device under the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable. The requested authority is judged to ensure the security of the participants and the reliability of the terminal equipment used for the conference, and thus the operation of the participating conference personnel can be monitored, and the data leakage problem existing in the existing conference scheme can be solved, thereby reducing the data. The risk of being leaked, Information security high office system.
本发明实施例又提供一种计算机可读介质,所述计算机可读介质中存储有可执行指令,所述可执行指令用于执行本发明实施例所述的信息处理方法。The embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
本发明实施例提供一种信息处理方法,参照图3所示,该方法包括以下步骤:An embodiment of the present invention provides an information processing method. Referring to FIG. 3, the method includes the following steps:
步骤301、第一服务器获取用户身份信息,并发送用户身份信息至第二服务器。Step 301: The first server acquires user identity information, and sends the user identity information to the second server.
具体的,参与会议人员在终端设备中打开会议应用切换到安全界面后,终端设备可以向会议服务器发送通信请求消息,在接收到会议服务器针对通信请求消息的应答信息后与会议服务器建立通信连接,之后终端设备可 以发送用户身份信息至第一服务器,同时第一服务器转发用户身份信息至第二服务器,例如通信请求消息可以是hello消息。会议服务器与终端设备建立连接后,可以发送采集用户身份信息的命令至用户身份信息采集设备来采集用户身份信息。例如用户身份信息为用户的指纹信息,用户身份信息采集设备可以是指纹采集设备;指纹采集设备发送采集参与会议人员的指纹信息至会议服务器,之后会议服务器可以将参与会议人员的指纹信息发送给安全服务器。Specifically, after the conference participant opens the conference application in the terminal device and switches to the security interface, the terminal device may send a communication request message to the conference server, and establish a communication connection with the conference server after receiving the response information of the conference server for the communication request message. After the terminal device can To send the user identity information to the first server, and the first server forwards the user identity information to the second server, for example, the communication request message may be a hello message. After the conference server establishes a connection with the terminal device, the command for collecting the identity information of the user may be sent to the user identity information collection device to collect the identity information of the user. For example, the user identity information is the fingerprint information of the user, and the user identity information collection device may be a fingerprint collection device. The fingerprint collection device sends the fingerprint information of the participant to the conference server, and then the conference server can send the fingerprint information of the participant to the conference. server.
步骤302、第二服务器接收第一服务器发送的用户身份信息。Step 302: The second server receives user identity information sent by the first server.
步骤303、第二服务器验证用户身份信息,并发送验证结果至第一服务器。Step 303: The second server verifies the user identity information, and sends the verification result to the first server.
步骤304、第一服务器接收第二服务器发送的用户身份信息的验证结果。Step 304: The first server receives a verification result of the user identity information sent by the second server.
步骤305、若用户身份信息验证成功,则第一服务器判断终端设备是否符合预设条件,并发送判断结果至第二服务器。Step 305: If the user identity information is successfully verified, the first server determines whether the terminal device meets the preset condition, and sends the determination result to the second server.
具体的,若用户身份信息与预设身份信息匹配表明参与会议人员的用户身份信息验证成功,此时第一服务器可以判断终端设备是否符合预设条件。Specifically, if the user identity information matches the preset identity information, the user identity information of the participant is successfully verified, and the first server may determine whether the terminal device meets the preset condition.
步骤306、第二服务器接收第一服务器发送的终端设备的判断结果。Step 306: The second server receives a determination result of the terminal device sent by the first server.
步骤307、若终端设备符合预设条件,则第一服务器接收终端设备发送的操作请求并转发至第二服务器。Step 307: If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the request to the second server.
具体的,安全服务器接收到会议服务器发送的终端设备的判断结果为终端设备符合预设条件,即说明终端设备是可靠的,安全服务器继续接收会议服务器发送的操作请求。例如,终端设备接收用户发送的操作请求后可以利用自己的私钥对该操作请求进行加密并发送至会议服务器,会议服务器使用终端设备的公钥对加密后的操作请求进行解密得到该操作请求, 之后将该操作请求转发至安全服务器。Specifically, the security server receives the judgment result of the terminal device sent by the conference server that the terminal device meets the preset condition, that is, the terminal device is reliable, and the security server continues to receive the operation request sent by the conference server. For example, after receiving the operation request sent by the user, the terminal device may encrypt and transmit the operation request to the conference server by using the private key of the user, and the conference server decrypts the encrypted operation request by using the public key of the terminal device to obtain the operation request. The operation request is then forwarded to the secure server.
步骤308、第二服务器接收第一服务器发送的操作请求。Step 308: The second server receives an operation request sent by the first server.
步骤309、第二服务器判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器。Step 309: The second server determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server.
具体的,以用户需要访问远程计算机中的第一文件和第二文件为例进行说明:会议服务器向安全服务器发送申请访问远程计算机中的第一文件和第二文件的操作请求,安全服务器判断会议服务器能否远程登录该计算机,若安全服务器判断该计算机可以远程登录,则告知会议服务器可以登录该计算机,之后会议服务器与该计算机建立通信连接;同时,安全服务器判断第一文件和第二文件是否允许访问,并将判断结果发送至会议服务器。Specifically, the user needs to access the first file and the second file in the remote computer as an example: the conference server sends an operation request for accessing the first file and the second file in the remote computer to the security server, and the security server determines the conference. Whether the server can remotely log in to the computer, if the security server determines that the computer can log in remotely, the conference server is notified that the computer can log in to the computer, and then the conference server establishes a communication connection with the computer; meanwhile, the security server determines whether the first file and the second file are Allow access and send the judgment to the conference server.
步骤310、第一服务器接收第二服务器发送的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作。Step 310: The first server receives a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, performing the first operation.
具体的,若操作请求对应的第一操作不在预设权限内,则第一服务器产生警报信息。若第一文件的访问权限在预设权限范围内,则会议服务器驱动投影设备将第一文件投影到大屏幕上或者发送至终端设备上;若第二文件的访问权限超出了预设权限的范围,即第二文件为涉密文件不允许访问,此时安全服务器将此条记录进行存储,并发送第二文件不允许访问的信息至会议服务器,会议服务器接收到该信息后产生报警信息驱动报警系统报警,并驱动投影设备将报警的原因投影到大屏幕上或者发送至终端设备。Specifically, if the first operation corresponding to the operation request is not within the preset authority, the first server generates the alarm information. If the access right of the first file is within the preset permission range, the conference server drives the projection device to project the first file onto the large screen or send to the terminal device; if the access right of the second file exceeds the range of the preset permission The second file is not allowed to access the confidential file. At this time, the security server stores the record and sends the information that the second file does not allow access to the conference server. After receiving the information, the conference server generates an alarm message to drive the alarm. The system alarms and drives the projection device to project the cause of the alarm onto a large screen or to the terminal device.
需要说明的是,本实施例中与其它实施例中相同步骤或者概念的解释,可以参照其它实施例中的描述,此处不再赘述。It should be noted that the description of the same steps or concepts in the other embodiments may be referred to in other embodiments, and details are not described herein again.
本发明实施例所提供的信息处理方法,第二服务器接收第一服务器发送的用户身份信息后对用户身份信息进行验证,并发送验证结果至第一服 务器,若用户身份信息验证成功,第一服务器判断终端设备是否符合预设条件,若终端设备符合预设条件,第一服务器接收终端设备发送的操作请求并转发至第二服务器,之后第二服务器判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器,如此第一操作在预设权限内时第一服务器可以执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在资料泄露的问题,进而降低资料被泄露的风险,提高办公系统的信息安全。According to the information processing method provided by the embodiment of the present invention, after receiving the user identity information sent by the first server, the second server verifies the user identity information, and sends the verification result to the first service. If the user identity information is successfully verified, the first server determines whether the terminal device meets the preset condition. If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the request to the second server, and then the second The server determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server, so that the first server may be within the preset authority when the first operation is The first operation is performed. In this way, the security server can judge the authority of the operation request sent by the terminal device under the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable, thereby ensuring the security of the participating conference personnel and participating in the conference. The reliability of the terminal device can further monitor the operation of the participating conference personnel, and can effectively solve the problem of data leakage in the existing conference solution, thereby reducing the risk of data leakage and improving the information security of the office system.
本发明实施例又提供一种计算机可读介质,所述计算机可读介质中存储有可执行指令,所述可执行指令用于执行本发明实施例所述的信息处理方法。The embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
本发明实施例提供一种信息处理方法,参照图4所示,该方法包括以下步骤:An embodiment of the present invention provides an information processing method. Referring to FIG. 4, the method includes the following steps:
步骤401、第一服务器获取用户身份信息,并发送用户身份信息至第二服务器。Step 401: The first server acquires user identity information, and sends the user identity information to the second server.
步骤402、第二服务器接收第一服务器发送的用户身份信息。Step 402: The second server receives user identity information sent by the first server.
步骤403、第二服务器获取预设身份信息,并存储预设身份信息。Step 403: The second server acquires preset identity information, and stores preset identity information.
具体的,预设身份信息可以是公司所有员工的身份信息,具体可以是会议服务器控制用户身份信息采集设备来得到的,会议服务器可以将采集到的用户身份信息存储在自身安全性较高的非易失性数据库中。Specifically, the preset identity information may be the identity information of all the employees of the company, and may be obtained by the conference server controlling the user identity information collection device, and the conference server may store the collected user identity information in a non-secure security. In the volatile database.
步骤404、第二服务器判断用户身份信息是否在预设身份信息中,并发送判断结果至第一服务器。Step 404: The second server determines whether the user identity information is in the preset identity information, and sends the determination result to the first server.
具体的,例如用户身份信息为指纹信息,安全服务器可以调取预存指 纹数据库中的指纹信息的特征值,将采集到的参与会议人员的指纹信息特征值与预存指纹数据库中的指纹信息特征值进行对比验证,如果参与会议人员的指纹信息特征值与预存指纹数据库中的至少一个指纹信息特征值相同,说明该人员的身份信息合法;如果参与会议人员的指纹信息特征值与预存指纹数据库中的所有指纹信息特征值都不相同,说明该人员的身份信息不合法。其中,指纹信息特征值对比验证方法可以参照现有技术来实现,此处不再赘述。Specifically, for example, the user identity information is fingerprint information, and the security server can retrieve the pre-stored finger. The feature value of the fingerprint information in the database is compared with the fingerprint information feature value of the participating conference personnel and the fingerprint information feature value in the pre-stored fingerprint database, if the fingerprint information feature value of the participating conference personnel and the pre-stored fingerprint database are The at least one fingerprint information feature value is the same, indicating that the identity information of the person is legal; if the feature value of the fingerprint information of the participating conference personnel is different from the feature value of all the fingerprint information in the pre-stored fingerprint database, the identity information of the person is illegal. The fingerprint information feature value comparison verification method can be implemented by referring to the prior art, and details are not described herein again.
步骤405、第一服务器接收第二服务器发送的用户身份信息的判断结果。Step 405: The first server receives a determination result of the user identity information sent by the second server.
步骤406、若用户身份信息不在预设身份信息中,则第一服务器产生报警信息。Step 406: If the user identity information is not in the preset identity information, the first server generates an alarm message.
步骤407、若用户身份信息在预设身份信息中,则第一服务器获取终端设备的标识信息。Step 407: If the user identity information is in the preset identity information, the first server acquires the identity information of the terminal device.
具体的,终端设备的标识信息可以是终端设备的数字证书。在本发明中终端设备的标识信息可以是数字证书中携带的终端设备的生产厂商的信息。终端设备可以对自己的携带有生产厂商信息的数字证书进行加密并发送至会议服务器;其中对终端设备的数字证书进行加密处理技术可以参照现有技术的实现方法,此处不在赘述。Specifically, the identifier information of the terminal device may be a digital certificate of the terminal device. In the present invention, the identification information of the terminal device may be information of the manufacturer of the terminal device carried in the digital certificate. The terminal device can encrypt the digital certificate carrying the manufacturer information and send it to the conference server. The encryption processing technology for the digital certificate of the terminal device can refer to the implementation method of the prior art, and details are not described herein.
步骤408、第一服务器基于标识信息,判断终端设备是否符合预设条件。Step 408: The first server determines, according to the identifier information, whether the terminal device meets the preset condition.
需要说明的是,步骤408可以通过以下具体方式来实现:It should be noted that step 408 can be implemented in the following specific manner:
第一服务器判断标识信息是否与预设标识信息匹配。The first server determines whether the identification information matches the preset identification information.
具体的,会议服务器接收终端设备发送的数字证书后进行解密,得到终端设备的数字证书中的生产厂商的信息,之后判断该终端设备的生产厂商信息是否在提前存储的终端设备的生产厂商信息中;若该终端设备的生产厂商信息在提前预存的终端设备的生产厂商信息中,则会议服务器确定 该终端设备符合预设条件,若该终端设备的生产厂商信息不在提前预存的终端设备的生产厂商信息中,则会议服务器确定该终端设备不符合预设条件。Specifically, the conference server receives the digital certificate sent by the terminal device, decrypts it, obtains the information of the manufacturer in the digital certificate of the terminal device, and then determines whether the manufacturer information of the terminal device is in the manufacturer information of the terminal device stored in advance. If the manufacturer information of the terminal device is in the manufacturer information of the terminal device pre-stored in advance, the conference server determines The terminal device meets the preset condition. If the manufacturer information of the terminal device is not in the manufacturer information of the terminal device pre-stored in advance, the conference server determines that the terminal device does not meet the preset condition.
步骤409、第一服务器发送终端设备的判断结果至第二服务器。Step 409: The first server sends the determination result of the terminal device to the second server.
步骤410、第二服务器接收第一服务器发送的终端设备的判断结果。Step 410: The second server receives a determination result of the terminal device sent by the first server.
步骤411、若终端设备符合预设条件,则第一服务器接收终端设备发送的操作请求并转发至第二服务器。Step 411: If the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the request to the second server.
具体的,若终端设备不符合预设条件,则第一服务器产生报警信息。Specifically, if the terminal device does not meet the preset condition, the first server generates an alarm message.
示例性的,若终端设备的生产厂商信息在提前存储的生产厂商信息中,则终端设备接收参与会议人员发出的对会议进行录像的操作请求并对该操作请求使用自己的私钥进行加密处理,之后发送至会议服务器,会议服务器接收该操作请求并利用终端设备的公钥进行解密得到对会议进行录像的操作请求,并发送给安全服务器。其中,终端设备发送的对会议进行录像的操作请求中还可以包括参与会议的部门信息、会议主题信息、参与会议的领导等信息。Exemplarily, if the manufacturer information of the terminal device is in the manufacturer information stored in advance, the terminal device receives the operation request for recording the conference issued by the participating conference personnel and encrypts the operation request using its own private key. Then, it is sent to the conference server, and the conference server receives the operation request and decrypts with the public key of the terminal device to obtain an operation request for recording the conference, and sends the operation request to the security server. The operation request for recording the conference sent by the terminal device may further include information about department information, conference topic information, and leadership of the conference.
步骤412、第二服务器接收第一服务器发送的操作请求。Step 412: The second server receives an operation request sent by the first server.
步骤413、第二服务器判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器。Step 413: The second server determines whether the first operation corresponding to the operation request is within the preset authority, and sends the determination result of whether the first operation is within the preset authority to the first server.
具体的,安全服务器判断此次的会议能否进行录像,可以通过判断参与会议的部门信息、会议内容和/或参与会议的领导等信息是否符合录像要求来实现的。例如,如果会议内容涉及公司机密文件和/或参与会议的部门为公司核心部门等,此时的会议不能进行被录像。Specifically, the security server determines whether the conference can be recorded by the conference, and can determine whether the information of the department participating in the conference, the content of the conference, and/or the leadership of the conference meet the recording requirements. For example, if the content of the meeting involves company confidential documents and/or the department participating in the meeting is the core department of the company, etc., the meeting at this time cannot be recorded.
步骤414、第一服务器接收第二服务器发送的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作。Step 414: The first server receives the determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, performing the first operation.
示例性的,若会议服务器接收安全服务器发送的判断结果为允许对此 次会议进行录像,则会议服务器驱动会议服务器控制的摄像设备进行录像;会议服务器将录像信息实时发送至安全服务器,安全服务器利用视频安全分析软件对录像进行分析,若安全服务器对录像信息进行分析发现实际参与会议人员信息与预设人员信息不符等异常情况时,安全服务器发出报警信息并发送该报警信息至会议服务器,会议服务器可以直接发送命令至摄像设备使其停止录像、并驱动投影设备将停止录像的原因投影到大屏幕上或者可以向终端设备发送停止录像的理由并停止录像;若安全服务器对录像信息进行分析发现实际参与会议人员与预设人员信息完全符合,则会议录像结束后,会议服务器可以采用终端设备的公钥对录制完成的录像进行加密处理并将该加密录像保存到不易失性的内存中,并向终端设备发送录像完毕并保存成功的消息。该终端设备希望查看对应会议的录像时,需向会议服务器发出申请,当会议服务器通过该申请后该终端设备可以采用自己的私钥对该录像进行解密并查看录像。Exemplarily, if the conference server receives the judgment sent by the security server, it is allowed to The video is recorded in the conference, and the conference server drives the camera device controlled by the conference server to record; the conference server sends the video information to the security server in real time, and the security server uses the video security analysis software to analyze the video. If the security server analyzes the video information, it finds that the video server analyzes the video information. When the actual participation of the conference personnel information does not match the preset personnel information, the security server sends an alarm message and sends the alarm information to the conference server. The conference server can directly send a command to the camera device to stop recording and drive the projection device to stop. The reason for the recording is projected onto the large screen or the reason for stopping the recording can be sent to the terminal device and the recording is stopped. If the security server analyzes the recording information and finds that the actual participating conference personnel and the preset personnel information completely match, the conference is finished after the conference recording is finished. The server can encrypt the recorded video by using the public key of the terminal device, save the encrypted video to the non-volatile memory, and send a message to the terminal device that the recording is completed and saved successfully. When the terminal device wants to view the video of the corresponding conference, it needs to send an application to the conference server. After the conference server passes the application, the terminal device can use the private key to decrypt the video and view the video.
在本发明中,终端设备、第一服务器与第二服务器之间的可以通过有限网络、无线网络、虚拟专用网络(Virtual Private Network,VPN)、文件传输协议(File Transfer Protocol,FTP)等方式来进行通信。In the present invention, the terminal device, the first server, and the second server may be connected through a limited network, a wireless network, a virtual private network (VPN), a File Transfer Protocol (FTP), or the like. Communicate.
本发明的信息处理方法可以应用于图5所示的系统中,该系统可以包括终端设备、会议服务器和安全服务器;会议服务器包括:输入模块,用于接收终端设备发送的操作请求,并分发接收到的操作请求至安全确认模块、安全控制模块和音视频编解码器;共享内存,用于终端设备与会议服务器之间的数据传输;指纹信息采集设备主要用于采用用户指纹信息特征值;安全控制模块,用于接收终端设备发送的操作请求和安全服务器发送的信息,并执行安全服务器发送的信息对应的操作,例如通过摄像头驱动来驱动摄像头进行录像、报警器驱动来驱动报警器报警;安全确认模块,用于保证终端设备的合法性以及传输数据的安全性;安全存储模块、数据 库和非易失性存储设备主要用于存储终端设备的会议信息、会议记录、会议录像以及会议资料等,其中,数据库可以是非易失性存储设备内的一个存储模块;音视频编解码器主要用于播放终端设备或公司内部计算机发送的音频、视频,声音通过会议服务器的扬声器驱动来驱动扬声器播放,画面部分可以投影到使用视频图形阵列(Video Graphics Array,VGA)线与会议服务器的VGA接口连接的投影仪或者电视终端上进行显示;网络通讯模块用于与安全服务器之间的内网数据和命令传输。安全服务器包括:安全显示模块,用于当输入会议关键字时,显示关注的某个会议,或者当会议服务器中的某个终端设备有涉密行为时,显示会议负责人和会议信息;安全认证模块用于存储公司内部所有员工的指纹信息,并对会议服务器发送的指纹信息进行验证并返回验证结果;安全控制模块,用于监控会议服务器发送的终端设备的操作请求,当操作请求超出预设权限时,发送警告信息;网络通讯模块,用于与会议服务器之间的内网数据和命令传输;会议记录处理模块,用于将会议记录导出、根据关键字查找某次会议记录或者删除某些会议记录等。The information processing method of the present invention can be applied to the system shown in FIG. 5, the system can include a terminal device, a conference server, and a security server; the conference server includes: an input module, configured to receive an operation request sent by the terminal device, and distribute and receive The operation request to the security confirmation module, the security control module and the audio and video codec; the shared memory is used for data transmission between the terminal device and the conference server; the fingerprint information collection device is mainly used to adopt the feature value of the user fingerprint information; security control The module is configured to receive an operation request sent by the terminal device and information sent by the security server, and perform an operation corresponding to the information sent by the security server, for example, driving the camera to perform video recording by using a camera driver, and driving the alarm to drive the alarm; Module for ensuring the legitimacy of the terminal device and the security of the transmitted data; secure storage module, data The library and the non-volatile storage device are mainly used for storing conference information, conference records, conference recordings, conference materials, and the like of the terminal device, wherein the database may be a storage module in the non-volatile storage device; the audio and video codec is mainly It is used to play audio and video sent by the terminal device or the company's internal computer. The sound is driven by the speaker driver of the conference server to drive the speaker. The screen part can be projected to the VGA interface of the video graphics array (VGA) line and the conference server. Displayed on a connected projector or TV terminal; the network communication module is used for intranet data and command transmission with the secure server. The security server includes: a security display module, configured to display a certain conference of interest when a conference keyword is input, or display a conference leader and conference information when a terminal device in the conference server has a confidential behavior; The module is used to store fingerprint information of all employees in the company, and verify the fingerprint information sent by the conference server and return the verification result; the security control module is used to monitor the operation request of the terminal device sent by the conference server, when the operation request exceeds the preset When the authority is granted, the warning message is sent; the network communication module is used for intranet data and command transmission with the conference server; the conference record processing module is used to export the conference record, search for a conference record according to the keyword or delete some Meeting minutes, etc.
需要说明的是,本实施例中与其它实施例中相同步骤或者概念的解释,可以参照其它实施例中的描述,此处不再赘述。It should be noted that the description of the same steps or concepts in the other embodiments may be referred to in other embodiments, and details are not described herein again.
本发明实施例所提供的信息处理方法,第二服务器接收第一服务器发送的用户身份信息后对用户身份信息进行验证,并发送验证结果至第一服务器,若用户身份信息验证成功,第一服务器判断终端设备是否符合预设条件,若终端设备符合预设条件,第一服务器接收终端设备发送的操作请求并转发至第二服务器,之后第二服务器判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器,如此第一操作在预设权限内时第一服务器可以执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前 提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在资料泄露的问题,进而降低资料被泄露的风险,提高办公系统的信息安全。According to the information processing method provided by the embodiment of the present invention, after receiving the user identity information sent by the first server, the second server verifies the user identity information, and sends the verification result to the first server. If the user identity information is successfully verified, the first server Determining whether the terminal device meets the preset condition, if the terminal device meets the preset condition, the first server receives the operation request sent by the terminal device and forwards the operation request to the second server, and then the second server determines whether the first operation corresponding to the operation request is preset. Within the authority, and sending the determination result of whether the first operation is within the preset authority to the first server, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can participate in the conference The identity information of the personnel is legal and the terminal equipment is reliable before In addition, the authority of the operation request sent by the terminal device is judged to ensure the security of the participants and the reliability of the terminal equipment used for the conference, thereby monitoring the operation of the participating conference personnel, and effectively solving the existing conference solution. There is a problem of data leakage, which reduces the risk of data leakage and improves the information security of the office system.
本发明实施例又提供一种计算机可读介质,所述计算机可读介质中存储有可执行指令,所述可执行指令用于执行本发明实施例所述的信息处理方法。The embodiment of the present invention further provides a computer readable medium, where the computer readable medium stores executable instructions, and the executable instructions are used to execute the information processing method according to the embodiment of the present invention.
本发明实施例提供一种第二服务器5,可应用于图1、3~4对应的实施例提供的一种信息处理方法中,参照图6所示,该装置包括:第一接收单元51、第一发送单元52、第二接收单元53、第三接收单元54和第一处理单元55,其中:The embodiment of the present invention provides a second server 5, which can be applied to an information processing method provided by the embodiment corresponding to FIG. 1 and FIG. 3, and the device includes: a first receiving unit 51, The first transmitting unit 52, the second receiving unit 53, the third receiving unit 54, and the first processing unit 55, wherein:
第一接收单元51,配置为接收第一服务器发送的用户身份信息。The first receiving unit 51 is configured to receive user identity information sent by the first server.
第一发送单元52,配置为验证用户身份信息,并发送验证结果至第一服务器。The first sending unit 52 is configured to verify user identity information and send the verification result to the first server.
第二接收单元53,配置为若用户身份信息验证成功,则接收第一服务器发送的终端设备的判断结果。The second receiving unit 53 is configured to receive the determination result of the terminal device sent by the first server if the user identity information is successfully verified.
第三接收单元54,配置为若终端设备符合预设条件,则接收第一服务器发送的操作请求。The third receiving unit 54 is configured to receive an operation request sent by the first server if the terminal device meets the preset condition.
第一处理单元55,配置为判断操作请求对应的第一操作是否在预设权限内,并将第一操作是否在预设权限内的判断结果发送至第一服务器。The first processing unit 55 is configured to determine whether the first operation corresponding to the operation request is within the preset authority, and send the determination result of whether the first operation is within the preset authority to the first server.
本发明实施例所提供的信息处理装置,第二服务器接收第一服务器发送的用户身份信息并对用户身份信息进行验证,之后将验证结果发送至第一服务器,当用户身份信息验证成功时,接收第一服务器发送的终端设备的判断结果,当终端设备也符合预设条件时,接收第一服务器发送的操作请求,并判断操作请求对应的第一操作是否在预设权限内,然后将第一操 作是否在预设权限内的判断结果发送至第一服务器,以便于第一操作在预设权限内时第一服务器可以执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在资料泄露的问题,进而降低资料被泄露的风险,提高办公系统的信息安全。According to the information processing apparatus provided by the embodiment of the present invention, the second server receives the user identity information sent by the first server and verifies the user identity information, and then sends the verification result to the first server, and when the user identity information is successfully verified, receiving The judgment result of the terminal device sent by the first server, when the terminal device also meets the preset condition, receives an operation request sent by the first server, and determines whether the first operation corresponding to the operation request is within the preset authority, and then the first Fuck Whether the result of the determination within the preset authority is sent to the first server, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can be legal in the identity information of the participating conference personnel On the premise that the terminal device is reliable, the authority of the operation request sent by the terminal device is judged to ensure the security of the participants and the reliability of the terminal device used for the conference, thereby monitoring the operation of the participating conference personnel and effectively solving the problem. There are data leakage problems in the existing conference programs, which in turn reduces the risk of data leakage and improves the information security of the office system.
具体的,参照图7所示,第一发送单元52包括:第一判断模块521和处理模块522,其中:Specifically, referring to FIG. 7, the first sending unit 52 includes: a first determining module 521 and a processing module 522, where:
第一判断模块521,配置为判断用户身份信息是否在预设身份信息中,并发送判断结果至第一服务器。The first determining module 521 is configured to determine whether the user identity information is in the preset identity information, and send the determination result to the first server.
处理模块522,配置为若用户身份信息在预设身份信息中,则确定终端设备验证成功。The processing module 522 is configured to determine that the terminal device is successfully verified if the user identity information is in the preset identity information.
具体的,参照图8所示,该装置还包括:获取单元56,其中:Specifically, referring to FIG. 8, the apparatus further includes: an obtaining unit 56, wherein:
获取单元56,配置为获取预设身份信息,并将存储预设身份信息。The obtaining unit 56 is configured to acquire preset identity information, and store preset identity information.
需要说明的是,本实施例中各个单元和模块之间的交互过程,可以参照图1、3~4对应的实施例提供的一种信息处理方法中的交互过程,此处不再赘述。It should be noted that, in the interaction process between the units and the modules in this embodiment, reference may be made to the interaction process in an information processing method provided by the embodiment corresponding to FIG. 1 and FIG. 3 to FIG. 4, and details are not described herein again.
本发明实施例所提供的信息处理装置,第二服务器接收第一服务器发送的用户身份信息并对用户身份信息进行验证,之后将验证结果发送至第一服务器,当用户身份信息验证成功时,接收第一服务器发送的终端设备的判断结果,当终端设备也符合预设条件时,接收第一服务器发送的操作请求,并判断操作请求对应的第一操作是否在预设权限内,然后将第一操作是否在预设权限内的判断结果发送至第一服务器,以便于第一操作在预设权限内时第一服务器可以执行第一操作;这样,安全服务器可以在参与 会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在资料泄露的问题,进而降低资料被泄露的风险,提高办公系统的信息安全。According to the information processing apparatus provided by the embodiment of the present invention, the second server receives the user identity information sent by the first server and verifies the user identity information, and then sends the verification result to the first server, and when the user identity information is successfully verified, receiving The judgment result of the terminal device sent by the first server, when the terminal device also meets the preset condition, receives an operation request sent by the first server, and determines whether the first operation corresponding to the operation request is within the preset authority, and then the first Whether the operation results in the preset authority are sent to the first server, so that the first server can perform the first operation when the first operation is within the preset authority; thus, the security server can participate in Under the premise that the identity information of the conference personnel is legal and the terminal equipment is reliable, the authority for the operation request sent by the terminal device is judged, so as to ensure the security of the participants and the reliability of the terminal equipment used for the conference, and thus the participation in the conference can be monitored. The operation of personnel can effectively solve the problem of data leakage in existing conference programs, thereby reducing the risk of data leakage and improving the information security of office systems.
本发明实施例提供一种第一服务器6,可应用于图2~4对应的实施例提供的一种信息处理方法中,参照图9所示,该装置包括:第二处理单元61、第四接收单元62、判断单元63、第二发送单元64、第三处理单元65和第四处理单元66,其中:The embodiment of the present invention provides a first server 6, which can be applied to an information processing method provided by the embodiment corresponding to FIG. 2 to FIG. 4. Referring to FIG. 9, the device includes: a second processing unit 61, and a fourth The receiving unit 62, the determining unit 63, the second transmitting unit 64, the third processing unit 65, and the fourth processing unit 66, wherein:
第二处理单元61,配置为获取用户身份信息,并发送用户身份信息至第二服务器。The second processing unit 61 is configured to acquire user identity information and send the user identity information to the second server.
第四接收单元62,配置为接收第二服务器发送的用户身份信息的验证结果。The fourth receiving unit 62 is configured to receive a verification result of the user identity information sent by the second server.
判断单元63,配置为若用户身份信息验证成功,则判断终端设备是否符合预设条件。The determining unit 63 is configured to determine whether the terminal device meets the preset condition if the user identity information is successfully verified.
第二发送单元64,配置为发送判断结果至第二服务器。The second sending unit 64 is configured to send the determination result to the second server.
第三处理单元65,配置为若终端设备符合预设条件,则接收终端设备发送的操作请求并转发至第二服务器。The third processing unit 65 is configured to receive an operation request sent by the terminal device and forward the request to the second server if the terminal device meets the preset condition.
第四处理单元66,配置为接收第二服务器发送的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作。The fourth processing unit 66 is configured to receive a determination result of the operation request sent by the second server, and if the first operation corresponding to the operation request is within the preset authority, perform the first operation.
本发明实施例所提供的信息处理装置,第一服务器接收用户身份信息并将用户身份信息发送给第二服务器,然后接收第二服务器发送的用户身份信息的验证结果,当用户身份信息验证成功,判断终端设备是否符合预设条件并将判断结果发送至第二服务器,在终端设备符合预设条件时接收终端设备发送的操作请求并转发至第二服务器,最后接收第二服务器发送 的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,既得以保证参与会议人员的安全性和参与会议所用终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在资料泄露的问题,进而降低资料被泄露的风险,提高办公系统的信息安全。In the information processing apparatus provided by the embodiment of the present invention, the first server receives the user identity information and sends the user identity information to the second server, and then receives the verification result of the user identity information sent by the second server, and when the user identity information is successfully verified, Determining whether the terminal device meets the preset condition and sending the determination result to the second server, and receiving the operation request sent by the terminal device when the terminal device meets the preset condition, and forwarding the operation request to the second server, and finally receiving the second server to send If the first operation corresponding to the operation request is within the preset authority, the first operation is performed; thus, the security server can perform the first operation on the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable. The authority of the operation request sent by the device is judged, which ensures the security of the participants and the reliability of the terminal devices used in the conference, and can monitor the operations of the participating conference personnel, and can effectively solve the data leakage in the existing conference solution. The problem is to reduce the risk of data leakage and improve the information security of the office system.
具体的,参照图10所示,该装置还包括:产生单元67,其中:Specifically, referring to FIG. 10, the apparatus further includes: a generating unit 67, wherein:
产生单元67,配置为若用户身份信息验证失败,则产生报警信息。The generating unit 67 is configured to generate an alarm message if the verification of the user identity information fails.
具体的,参照图11所示,判断单元63包括:获取模块631和第二判断模块632,其中:Specifically, referring to FIG. 11, the determining unit 63 includes: an obtaining module 631 and a second determining module 632, where:
获取模块631,配置为若用户身份信息验证成功,则获取终端设备的标识信息。The obtaining module 631 is configured to obtain the identifier information of the terminal device if the user identity information is successfully verified.
第二判断模块632,配置为基于标识信息,判断终端设备是否符合预设条件。The second determining module 632 is configured to determine, according to the identifier information, whether the terminal device meets the preset condition.
进一步,第二判断模块632,还配置为:判断标识信息是否与预设标识信息匹配。若标识信息与预设标识信息匹配,则确定终端设备符合预设条件。Further, the second determining module 632 is further configured to: determine whether the identifier information matches the preset identifier information. If the identification information matches the preset identification information, it is determined that the terminal device meets the preset condition.
需要说明的是,本实施例中各个单元和模块之间的交互过程,可以参照图2~4对应的实施例提供的一种语音信息处理方法中的交互过程,此处不再赘述。It should be noted that, in the interaction process between the units and the modules in this embodiment, reference may be made to the interaction process in the voice information processing method provided by the embodiment corresponding to FIG. 2 to FIG. 4, and details are not described herein again.
本发明实施例所提供的信息处理装置,第一服务器接收用户身份信息并将用户身份信息发送给第二服务器,然后接收第二服务器发送的用户身份信息的验证结果,当用户身份信息验证成功,判断终端设备是否符合预设条件并将判断结果发送至第二服务器,在终端设备符合预设条件时接收终端设备发送的操作请求并转发至第二服务器,最后接收第二服务器发送 的操作请求的判断结果,若操作请求对应的第一操作在预设权限内,则执行第一操作;这样,安全服务器可以在参与会议人员的身份信息合法且终端设备可靠的前提下,对终端设备发出的操作请求的权限进行判断,得以保证参与会议人员的安全性和参与会议所用的终端设备的可靠性,进而可以监控参与会议人员的操作,能够有效解决现有会议方案中存在资料泄露的问题,进而降低资料被泄露的风险,提高办公系统的信息安全。In the information processing apparatus provided by the embodiment of the present invention, the first server receives the user identity information and sends the user identity information to the second server, and then receives the verification result of the user identity information sent by the second server, and when the user identity information is successfully verified, Determining whether the terminal device meets the preset condition and sending the determination result to the second server, and receiving the operation request sent by the terminal device when the terminal device meets the preset condition, and forwarding the operation request to the second server, and finally receiving the second server to send If the first operation corresponding to the operation request is within the preset authority, the first operation is performed; thus, the security server can perform the first operation on the premise that the identity information of the participating conference personnel is legal and the terminal device is reliable. The authority of the operation request sent by the device is judged to ensure the security of the participants and the reliability of the terminal devices used for the conference. In addition, the operations of the participating conference personnel can be monitored, and the data leakage in the existing conference solution can be effectively solved. The problem is to reduce the risk of data leakage and improve the information security of the office system.
在实际应用中,第一接收单元51、第一发送单元52、第二接收单元53、第三接收单元54、第一处理单元55、获取单元56、第一判断模块521、处理模块522、第二处理单元61、第四接收单元62、判断单元63、第二发送单元64、第三处理单元65、第四处理单元66、产生单元67、获取模块631和第二判断模块632均可由位于无线数据发送设备中的中央处理器(Central Processing Unit,CPU)、微处理器(Micro Processor Unit,MPU)、数字信号处理器(Digital Signal Processor,DSP)或现场可编程门阵列(Field Programmable Gate Array,FPGA)等实现。In a practical application, the first receiving unit 51, the first sending unit 52, the second receiving unit 53, the third receiving unit 54, the first processing unit 55, the obtaining unit 56, the first determining module 521, the processing module 522, and the The second processing unit 61, the fourth receiving unit 62, the determining unit 63, the second transmitting unit 64, the third processing unit 65, the fourth processing unit 66, the generating unit 67, the obtaining module 631, and the second determining module 632 may all be located in the wireless A Central Processing Unit (CPU), a Micro Processor Unit (MPU), a Digital Signal Processor (DSP), or a Field Programmable Gate Array (Field Programmable Gate Array) in a data transmitting device. FPGA) and other implementations.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现 在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Realize A means of function specified in a flow or a flow and/or a block diagram of a block or blocks.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。 The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims (16)

  1. 一种信息处理方法,所述方法包括:An information processing method, the method comprising:
    接收第一服务器发送的用户身份信息;Receiving user identity information sent by the first server;
    验证所述用户身份信息,发送验证结果至所述第一服务器;Verifying the user identity information, and transmitting the verification result to the first server;
    当所述用户身份信息验证成功,接收所述第一服务器发送的终端设备的判断结果;Receiving, by the first server, a determination result of the terminal device, when the user identity information is successfully verified;
    当所述终端设备符合预设条件,接收所述第一服务器发送的操作请求;Receiving an operation request sent by the first server when the terminal device meets a preset condition;
    判断所述操作请求对应的第一操作是否在预设权限内,将所述第一操作是否在预设权限内的判断结果发送至所述第一服务器。Determining whether the first operation corresponding to the operation request is within the preset authority, and sending the determination result of whether the first operation is within the preset authority to the first server.
  2. 根据权利要求1所述的方法,其中,所述验证所述用户身份信息,发送验证结果至所述第一服务器,包括:The method of claim 1, wherein the verifying the user identity information and transmitting the verification result to the first server comprises:
    判断所述用户身份信息是否在预设身份信息中,发送判断结果至所述第一服务器;Determining whether the user identity information is in the preset identity information, and sending the determination result to the first server;
    当所述用户身份信息在所述预设身份信息中,确定所述用户身份信息验证成功。When the user identity information is in the preset identity information, determining that the user identity information is successfully verified.
  3. 根据权利要求1或2所述的方法,其中,所述方法还包括:The method of claim 1 or 2, wherein the method further comprises:
    获取所述预设身份信息,并存储所述预设身份信息。Obtaining the preset identity information, and storing the preset identity information.
  4. 一种信息处理方法,所述方法包括:An information processing method, the method comprising:
    获取用户身份信息,发送所述用户身份信息至第二服务器;Obtaining user identity information, and sending the user identity information to the second server;
    接收所述第二服务器发送的所述用户身份信息的验证结果;Receiving a verification result of the user identity information sent by the second server;
    若所述用户身份信息验证成功,则判断终端设备是否符合预设条件,并发送判断结果至所述第二服务器;If the user identity information is successfully verified, determining whether the terminal device meets the preset condition, and sending the determination result to the second server;
    当所述终端设备符合预设条件,接收所述终端设备发送的操作请求并转发至所述第二服务器; Receiving, by the terminal device, an operation request sent by the terminal device, and forwarding the operation request to the second server;
    接收所述第二服务器发送的操作请求的判断结果,当所述操作请求对应的第一操作在所述预设权限内,执行所述第一操作。Receiving a determination result of the operation request sent by the second server, when the first operation corresponding to the operation request is within the preset authority, performing the first operation.
  5. 根据权利要求4所述的方法,其中,所述方法还包括:The method of claim 4 wherein the method further comprises:
    当所述用户身份信息验证失败,产生报警信息。When the user identity information verification fails, an alarm message is generated.
  6. 根据权利要求4或5所述的方法,其中,所述当所述用户身份信息验证成功,判断终端设备是否符合预设条件,包括:The method according to claim 4 or 5, wherein the determining whether the terminal device meets the preset condition when the user identity information is successfully verified comprises:
    当所述用户身份信息验证成功,获取所述终端设备的标识信息;Obtaining identification information of the terminal device when the user identity information is successfully verified;
    基于所述标识信息,判断所述终端设备是否符合所述预设条件。And determining, according to the identifier information, whether the terminal device meets the preset condition.
  7. 根据权利要求6所述的方法,其中,所述基于所述标识信息,判断所述终端设备是否符合预设条件,包括:The method according to claim 6, wherein the determining, according to the identification information, whether the terminal device meets a preset condition comprises:
    判断所述标识信息是否与预设标识信息匹配;Determining whether the identification information matches the preset identification information;
    当所述标识信息与所述预设标识信息匹配,确定所述终端设备符合预设条件。When the identifier information matches the preset identifier information, determining that the terminal device meets a preset condition.
  8. 一种信息处理装置,所述装置包括:第一接收单元、第一发送单元、第二接收单元、第三接收单元和第一处理单元;An information processing apparatus, the apparatus comprising: a first receiving unit, a first transmitting unit, a second receiving unit, a third receiving unit, and a first processing unit;
    所述第一接收单元,配置为接收第一服务器发送的用户身份信息;The first receiving unit is configured to receive user identity information sent by the first server;
    所述第一发送单元,配置为验证所述用户身份信息,发送验证结果至所述第一服务器;The first sending unit is configured to verify the user identity information, and send a verification result to the first server;
    所述第二接收单元,配置为当所述用户身份信息验证成功,接收所述第一服务器发送的终端设备的判断结果;The second receiving unit is configured to: when the user identity information is successfully verified, receive a determination result of the terminal device sent by the first server;
    所述第三接收单元,配置为当所述终端设备符合预设条件,接收所述第一服务器发送的操作请求;The third receiving unit is configured to receive an operation request sent by the first server when the terminal device meets a preset condition;
    所述第一处理单元,配置为判断所述操作请求对应的第一操作是否在预设权限内,将所述第一操作是否在预设权限内的判断结果发送至所述第一服务器。 The first processing unit is configured to determine whether the first operation corresponding to the operation request is within the preset authority, and send a determination result of whether the first operation is within the preset authority to the first server.
  9. 根据权利要求8所述的装置,其中,所述第一发送单元包括:第一判断模块和处理模块;The apparatus according to claim 8, wherein the first sending unit comprises: a first determining module and a processing module;
    所述第一判断模块,配置为判断所述用户身份信息是否在预设身份信息中,并发送判断结果至所述第一服务器;The first determining module is configured to determine whether the user identity information is in the preset identity information, and send the determination result to the first server;
    所述处理模块,配置为当所述用户身份信息在所述预设身份信息中,确定所述终端设备验证成功。The processing module is configured to determine that the terminal device is successfully verified when the user identity information is in the preset identity information.
  10. 根据权利要求8或9所述的装置,其中,所述装置还包括获取单元;The apparatus according to claim 8 or 9, wherein said apparatus further comprises an acquisition unit;
    所述获取单元,配置为获取所述预设身份信息,并存储所述预设身份信息。The acquiring unit is configured to acquire the preset identity information, and store the preset identity information.
  11. 一种信息处理装置,所述装置包括:第二处理单元、第四接收单元、判断单元、第二发送单元、第三处理单元和第四处理单元;An information processing apparatus, the apparatus comprising: a second processing unit, a fourth receiving unit, a determining unit, a second transmitting unit, a third processing unit, and a fourth processing unit;
    所述第二处理单元,配置为获取用户身份信息,并发送所述用户身份信息至第二服务器;The second processing unit is configured to acquire user identity information, and send the user identity information to the second server;
    所述第四接收单元,配置为接收所述第二服务器发送的所述用户身份信息的验证结果;The fourth receiving unit is configured to receive a verification result of the user identity information sent by the second server;
    所述判断单元,配置为当所述用户身份信息验证成功,判断终端设备是否符合预设条件;The determining unit is configured to determine whether the terminal device meets the preset condition when the user identity information is successfully verified;
    所述第二发送单元,配置为发送判断结果至所述第二服务器;The second sending unit is configured to send a determination result to the second server;
    所述第三处理单元,配置为当所述终端设备符合预设条件,接收所述终端设备发送的操作请求并转发至所述第二服务器;The third processing unit is configured to receive an operation request sent by the terminal device and forward the operation request to the second server when the terminal device meets a preset condition;
    所述第四处理单元,配置为接收所述第二服务器发送的操作请求的判断结果,当所述操作请求对应的第一操作在所述预设权限内,执行所述第一操作。The fourth processing unit is configured to receive a determination result of the operation request sent by the second server, and perform the first operation when the first operation corresponding to the operation request is within the preset authority.
  12. 根据权利要求11所述的装置,其中,所述装置还包括:产生单 元;The apparatus of claim 11 wherein said apparatus further comprises: generating a single yuan;
    所述产生单元,配置为当所述用户身份信息验证失败,产生报警信息。The generating unit is configured to generate an alarm message when the verification of the user identity information fails.
  13. 根据权利要求11或12所述的装置,其中,所述判断单元包括:获取模块和第二判断模块;The device according to claim 11 or 12, wherein the determining unit comprises: an obtaining module and a second determining module;
    所述获取模块,配置为当所述用户身份信息验证成功,获取所述终端设备的标识信息;The obtaining module is configured to acquire the identifier information of the terminal device when the user identity information is successfully verified;
    所述第二判断模块,配置为基于所述标识信息,判断所述终端设备是否符合所述预设条件。The second determining module is configured to determine, according to the identifier information, whether the terminal device meets the preset condition.
  14. 根据权利要求13所述的装置,其中,The device according to claim 13, wherein
    所述第二判断模块,还配置为判断所述标识信息是否与预设标识信息匹配;当所述标识信息与所述预设标识信息匹配,确定所述终端设备符合预设条件。The second determining module is further configured to determine whether the identifier information matches the preset identifier information; and when the identifier information matches the preset identifier information, determining that the terminal device meets a preset condition.
  15. 一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行权利要求1至3任一项所述的信息处理方法。A computer storage medium storing executable instructions for performing the information processing method according to any one of claims 1 to 3.
  16. 一种计算机存储介质,所述计算机存储介质中存储有可执行指令,所述可执行指令用于执行权利要求4至7任一项所述的信息处理方法。 A computer storage medium storing executable instructions for performing the information processing method according to any one of claims 4 to 7.
PCT/CN2017/086016 2016-08-22 2017-06-16 Information processing method, device and computer storage medium WO2018036233A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610700845.0A CN107770137A (en) 2016-08-22 2016-08-22 A kind of information processing method and device
CN201610700845.0 2016-08-22

Publications (1)

Publication Number Publication Date
WO2018036233A1 true WO2018036233A1 (en) 2018-03-01

Family

ID=61245439

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/086016 WO2018036233A1 (en) 2016-08-22 2017-06-16 Information processing method, device and computer storage medium

Country Status (2)

Country Link
CN (1) CN107770137A (en)
WO (1) WO2018036233A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049491A (en) * 2019-04-23 2019-07-23 中国联合网络通信集团有限公司 A kind of auth method and system
CN112632497A (en) * 2020-12-26 2021-04-09 深圳市八方通达科技有限公司 Identity information verification method and system based on block chain
CN112863150A (en) * 2021-01-11 2021-05-28 Tcl通讯(宁波)有限公司 Prompting method, prompting device, storage medium and mobile terminal
CN113656772A (en) * 2021-07-26 2021-11-16 北京达佳互联信息技术有限公司 Information processing method, information processing device, electronic equipment and storage medium
CN114120512A (en) * 2021-11-19 2022-03-01 云知声(上海)智能科技有限公司 Intelligent access control system and control method thereof
CN115410350A (en) * 2022-07-07 2022-11-29 厦门十三曜智能科技有限公司 Method, device, system and storage medium for realizing driving safety alarm

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109120510B (en) * 2018-08-01 2022-03-08 北京奇虎科技有限公司 Authority control based mail sending method, device and system
CN110781507A (en) * 2019-10-21 2020-02-11 中广核工程有限公司 File authority control method and device, computer equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719768A (en) * 2004-07-09 2006-01-11 千乡万才科技(中国)有限公司 Electronic authorizing and signing protection system and method thereof
US20070136602A1 (en) * 2005-12-08 2007-06-14 Electronics And Telecommunications Research Institute User authentication system and method for supporting terminal mobility between user lines
CN105516172A (en) * 2015-12-25 2016-04-20 湖北海洋文化传播有限公司 Identity authentication terminal, identity authentication system and online affair handling platform
CN105554262A (en) * 2015-12-11 2016-05-04 小米科技有限责任公司 Method and device for operation mode switching

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7274308B2 (en) * 2005-12-06 2007-09-25 Honeywell International Inc. EGPWS flap position enhancement
US8544074B2 (en) * 2008-06-19 2013-09-24 Microsoft Corporation Federated realm discovery
CN102801644B (en) * 2011-12-31 2015-01-21 华为数字技术(成都)有限公司 Method and device for blocking mail behavior and gateway
JP6295534B2 (en) * 2013-07-29 2018-03-20 オムロン株式会社 Programmable display, control method, and program
CN104933341A (en) * 2015-06-18 2015-09-23 广东欧珀移动通信有限公司 Authority management method, and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719768A (en) * 2004-07-09 2006-01-11 千乡万才科技(中国)有限公司 Electronic authorizing and signing protection system and method thereof
US20070136602A1 (en) * 2005-12-08 2007-06-14 Electronics And Telecommunications Research Institute User authentication system and method for supporting terminal mobility between user lines
CN105554262A (en) * 2015-12-11 2016-05-04 小米科技有限责任公司 Method and device for operation mode switching
CN105516172A (en) * 2015-12-25 2016-04-20 湖北海洋文化传播有限公司 Identity authentication terminal, identity authentication system and online affair handling platform

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110049491A (en) * 2019-04-23 2019-07-23 中国联合网络通信集团有限公司 A kind of auth method and system
CN112632497A (en) * 2020-12-26 2021-04-09 深圳市八方通达科技有限公司 Identity information verification method and system based on block chain
CN112863150A (en) * 2021-01-11 2021-05-28 Tcl通讯(宁波)有限公司 Prompting method, prompting device, storage medium and mobile terminal
CN112863150B (en) * 2021-01-11 2022-09-02 Tcl通讯(宁波)有限公司 Prompting method, prompting device, storage medium and mobile terminal
CN113656772A (en) * 2021-07-26 2021-11-16 北京达佳互联信息技术有限公司 Information processing method, information processing device, electronic equipment and storage medium
CN114120512A (en) * 2021-11-19 2022-03-01 云知声(上海)智能科技有限公司 Intelligent access control system and control method thereof
CN114120512B (en) * 2021-11-19 2024-03-08 云知声(上海)智能科技有限公司 Intelligent access control system and control method thereof
CN115410350A (en) * 2022-07-07 2022-11-29 厦门十三曜智能科技有限公司 Method, device, system and storage medium for realizing driving safety alarm
CN115410350B (en) * 2022-07-07 2023-07-18 厦门十三曜智能科技有限公司 Method, device and system for realizing driving safety alarm and storage medium

Also Published As

Publication number Publication date
CN107770137A (en) 2018-03-06

Similar Documents

Publication Publication Date Title
WO2018036233A1 (en) Information processing method, device and computer storage medium
US11115402B2 (en) System and method for facilitating multi-connection-based authentication
US11824644B2 (en) Controlling electronically communicated resources
US20190306164A1 (en) Ad hoc one-time pairing of remote devices using online audio fingerprinting
KR101686760B1 (en) Unlocking method of managing permissions and authentication devices, program and recording medium
US8914848B2 (en) Social authentication of users
EP3323246B1 (en) Using temporary credentials in guest mode
CN104754582B (en) Safeguard the client and method of BYOD safety
CN106575342B (en) Kernel program including relational database and the method and apparatus for performing described program
WO2021184755A1 (en) Application access method and apparatus, and electronic device and storage medium
WO2019109809A1 (en) Media data processing method, computer device and storage medium
WO2018219056A1 (en) Authentication method, device, system and storage medium
US20110167263A1 (en) Wireless connections to a wireless access point
CN113557703B (en) Authentication method and device of network camera
TWI572208B (en) Verification method applied to remote connection and related verification system and related ip camera
KR102356474B1 (en) Systems that support smart work
US20160099919A1 (en) System and method for providing a secure one-time use capsule based personalized and encrypted on-demand communication platform
CN112182647A (en) Data reading method and device, data authorization method and device, and storage medium
JP7208383B2 (en) Video data transmission system, method and apparatus
WO2014153982A1 (en) Methods and systems for broadcasting pictures
US11968189B2 (en) Methods and systems for generating a secure communication channel interface for video streaming of sensitive content
WO2023001122A1 (en) Object access method and apparatus
CN106953873B (en) Security management system for encrypted information of encryption equipment
CN113904830B (en) SPA authentication method, SPA authentication device, electronic equipment and readable storage medium
WO2017206698A1 (en) Device management method and system based on active template library (atl), and financial self-service device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17842658

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17842658

Country of ref document: EP

Kind code of ref document: A1