managing policies	Terminal device information	Constraintconditions
			Management policy
1	Terminal device information 1	Constraint 1
			Management policy 2	Terminal device information 2	Constraint 2
…	…	…
			Management policy M	Terminal device information M	Constraint M

TABLE 1

In table 1 above,terminal device information 1 corresponds toconstraint condition 1; the terminal device information 2 corresponds to the constraint condition 2; …, respectively; the terminal device information M corresponds to the constraint condition M. Specifically, in the specific embodiment of the present invention, each piece of terminal device information may correspond to one constraint condition, or may correspond to a plurality of constraint conditions. Therefore, after each terminal device obtains the corresponding terminal device information through the security management system and the plug-in program, each terminal device may determine the corresponding target management policy in all management policies according to the corresponding target terminal information. For example, the terminal device N may determine a target management policy N corresponding to the terminal device N in all management policies according to the terminal device information N corresponding to the terminal device N; wherein, the target management policy N comprises: terminal device information N and constraint condition N; n is a natural number of 1 or more and M or less.

Fig. 6 is a flowchart illustrating an implementation method for determining a target management policy by each terminal device according to terminal device information in the embodiment of the present invention. As shown in fig. 6, the method for determining the target management policy corresponding to each terminal device in the total management policies according to the terminal device information corresponding to each terminal device may include the following steps:

instep 202b _1, each terminal device matches the corresponding terminal device information with all management policies.

In the specific embodiment of the present invention, after each terminal device obtains all the pre-configured management policies in the network management device through the security management system and the plug-in, each terminal device may match the corresponding terminal device information with all the management policies. Specifically, theterminal device information 1 may be successfully matched with themanagement policy 1; the terminal device information 2 can be successfully matched with the management strategy 2; …, respectively; the terminal device information M may be successfully matched with the management policy M. It should be noted that, in the specific embodiment of the present invention, each piece of terminal device information may be successfully matched with one of all management policies; or can be successfully matched with a plurality of management policies in the whole management policies. For example,terminal device information 1 may be successfully matched withmanagement policy 1; theterminal device information 1 may also be successfully matched with themanagement policy 1 and the management policy 2.

Step 202b _2, each terminal device judges whether the corresponding terminal device information is successfully matched with at least one management strategy; if yes, go to step 202b _ 3; otherwise,step 202b _4 is performed.

In the specific embodiment of the invention, each terminal device judges whether the information of the corresponding terminal device is successfully matched with at least one management strategy; when each terminal device determines that the matching between the corresponding terminal device information and the at least one management policy is successful, executingstep 202b _ 3; when each terminal device determines that each piece of corresponding terminal device information fails to match each management policy,step 202b _4 is performed.

And step 202b _3, each terminal device determines the successfully matched management policy as a target management policy.

In the specific embodiment of the present invention, when each terminal device determines that the matching between the corresponding terminal device information and at least one management policy is successful, each terminal device determines the successfully matched management policy as the target management policy. Specifically, each piece of terminal device information may be successfully matched with one of the management policies in all the management policies; or can be successfully matched with a plurality of management policies in the whole management policies. When each terminal device determines that the matching between the corresponding terminal device information and one management policy is successful, each terminal device can determine the management policy as a target management policy; when each terminal device determines that the matching between the corresponding terminal device information and the plurality of management policies is successful, each terminal device may determine all the successfully matched management policies as the target management policies.

And step 202b _4, each terminal device finishes the linkage process with the network management device.

In the specific embodiment of the present invention, when each terminal device determines that each piece of corresponding terminal device information fails to match each piece of management policy, each terminal device ends the linkage process with the network management device.

As can be seen from the above description, through thesteps 202b _1 to 202b _4, each terminal device may determine a corresponding target management policy in all management policies according to the corresponding terminal device information, and then each terminal device may be linked with the network management device according to the target management policy corresponding to each terminal device.

And step 203, linking each terminal device with the network management device according to the target management strategy corresponding to each terminal device.

In a specific embodiment of the present invention, after each terminal device determines a corresponding target management policy in all management policies, each terminal device may be linked with the network management device according to the target management policy corresponding to each terminal device. Specifically, after each PC determines a corresponding target management policy among all management policies, each PC may be linked with the network management device according to the target management policy corresponding to each PC. For example, if the target management policy corresponding to the PC1 is "network blocking", the network management device will perform network blocking on thePC 1.

Preferably, in the embodiment of the present invention, each terminal device may further determine a corresponding user management policy, and each terminal device and the network management device perform linkage according to the target management policy and the user management policy corresponding to each terminal device. Specifically, after each PC determines the target management policy and the user management policy corresponding to each PC, each PC may be linked with the network management device according to the target management policy and the user management policy corresponding to each PC.

According to the equipment linkage method provided by the embodiment of the invention, each terminal equipment acquires all pre-configured management strategies in the network management equipment, then each terminal equipment determines the corresponding target management strategy in all the management strategies, and finally each terminal equipment and the network management equipment are linked according to the target management strategy corresponding to each terminal equipment. That is to say, in the technical solution of the embodiment of the present invention, each terminal device may determine a corresponding target management policy in all management policies. In the prior art, the network management device determines a target management policy corresponding to each terminal device among all the pre-configured management policies. Therefore, compared with the prior art, the equipment linkage method provided by the embodiment of the invention not only can reduce the performance overhead of the network management equipment, but also can reduce the linkage risk of the terminal equipment and the network management equipment; in addition, the technical scheme of the embodiment of the invention is simple and convenient to realize, convenient to popularize and wider in application range.

Fig. 7 is a schematic diagram of a first composition structure of a terminal device in the embodiment of the present invention. As shown in fig. 7, the terminal device may include: anacquisition unit 701, adetermination unit 702, and alinkage unit 703; wherein,

the acquiringunit 701 is configured to acquire all preconfigured management policies in the network management device;

the determiningunit 702 is configured to determine, in all management policies, respective corresponding target management policies;

thelinkage unit 703 is configured to perform linkage with the network management device according to a target management policy corresponding to each terminal device.

Fig. 8 is a schematic diagram of a second component structure of the terminal device in the embodiment of the present invention. As shown in fig. 8, the acquiringunit 701 includes: a transmittingsubunit 7011 and a receivingsubunit 7012; wherein,

the sendingsubunit 7011 is configured to send a request message to the network management device according to a preset period; wherein, each request message carries the terminal device identification of each terminal device;

the receivingsubunit 7012 is configured to receive all the management policies issued by the network management device.

Further, the obtainingunit 701 is specifically configured to obtain a pre-developed plug-in program in the network management device through a pre-installed security management system; and acquiring all management strategies in the network management equipment through the security management system and the plug-in program.

Further, the determiningunit 702 includes: an acquiringsubunit 7021 and a determiningsubunit 7022; wherein,

the acquiringsubunit 7021 is configured to acquire, through the security management system and the plug-in program, terminal device information corresponding to each other;

the determiningsubunit 7022 is configured to determine, according to the respective corresponding terminal device information, a respective corresponding target management policy in all management policies.

Further, the determiningsubunit 7022 is specifically configured to match the respective corresponding terminal device information with all management policies; and when the information of each terminal device is successfully matched with at least one management strategy, determining the successfully matched management strategy as the target management strategy.

In practical applications, the acquiringunit 701, the determiningunit 702, and the linkingunit 703 may be implemented by a Central Processing Unit (CPU), a microprocessor unit (MPU), a Digital Signal Processor (DSP), or a Field Programmable Gate Array (FPGA), etc. located in the terminal device.

According to the terminal device provided by the embodiment of the invention, each terminal device firstly acquires all pre-configured management strategies from the network management device, then each terminal device determines the corresponding target management strategy from all the management strategies, and finally each terminal device and the network management device are linked according to the target management strategy corresponding to each terminal device. That is to say, in the technical solution of the embodiment of the present invention, each terminal device may determine a corresponding target management policy in all management policies. In the prior art, the network management device determines a target management policy corresponding to each terminal device among all the pre-configured management policies. Therefore, compared with the prior art, the terminal device provided by the embodiment of the invention not only can reduce the performance overhead of the network management device, but also can reduce the linkage risk of the terminal device and the network management device; in addition, the technical scheme of the embodiment of the invention is simple and convenient to realize, convenient to popularize and wider in application range.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention.