CN115840937B - Control method and device and electronic equipment - Google Patents
Control method and device and electronic equipment Download PDFInfo
- Publication number
- CN115840937B CN115840937B CN202310140297.0A CN202310140297A CN115840937B CN 115840937 B CN115840937 B CN 115840937B CN 202310140297 A CN202310140297 A CN 202310140297A CN 115840937 B CN115840937 B CN 115840937B
- Authority
- CN
- China
- Prior art keywords
- login
- account
- virtual machine
- password
- registered
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a control method, a control device and electronic equipment, wherein the control method comprises the following steps: obtaining a login account and a registration account, wherein the registration account is a registration account of a virtual machine which is logged in by the login account; creating a password character string corresponding to the registered account, wherein the password character string is stored in a password storage area as a login password; transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, a login verification result is obtained, and whether the login verification result indicates that the virtual machine is allowed to be logged in by the registered account or not is indicated.
Description
Technical Field
The present disclosure relates to the field of virtual machines, and in particular, to a control method, an apparatus, and an electronic device.
Background
After a virtual machine configured on a host has been registered to a certain user, if another user needs to use the virtual machine, the virtual machine needs to be re-registered to the other user.
However, this implementation relies on manual operations by an administrator, which results in a high level of operational complexity in the use of virtual machines.
Disclosure of Invention
In view of the foregoing, the present application provides a control method, a control device, and an electronic device, which are used for reducing the complexity of the virtual machine login operation, so as to improve the user experience of the user on the virtual machine. The following are provided:
a control method, comprising:
obtaining a login account and a registration account, wherein the registration account is a registration account of a virtual machine which is logged in by the login account;
creating a password character string corresponding to the registered account, wherein the password character string is stored in a password storage area as a login password;
transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, a login verification result is obtained, and whether the login verification result indicates that the virtual machine is allowed to be logged in by the registered account or not is indicated.
In the above method, preferably, in a case where the login account and the registration account are inconsistent, after the transferring the registration account and the password string to the virtual machine, the method further includes:
receiving a login blocking message sent by the virtual machine, wherein the login blocking message is obtained by the virtual machine under the condition that the virtual machine is monitored to be logged in by the registration account;
At least sending the login blocked message to a first client corresponding to the registered account;
re-executing the login authorization message transmitted by the first client under the condition that the login authorization message is received: transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, a login verification result is obtained, and whether the login verification result indicates that the virtual machine is allowed to be logged in by the registered account or not is indicated.
In the above method, preferably, at least the login blocking message is sent to the first client corresponding to the registered account, including:
and sending the login blocking message, the identification information of the virtual machine and the registration account to a first client corresponding to the registration account, so that the first client outputs an authorization request interface, and the authorization request interface is at least used for prompting whether the virtual machine is authorized to exit the login state of the registration account.
In the above method, preferably, in a case where the login account and the registration account are inconsistent, before the creating of the password string corresponding to the registration account, the method further includes:
Inquiring whether authority information corresponding to the login account exists in the authority set corresponding to the virtual machine;
executing the following steps when the authority information corresponding to the login account exists in the authority set corresponding to the virtual machine: and creating a password character string corresponding to the registered account.
In the above method, preferably, transmitting the registered account and the password string to the virtual machine includes:
and calling a first interface of a host machine where the virtual machine is located, wherein the first interface is used for transmitting at least the registered account and the password character string to the host machine, so that the host machine calls a second interface corresponding to the virtual machine, and the second interface is used for transmitting at least the registered account and the password character string to the virtual machine.
In the above method, preferably, the first interface is configured to transmit identification information of the virtual machine, the registered account and the password string to the host machine, so that the host machine invokes a second interface corresponding to the virtual machine according to the identification information;
and the second interface is a communication interface based on a socket file, and the host machine writes at least the registered account and the password character string into the socket file, so that the virtual machine reads the registered account and the password character string from the socket file.
The method, preferably, obtains a login account and a registration account, including:
receiving a login request message transmitted by a second client;
and analyzing the login request message to obtain a login account corresponding to the second client and a registration account of the virtual machine logged in by the login account.
In the above method, preferably, the password string is stored as a login password in a target field corresponding to the registered account in the password storage area.
A control apparatus comprising:
the system comprises an account obtaining unit, a login account obtaining unit and a registration account, wherein the registration account is a registration account of a virtual machine which is logged in by the login account;
the password creation unit is used for creating a password character string corresponding to the registered account, and the password character string is stored in the password storage area as a login password;
and the information transmission unit is used for transmitting the registered account and the password character string to the virtual machine so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string to obtain a login verification result, and the login verification result represents whether the login of the virtual machine with the registered account is allowed or not.
An electronic device, comprising:
a memory for storing a computer program and data resulting from the execution of the computer program;
a processor for executing the computer program to implement: obtaining a login account and a registration account, wherein the registration account is a registration account of a virtual machine which is logged in by the login account; creating a password character string corresponding to the registered account, wherein the password character string is stored in a password storage area as a login password; transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, a login verification result is obtained, and whether the login verification result indicates that the virtual machine is allowed to be logged in by the registered account or not is indicated.
According to the technical scheme, in the control method, the control device and the electronic equipment, after the login account and the login account of the virtual machine logged in by the login account are obtained, the password character string is created for the login account, and the password character string is stored in the password storage area as the login password, so that after the login account and the password character string are transmitted to the virtual machine, the virtual machine performs login verification on the password character string according to the login password corresponding to the login account in the password storage area, and virtual machine login is achieved. Therefore, the virtual machine is logged in according to the generated login password, so that even if the original password corresponding to the login account does not exist, the virtual machine can be logged in through the scheme in the embodiment, additional operations of the administrator and a login user are not needed, the operation complexity when the virtual machine is logged in is further reduced, and the use experience of the user on the virtual machine is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of a control method according to a first embodiment of the present application;
FIG. 2 is an exemplary diagram of an interface for a user to log into a virtual machine in an embodiment of the present application;
fig. 3 and fig. 4 are a partial flow chart of a control method according to a first embodiment of the present application;
FIG. 5 is a diagram illustrating another example of an interface for a user to log into a virtual machine in an embodiment of the present application;
FIG. 6 is another flow chart of a control method according to the first embodiment of the present application;
fig. 7 is a schematic structural diagram of a control device according to a second embodiment of the present disclosure;
fig. 8 and fig. 9 are schematic diagrams of another structure of a control device according to a second embodiment of the present disclosure;
fig. 10 is a schematic structural diagram of an electronic device according to a third embodiment of the present application;
FIG. 11 is an overall block diagram of a virtual machine login scenario applicable to the present application;
FIG. 12 is an overall flowchart of the present application applicable to a virtual machine login scenario;
FIG. 13 is a flowchart of a local user logging on a virtual machine in a virtual machine logging scenario according to the present application;
FIG. 14 is a flowchart of the present application for logging in a virtual machine by other users in a virtual machine login scenario;
FIG. 15 is a flowchart of a virtual machine login blocking process applicable to a virtual machine login scenario in the present application;
FIG. 16 is an exemplary diagram of roles involved in login verification in a virtual machine login scenario according to the present application;
fig. 17 is a process diagram of the present application for authentication in a login entity in a virtual machine login scenario.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
Referring to fig. 1, a flowchart of a control method according to an embodiment of the present application is shown, and the method may be applied to an electronic device capable of performing data processing, such as a computer or a server configured with a unified authentication interface and a unified authentication service. The technical scheme in the embodiment is mainly used for reducing the operation complexity of the virtual machine.
Specifically, the method in this embodiment may include the following steps:
step 101: a login account and a registration account are obtained.
The registered account is a registered account of the virtual machine which is logged in by the login account.
Specifically, in this embodiment, the login account corresponding to the second client and the registration account of the virtual machine registered by the login account may be obtained by receiving the login request message transmitted by the second client and analyzing the login request message.
The second client is a client used by a user to which the login account belongs, the user to which the login account belongs opens a login interface of the virtual machine on the second client, and performs account input operation on the login interface, so that a corresponding login request message is generated on the second client and transmitted to the electronic device in the embodiment. Thus, in this embodiment, the login request message transmitted by the second client is received.
Specifically, the login request message may be generated based on the login account, the registration account, and identification information of the virtual machine. Thus, in this embodiment, the identification information of the login account, the registration account, and the virtual machine may be obtained by analyzing the login request message.
For example, the user opens the cloud desktop client, and inputs a corresponding account, such as a user name, in the login interface corresponding to the virtual machine that needs to be logged in, which is output by the user.
For example, as shown in fig. 2, the current user inputs a login account in a login interface corresponding to the virtual machine a output by a second client corresponding to the current user, and the second client generates a token, that is, a login request message, based on the login account, and identification information of the virtual machine, and transmits the token. Based on this, in this embodiment, the received token is parsed to obtain the login account input by the current user and the registration account of the virtual machine a.
The registered account of the virtual machine is an original account of the virtual machine registered.
Step 102: creating a password character string corresponding to the registered account, and storing the password character string as a login password in a password storage area.
Specifically, in this embodiment, a string generation algorithm may be used to create a password string for the registered account, and the password string is stored as a login password of the registered account in a preset password storage area.
In addition, the password string may be saved as a login password to a target field corresponding to the registered account in the password storage area.
For example, in this embodiment, a random string may be generated by using a random algorithm, and the random string is stored as a login password of the registration account of the virtual machine a in a specified field corresponding to the registration account of the virtual machine a in the database.
Step 103: transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses the login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, and a login verification result is obtained.
Wherein the login verification result characterizes whether the login of the virtual machine with the registered account is allowed.
Specifically, in this embodiment, the registered account and the password string are used as the login account and the input password of the current user to be transmitted to the virtual machine; the virtual machine reads the corresponding login password in the password storage area according to the received registration account, and then compares the login password with the password character string received by the virtual machine; if the comparison is consistent, a login verification result allowing the virtual machine to be logged in with the registered account is obtained. The login password stored in the password storage area is a password character string, so that the obtained login verification result represents permission to login the virtual machine with the registered account. Therefore, even if the original password of the user is not registered, the user can log in the virtual machine, and the resource waste of the virtual machine is avoided.
As can be seen from the above, in the control method provided in the first embodiment of the present application, after obtaining the login account and the login account of the virtual machine that the login account is logged in, a password string is created for the login account, and the password string is stored as a login password in the password storage area. After the registered account and the password character string are transmitted to the virtual machine, the virtual machine performs login verification on the password character string according to the login password corresponding to the registered account in the password storage area, so that the virtual machine login is realized. It can be seen that, in this embodiment, the administrator does not need to reconfigure the virtual machine, but creates a login password for the registered account of the logged-in virtual machine, and the virtual machine performs login verification according to the generated login password. Therefore, even if the original password corresponding to the registered account is not available, the virtual machine can be logged in through the scheme in the embodiment, no extra operation of an administrator and a login user is needed, the operation complexity when the virtual machine is logged in is further reduced, and the use experience of the user on the virtual machine is improved.
In one implementation manner, after obtaining the login account and the registration account in step 101, the method may further include a step of determining the consistency of the login account and the registration account, and when the login account and the registration account are consistent, step 102 and step 103 are directly executed, as shown in fig. 3, where the method includes:
Step 101: a login account and a registration account are obtained.
Step 104: a determination is made as to whether the login account and the registration account are consistent, and if so, step 102 is performed.
Step 102: creating a password character string corresponding to the registered account, and storing the password character string as a login password in a password storage area.
Step 103: transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses the login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, and a login verification result is obtained.
In another implementation, when the login account and the registration account are inconsistent, after the step 102 and the step 103 are performed, a step of receiving a login blocking message sent by the virtual machine is further performed, which is specifically shown in fig. 4:
step 101: a login account and a registration account are obtained.
Step 104: judging whether the login account and the registration account are consistent, and if the login account and the registration account are inconsistent, executing step 102;
step 102: creating a password character string corresponding to the registered account, and storing the password character string as a login password in a password storage area.
Step 103: the registered account and password string are transmitted to the virtual machine and step 105 is performed.
Step 105: and receiving a login blocked message sent by the virtual machine.
Wherein the login blocked message is obtained by the virtual machine in case that the virtual machine is monitored to be logged in by the registered account. If the virtual machine is not monitored for registered account login, then step 105 need not be performed. That is, after receiving the registration account and the password string, the virtual machine may monitor whether the virtual machine has been registered by the registration account, generate a registration blocking message and transmit if the virtual machine has been registered by the registration account, and if the virtual machine has not been registered by the registration account, the virtual machine continues to perform registration verification on the password string using a registration password corresponding to the registration account in the password storage area, so as to obtain a registration verification result.
In addition, in this embodiment, the identification information of the virtual machine and the registered account may also be received, so as to indicate that the registered account on the virtual machine corresponding to the identification information is already logged in.
The identification information of the virtual machine may include information such as a universal unique identification code uuid (Universally Unique Identifier) of the virtual machine and a socket file location. The uuid is used for uniquely characterizing the virtual machine, and the socket file position is used for realizing a communication interface between the virtual machine and a host machine where the virtual machine is located, so that data transmission is conveniently carried out between the virtual machine and the host machine.
Step 106: and sending the login blocked message to the first client corresponding to the registered account.
Specifically, in this embodiment, the identification information of the virtual machine and the registration account may also be sent to the first client corresponding to the registration account.
Based on the above, an authorization request interface can be output for the user of the first client, and the authorization request interface is at least used for prompting whether the virtual machine is authorized to exit the login state of the registered account, so that the user of the first client is prompted to perform login authorization or login prohibition operation through the authorization request interface. For example, two controls are output on the authorization request interface: a login authorization control and a login prohibition control. The login authorization control characterizes a login state that a user of the first client authorizes the virtual machine to exit a registration account, namely, the current user of the second client is authorized to log in the virtual machine by the registration account; the login prohibition control characterizes that the user of the first client does not exit the login state of the registered account, namely, the current user of the second client is prohibited from logging in the virtual machine with the registered account. Based on the information, the first client generates and transmits a login authorization message or a login prohibition message according to the selection operation of the user on the login authorization interface.
For example, as shown in fig. 5, the current user a inputs a login account on the login interface on the second client, indicating that the virtual machine a corresponding to the login account is ready to be logged in. In this embodiment, after obtaining the login account and the registration account, a password string is created for the registration account in real time, and is stored as a login password in the password storage area. After the registered account and the password character string are sent to the virtual machine a, the virtual machine a monitors that the user b corresponding to the first client is logged in with the registered account, and at this time, the virtual machine a transmits a login blocking message. In this embodiment, after receiving the login blocking message of the virtual machine a, the login blocking message, the identification information of the virtual machine a, and the registered account of the virtual machine a are sent to the first client, and an authorization request interface is output on the first client to prompt the history user b: there are other users that need to log in to the virtual machine a, and the history user b needs to log in to be authorized. Based on this, the history user b can perform a login authorization or a login prohibition operation on the authorization request interface on the first client side. Thus, the first client may transmit the login authorization message or the login prohibition message to the electronic device in this embodiment.
Step 107: and (3) receiving a login authorization message transmitted by the first client, re-executing step 103, and further re-transmitting the registered account and the password character string to the virtual machine, so that the virtual machine performs login verification on the password character string by using the login password corresponding to the registered account in the password storage area, and obtaining a login verification result.
Therefore, in the embodiment, the virtual machine can be re-logged in by obtaining the authorization of the logged-in user under the condition that the virtual machine login is blocked, and additional operations of an administrator and a user are not needed, so that the operation complexity of the virtual machine login is further reduced, and the use experience of the user on the virtual machine is improved.
In one implementation, after the login account and the registration account are obtained in step 101 in this embodiment, the following steps may be further included, as shown in fig. 6:
step 101: a login account and a registration account are obtained.
Step 104: it is determined whether the login account and the registration account are identical, if the login account and the registration account are identical, step 102 and step 103 are directly performed, and if the login account and the registration account are not identical, step 108 is performed as follows.
Step 108: inquiring whether authority information corresponding to a login account exists in the authority set corresponding to the virtual machine, and executing step 102 and step 103 again under the condition that the authority information corresponding to the login account exists in the authority set corresponding to the virtual machine, so as to create a password character string corresponding to the login account and transmit the login account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the login account in a password storage area to carry out login verification on the password character string, and a login verification result is obtained.
If the authority information corresponding to the login account exists in the authority set corresponding to the virtual machine, the login account is characterized to have the authority to use the virtual machine, at this time, step 102 and step 103 may be executed, so that the user of the second client corresponding to the login account can login to the virtual machine with the login account, and use of the virtual machine is achieved. If the authority set corresponding to the virtual machine does not have the authority information corresponding to the login account, the login account is characterized to have no authority for using the virtual machine, and at the moment, the current flow can be ended to ensure the use safety of the virtual machine.
In one implementation, when the registered account and the password string are transmitted to the virtual machine in step 103, the following may be specifically implemented:
and calling a first interface of a host machine where the virtual machine is located, wherein the first interface is used for transmitting at least the registered account and the password character string to the host machine, so that the host machine calls a second interface corresponding to the virtual machine, and the second interface is used for transmitting at least the registered account and the password character string to the virtual machine.
Specifically, the called first interface is used for transmitting the identification information, the registered account and the password character string of the virtual machine to the host machine, so that the host machine calls the second interface corresponding to the virtual machine according to the identification information; and the second interface is a communication interface based on the socket file, and the host machine at least writes the registered account and the password character string into the socket file so that the virtual machine reads the registered account and the password character string from the socket file.
For example, the first interface is an api interface on the host machine, so that the api interface transmits identification information, a registered account, a password character string and the like of the virtual machine to the host machine, the host machine obtains information such as the position of a socket file corresponding to the virtual machine by analyzing the identification information of the virtual machine, and writes the information such as the registered account, the password character string and the like into the socket file, namely, invokes the second interface of the virtual machine; the second interface may be a communication interface based on a socket file on the virtual machine, and based on this, the virtual machine reads information such as a registered account and a password string written in the host machine through the socket file.
Referring to fig. 7, a schematic structural diagram of a control device according to a second embodiment of the present application may be configured in an electronic device capable of performing data processing, such as a computer or a server configured with a unified authentication interface and a unified authentication service. The technical scheme in the embodiment is mainly used for reducing the operation complexity of the virtual machine.
Specifically, the apparatus in this embodiment may include the following units:
an account obtaining unit 701, configured to obtain a login account and a registration account, where the registration account is a registration account of a virtual machine that the login account logs in;
A password creation unit 702, configured to create a password string corresponding to the registered account, where the password string is stored as a login password in a password storage area;
and an information transmission unit 703, configured to transmit the registered account and the password string to the virtual machine, so that the virtual machine performs login verification on the password string using a login password corresponding to the registered account in the password storage area, so as to obtain a login verification result, where the login verification result characterizes whether to allow the virtual machine to be logged in with the registered account.
As can be seen from the above, in the control device provided in the second embodiment of the present application, after obtaining the login account and the login account of the virtual machine that the login account is logged in, a password string is created for the login account, and the password string is stored in the password storage area as a login password, so that after transmitting the login account and the password string to the virtual machine, the virtual machine performs login verification on the password string according to the login password corresponding to the login account in the password storage area, thereby realizing the login of the virtual machine. Therefore, even if the original password corresponding to the login account is not available, the virtual machine can be logged in through the scheme in the embodiment, and additional operations of the administrator and a login user are not needed, so that the operation complexity in the process of logging in the virtual machine is reduced, and the use experience of the user on the virtual machine is improved.
In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 8:
a blocking processing unit 704, configured to receive a login blocking message sent by the virtual machine after the information transmission unit 703 transmits the registered account and the password character string to the virtual machine, in a case where the login account and the registered account are inconsistent, the login blocking message being obtained by the virtual machine when it is detected that the login by the registered account has been completed; at least sending the login blocked message to a first client corresponding to the registered account; and under the condition that the login authorization message transmitted by the first client is received, the information transmission unit 703 is triggered again to transmit the registered account and the password character string to the virtual machine, so that the virtual machine uses the login password corresponding to the registered account in the password storage area to perform login verification on the password character string, and a login verification result is obtained, wherein the login verification result represents whether the virtual machine is allowed to be logged in by the registered account or not.
Based on this, the blocking processing unit 704 is specifically configured to, when sending at least the login blocking message to the first client corresponding to the registered account: and sending the login blocking message, the identification information of the virtual machine and the registration account to a first client corresponding to the registration account, so that the first client outputs an authorization request interface, and the authorization request interface is at least used for prompting whether the virtual machine is authorized to exit the login state of the registration account.
In one implementation, the apparatus in this embodiment may further include the following units, as shown in fig. 9:
a permission verification unit 705, configured to, in a case where the login account and the registration account are inconsistent, query, before the password creation unit 702 creates a password string corresponding to the registration account, whether permission information corresponding to the login account exists in a permission set corresponding to the virtual machine; in the case that the authority information corresponding to the login account exists in the authority set corresponding to the virtual machine, the password creation unit 702 is triggered to create a password character string corresponding to the login account.
In one implementation, the information transmission unit 703 is specifically configured to, when transmitting the registered account and the password string to the virtual machine: and calling a first interface of a host machine where the virtual machine is located, wherein the first interface is used for transmitting at least the registered account and the password character string to the host machine, so that the host machine calls a second interface corresponding to the virtual machine, and the second interface is used for transmitting at least the registered account and the password character string to the virtual machine.
In one implementation manner, the first interface is configured to transmit the identification information of the virtual machine, the registered account and the password string to the host machine, so that the host machine invokes a second interface corresponding to the virtual machine according to the identification information;
and the second interface is a communication interface based on a socket file, and the host machine writes at least the registered account and the password character string into the socket file, so that the virtual machine reads the registered account and the password character string from the socket file.
In one implementation, the account obtaining unit 701 is specifically configured to: receiving a login request message transmitted by a second client; and analyzing the login request message to obtain a login account corresponding to the second client and a registration account of the virtual machine logged in by the login account.
In one implementation, the password string is saved as a login password to a target field in a password storage area corresponding to the registered account.
It should be noted that, the specific implementation of each unit in this embodiment may refer to the corresponding content in the foregoing, which is not described in detail herein.
Referring to fig. 10, a schematic structural diagram of an electronic device according to a third embodiment of the present application may include the following structure:
a memory 1001 for storing a computer program and data generated by the execution of the computer program;
a processor 1002 for executing the computer program to implement: obtaining a login account and a registration account, wherein the registration account is a registration account of a virtual machine which is logged in by the login account; creating a password character string corresponding to the registered account, wherein the password character string is stored in a password storage area as a login password; transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, a login verification result is obtained, and whether the login verification result indicates that the virtual machine is allowed to be logged in by the registered account or not is indicated.
As can be seen from the above technical solution, in the electronic device provided in the third embodiment of the present application, after obtaining a login account and a login account of a virtual machine that the login account is logged in, a password string is created for the login account, and the password string is stored as a login password in a password storage area, so that after transmitting the login account and the password string to the virtual machine, the virtual machine performs login verification on the password string according to the login password corresponding to the login account in the password storage area, thereby implementing virtual machine login. Therefore, even if the original password corresponding to the login account is not available, the virtual machine can be logged in through the scheme in the embodiment, and additional operations of the administrator and a login user are not needed, so that the operation complexity in the process of logging in the virtual machine is reduced, and the use experience of the user on the virtual machine is improved.
It should be noted that, the specific implementation of the processor in this embodiment may refer to the corresponding content in the foregoing, which is not described in detail herein.
The following details the technical scheme of the present application, taking a certain virtual machine as an example:
the technical scheme of the application is realized through a unified authentication interface and unified authentication service, the whole structure is shown in fig. 11, the unified authentication interface establishes corresponding data connection with a client, a host machine deployed with a virtual machine and the unified authentication service, and virtual machine login is realized based on the data connection.
Specifically, in the present application, a client invokes a unified authentication interface, and the unified authentication interface interacts with a login entity (i.e., a server operated by a virtual machine, i.e., a host) and a unified authentication service. When the virtual machine is required to log in, providing login information to a unified authentication interface by the client, such as content of an initiating user (i.e. a registered account of the virtual machine), a login user (i.e. a login account), identification information of the virtual machine and the like; and then, the unified authentication interface inquires whether the virtual machine has login permission or not through the unified authentication service and performs single sign-on of the virtual machine. The overall flow is as shown in fig. 12, the unified authentication interface provides login abstraction (entity is in the form of interface) for the client, and the host and the unified authentication service provide interfaces to the unified authentication interface.
The unified authentication interface provides an abstract desktop cloud login interface for the client, and the client only needs to interact data with the interface, so that virtual machines with different authentication authorities in the desktop cloud can be logged in. And the unified authentication service provides the functions of adding, deleting, modifying and inquiring the unified authentication interface for performing access operation on the user information. The login entity comprises a computing node, a virtual machine running on the computing node, a mode of calling the virtual machine by the computing node, and an interface running on the computing node.
In the technical scheme of the application, the unified authentication interface is connected with the unified authentication service, the unified authentication service queries the data storage of the rear end, and the user data is stored in the data storage. The unified authentication service inquires whether the user has login permission or not, returns the login permission to the unified authentication interface, and realizes single sign-on of the user by temporary authorization of an administrator admin. The administrator admin can authorize without modifying the original information of the user. The specific scheme is as follows:
as shown in fig. 13, for a flowchart of logging in a virtual machine for an original user of the virtual machine, i.e., a local user, the steps for logging in the virtual machine by the local user are as follows:
(1) The user opens the cloud desktop client, inputs a login account, then clicks and selects the virtual machine to perform remote connection login, at this time, the cloud desktop client generates a first token, the first token is generated by the login account of the client, the registration account of the virtual machine, identification information of the virtual machine such as uuid information, and the like, and then the first token is sent to the unified authentication interface.
(2) The unified authentication interface receives the first token and analyzes the information to obtain a login account, a registration account and identification information, whether the login user of the client is consistent with the operating system user of the virtual machine or not is verified through the login account and the registration account, and if the login account is consistent with the registration account, the login user of the client is consistent with the operating system user of the virtual machine. The unified authentication interface generates a second token, which may be generated by a random algorithm, and the second token may be a random string, so as to be used as a login password to be implanted into a designated field (which is used for verification when the user logs in the virtual machine) of the virtual machine operating system account number in the password storage area in the database through the unified authentication service.
(3) The unified authentication interface calls an interface provided by the host machine, such as an api interface on the host machine, and identification information, such as uuid, and login information, of the virtual machine are transmitted through the interface provided by the host machine, wherein the login information comprises a registration account and a second token, so that the host machine obtains the identification information and the login information through the interface of the host machine.
(4) The host acquires virtual machine information such as position information of a socket file communicated with the virtual machine by analyzing uuid in the identification information, and based on the position information, the host invokes an interface of the virtual machine to trigger a login event and simultaneously provides login information to the virtual machine interface so that the virtual machine receives the login information.
(5) The virtual machine triggers login operation, analyzes login information transmitted by the host machine to obtain a registered account and a second token, uses the registered account and the second token to connect to unified authentication service, and queries a login password corresponding to a password storage area in a database by the unified authentication service according to the registered account; the virtual machine carries out login verification on the login password inquired by the unified authentication service and the second token, and the login password corresponding to the registered account in the password storage area in the database is prestored according to the second token; thus, the login password is consistent with the second token, thereby enabling login with the registered account on the virtual machine.
Therefore, in the method, the login password is generated for each login request of the local user, and the login of the virtual machine can be realized without acquiring the original password of the virtual machine.
As shown in fig. 14, a process of logging in a virtual machine for other users, i.e., login users that are different from the user of the virtual machine operating system:
(1) The user opens the cloud desktop client, inputs a login account, then clicks and selects the virtual machine to perform remote connection login, at this time, the cloud desktop client generates a first token, the first token is generated by the login account of the client, the registration account of the virtual machine, identification information of the virtual machine such as uuid information, and the like, and then the first token is sent to the unified authentication interface.
(2) The unified authentication interface receives the first token and analyzes information to obtain a login account, a registration account and identification information, and whether a login user of the client is consistent with an operating system user of the virtual machine or not is verified through the login account and the registration account; if the login account is inconsistent with the registration account, the login user of the client is inconsistent with the operating system user of the virtual machine, and at the moment, the unified authentication interface inquires the unified authentication service whether the login user has authority to login the virtual machine, for example, the unified authentication service inquires whether the authority set of the database has authority information corresponding to the login account. In the case that the login user has the authority to login to the virtual machine, a second token is generated by the unified authentication interface, the second token may be generated by a random algorithm, and the second token may be a random character string, so as to be used as a login password to be implanted into a designated field (which is used for verification when the user virtual machine logs in) of the virtual machine operating system account number in the password storage area in the database through the unified authentication service.
(3) The unified authentication interface calls an interface provided by the host machine, such as an api interface on the host machine, and identification information, such as uuid, and login information, of the virtual machine are transmitted through the interface provided by the host machine, wherein the login information comprises a registration account and a second token, so that the host machine obtains the identification information and the login information through the interface of the host machine. The host machine obtains virtual machine information such as position information of a socket file communicated with the virtual machine by analyzing uuid in the identification information.
(4) The host invokes an interface of the virtual machine to trigger a login event, and provides login information to the virtual machine interface, so that the virtual machine receives the login information.
(5) After receiving the login information, the virtual machine firstly inquires the login state through a system function in an operating system, and if the login state is not logged in, the virtual machine directly uses a login account and a second token which are analyzed from the login information to be connected to a unified authentication service, and the unified authentication service inquires a login password corresponding to a password storage area in a database according to the login account; thus, the virtual machine performs login verification on the login password queried by the unified authentication service and the second token, and the login password corresponding to the registered account in the password storage area in the database is prestored according to the second token, so that the login password is consistent with the second token, and login can be realized on the virtual machine by using the registered account. And if the login status is logged in, a virtual machine blocked flow is performed as shown in fig. 15. Based on the authorization request, the authorization request is sent to the client corresponding to the virtual machine operating system account through the virtual machine blocking flow, and the method specifically comprises the following steps:
(1) After receiving a login event initiated by the host machine, the virtual machine inquires whether an operating system account of the virtual machine is currently logged in, if not, the virtual machine is in an unhindered state, and the login process in the previous is executed, namely login verification is carried out through unified authentication service. If registered, the state is blocked. In the blocked state, a blocked message is returned to the host machine through the virtual machine interface to represent that the virtual machine operating system account has been logged in.
(2) The host machine receives the information and returns the blocked information, uuid (virtual machine information) and the login role, namely the registered account of the virtual machine, to the unified authentication interface, and the unified authentication interface pushes the blocked information to the client of the login role, namely the client corresponding to the registered account through the information service after receiving the blocked information, and waits for the authorization of the user. And under the blocked condition, the user is indicated to be logged in, and after the user is authorized, the client corresponding to the registered account is logged out of the virtual machine and waits for the unified authentication interface to call login).
(3) The blocking information generated by the virtual machine characterizes that a user corresponding to an operation system account of the virtual machine is using the virtual machine, when the blocking information is transmitted to a client from a unified authentication interface, the user can click to perform authorized login operation after the client receives the blocking information, the authorized information is synchronized to the unified authentication interface through a message service, and the unified authentication interface re-invokes a host interface to initiate a login event after receiving the authorized information, and re-transmits login information in the blocking event. If login requests of a plurality of users are received, the login request initiated first is preferentially processed in the application, namely, the user initiating the login request first receives a message waiting for authorization in a virtual machine blocking flow. Only a single user is allowed to log in through single sign-on the virtual machine.
(4) After receiving the login event, the virtual machine executes the login flow and verifies with the unified authentication service.
Therefore, the role of participating in login verification in the application comprises two parts, namely a cloud desktop client and a unified authentication interface. The unified authentication interface is used as an abstraction of login operation and is divided into a login entity (host machine) and a unified verification service, as shown in fig. 16, a client initiates the login operation, and the unified authentication interface checks whether a login user has authority and inserts a second token, namely a login password, to the unified authentication service, and triggers a login event of the login entity interface after inquiry.
After receiving a login event initiated from a client, the unified authentication interface analyzes the received first token to obtain a cloud desktop client login user and a user to log in an operating system, and generates a designated field of a login role written by a second token through unified authentication service.
And then, the unified authentication interface initiates a login event to the login entity, and if the virtual machine in the login entity is logged in currently, the virtual machine returns to a blocked state.
If the login entity returns to the blocked state, the blocked state is returned to the unified authentication interface, the unified authentication interface is pushed to the client of the login role through the message service, the user receiving the message decides whether to authorize the login or not, at this time, the message is returned through the unified authentication interface, if the authorization is acquired, the unified authentication interface reinitiates the login event, and the virtual machine performs login verification through the unified authentication service.
The login entity in the foregoing is an abstraction of the virtual machine to be logged in, but because the virtual machine runs on the host machine, in order to adapt to a complex network environment, a mode of implementing single sign-on by using a network card is abandoned in the application, and communication is performed with the virtual machine through the virtual-service device.
Wherein the login intra-entity authentication procedure is as shown in fig. 17:
(1) And generating a login password by the unified authentication interface, and inserting a corresponding login user password field in a corresponding database through the unified authentication service.
(2) After the virtual machine receives the login event, the virtual machine is connected with the unified authentication service database to log in, and the field of the login password takes the field of the unified authentication interface, so that the virtual machine can log in correctly.
According to the technical scheme of the application, the technical support scene flow of using the virtual machine for the staff is as follows:
(1) After the user virtual machine encounters a problem, the technical support personnel can be applied by an administrator, and the administrator or a department can lead and coordinate the technical support personnel to support.
(2) After the personnel are determined, the administrator can authorize the virtual machine with the problem to technical support personnel at the management platform and select the login account as the user account initiating the problem.
(3) The technical support personnel click the virtual machine with the problem on the cloud desktop client to log in the operating system, and the problem of the user is solved.
(4) Meanwhile, the virtual machine blocking flow ensures that a user who initiates the problem can select to immediately accept support or accept support after saving working data under the condition that the user logs in the virtual machine.
The virtual machine is used by the staff to realize the department collaborative work scene flow:
(1) In the case of a department collaboration, if a person changes, for example, the person has completed the work for which the project is responsible, the next project has been performed. Personnel in departments need to log in the virtual machine to search data or carry out debugging work. The application may be led by an administrator or a department having an administrator role. Allowing the virtual machine to be acquired.
(2) The administrator can temporarily authorize the virtual machine to the user at the management platform, i.e. obtain rights for the user.
(3) And after the user logs in the cloud desktop client and clicks the virtual machine, login operation is performed.
(4) Meanwhile, the virtual machine blocking flow ensures that the logged-in user has the right to use the virtual machine operating system under the condition that the virtual machine has a plurality of authorizations.
In summary, a two-stage (user- > unified authentication interface- > virtual machine) login authentication method is adopted in the present application. The login password is generated by the unified authentication interface and inserted into a corresponding field in the unified authentication service through the unified authentication interface. The login password is regenerated every time of login, so that the user is not required to acquire the login password of the original account, and the unified authentication interface is not required to know the login password of the original account. Therefore, on the premise of logging in the virtual machine, the operation complexity of virtual machine logging in is reduced, and the use experience of a user on the virtual machine is improved.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Claims (7)
1. A control method, characterized by comprising:
obtaining a login account and a registration account, comprising: receiving a login request message transmitted by a second client; analyzing the login request message to obtain a login account corresponding to the second client and a registration account of a virtual machine which is logged in by the login account; the registered account is a registered account of the virtual machine registered by the login account; the registered account is an original account in which the virtual machine is registered;
judging whether the login account is consistent with the registration account, and if the login account is inconsistent with the registration account, inquiring whether authority information corresponding to the login account exists in an authority set corresponding to the virtual machine; creating a password character string corresponding to the registration account when the authority information corresponding to the login account exists in the authority set corresponding to the virtual machine, wherein the password character string is stored in a password storage area as a login password;
Transmitting the registered account and the password character string to the virtual machine, monitoring whether the virtual machine is logged in by the registered account, generating a login blocking message by the virtual machine if the virtual machine is logged in by the registered account, and transmitting the login blocking message to at least a first client corresponding to the registered account; re-executing the login authorization message transmitted by the first client under the condition that the login authorization message is received: transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, and a login verification result is obtained; if the virtual machine is not logged in by the registration account, the virtual machine continues to log in and verify the password character string by using a login password corresponding to the registration account in the password storage area so as to obtain a login verification result; the login verification result characterizes whether single sign-on with the registered account is allowed for the virtual machine.
2. The method of claim 1, wherein the sending at least the login blocking message to the first client corresponding to the registered account comprises:
And sending the login blocking message, the identification information of the virtual machine and the registration account to a first client corresponding to the registration account, so that the first client outputs an authorization request interface, and the authorization request interface is at least used for prompting whether the virtual machine is authorized to exit the login state of the registration account.
3. The method of claim 1 or 2, wherein transmitting the registered account and the password string to the virtual machine comprises:
and calling a first interface of a host machine where the virtual machine is located, wherein the first interface is used for transmitting at least the registered account and the password character string to the host machine, so that the host machine calls a second interface corresponding to the virtual machine, and the second interface is used for transmitting at least the registered account and the password character string to the virtual machine.
4. The method of claim 3, wherein the first interface is configured to transmit identification information of the virtual machine, the registered account, and the password string to the host machine, so that the host machine invokes a second interface corresponding to the virtual machine according to the identification information;
And the second interface is a communication interface based on a socket file, and the host machine writes at least the registered account and the password character string into the socket file, so that the virtual machine reads the registered account and the password character string from the socket file.
5. The method of claim 1, wherein the password string is saved as a login password to a destination field in a password storage area corresponding to the registered account.
6. A control apparatus, characterized by comprising:
the system comprises an account obtaining unit, a login account obtaining unit and a registration account, wherein the registration account is a registration account of a virtual machine which is logged in by the login account; the registered account is an original account in which the virtual machine is registered; the account obtaining unit is specifically configured to: receiving a login request message transmitted by a second client; analyzing the login request message to obtain a login account corresponding to the second client and a registration account of a virtual machine which is logged in by the login account;
the password creation unit is used for creating a password character string corresponding to the registered account, and the password character string is stored in the password storage area as a login password;
The information transmission unit is used for transmitting the registered account and the password character string to the virtual machine so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string to obtain a login verification result, and the login verification result represents whether single-point login with the registered account is allowed to the virtual machine or not;
the control device is used for judging whether the login account is consistent with the registration account or not; the control device further includes:
the permission verification unit is used for inquiring whether permission information corresponding to the login account exists in the permission set corresponding to the virtual machine before the password creation unit creates the password character string corresponding to the login account under the condition that the login account is inconsistent with the login account; triggering the password creation unit to create a password character string corresponding to the registration account under the condition that the permission information corresponding to the login account exists in the permission set corresponding to the virtual machine;
the blocking processing unit is used for receiving a login blocking message sent by the virtual machine after the information transmission unit transmits the registration account and the password character string to the virtual machine under the condition that the login account is inconsistent with the registration account, wherein the login blocking message is obtained by the virtual machine under the condition that the virtual machine monitors that the login account is logged in by the registration account; at least sending the login blocked message to a first client corresponding to the registered account; under the condition that a login authorization message transmitted by the first client is received, the information transmission unit is triggered again to transmit the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, and a login verification result is obtained;
And the control device is also used for enabling the virtual machine to continuously use the login password corresponding to the registration account in the password storage area to carry out login verification on the password character string if the virtual machine is not logged in by the registration account, so as to obtain a login verification result.
7. An electronic device, comprising:
a memory for storing a computer program and data resulting from the execution of the computer program;
a processor for executing the computer program to implement: obtaining a login account and a registration account, comprising: receiving a login request message transmitted by a second client; analyzing the login request message to obtain a login account corresponding to the second client and a registration account of a virtual machine which is logged in by the login account; the registered account is a registered account of the virtual machine registered by the login account; the registered account is an original account in which the virtual machine is registered; judging whether the login account is consistent with the registration account, and if the login account is inconsistent with the registration account, inquiring whether authority information corresponding to the login account exists in an authority set corresponding to the virtual machine; creating a password character string corresponding to the registration account when the authority information corresponding to the login account exists in the authority set corresponding to the virtual machine, wherein the password character string is stored in a password storage area as a login password; transmitting the registered account and the password character string to the virtual machine, monitoring whether the virtual machine is logged in by the registered account, generating a login blocking message by the virtual machine if the virtual machine is logged in by the registered account, and transmitting the login blocking message to at least a first client corresponding to the registered account; re-executing the login authorization message transmitted by the first client under the condition that the login authorization message is received: transmitting the registered account and the password character string to the virtual machine, so that the virtual machine uses a login password corresponding to the registered account in the password storage area to carry out login verification on the password character string, and a login verification result is obtained; if the virtual machine is not logged in by the registration account, the virtual machine continues to log in and verify the password character string by using a login password corresponding to the registration account in the password storage area so as to obtain a login verification result; the login verification result characterizes whether single sign-on with the registered account is allowed for the virtual machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310140297.0A CN115840937B (en) | 2023-02-21 | 2023-02-21 | Control method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310140297.0A CN115840937B (en) | 2023-02-21 | 2023-02-21 | Control method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115840937A CN115840937A (en) | 2023-03-24 |
| CN115840937B true CN115840937B (en) | 2023-05-23 |
Family
ID=85579965
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310140297.0A Active CN115840937B (en) | 2023-02-21 | 2023-02-21 | Control method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115840937B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116483517B (en) * | 2023-04-27 | 2024-01-26 | 安芯网盾(北京)科技有限公司 | Virtual machine control method, device and system |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143230A (en) * | 2011-04-01 | 2011-08-03 | 广州杰赛科技股份有限公司 | Method for mini-station to authenticate and log in virtual machine in cloud system and login system |
| US9479499B2 (en) * | 2013-03-21 | 2016-10-25 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for identity authentication via mobile capturing code |
| CN104717261B (en) * | 2013-12-17 | 2018-05-29 | 华为技术有限公司 | A kind of login method and desktop management equipment |
| CN107577516B (en) * | 2017-07-28 | 2020-08-14 | 华为技术有限公司 | Virtual machine password resetting method, device and system |
| CN108710528B (en) * | 2018-05-09 | 2023-02-28 | 深圳安布斯网络科技有限公司 | Desktop cloud virtual machine access and control method, device, equipment and storage medium |
| CN109002344B (en) * | 2018-06-12 | 2021-01-15 | 广东睿江云计算股份有限公司 | Method for resetting KVM (keyboard video mouse) virtual machine password by cloud management platform |
| CN111405006B (en) * | 2020-03-06 | 2022-07-12 | 北京奇艺世纪科技有限公司 | Method and device for processing remote login failure and remote login system |
| CN113656769A (en) * | 2021-08-03 | 2021-11-16 | 西安万像电子科技有限公司 | Control method and device of master-slave unit and master-slave unit system |
| CN113656770A (en) * | 2021-08-05 | 2021-11-16 | 西安万像电子科技有限公司 | Authorization processing method and device, electronic equipment and computer readable storage medium |
-
2023
- 2023-02-21 CN CN202310140297.0A patent/CN115840937B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115840937A (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112073400B (en) | Access control method, system, device and computing equipment | |
| CN111093197B (en) | Authority authentication method, authority authentication system and computer readable storage medium | |
| US5586260A (en) | Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| CN112822222B (en) | Login verification method, automatic login verification method, server and client | |
| CN112838951B (en) | Operation and maintenance method, device and system of terminal equipment and storage medium | |
| CN104601590A (en) | Login method, server and mobile terminal | |
| CN110221949B (en) | Automatic operation and maintenance management method, device, equipment and readable storage medium | |
| CN113742676B (en) | Login management method, login management device, login management server, login management system and storage medium | |
| CN109818742B (en) | Equipment debugging method, device and storage medium | |
| CN115840937B (en) | Control method and device and electronic equipment | |
| CN113761509B (en) | iframe verification login method and device | |
| CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
| CN106302606A (en) | A kind of across application access method and device | |
| CN103347020A (en) | Cross-application authentication access system and method | |
| CN111586021A (en) | Remote office business authorization method, terminal and system | |
| CN112995233A (en) | RSSP-II protocol secure connection establishment method and system | |
| CN116015824A (en) | Unified authentication method, equipment and medium for platform | |
| CN114389890A (en) | User request proxy method, server and storage medium | |
| CN113014592B (en) | Automatic registration system and method for Internet of things equipment | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| KR101803535B1 (en) | Single Sign-On Service Authentication Method Using One-Time-Token | |
| KR102118380B1 (en) | An access control system of controlling server jobs by users | |
| KR20060114660A (en) | System and method for scheduling device management | |
| JP2000047955A (en) | System for processing program executing information by electronic mail |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |