Movatterモバイル変換

[0]ホーム
URL:

CN111091204A - Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium - Google Patents

Intelligent monitoring method and device for maintenance behaviors and computer readable storage mediumDownload PDF

Info

Publication number
CN111091204A
CN111091204ACN201911287595.2ACN201911287595ACN111091204ACN 111091204 ACN111091204 ACN 111091204ACN 201911287595 ACN201911287595 ACN 201911287595ACN 111091204 ACN111091204 ACN 111091204A
Authority
CN
China
Prior art keywords
maintenance
maintenance tool
tool
state
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911287595.2A
Other languages
Chinese (zh)
Other versions
CN111091204B (en
Inventor
陈建校
刘永阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shuxing Technology Shanghai Co ltd
Original Assignee
Zhuzhou Huina Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuzhou Huina Technology Co LtdfiledCriticalZhuzhou Huina Technology Co Ltd
Priority to CN201911287595.2ApriorityCriticalpatent/CN111091204B/en
Publication of CN111091204ApublicationCriticalpatent/CN111091204A/en
Application grantedgrantedCritical
Publication of CN111091204BpublicationCriticalpatent/CN111091204B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

The invention discloses an intelligent monitoring method and device for maintenance behaviors and a computer storage medium. The method comprises the following steps: closing a communication channel between the maintenance tool and the terminal equipment; acquiring identity information and judging whether the identity information meets maintenance permission conditions or not; when the identity information meets the maintenance permission condition, the maintenance tool is placed in a permission state; adding the address data of the maintenance tool into an address white list, and opening a communication channel according to the address white list and preset authority data; maintaining the permission state of the maintenance tool in real time, and monitoring the record state and the maintenance authority state of the maintenance behavior of the maintenance tool in real time; judging whether the maintenance tool meets the management and control conditions in real time according to the maintenance permission state, the recording state and the maintenance authority state; and when the maintenance tool does not meet the control conditions, closing a communication channel between the maintenance tool and the terminal equipment. The method solves the technical problem of safe and intelligent management and control of maintenance behaviors in the process of maintaining the IT equipment.

Description

Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an intelligent monitoring method and apparatus for maintenance activities, and a computer-readable storage medium.
Background
With the development of industry 3.0, the application range of the IT equipment with software is wider and wider, the ethernet technology is mature day by day, the IT equipment connected to the ethernet is all maintained, debugged, downloaded data and the like through the ethernet interface, which is greatly convenient for the maintenance of the equipment, however, because the IT equipment is composed of software and hardware, the permission for the maintenance of the equipment needs to be strictly managed.
While maintaining the own equipment, the maintainers of different manufacturers do not want to easily access the own equipment, so that the maintenance authority of the maintainers of different manufacturers is managed and controlled when the maintainers of different manufacturers maintain the own equipment, and the maintainers of different manufacturers can only maintain the equipment provided by the own manufacturers;
in the system operation process, maintenance, debugging, data downloading and other work are inevitably needed, for equipment owners in the field, maintenance-related personnel, maintenance behaviors and the like need to be managed, and currently, a manual management mode is generally adopted, and maintenance technicians are required to fill in forms and other modes for management; in the actual management process, deviations occur inevitably, the content filled by the maintenance technicians is often inconsistent with the actual content or not comprehensive, and the general maintenance personnel are unwilling to comprehensively reflect the maintained content.
Therefore, the intelligentization requirement of maintenance management is increasingly urgent, the technical problem of safe and intelligent management and control of IT equipment maintenance is urgently solved, and the maintenance permission, the maintenance permission and the maintenance behavior of the IT equipment are comprehensively and effectively and intelligently managed and controlled;
(1) a method, system and device for user access security control, patent number: CN200710195102.3, the problem solved is: in a multi-service mode, the BNG can uniquely identify a user link through VLAN/QinQ, so that the BNG can implement security control on a single user link, and the technical problem of security intelligent management and control of IT equipment maintenance is not effectively solved;
(2) a terminal access security authentication method, patent number: 201610037094.9, which solves the problems that: the safety problem of the access terminal is that the access terminal cannot be accessed to the core network if the access terminal has the safety problem, otherwise the access terminal can be accessed to the core network, namely the access terminal with the potential safety hazard is prevented from being accessed to the core network; the technical problem of safe and intelligent management and control of IT equipment maintenance is not effectively solved;
(3) method, device and system for realizing secure access, patent number: CN201711045256.4, the problem solved is: the problem of supporting multiple VPN services isolated from each other on the same network infrastructure; the technical problem of safe and intelligent management and control of IT equipment maintenance is not effectively solved;
(4) a temporary terminal security access control method and system, patent number: CN 201710356047.5; the problem to be solved is that: the comparison patent is that authentication is carried out after authentication is passed, communication is established between a reserved interface vlan and a standard vlan to be accessed by a temporary terminal, and authorization and authority control are carried out by adjusting the relationship between the vlan of the reserved interface of a core network and a target vlan; the comparison patent executes a rough management and control technology on a maintenance tool accessed to a reserved interface of a core network through a security module based on a vlan isolation technology of an exchanger in the core network, belongs to vlan-level authority management and control, fails to solve IP-level authority management and control, does not manage and control the maintenance process of the maintenance tool, and fails to comprehensively manage and control maintenance permission, authority permission and comprehensive management and control maintenance behaviors; the comparison patent can not be suitable for the situation that all terminal equipment in the core network can communicate with all standard vlans at the same vlan and the vlan where the reserved interface is located, and the core network is formed by the unmanaged switch, so that the reconstruction implementation difficulty is high, and the implementation cost is high; therefore, the comparison patent does not effectively and comprehensively solve the technical problems of the safe intelligent management and control of the maintenance permission, the permission and the maintenance behavior management and control of the IT equipment maintenance;
(5) a method, system and server for realizing safety access control, patent number: CN200810149348.1, which solves the problem of security access control and authorization of terminal equipment accessed to 802.1X switch; the terminal equipment information encrypted in a bidirectional encryption mode is adopted; the terminal security control module issues a security policy, the security policy depends on the terminal security control module, and if the terminal does not have the security control module, security control cannot be achieved; the technical problem of safe and intelligent management and control of IT equipment maintenance is not effectively solved.
In summary, the technical problems of comprehensively and effectively intelligently managing and controlling the maintenance permission, the maintenance permission and the maintenance behavior of the IT equipment have not been solved so far.
Disclosure of Invention
The invention mainly aims to provide an intelligent monitoring method and device for maintenance behaviors and a computer readable storage medium, and aims to solve the technical problem of comprehensive control of permission, authority and behaviors of the maintenance behaviors in the IT equipment maintenance process.
In order to achieve the above object, the present invention provides an intelligent monitoring method for maintenance activities, comprising:
closing a communication channel between a maintenance tool and a terminal device to prohibit the maintenance tool from maintaining the terminal device;
acquiring the identity information of the maintenance tool, and judging whether the identity information meets the maintenance permission condition;
when the identity information meets the maintenance permission condition, the maintenance permission state of the maintenance tool is set to a permission state;
when the maintenance tool is in a permission state, adding the address data of the maintenance tool into an address white list, and opening the communication channel according to the address white list and preset authority data so as to allow the maintenance equipment to maintain each terminal device in an authority range;
when the maintenance tool is in a permission state, the permission state of the maintenance tool is maintained in real time, and the record state and the maintenance permission state of the maintenance behavior of the maintenance tool are monitored in real time;
judging whether the maintenance tool meets a management and control condition in real time according to the maintenance permission state, the recording state of the maintenance behavior and the maintenance authority state;
when the maintenance tool does not meet the control conditions, closing a communication channel between the maintenance tool and the terminal equipment;
the step when the maintenance tool does not satisfy the regulation and control condition specifically includes:
when maintaining the permission status of the maintenance tool fails; or;
when the maintenance authority state is an override state; or;
when the recording state is a non-acquirable state.
Preferably, the step of closing the communication channel between the maintenance tool and the terminal device specifically includes:
and respectively connecting the maintenance tool and the terminal equipment to different virtual local area networks which are isolated from each other.
Preferably, the step of closing the communication channel between the maintenance tool and the terminal device specifically includes:
and removing the addresses of the maintenance tools which do not meet the management and control requirements from the white list addresses.
Preferably, the step of maintaining the permission state of the maintenance tool in real time when the maintenance permission state of the maintenance tool is in the permission state specifically includes:
and when the maintenance permission state of the maintenance tool is in the permission state, acquiring the record data of the maintenance data packet which is mutually transmitted with the maintenance tool to maintain the permission state so as to maintain the maintenance tool to be in the permission state.
Preferably, the step of determining whether the maintenance tool meets the management and control requirement in real time according to the maintenance permission status, the record status of the maintenance behavior, and the maintenance permission status specifically includes:
respectively generating an authority access list and an actual access list according to the authority data and the maintenance behavior;
judging whether the number of times that the access list is an empty set is greater than M1 in a preset period; or;
judging whether the number of times that the actual access list is an empty set is greater than M2 in a preset period; or;
judging whether the difference set of the authority access list and the actual access list is an empty set or not;
the step when the maintenance authority state is the override state specifically includes:
when the number of times that the authority access list is an empty set is more than M1; or;
when the number of times that the actual access list is an empty set is more than M2; or;
when the difference between the authorized access list and the actual access list is an empty set.
Preferably, the step of determining whether the maintenance tool meets the management and control requirement in real time according to the maintenance permission status, the record status of the maintenance behavior, and the maintenance permission status specifically includes:
recording the maintenance behavior as stored data;
judging whether the stored data is an empty set or not; or;
judging whether the number of times of the stored data being empty sets is greater than M3 in a preset period;
the step of when the recording status is the status unable to be acquired specifically includes:
the storage data is an empty set; or;
the number of times that the stored data is an empty set is greater than M3 in a preset period.
Preferably, before the step of closing the communication channel between the maintenance tool and the terminal device, the method further includes:
initializing application data of a maintenance tool to provide a stable network address to the maintenance tool;
or, after the step of closing the communication channel between the maintenance tool and the terminal device, the method further includes:
and acquiring the application initialization data of the maintenance tool through a link layer.
Preferably, before the obtaining the identity information of the maintenance tool and determining whether the identity information meets the authentication condition, the method further includes:
the maintenance tool periodically receives application data from the link layer.
In order to solve the above technical problem, the present invention further provides an intelligent monitoring apparatus for a maintenance behavior, where the intelligent monitoring apparatus includes a tool interface connected to a maintenance tool, a network interface connected to a terminal device, a memory, a processor, and a computer program stored in the memory, and when the computer program is executed by the processor, the steps of the intelligent monitoring method for a maintenance behavior are implemented.
In order to solve the above technical problem, the present invention further provides a computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program implements the steps of the intelligent monitoring method for maintenance activities.
The invention provides an intelligent monitoring method of maintenance behaviors, which is characterized in that a communication channel between a maintenance tool and a terminal device is closed to prohibit the maintenance tool from maintaining the terminal device; acquiring the identity information of the maintenance tool, and judging whether the identity information meets the maintenance permission condition; when the identity information meets the maintenance permission condition, the maintenance permission state of the maintenance tool is set to a permission state; when the maintenance tool is in a permission state, adding the address data of the maintenance tool into an address white list, and opening the communication channel according to the address white list and preset authority data so as to allow the maintenance equipment to maintain each terminal device in an authority range; when the maintenance tool is in a permission state, the permission state of the maintenance tool is maintained in real time, and the record state and the maintenance permission state of the maintenance behavior of the maintenance tool are monitored in real time; judging whether the maintenance tool meets a management and control condition in real time according to the maintenance permission state, the recording state of the maintenance behavior and the maintenance authority state; when the maintenance tool does not meet the control conditions, closing a communication channel between the maintenance tool and the terminal equipment; the step when the maintenance tool does not satisfy the regulation and control condition specifically includes: when maintaining the permission status of the maintenance tool fails; or; when the maintenance authority state is an override state; or; when the recording state is a non-acquirable state. Therefore, potential safety hazards such as illegal intrusion, misoperation, unauthorized maintenance, malicious damage to equipment and systems and the like in the process of maintaining the IT equipment are eliminated, and the technical problem of safe and intelligent management and control of maintenance behaviors in the process of maintaining the IT equipment is solved.
Drawings
FIG. 1 is a schematic flow chart of a first embodiment of a method for intelligently monitoring maintenance activities according to the present invention;
FIG. 2 is a schematic flow chart of S50 shown in FIG. 1;
FIG. 3 is a flowchart illustrating a second embodiment of a method for intelligently monitoring maintenance activities according to the present invention;
FIG. 4 is a schematic flow chart of a third embodiment of a method for intelligently monitoring maintenance activities according to the present invention;
fig. 5 is an architecture diagram of an intelligent monitoring device for maintenance activities provided by the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention provides an intelligent monitoring method for maintenance behaviors.
First embodiment
In this embodiment, the terminal devices are communicatively connected to each other to form a core network.
The application scenario of this embodiment is that the reserved interface of the core network is an unmanaged switch interface and all terminal devices in the core network are in the same subnet.
Or, the reserved interface of the core Network is a managed switch interface, and the reserved interface of the core Network and all terminal devices in the core Network are in the same Virtual Local Area Network (Virtual Local Area Network).
Referring to fig. 1, the intelligent monitoring method for maintenance activities includes:
s10, closing a communication channel between the maintenance tool and the terminal equipment to prohibit the maintenance tool from maintaining the terminal equipment;
specifically, the data exchange module is powered on; in a default state, a data exchange function between an interface connected to the core network reserved interface and an interface connected to the maintenance tool is in a closed state;
loading an outgoing direction mac white list of the management mac address, and starting an outgoing direction white list filtering function;
opening a data exchange function between an interface connected to the core network reservation interface and an interface connected to the maintenance tool.
The function of this step is: and preventing an out-of-control time window from occurring before the power-on is carried out and the service is started, so that the unauthorized maintenance tool can invade the core network by using the out-of-control time window.
S20, acquiring the identity information of the maintenance tool and judging whether the identity information meets the maintenance permission condition;
s30, when the identity information accords with the maintenance permission condition, the maintenance permission state of the maintenance tool is set to a permission state;
when the maintenance tool is in a permission state, adding the address data of the maintenance tool into an address white list, and opening the communication channel according to the address white list and preset authority data so as to allow the maintenance equipment to maintain each terminal device in an authority range;
specifically, if the TCP server is not created or the interception service is not opened, the TCP server is created with the network address of the management and control service, and the interception service is opened.
Establishing a TCP connection with the maintenance tool; receiving identity authentication data from the maintenance tool and preset authority data of the maintenance tool through the TCP connection;
acquiring a public key of the maintenance tool end; generating a random number; encrypting the random number by using the public key of the maintenance tool end to form a random number ciphertext; sending the random number cipher text to the maintenance tool; receiving a random number digital signature sent by the maintenance tool; verifying the random number digital signature by using the public key of the maintenance tool end;
if the result of the verification passes successfully, the result of the authentication of the identity authentication data is fed back as success, and the safe TCP connection between the management and control service and the maintenance tool is successfully established;
otherwise, the feedback result is failure; feeding back an authentication maintenance permission result;
if the result that the identity authentication data is authenticated is successful, the result that the maintenance permission is authenticated is permitted maintenance, otherwise, the result that the maintenance permission is authenticated is prohibited maintenance.
Obtaining a mac address of the maintenance tool at which maintenance is permitted;
temporarily adding the mac address to an outgoing mac whitelist of the data exchange service,
and opening a communication channel between all the maintenance tools which are currently allowed to obtain the maintenance permission and all the terminal equipment which can be accessed only by the maintenance tools.
S40, when the maintenance tool is in the permission state, the permission state of the maintenance tool is maintained in real time, and the recording state and the maintenance authority state of the maintenance behavior of the maintenance tool are monitored in real time;
specifically, the real-time maintaining of the permission status of the maintenance tool may be that a permission status maintaining data packet is mutually sent to and from the maintenance tool in real time. And sending permission state maintenance data packets with the maintenance tool to continuously maintain the safe TCP connection and continuously detect whether the safe TCP connection is disconnected.
Correspondingly, the step of maintaining the permission state of the maintenance tool in real time when the maintenance permission state of the maintenance tool is in the permission state specifically includes:
and when the maintenance permission state of the maintenance tool is in the permission state, acquiring the record data of the maintenance data packet which is mutually transmitted with the maintenance tool to maintain the permission state so as to maintain the maintenance tool to be in the permission state.
S50, judging whether the maintenance tool meets the management and control conditions in real time according to the maintenance permission state, the recording state of the maintenance behavior and the maintenance authority state;
when the maintenance tool does not meet the control conditions, closing a communication channel between the maintenance tool and the terminal equipment; namely, the process proceeds to step S10 again.
The step when the maintenance tool does not satisfy the regulation and control condition specifically includes:
when maintaining the permission status of the maintenance tool fails; or;
when the maintenance authority state is an override state; or;
when the recording state is a non-acquirable state.
Correspondingly, the step S50 specifically includes:
s501, judging whether the maintenance tool is successfully maintained in the permission state or not according to the maintenance permission state;
s502, judging whether the maintenance authority state of the maintenance tool is an override state according to the maintenance behavior and the authority data;
and S503, judging whether the recording state of the maintenance behavior of the maintenance tool is the state which can not be acquired according to the storage condition of the maintenance behavior.
In this embodiment, the step S501, the step S502, and the step S503 may occur simultaneously or sequentially.
When the condition of only one step is not satisfied, the process proceeds to step S10 again.
In other embodiments, there may be only one item in the steps S501, S502, and S503.
In this embodiment, the step S501 may specifically include:
s5011, in the period, acquiring the record data of the data packet which is mutually transmitted with the maintenance tool and maintains the permission state so as to determine the state of the mutually transmitted permission state maintaining data packet;
s5012, determining whether there is an interruption record of the data packet with the status of mutual permission of the maintenance tool in the recorded data.
In this implementation, the recorded data of the maintenance tool mutual-transmission permission state maintenance data packet is used for representing the result of the secure TCP connection; the existence of the interrupt record of the maintenance tool inter-transmission permission state maintaining data packet indicates that the result of detecting the safe TCP connection is disconnection, and at the moment, the result of feeding back the continuous maintenance permission state is failure. And when the interrupt record of the data packet maintained in the state of mutual permission with the maintenance tool does not exist, the feedback result is successful.
In this embodiment, the step S502 specifically includes:
s5021, respectively generating an authority access list and an actual access list according to the authority data and the maintenance behaviors;
in this embodiment, the actual access list may be an IP address list of a terminal device actually accessed by the maintenance tool end, and the permission access list may be an IP address list of a terminal device that the maintenance tool end has permission to access.
S5022, judging whether the number of times that the access list is an empty set is greater than M1 or not in the preset period; or;
the permission list is an empty set, that is, the permission access list is not acquired.
S5023, judging whether the number of times that the actual access list is an empty set is greater than M2 or not in the preset period; or;
the fact that the actual access list is an empty set means that the actual access list is not obtained.
S5024, judging whether the difference set of the permission access list and the actual access list is an empty set.
The difference between the authorized access list and the actual access list is not an empty set, which means that the actual access list contains the IP addresses of a group of access terminals, and the group of IP addresses does not exist in the authorized access list.
In particular, M1 and M2 may be equal to 2.
Correspondingly, the step when the maintenance authority state is the override state specifically includes:
when the number of times that the authority access list is an empty set is more than M1; or;
when the number of times that the actual access list is an empty set is more than M2; or;
when the difference between the authorized access list and the actual access list is an empty set.
In this embodiment, the step S5022, the step S5023 and the step S5024 may occur simultaneously or sequentially.
When the condition of only one step is not satisfied, the process proceeds to step S10 again.
In other embodiments, there may be only one item in the steps S5022, S5023 and S5024.
In this embodiment, the step S503 specifically includes: the method specifically comprises the following steps:
s5031, recording the maintenance action as storage data;
in this embodiment, the storage data may be a value of the maintenance behavior capture state;
in other implementations, the stored data may also be video data of the maintenance activity;
s5032, judging whether the stored data is an empty set; or;
whether the stored data is an empty set or not means that the value of the capturing state of the maintenance behavior indicates that the stored maintenance behavior data is not obtained and recorded currently.
Or, whether the stored data is an empty set means that the video data of the maintenance action does not exist.
S5033, in a preset period, determining whether the number of times that the stored data is an empty set is greater than M3.
In this embodiment, M3 may be equal to 2.
Correspondingly, the step when the recording status is the status unable to be acquired specifically includes:
the storage data is an empty set; or;
the number of times that the stored data is an empty set is greater than M3 in a preset period.
In this embodiment, the step S5032 and the step S5033 may occur simultaneously or sequentially.
When the condition of only one step is not satisfied, the process proceeds to step S10 again.
In other embodiments, there may be only one item in the steps S5032 and S5033.
In an embodiment, the step S10 may specifically include:
and respectively connecting the maintenance tool and the terminal equipment to different virtual local area networks which are isolated from each other.
In another embodiment, the step S10 may specifically include:
and removing the address data of the maintenance tool which does not meet the management and control requirements from the white list address.
In another embodiment, the step S10 may specifically include:
and respectively connecting the maintenance tool and the terminal equipment to different virtual local area networks which are isolated from each other.
And removing the address data of the maintenance tool which does not meet the management and control requirements from the white list address.
Second embodiment
Based on theintelligent monitoring method 100 for maintenance activities provided in the first embodiment of the present invention, the second embodiment of the present invention provides anotherintelligent monitoring method 200 for maintenance activities, wherein the steps S10 to S50 are the same as those in the first embodiment, and are not repeated here, except that:
before the step S10, themethod 200 further includes:
s11, initializing application data of the maintenance tool to provide a stable network address for the maintenance tool;
specifically, the data exchange function is turned off;
acquiring subnet mask data, an authentication service IP address and an authentication service port number from a local storage medium;
judging whether the IP address and the subnet mask of a network adapter executing the authentication service are respectively the same as the IP address and the subnet mask of the authentication service in a local storage medium;
if not, setting the network address of the network adapter executing the authentication service, including the IP address of the authentication service and the subnet mask.
In this embodiment, whether the IP address and the subnet mask of the network adapter executing the authentication service are the same as the IP address and the subnet mask of the authentication service in the local storage medium is determined;
if the authentication service is different, setting the network address of the network adapter executing the authentication service, including the IP address of the authentication service, the port number of the authentication service and the subnet mask, and ensuring to provide a stable network address of the authentication service for a maintenance tool.
Between the step S10 and the step S20, the method further comprises:
s21, the maintenance tool periodically receives application data from the link layer.
Specifically, the link layer application data message is continuously and periodically sent to the maintenance tool;
digitally signing the application data using a private key;
packaging the application data with the digital signature;
packaging the application data with the digital signature into a custom OptionalTLV according with the IEEE 802.3 organization, wherein the TLV type is 127;
writing the tlv to an LLDP link layer data broadcast frame of the interface connected to the maintenance tool;
starting the interface connected to the maintenance tool to periodically and continuously send the LLDP link layer data broadcast messages;
the application data at least comprises: an authentication service IP address, an authentication service port number, an IP address and a subnet mask which are configured by the maintenance tool network adapter;
in this embodiment, by encapsulating the application data into data with a digital signature, the maintenance tool can verify the digital signature after receiving the data, so as to ensure that an interface accessed by the maintenance tool is correct;
the LLDP message connected to the interface of the maintenance tool is continuously sent to the maintenance tool, so that the maintenance tool can be ensured to quickly obtain related application data, repeated authentication work caused by incorrect application data is avoided, and the maintenance efficiency and the user experience are effectively improved.
Third embodiment
Based on theintelligent monitoring method 100 for maintenance activities provided in the first embodiment of the present invention, a third embodiment of the present invention provides anotherintelligent monitoring method 300 for maintenance activities, wherein the steps S10 to S50 are the same as those in the first embodiment, and are not repeated here, except that:
between the step S10 and the step S20, themethod 300 further comprises:
and S22, acquiring the application initialization data of the maintenance tool through the connection layer.
Specifically, whether the maintenance tool exists is detected and judged, and if an interface connected to the maintenance tool is converted from a non-power-on unavailable state to a power-on available state, the maintenance tool exists;
acquiring a link layer LLDP message sent by the maintenance tool;
extracting an Optional TLV with a TLV type of 127;
extracting application initialization data, the application initialization data comprising at least: an authentication server IP address, a subnet mask;
judging whether the IP address and the subnet mask of a network adapter executing the authentication service are respectively the same as the acquired IP address and the subnet mask of the authentication service in the current LLDP message;
if the two are different, the network address of the network adapter executing the authentication service is set as the IP address of the authentication server and the subnet mask;
in the embodiment, the maintenance permission, the maintenance authority and the maintenance behavior of the maintenance tool are controlled, so that the intelligent control strength of the maintenance behavior is improved, the comprehensive control purpose that only the maintenance tool which successfully passes the identity authentication, successfully obtains the maintenance permission, successfully and continuously maintains the maintenance permission, only accesses the terminal equipment in the authority range and can normally obtain the maintenance behavior can maintain the terminal equipment in the core network in the authority range is achieved, the maintenance management cost is effectively reduced, and the safety of the core network is improved.
Referring to fig. 5, the present invention further provides an intelligent monitoring apparatus for maintenance activities, where the intelligent monitoring apparatus includes a tool interface connected to a maintenance tool, a network interface connected to a terminal device, a memory, a processor, and a computer program stored in the memory, and when the computer program is executed by the processor, the steps of the intelligent monitoring method for maintenance activities are implemented.
It can be understood that, in this embodiment, the tool interface is a reserved interface connected to the maintenance tool, and the network interface is a reserved interface connected to the core network.
The invention also provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method for intelligent monitoring of maintenance activities.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

CN201911287595.2A2019-12-142019-12-14Intelligent monitoring method and device for maintenance behaviors and computer readable storage mediumActiveCN111091204B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN201911287595.2ACN111091204B (en)2019-12-142019-12-14Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN201911287595.2ACN111091204B (en)2019-12-142019-12-14Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium

Publications (2)

Publication NumberPublication Date
CN111091204Atrue CN111091204A (en)2020-05-01
CN111091204B CN111091204B (en)2023-07-18

Family

ID=70395513

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN201911287595.2AActiveCN111091204B (en)2019-12-142019-12-14Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium

Country Status (1)

CountryLink
CN (1)CN111091204B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN116527406A (en)*2023-07-032023-08-01北京左江科技股份有限公司Multi-host security system and communication method based on FPGA

Citations (17)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20010011341A1 (en)*1998-05-052001-08-02Kent Fillmore Hayes Jr.Client-server system for maintaining a user desktop consistent with server application user access permissions
US20050044423A1 (en)*1999-11-122005-02-24Mellmer Joseph AndrewManaging digital identity information
CN1608264A (en)*2001-06-072005-04-20康坦夹德控股股份有限公司Providing and granting rights
JP2006215590A (en)*2003-09-192006-08-17Hikari HiyoCommunication method and communication system by initiative of addressee
CN101009559A (en)*2006-11-222007-08-01李�杰Protection method for user account security
US20090180777A1 (en)*2008-01-142009-07-16Tellabs Vienna, Inc.Systems, apparatus, methods and computer program products for downloading and maintaining ip stream whitelists on optical network terminals
CN103875021A (en)*2011-10-192014-06-18克朗设备公司Identifying and selecting objects that may correspond to pallets in an image scene
US20150310188A1 (en)*2014-04-232015-10-29Intralinks, Inc.Systems and methods of secure data exchange
CN105978871A (en)*2016-05-092016-09-28北京航天数控系统有限公司Communication protection device for numerical control system
CN106506313A (en)*2016-11-252017-03-15武汉长光科技有限公司A kind of cost effective method for improving route bridging data forwarding performance
US20170078277A1 (en)*2009-06-032017-03-16Aruba Networks, Inc.Provisioning remote access points
US20170118167A1 (en)*2015-10-222017-04-27Oracle International CorporationWhitelist construction
US20170230323A1 (en)*2016-01-262017-08-10ZapFraud, Inc.Detection of business email compromise
CN109034412A (en)*2018-07-112018-12-18云南电网有限责任公司电力科学研究院A kind of long-range approval apparatus and its method of shaft tower permission
CN109313657A (en)*2016-12-232019-02-05塞路特股份有限公司 Method and system for providing additional information related to primary information
US20190238619A1 (en)*2018-01-272019-08-01Vicente Alexei Mantrana-ExpositoTechniques for coordinating the sharing of content among applications
CN110539308A (en)*2019-09-202019-12-06华域汽车车身零件(上海)有限公司Robot intelligent maintenance prompt management method

Patent Citations (17)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US20010011341A1 (en)*1998-05-052001-08-02Kent Fillmore Hayes Jr.Client-server system for maintaining a user desktop consistent with server application user access permissions
US20050044423A1 (en)*1999-11-122005-02-24Mellmer Joseph AndrewManaging digital identity information
CN1608264A (en)*2001-06-072005-04-20康坦夹德控股股份有限公司Providing and granting rights
JP2006215590A (en)*2003-09-192006-08-17Hikari HiyoCommunication method and communication system by initiative of addressee
CN101009559A (en)*2006-11-222007-08-01李�杰Protection method for user account security
US20090180777A1 (en)*2008-01-142009-07-16Tellabs Vienna, Inc.Systems, apparatus, methods and computer program products for downloading and maintaining ip stream whitelists on optical network terminals
US20170078277A1 (en)*2009-06-032017-03-16Aruba Networks, Inc.Provisioning remote access points
CN103875021A (en)*2011-10-192014-06-18克朗设备公司Identifying and selecting objects that may correspond to pallets in an image scene
US20150310188A1 (en)*2014-04-232015-10-29Intralinks, Inc.Systems and methods of secure data exchange
US20170118167A1 (en)*2015-10-222017-04-27Oracle International CorporationWhitelist construction
US20170230323A1 (en)*2016-01-262017-08-10ZapFraud, Inc.Detection of business email compromise
CN105978871A (en)*2016-05-092016-09-28北京航天数控系统有限公司Communication protection device for numerical control system
CN106506313A (en)*2016-11-252017-03-15武汉长光科技有限公司A kind of cost effective method for improving route bridging data forwarding performance
CN109313657A (en)*2016-12-232019-02-05塞路特股份有限公司 Method and system for providing additional information related to primary information
US20190238619A1 (en)*2018-01-272019-08-01Vicente Alexei Mantrana-ExpositoTechniques for coordinating the sharing of content among applications
CN109034412A (en)*2018-07-112018-12-18云南电网有限责任公司电力科学研究院A kind of long-range approval apparatus and its method of shaft tower permission
CN110539308A (en)*2019-09-202019-12-06华域汽车车身零件(上海)有限公司Robot intelligent maintenance prompt management method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
丁于思: "基于角色的管理信息系统安全机制的研究与设计"*
李健俊: "基于有限状态机的用户权限隔离模型"*
童世华: "基于SM4算法的移动终端接入车间信息系统的安全性设计与验证"*

Cited By (2)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN116527406A (en)*2023-07-032023-08-01北京左江科技股份有限公司Multi-host security system and communication method based on FPGA
CN116527406B (en)*2023-07-032023-09-12北京左江科技股份有限公司Multi-host security system and communication method based on FPGA

Also Published As

Publication numberPublication date
CN111091204B (en)2023-07-18

Similar Documents

PublicationPublication DateTitle
US7171467B2 (en)Out-of-band remote management station
EP1670188A2 (en)Methods and systems for connection determination in a multi-point virtual private network
CN104320332A (en)Multi-protocol industrial communication safety gateway and communication method with gateway applied
CN105162787A (en)Method and apparatus of external network terminal for accessing manufacture device or internal network terminal
KR20070012266A (en) Information communication system, information communication apparatus and method, and computer program
US9088429B2 (en)Method for operating, monitoring and/or configuring an automation system of a technical plant
CN113259347B (en)Equipment safety system and equipment behavior management method in industrial Internet
CN113556274B (en)Method, device, system, controller and equipment for terminal access authentication
CN102118353B (en)Instruction security audit method of industrial internet remote maintenance system
CN109688115B (en)Data security transmission system
US20080052766A1 (en)Method and a system for managing secure transmission
KR101881061B1 (en)2-way communication apparatus capable of changing communication mode and method thereof
CN111091204B (en)Intelligent monitoring method and device for maintenance behaviors and computer readable storage medium
CN103475491A (en)Remote maintenance system which is logged in to safely without code and achieving method
CN111416824B (en)Network access authentication control system
CN113783722B (en)Remote modification fixed value control method, device, computer equipment and storage medium
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security
CiscoConfiguring Network Security

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
TA01Transfer of patent application right
TA01Transfer of patent application right

Effective date of registration:20221101

Address after:Room 1010, No. 181, Zhongshe Road, Maogang Town, Songjiang District, Shanghai, 201600

Applicant after:Shuxing Technology (Shanghai) Co.,Ltd.

Address before:Room 1804, Building 7, Quantangwan Community (Shun'an Court), No. 323 Tianxin Road, Shifeng District, Zhuzhou City, Hunan Province 412001

Applicant before:Zhuzhou Huina Technology Co.,Ltd.

GR01Patent grant
GR01Patent grant
[8]ページ先頭
©2009-2025 Movatter.jp