Nothing Special   »   [go: up one dir, main page]

CN110210191B - Data processing method and related device - Google Patents

Data processing method and related device Download PDF

Info

Publication number
CN110210191B
CN110210191B CN201910213911.5A CN201910213911A CN110210191B CN 110210191 B CN110210191 B CN 110210191B CN 201910213911 A CN201910213911 A CN 201910213911A CN 110210191 B CN110210191 B CN 110210191B
Authority
CN
China
Prior art keywords
password
target
information
state
state information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910213911.5A
Other languages
Chinese (zh)
Other versions
CN110210191A (en
Inventor
李引
庄木沛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910213911.5A priority Critical patent/CN110210191B/en
Publication of CN110210191A publication Critical patent/CN110210191A/en
Application granted granted Critical
Publication of CN110210191B publication Critical patent/CN110210191B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a data processing method and a related device, wherein the method comprises the following steps: acquiring a plurality of network devices in a target application, and acquiring the target network device and first attribute information of the target network device from the plurality of network devices; the first attribute information comprises first password state information and operation data information; responding to state change operation triggered by operation data information in a password management interface corresponding to a target application, and adjusting the first password state information into second password state information; updating the first attribute information of the target network device based on the second password state information, determining the updated first attribute information as second attribute information, wherein the second attribute information is used for indicating the target network device to perform password login based on the second password state information returned by the password management device when the target network device detects that the first password state information is invalid. The embodiment of the invention can improve the flexibility of the password management and the efficiency of the password management.

Description

Data processing method and related device
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data processing method and a related device.
Background
In existing cloud computing systems, maintenance personnel may manually maintain passwords for servers on a certain node in a cloud computing data center. For example, when a maintainer needs to perform password management on a password of the server, account information and a password which are preset for the server need to be manually input to access a change page of the server, so that the password can be managed on the change page of the server, and the password management mainly means that the maintainer can manually modify the password of the server on the change page; for example, a preconfigured old password and a new password for password update may be manually entered on the change page. In view of this, when there are a large number of passwords of the servers in the cloud computing system that need to be changed, new passwords and old passwords of the corresponding servers need to be respectively entered on the change pages corresponding to the different servers, so that a large amount of time is consumed to maintain the passwords of the servers, so that the efficiency of password management is extremely low. In addition, the password management mode of manually modifying the password is single, so that the flexibility of the password management is low.
Disclosure of Invention
The embodiment of the invention provides a data processing method and a related device, which can increase the flexibility of password management and improve the efficiency of password management.
An aspect of an embodiment of the present invention provides a data processing method, where the method is applied to a password management device, and includes:
Acquiring a plurality of network devices in a target application, and acquiring target network devices and first attribute information of the target network devices from the plurality of network devices; the first attribute information comprises first password state information and operation data information; the target application comprises a password management interface;
responding to a state change operation triggered by the operation data information in the password management interface, and adjusting the password state information of the target network equipment from the first password state information to second password state information;
Updating the first attribute information of the target network equipment based on the second password state information, and taking the updated first attribute information as second attribute information of the target network equipment, wherein the second attribute information is used for indicating the password management equipment to return the second password state information in the second attribute information to the target network equipment when acquiring a password request; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid.
The method for obtaining the plurality of network devices in the target application, and obtaining the target network device and the first attribute information of the target network device from the plurality of network devices includes:
Acquiring target account information of a target application, carrying out login authentication on the target account information, logging in the target application when the authentication passes, and outputting a password management interface in the target application; the password management interface comprises attribute information of all associated devices with an associated relation with the password management device;
acquiring target search information in the password management interface, screening associated equipment which accords with the target search information from all associated equipment as network equipment, and determining an equipment state list which has an association relation with each network equipment according to the attribute information of all screened network equipment; the equipment state list contains attribute information of each network equipment;
Responding to a device selection operation triggered by the device state list, acquiring target network devices from a plurality of network devices contained in the device state list, and determining attribute information in a list column corresponding to the target network devices in the device state list as first attribute information of the target network devices; the operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment.
Before outputting the password management interface in the target application, the method further comprises the following steps:
Detecting the grade information of the target account information at the target application;
If the grade information of the target account information is detected to be the first grade with the password management authority, executing the step of outputting a password management interface in the target application; the target account information corresponding to the first level has the authority to manage all associated devices in the password management interface;
If the grade information of the target account information is detected to be the second grade with the state query authority, outputting a state query interface in the target application, and displaying all associated devices with association relation with the password management device in the state query interface; the grade information of the second grade is lower than the grade information of the first grade, and the target account information corresponding to the second grade has the authority of inquiring all the associated devices in the state inquiry interface.
Wherein the responding to the state change operation triggered by the operation data information in the password management interface adjusts the password state information of the target network device from the first state information to second password state information, and includes:
If the first password state information in the list column corresponding to the target network equipment is initial state information, responding to a password warehousing operation triggered by first operation data related to the initial state information, adding a password warehousing task corresponding to the first operation data to a task list to be processed, and activating a first sub-thread corresponding to the first operation data;
According to a password state changing rule and the first sub-thread, the password state information of the target network equipment is adjusted from the initial state information to second password state information; the second password state information is the password state information determined after the initial password with the initial state information is entered into a password database.
Wherein the responding to the state change operation triggered by the operation data information in the password management interface adjusts the password state information of the target network device from the first state information to second password state information, and includes:
if the first password state information is target state information, acquiring a plurality of second operation data corresponding to the target state information from the list column;
acquiring target operation data from the plurality of second operation data, responding to a password change operation triggered by the target operation data, adding a password change task corresponding to the password change operation to a task list to be processed, and activating a second sub-thread corresponding to the target operation data;
And according to a password state change rule and the second sub-thread, adjusting the password state information of the target network equipment from the target state information to second password state information in a password database.
The target state information and the second password state information are tag types corresponding to target passwords stored in the password database; the target password is used for logging in a target operating system of the target network equipment; the tag type comprises any one of a temporary password login type, a long-term password login type and a secret key password-free login type.
Wherein the method further comprises:
when the target state information of the target network equipment is the temporary password login type and the target operation data obtained from the plurality of second operation data is a password query operation, recording an application time stamp corresponding to the password query operation and recording the application time stamp into the password database;
adding the password inquiry task corresponding to the password inquiry operation to a task list to be processed, and activating a timing inquiry process corresponding to the password inquiry operation;
And acquiring a temporary password corresponding to the password inquiry operation from the password database according to the timing inquiry process and the application time stamp, and outputting the temporary password as the target password.
The step of obtaining the temporary password corresponding to the password inquiry operation from the password database according to the timing inquiry process and the application time stamp, and outputting the temporary password as the target password comprises the following steps:
Accumulating accumulated time length corresponding to the password query task in the task queue to be processed according to the timing query process and the application time stamp;
Determining the remaining effective duration of the temporary password corresponding to the temporary password login type according to the effective time stamp, the updating duration and the application time stamp of the temporary password corresponding to the temporary password login type stored in the password database;
If the accumulated time length reaches the scheduling time length and the accumulated time length does not reach the residual effective time length, a first ciphertext password corresponding to the temporary password is obtained from the password database, the first ciphertext password is decrypted in an asymmetric encryption mode, a temporary password corresponding to the first ciphertext password is obtained, and the temporary password corresponding to the first ciphertext password is used as a target password to be output.
Wherein the method further comprises:
if the accumulated time length reaches the residual effective time length, determining that the temporary password is a failure password through the timing inquiry process;
Accessing and controlling a target operating system of the target network equipment through the invalid password and an update sub-thread corresponding to the timing inquiry process;
Modifying the temporary password based on the target operating system, updating the first ciphertext password in the password database by using the ciphertext password of the modified temporary password, and determining the updated first ciphertext password as a second ciphertext password;
Decrypting the second ciphertext password in an asymmetric encryption mode to obtain a temporary password corresponding to the second ciphertext password, and outputting the temporary password corresponding to the second ciphertext password as a target password.
Wherein the method further comprises:
When the task queue to be processed contains a plurality of tasks to be processed, acquiring locking time length corresponding to each task to be processed through the timing inquiry process; the plurality of tasks to be processed comprise unprocessed password inquiry tasks;
If the to-be-processed tasks with the locking time reaching the deadlock time threshold exist in the plurality of to-be-processed tasks, determining the to-be-processed tasks with the locking time reaching the deadlock time threshold in the to-be-processed task queue as to-be-unlocked tasks, unlocking the to-be-unlocked tasks in the to-be-processed task queue, and clearing the password inquiry tasks after unlocking in the to-be-processed task queue.
An aspect of an embodiment of the present invention provides a data processing apparatus, where the apparatus is applied to a password management device, including:
the device acquisition module is used for acquiring a plurality of network devices in a target application and acquiring target network devices and first attribute information of the target network devices from the plurality of network devices; the first attribute information comprises first password state information and operation data information; the target application comprises a password management interface;
The state adjustment module is used for responding to a state change operation triggered by the operation data information in the password management interface and adjusting the password state information of the target network equipment from the first password state information to second password state information;
The attribute updating module is used for updating the first attribute information of the target network equipment based on the second password state information, and taking the updated first attribute information as second attribute information of the target network equipment, wherein the second attribute information is used for indicating the password management equipment to return second password state information in the second attribute information to the target network equipment when acquiring a password request; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid.
Wherein, the equipment acquisition module includes:
the account authentication unit is used for acquiring target account information of a target application, carrying out login authentication on the target account information, and logging in the target application when the authentication passes;
The interface output unit is used for outputting a password management interface in the target application; the password management interface comprises attribute information of all associated devices with an associated relation with the password management device;
The device screening unit is used for acquiring target search information in the password management interface, screening associated devices conforming to the target search information from all associated devices as network devices, and determining a device state list with an association relation with each network device according to the attribute information of all the screened network devices; the equipment state list contains attribute information of each network equipment;
a target determining unit, configured to obtain a target network device from a plurality of network devices included in the device state list in response to a device selection operation triggered for the device state list, and determine attribute information in a list column corresponding to the target network device in the device state list as first attribute information of the target network device; the operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment.
Wherein, the equipment acquisition module further includes:
The grade detection unit is used for detecting grade information of the target account information at the target application;
The notification unit is used for notifying the interface output unit to execute the password management interface output in the target application if the grade information of the target account information is detected to be the first grade with the password management authority; the target account information corresponding to the first level has the authority to manage all associated devices in the password management interface;
The query interface output unit is used for outputting a state query interface in the target application and displaying all associated devices with association relation with the password management device in the state query interface if the grade information of the target account information is detected to be a second grade with state query authority; the grade information of the second grade is lower than the grade information of the first grade, and the target account information corresponding to the second grade has the authority of inquiring all the associated devices in the state inquiry interface.
Wherein, the state adjustment module includes:
A first task adding unit, configured to, if the first password state information in the list field corresponding to the target network device is initial state information, respond to a password entry operation triggered by first operation data associated with the initial state information, add a password entry task corresponding to the first operation data to a task list to be processed, and activate a first sub-thread corresponding to the first operation data;
The first adjusting unit is used for adjusting the password state information of the target network equipment from the initial state information to second password state information according to a password state changing rule and the first sub-thread; the second password state information is the password state information determined after the initial password with the initial state information is entered into a password database.
Wherein, the state adjustment module includes:
an operation obtaining unit, configured to obtain, if the first password state information is target state information, a plurality of second operation data corresponding to the target state information from the list field;
A second task adding unit, configured to obtain target operation data from the plurality of second operation data, respond to a password change operation triggered by the target operation data, add a password change task corresponding to the password change operation to a task list to be processed, and activate a second sub-thread corresponding to the target operation data;
And the second adjusting unit is used for adjusting the password state information of the target network equipment from the target state information to second password state information in a password database according to a password state change rule and the second sub-thread.
The target state information and the second password state information are tag types corresponding to target passwords stored in the password database; the target password is used for logging in a target operating system of the target network equipment; the tag type comprises any one of a temporary password login type, a long-term password login type and a secret key password-free login type.
Wherein, the state adjustment module further comprises:
The timestamp input unit is used for recording an application timestamp corresponding to the password query operation when the target state information of the target network equipment is the temporary password login type and the target operation data acquired from the plurality of second operation data is the password query operation, and inputting the application timestamp into the password database;
The inquiry task unit is used for adding the password inquiry task corresponding to the password inquiry operation to a task list to be processed and activating a timing inquiry process corresponding to the password inquiry operation;
and the password acquisition unit is used for acquiring a temporary password corresponding to the password inquiry operation from the password database according to the timing inquiry process and the application time stamp, and outputting the temporary password as the target password.
Wherein the password acquisition unit includes:
a time length accumulating subunit, configured to accumulate an accumulated time length corresponding to the password query task in the task queue to be processed according to the timing query process and the application timestamp;
A duration determining subunit, configured to determine a remaining valid duration of the temporary password corresponding to the temporary password login type according to an effective timestamp, an update duration, and the application timestamp of the temporary password corresponding to the temporary password login type stored in the password database;
The first determining subunit is configured to obtain a first ciphertext password corresponding to the temporary password from the password database if the accumulated duration reaches the scheduling duration and the accumulated duration does not reach the remaining effective duration;
The first decryption subunit is configured to decrypt the first ciphertext password by using an asymmetric encryption manner, obtain a temporary password corresponding to the first ciphertext password, and output the temporary password corresponding to the first ciphertext password as a target password.
Wherein the password acquisition unit further includes:
The second determining subunit is configured to determine, through the timing query process, that the temporary password is a failed password if the accumulated duration reaches the remaining effective duration;
the system access subunit is used for accessing and controlling a target operating system of the target network equipment through the invalid password and the update sub-thread corresponding to the timing inquiry process;
the password modification subunit is used for modifying the temporary password based on the target operating system, updating the first ciphertext password in the password database by using the ciphertext password of the modified temporary password, and determining the updated first ciphertext password as a second ciphertext password;
The second decryption subunit is configured to decrypt the second ciphertext password by using an asymmetric encryption manner, obtain a temporary password corresponding to the second ciphertext password, and output the temporary password corresponding to the second ciphertext password as a target password.
Wherein the password acquisition unit further includes:
The task locking subunit is used for acquiring the locking time length corresponding to each task to be processed through the timing inquiry process when the task to be processed queue contains a plurality of tasks to be processed; the plurality of tasks to be processed comprise unprocessed password inquiry tasks;
And the task unlocking subunit is used for determining the to-be-processed task with the locking time reaching the deadlock time threshold value in the to-be-processed task queue as the to-be-unlocked task if the to-be-processed task with the locking time reaching the deadlock time threshold value exists in the plurality of to-be-processed tasks, unlocking the to-be-unlocked task in the to-be-processed task queue, and clearing the password inquiry task after unlocking in the to-be-processed task queue.
An aspect of an embodiment of the present invention provides a data processing apparatus, where the apparatus is applied to a password management device, including: a processor, a memory, and a network interface;
the processor is connected to a memory, a network interface for connecting a plurality of network devices, the memory for storing program code, and the processor for invoking the program code to perform the method as in one aspect of the embodiments of the invention.
An aspect of an embodiment of the present invention provides a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, perform a method as in an aspect of an embodiment of the present invention.
In the embodiment of the invention, a plurality of network devices can be acquired in a target application, and the target network device and the first attribute information of the target network device can be further acquired from the plurality of network devices; the first attribute information may include first password state information and operation data information; the target application can comprise a password management interface capable of flexibly managing the password of the target network equipment; the first password state information may include initial state information corresponding to an initial password of the target network device that has not been put in storage, and optionally, the first password state information may also include target state information corresponding to a target password of the target network device that has been put in storage. It should be understood that, if the first password state information is initial password state information, the state change operation corresponding to the initial state information may be understood as a password entry operation, that is, the acquired initial password of the target network device may be stored in the password database in the target application, so that the initial password before being stored may be referred to as first password state information, and the password state information of the initial password after being entered into the storage may be referred to as second password state information. Optionally, in the embodiment of the present invention, if the first password state information is target state information corresponding to a target password of a target network device that has been put in storage, the state change operation may be a password change operation performed with respect to operation data information in first attribute information, so that the password state information of the target network device may be visually managed in the target application, so as to improve efficiency of password management, and the first attribute information of the target network device may be quickly updated in the target application by means of second password state information to obtain second attribute information, so that when the target network device detects that the first password state information fails, password login may be performed based on the second password state information in the second attribute information returned by the password management device, so as to improve security and reliability of a system.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a data processing method according to an embodiment of the present invention
FIG. 3 is a schematic diagram of a password management interface according to an embodiment of the present invention;
FIG. 4 is a flowchart of another data processing method according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a task table to be processed according to an embodiment of the present invention;
Fig. 6a and fig. 6b are schematic diagrams of acquiring a temporary password according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a polling of a scheduling task provided by an embodiment of the present invention;
FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present invention;
Fig. 9 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a schematic structural diagram of a network architecture according to an embodiment of the present invention. As shown in fig. 1, the network architecture may be applied to a cloud management platform, in which the network architecture may include a service terminal cluster, a first server 2000, and a user terminal cluster. As shown in fig. 1, the service terminal cluster may include a plurality of second servers, and as shown in fig. 1, the service terminal cluster may specifically include a second server 4000a, second servers 4000b, …, and a second server 4000n. It should be understood that, in the cloud computing system corresponding to the cloud management platform, each of the second servers may be referred to as a node (i.e., server node) in the cloud management platform. In addition, as shown in fig. 1, the user terminal cluster may include a plurality of user terminals, and as shown in fig. 1, may specifically include a user terminal 3000a, user terminals 3000b, …, and a user terminal 3000c.
As shown in fig. 1, the user terminals 3000a, 3000b, …, 3000c may be respectively connected to the first server 2000 in a network manner, and the first server 2000 may be respectively connected to the second server 4000a, 4000b, …, and 4000n in a network manner. In view of this, maintenance personnel can centrally manage the password of each second server having a network connection relationship with the first server 2000 through any one user terminal in the user terminal cluster, so as to improve the flexibility of password management and the efficiency of password management.
In the embodiment of the present invention, each user terminal in the user terminal cluster is integrated with a target application for performing password management on the passwords of each second server, and at this time, in the cloud management platform, any one user terminal in the user terminal cluster may be referred to as a front-end device (i.e. a management front-end) of the first server 2000, and may be referred to as a background device (i.e. a management back-end) corresponding to the management front-end of the first server 2000. The front-end device may be configured to provide a visual interface capable of performing password state change management in the target application, where the visual interface may be referred to as a password management interface. Further, the background device having an association relationship with the target application (i.e. the management backend may be the first server 2000), may respond to the state change operation triggered in the password management interface, so as to manage the passwords of the second servers in the service terminal cluster.
It should be appreciated that the maintenance personnel may perform man-machine interaction in the password management interface of the management front end, so that one or more scheduling requests may be sent to the management back end according to the performed man-machine interaction, so that the management back end may perform data concurrency processing in the background based on the received scheduling request, so that password management may be performed in the management back end on password state information of the second server associated with the scheduling request. For example, when receiving the scheduling requests sent by the management front end (for example, the user terminal 3000a and the user terminal 3000 b) respectively, the first server 2000 may add the scheduling tasks carried in the received scheduling requests to a queue to be processed respectively, so that the scheduling tasks corresponding to the requests may be processed in the queue to be processed in parallel, so as to improve the efficiency of password management.
Optionally, in the embodiment of the present invention, the device formed by at least one user terminal in the user terminal cluster and the first server 2000 may be collectively referred to as a password management device or a first device, where the password management device (i.e., the first device) may be understood as an integrated device having an interface visualization function and a data concurrency processing function. In other words, the password management apparatus may be used to manage the password of at least one second server (for example, the second server 4000a shown in fig. 1) under the proprietary cloud network corresponding to the cloud management platform. In this embodiment of the present invention, any one of the second servers having an association relationship with the password management device may be referred to as an association device, that is, all the second servers (for example, the second server 4000a, the second servers 4000b, …, and the second server 4000 n) in the service terminal cluster shown in fig. 1 may be collectively referred to as all the association devices under the private cloud network.
It should be understood that the password management device may receive the target search information entered by the maintainer in the password management interface, so that the second server (i.e. all associated devices) matched with the target search information may be selected from all the second servers (i.e. all associated devices) in the service terminal cluster shown in fig. 1, and may be used as a network device (i.e. the second server matched with the target search information may be referred to as a second device), so that the password management device may manage, through a proprietary cloud network corresponding to the cloud management platform, passwords of nodes (i.e. network devices) dispersed in the proprietary cloud network, for example, may manage passwords of an operating system of each second server shown in fig. 1. In other words, when the operating system is integrally installed in each second server under the proprietary cloud network, a set of passwords for logging in the operating system can be configured for the operating system of each second server. Therefore, the maintainer can manage the password of each second server in the proprietary cloud network through the password management device, for example, can manage the password of each second server in a password warehouse-in mode, at this time, the password which is not yet warehouse-in can be called an initial password, that is, when the password management device receives the password warehouse-in operation for the target network device selected from the plurality of network devices, the password management device can generate a password warehouse-in request corresponding to the password warehouse-in operation, and the password warehouse-in request can be used for managing the initial password in the password database to be input. Further, the maintenance personnel may also perform password inquiry management and state change management for each entered password (at this time, the password stored in the password database may be referred to as a target password) in the password database of the password management apparatus.
It will be appreciated that, in the process of entering the password (i.e., the initial password) of each network device into the password database, the password management device may set a corresponding tag type for the entered initial passwords, where the tag type may include any one of a temporary password login type, a long-term password login type, and a key password-free login type.
For example, taking the second server 4000a shown in fig. 1 as the target network device, a corresponding tag type may be set in the password management device for the initial password of the second server 4000a, so as to obtain the target password corresponding to the corresponding tag type. For another example, in the process of performing the above-mentioned password entry management, the tag type of the initial password may be set as the temporary password entry type in the password management apparatus, and at this time, the initial password having the temporary password entry type may be referred to as a target password, where the target password is a temporary password that needs to be periodically updated. Similarly, in the process of performing the above password entry management, the tag type of the initial password may also be set as the long-term password entry type, and at this time, the initial password having the long-term password entry type may be referred to as a long-term password. Similarly, in the process of performing the above password storage management, the tag type of the initial password may be set as the key password-free login type, and at this time, the initial password having the key password-free login type may be referred to as a key. Therefore, in the embodiment of the invention, the password state information of each entered password (i.e. the target password) can be described by the tag types, so that the passwords corresponding to the tag types can be managed in a centralized manner in the password management interface, and the password management efficiency is improved.
In a proprietary cloud network (Virtual Private Cloud, abbreviated as VPC) corresponding to the cloud management platform, device classes of each second server may be roughly divided into a physical machine and a virtual machine. For example, the private IP address range of the private cloud network may be divided into one or more physical machines, and of course, each physical machine may be further virtualized to virtualize a plurality of virtual machines. Virtualization is understood to be a virtualization technology, by which one computer (i.e., a physical machine) can be virtualized into multiple logical computers (i.e., multiple virtual machines). In other words, the virtualization technology can realize that a plurality of logic computers can be operated on one computer at the same time, and each logic computer can be operated with one operating system, so that the application programs related to each operating system can be operated in mutually independent spaces without mutual influence, and further the parallel processing efficiency of the physical machine can be remarkably improved.
It can be understood that, when a maintainer needs to maintain the passwords of one or more second servers in the cloud management platform (the device class of the one or more second servers may be the virtual machine), one or more second servers to be maintained may be determined from all associated devices under the proprietary cloud network (i.e., all second servers in the service terminal cluster) according to the maintenance requirement (also may be referred to as the operation and maintenance requirement) in the target application, and the determined one or more second servers may be referred to as target network devices needing password management, so that the password state information of the target network device may be adjusted from the first password state information to the second password state information.
Further, the password management device may update the attribute information of the list column where the target network device is located in the password management interface corresponding to the target application according to the second password state information, so that the updated attribute information may be output to the password management interface, so that a maintainer may view the situation after password management is performed on the password management interface. Therefore, the password management interface of the target application can be used for visually managing the passwords of each second server displayed in the password management interface, so that the passwords of the second servers can be flexibly managed in the password management interface, and the flexibility and the efficiency of the password management are improved.
The specific process of obtaining the target network device from the plurality of network devices, adjusting the password state information of the target network device, and updating the first attribute information based on the adjusted password state information to obtain the second attribute information according to the embodiment of the present invention may be referred to as embodiments corresponding to fig. 2 to 7 below.
Further, please refer to fig. 2, which is a schematic diagram of a data processing method according to an embodiment of the present invention. As shown in fig. 2, the method may be applied to a password management apparatus, and the method may include at least the following steps S101 to S103.
Step S101, a plurality of network devices are acquired in a target application, and target network devices and first attribute information of the target network devices are acquired from the plurality of network devices;
Specifically, the data processing device can acquire target account information of a target application, log in and authenticate the target account information, log in the target application when authentication passes, and output a password management interface in the target application; the password management interface comprises attribute information of all associated devices with an associated relation with the password management device; further, the data processing device may acquire target search information in the password management interface, screen associated devices conforming to the target search information from all associated devices as network devices, and determine a device state list having an association relationship with each network device according to attribute information of all the screened network devices; the equipment state list contains attribute information of each network equipment; further, the data processing apparatus may acquire a target network device from a plurality of network devices included in the device state list in response to a device selection operation triggered for the device state list, and determine attribute information in a list column corresponding to the target network device in the device state list as first attribute information of the target network device; the operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment.
The first attribute information may include first password state information and operation data information; the visual interface of the target application may be referred to as a password management interface, in which a maintainer may centrally perform password management on passwords of a target network device of a plurality of network devices. Wherein the target network device may be at least one network device displayed in the password management interface. For ease of understanding, the embodiment of the present invention uses only the target network device as one network device as an example, to describe a specific process of performing password management on the target network device in the password management device integrated with the data processing apparatus.
The data processing device can have a password management function, and the data processing device with the password management function can be integrally installed in the password management device. In the embodiment of the invention, when the data processing device performs password management on the password of the target network device in the password management interface, the data processing device can be equivalent to the password management on the password of the target network device in the password management interface by the password management device. The password management device can be understood as a device integrating functions such as interface visual display and data concurrent processing. At this time, the password management device in the cloud management platform may centrally manage passwords of a plurality of network devices distributed in a proprietary cloud network corresponding to the cloud management platform. The password management interface may include attribute information of all associated devices having an association relationship with the password management device.
It can be understood that when the password management interface in the password management device has the function of interface visualization, after the maintainer logs in the target application through the password management device, attribute information of all associated devices accessed into the proprietary cloud network can be seen in the password management interface. It can be understood that all associated devices may be displayed in a server list corresponding to the password management interface, where the server list may be used to record device information of each associated device (i.e. any one of the second servers in the service terminal cluster shown in fig. 1 described above) in the private cloud network. For example, the server list may include attribute information of each associated device in the private cloud network, and the attribute information of each associated device may specifically include identification information, category information, password state information, operation data information, and the like of each associated device.
For ease of understanding, further, please refer to fig. 3, which is a schematic diagram of a password management interface according to an embodiment of the present invention. As shown in fig. 3, a maintainer may log in a target application (the target application may be a password management application) in the password management apparatus through target account information, and may log in the target application when authentication is successful, so that the password management interface 100a shown in fig. 3 may be displayed in the password management apparatus after the password management application (i.e., the target application) is successfully logged in. As shown in fig. 3, a maintainer may see attribute information of a plurality of network devices belonging to a region a in a proprietary cloud network in the password management interface 100a, that is, may see a device status list including fields such as a network identifier, a device class, a password status, and an operation in the password management interface 100a shown in fig. 3, and at this time, may refer to an associated device having an association relationship with the region a as a network device in the password management interface 100a shown in fig. 3.
Optionally, after the maintainer logs in the target application through the target account information, all associated devices under the proprietary cloud network may be displayed in the password management interface, and the attribute information of all associated devices under the proprietary cloud network may also include fields such as a network identifier, a device class, a password state, and an operation. Since all associated devices under the proprietary cloud network may include the associated devices belonging to the a area and the associated devices belonging to the B area, list information constructed from attribute information of all associated devices under the proprietary cloud network may be referred to as a server list in the embodiment of the present invention. In other words, the server list may be used to record attribute information of associated devices in one or more areas in the proprietary cloud network, so that after successful login of the target application, a maintainer may display attribute information of all associated devices in the server list by default in the password management device. Optionally, after the maintainer successfully logs in the target application, attribute information of all associated devices belonging to a preset area under the proprietary cloud network can be displayed by default, so that the data loading amount of the password management device can be reduced under the proprietary cloud network, and the loading efficiency of the visual interface can be improved.
For easy understanding, the embodiment of the present invention only takes the default display of the attribute information of all the associated devices in the server list in the password management device after the maintainer successfully logs in the target application as an example, so as to illustrate a specific process of acquiring the network device from all the associated devices. In other words, the maintainer may perform a triggering operation (e.g., a clicking operation) on an area displayed in the password management interface (e.g., the area a in the password management interface 100a shown in fig. 3) so as to obtain a search instruction corresponding to the area a, so that all associated devices displayed in the server list may be searched based on the search instruction, so that attribute information of network devices under the area a recorded in the device state list shown in fig. 3 may be obtained. At this time, the area a may be understood as target search information for performing a quick search according to the area, and after acquiring the clicking operation performed on the area a, the password management device may generate a search instruction corresponding to the clicking operation associated with the area a, so that an associated device conforming to the target search information may be screened from all associated devices under the proprietary cloud network according to the search instruction, as a network device, and a device state list having an association relationship with each network device may be determined according to attribute information of all screened network devices. It can be seen that, after the trigger operation performed on the area a displayed in the password management interface 100a, the maintenance personnel can quickly screen out all the associated devices included in the server list as the network devices. Therefore, in the embodiment of the present invention, the associated devices corresponding to the network identifications including the network address 1, the network address 2, the network address 3, the network address 4, the network addresses 5, … and the network address n in the password management interface 100a shown in fig. 3 may be referred to as network devices.
It will be understood that, in all the associated devices included in the server list, the password management device may filter the associated devices belonging to other areas (for example, area B) from all the associated devices included in the server list through the above-mentioned search instruction (that is, an instruction generated by triggering the operation area where the area a shown in fig. 3 is located), so that the remaining associated devices in all the associated devices may be referred to as network devices conforming to the target search information, and thus list information formed by the attribute information of the screened network devices may be referred to as a device state list, that is, a list including attribute information of a plurality of network devices presented in the password management interface 100a shown in fig. 3 may be obtained, so that the password of any one network device in the device state list may be password managed through the password management interface 100a shown in fig. 3. At this time, one or more network devices determined from the plurality of network devices may be referred to as a target network device.
Optionally, in the embodiment of the present invention, a plurality of network devices may be obtained by another searching manner, that is, as shown in fig. 3, after a maintainer logs in a target application successfully, one or more IP addresses may be input into a searching area 200a shown in fig. 3, so that one or more input IP addresses may be referred to as target searching information, so that network addresses matched with the target searching information may be screened out of all network addresses included in a server list based on the target searching information, so that associated devices corresponding to the screened network addresses may be referred to as network devices, so that certain devices to be managed may be searched in a targeted manner in the password management interface 100a, so as to improve searching efficiency. If the target search information is a plurality of IP addresses, each IP address may be segmented in the search area 200a shown in fig. 3 by a sign ("|") for example, the target search information entered in the search area 200a shown in fig. 3 is: network address 1|network address 2|network address 3| … |network address n, the associated device containing the target search information may be selected from a server list containing all the associated devices as a network device, so that list information from which other network addresses are filtered may be referred to as a device status list in the server list, and attribute information of each network device having an association with the target search information may be contained in the device status list.
In the embodiment of the present invention, the network identifier and the device identifier in the server list may be collectively referred to as identifier information of the associated device, and after the associated device in the server list is screened by the target search information, the device state list corresponding to the plurality of network devices having an association relationship with the target association information shown in fig. 3 may be obtained. That is, the network identity of each network device in the device state list may be a network identity under the same area, or the device class of each network device in the device state list may be the same device class (e.g., both physical machines or both virtual machines). In other words, each network device in the list of devices carries the same target search information. It may be understood that, in the embodiment of the present invention, the network identifier and the device identifier in the password management interface 100a shown in fig. 3 may be collectively referred to as the unique identifier information of the network device under the proprietary cloud network. The network identifier in the server list may be understood as unique network identifier information of the area to which each associated device belongs in the proprietary cloud network, that is, an IP address to which each associated device belongs, in other words, the network address 1, the network address 2, …, and the network address n in the device state list shown in fig. 3 may be IP addresses corresponding to the area to which each associated device belongs.
The device identifier shown in fig. 3 may be understood as a unique identifier of each associated device (e.g., a product serial number of a physical machine, a universal identifier of a virtual machine) in the proprietary cloud network. The device classes shown in fig. 3 may be roughly divided into two classes of virtual machines and physical machines, i.e., the virtual machines or physical machines shown in fig. 3 may be used to describe class information of each network device.
The password state shown in fig. 3 may include various states, for example, four password states shown in fig. 3, that is, a non-binned state, a key state, a long-term password state, and a temporary password state. The key state, the long-term password state, and the temporary password state may be referred to as a put-in-place state. It may be understood that in the embodiment of the present invention, the various password states displayed in the password management interface may be referred to as password state information, each password state displayed in the password management interface corresponds to different operation data information, and different operation data information may call different threads in the password management device, so that threads corresponding to the different operation data information may be referred to as sub-threads in the thread pool in the password management device. For example, in the state change operation area 300a shown in fig. 3, the maintainer may perform a state change operation on the password of the network device corresponding to the network address 3 to trigger the sub-threads in the thread pool to provide corresponding services, so that different operations may be performed on different network devices displayed in the password management interface, so as to implement calling of different sub-threads in the thread pool according to the operation data information in the list column where the corresponding network device is located in the password management interface.
The password management device may respond to a device selection operation triggered by a device status list in the password management interface, obtain a target network device from a plurality of network devices included in the device status list, and determine attribute information in a list column corresponding to the target network device in the device status list as first attribute information of the target network device; the operation data information in the list column to which the target network device belongs may be used to perform state management on the first password state information in the list column. The first password state information may be understood as password state information of each network device currently displayed in the password management interface, that is, the password state of each network device may be one of the four password states.
For easy understanding, the embodiment of the present invention may take one network device of a plurality of network devices as a target network device, to describe the first attribute information of the target network device. It may be appreciated that the password state (i.e., password state information) of the target network device may be one of the 4 password states, and the password state information of the target network device displayed in the password management interface may be referred to as the first password state information when the current time is the time T1. For example, if the password state of the target network device in the password management interface is the key state, the key state of the target network device may be referred to as the first password state information in the password management interface. It may be appreciated that when the password management device learns that the password state information of the target network device is a key state, the operation data information associated with the key state may be invoked, so that the operation data information associated with the key state may be synchronously displayed in the password management interface. The operation data information associated with the key status may be three kinds of operation data included in the list column where the network address 1 of the target network device is located in the embodiment corresponding to fig. 3. In other words, the three kinds of operation data may be operation data information such as "set to temporary password", "set to long-term password", "download key", etc. displayed on the password management interface at time T1. At this time, the first attribute information of the target network device may include identification information of the network device corresponding to the network address 1 (i.e., the network identifier is the network address 1 and the device identifier is the device identifier 1), category information (i.e., the device category is the virtual machine), first password status information (i.e., the password status is the key status), operation data information (i.e., the operation data is "set as temporary password", "set as long-term password", "download key"), etc. in the embodiment corresponding to fig. 3.
Similarly, if the target network device at time T1 is the network device corresponding to the network address 2, the attribute information of the network device corresponding to the network address 2 may be referred to as first attribute information in the password management interface shown in fig. 3, and in this case, the password state of the network device corresponding to the network address 2 may be a long-term password state, and the long-term password state of the network device corresponding to the network address 2 may be referred to as first password state information in the password management interface. In other words, the data processing apparatus (or the password management device) may determine, in the device status list in the password management interface, attribute information in a list column corresponding to the target network device (i.e., the network device corresponding to the network address 2) as the first attribute information of the target network device, where the first attribute information may include identification information of the network address 2 and the device identification 2, category information of the virtual machine, first password status information of a long-term password status, and operation data information of "query password", "modify password", "set as temporary password", "set as key login", and the like.
Similarly, if the target network device at time T1 is the network device corresponding to the network address 3, the attribute information of the network device corresponding to the network address 3 may be referred to as first attribute information in the password management interface shown in fig. 3, and at this time, the password state of the network device corresponding to the network address 3 may be the non-entered state, and the non-entered state of the network device corresponding to the network address 3 may be referred to as first password state information in the password management interface. In other words, the data processing apparatus (or the password management device) may determine, in the device status list in the password management interface, attribute information in a list column corresponding to the target network device (i.e., the network device corresponding to the network address 3) as first attribute information of the target network device, where the first attribute information may include identification information of the network address 3 and the device identification 3, category information of the virtual machine, first password status information of the non-binned state, and operation data information of the "binned" or the like.
Similarly, if the target network device at time T1 is the network device corresponding to the network address 4, the attribute information of the network device corresponding to the network address 4 may be referred to as first attribute information in the password management interface shown in fig. 3, and at this time, the password state of the network device corresponding to the network address 4 may be a long-term password state, and the temporary password state of the network device corresponding to the network address 4 may be referred to as first password state information in the password management interface. It will be appreciated that for the temporary password state, an automatic update duration needs to be set (e.g., the temporary password of the operating system of the target network device may be automatically updated every 8 hours) to ensure the reliability and security of the system of the target network device. In other words, the data processing apparatus (or the password management device) may determine, in the device status list in the password management interface, attribute information in a list column corresponding to the target network device (i.e., the network device corresponding to the network address 4) as first attribute information of the target network device, where the first attribute information may include identification information of the network address 4 and the device identification 4, category information of the physical machine, first password status information of a temporary password status, and operation data information of "inquiry password", "modify password", "set as long-term password", "set as key login", and the like.
It should be understood that, in the embodiment of the present invention, when a maintainer logs in the password management application (i.e., a target application) through the target account information, the level information of the target account information logged in the target application may be detected, so that different interfaces may be accessed according to the level information, for example, a password management interface capable of performing password management on passwords of each associated device may be accessed. Optionally, a status query interface for performing password query on passwords of each management device can be accessed. It will be appreciated that the displayed interface content in the password management interface and the status query interface may be the same or different. For example, when the displayed interface contents in the password management interface and the status query interface are the same, the data processing apparatus may detect the level information of the currently entered target account information in the target application, so that the password management interface may be displayed when the level information reaches the highest level information (for example, the first level), where the target account information corresponding to the first level has authority to perform password management on the password of the target network device, so that step S102 may be further performed. And the target account information corresponding to the first level has the authority of managing all associated devices in the password management interface.
Alternatively, when the level information of the target account information for logging in the target application is another level (for example, a second level), the target account information having the second level will not have authority to manage all network devices displayed in the password management interface. At this time, the password management interface corresponding to the target account information having other levels may be referred to as a status query interface. At this time, the maintenance person can see the attribute information of the plurality of network devices having the association relationship with the password management device on the status query interface, but the maintenance person does not have authority to further manage the operation data information displayed in the status query interface. In other words, when the maintainer executes the triggering operation on the operation data information in the state query interface, prompt information such as "current authority is insufficient" can be output in the sub-page corresponding to the state query interface.
Step S102, responding to a state change operation triggered by the operation data information in the password management interface, and adjusting the password state information of the target network equipment from the first password state information to second password state information;
Specifically, the data processing device may trigger a corresponding state change operation on the operation data information of the target network device displayed in the password management interface according to the password state information of the target network device in the password management interface, so as to flexibly adjust the password state information displayed in the password management interface. In other words, the triggered operation data information is different for different password state information, because the operation data information corresponding to different password states is different, so that the sub-threads in the triggered thread pool are different when the state change operation is performed in the password management interface.
It will be appreciated that the cryptographic state of each network device in the cryptographic management interface may be one of a plurality of cryptographic states. For easy understanding, the embodiment of the present invention will take the first password state information of the target network device as one of the four password states in the embodiment corresponding to fig. 3 as an example, to specifically describe a process of adjusting the first password state information to the second password state information. The four password states are respectively a non-warehouse-in state, a secret key state, a long-term password state and a temporary password state. Among the four password states, the password state may be referred to as a key state, a long-term password state, or a temporary password state with respect to the password state being an unbanked state, so that the unbanked state of the four password states may be referred to as initial state information, and any one of the key state, the long-term password state, and the temporary password state may be referred to as target state information in the embodiment of the present invention.
It can be understood that, in the embodiment of the present invention, if the first password state information of the target network device is initial state information (i.e., the password state of the target network device is not in-stock state), the operation data information corresponding to the first password state information may be referred to as first operation data, and the first operation data may be used for performing password in-stock management on the first password state information in the list column corresponding to the target network device. In other words, when the current time is the time T1, if the first password state information in the list column corresponding to the target network device is the initial state information, the password warehousing operation triggered by the first operation data associated with the initial state information is responded, the password warehousing task corresponding to the first operation data is added to the task list to be processed, the first sub-thread corresponding to the first operation data is activated, and the password state information of the target network device can be adjusted from the initial state information to the second password state information when the current time is the time T2 according to the password state change rule and the first sub-thread. At this time, the second password state information may be understood as password state information determined after the initial password having the initial state information is entered into a password database, that is, the data processing apparatus may perform a password entering operation according to an area where a maintainer is located in the password management interface for the target operation information, enter the acquired initial password of the target network device into the password database, and set a corresponding tag type for the initial password entered into the password database, so that the initial password having the corresponding tag type may be referred to as a target password, and thus the password state information of the target password may be referred to as second password state information. Considering that one operating system corresponds to one set of passwords, the tag type set for the initial password may be any one of a temporary password login type, a long-term password login type, and a key password-free login type.
In the embodiment of the invention, when detecting that a new service device accesses the area a of the proprietary cloud network, the password management device integrated with the data processing apparatus may call the new service device accessed by the new service device as a new associated device, and may mark the password state of the new associated device as an unbanked state in the target application, so that the password state information of the new associated device may be displayed in the password management interface. It can be understood that when the password management device detects that the password state of the new associated device is the non-warehousing state, the operation data information corresponding to the password warehousing operation can be set for the non-warehousing state of the newly accessed associated device in the target application, that is, the operation data information can be used for performing state management on the first password state information in the list column where the newly accessed associated device is located. In other words, by setting a corresponding password entry operation for the initial password of the associated device having the unbooked state in the target application, when the newly accessed associated device is used as the target network device and the target network device is a network device displayed in the password management interface (for example, a network device corresponding to the network address 3 in the embodiment corresponding to fig. 3 described above), the password entry operation performed for the unbooked state of the initial password may be further received in the password management interface 100a shown in fig. 3 described above, so that the initial password of the target network device may be added to the password database according to the password entry operation, and a corresponding tag type may be set for the initial password in the password database, so that the initial password having the corresponding tag type may be referred to as the target password in the password database, so as to implement password entry management for the initial password. It can be understood that in the process of performing the password entry management on the initial password, the password state information of the initial password with the non-entry state (i.e., the initial password to be stored in the password database) may be referred to as first password state information, and the password state information of the initial password with the corresponding tag (i.e., the target password already stored in the password database) may be referred to as second password state information, so as to implement the state change operation triggered by the operation data information in the password management interface, and adjust the password state information of the target network device from the first password state information to the second password state information, for example, the password state in the embodiment corresponding to fig. 3 may be adjusted from the non-entry state to the entered state.
Optionally, if the first password state information of the target network device is the target state information, a plurality of second operation data corresponding to the target state information may be obtained from a list field where the target network device is located; further, target operation data can be obtained from the plurality of second operation data, a password changing operation triggered by the target operation data is responded, a password changing task corresponding to the password changing operation is added to a task list to be processed, a second sub-thread corresponding to the target operation data is activated, and according to a password state changing rule and the second sub-thread, the password state information of the target network device is adjusted from the target state information to second password state information in a password database.
It can be understood that, for the entered password state, the maintainer can adjust the entered password state (i.e., any one of a long-term password state, a temporary password state and a key state) in the password management interface of the password management device, so as to quickly change the login mode of the operating system of the target network device. For example, the present temporary password having the temporary password login type may be subjected to a password state change in the password management apparatus to obtain a long-term password having a long-term password login type.
It should be understood, among other things, that for the cryptographic state of the binned target network device, the cryptographic state of the binned target network device may be referred to as target state information. Therefore, when the first password state information of the target network device is the target state information, a plurality of pieces of operation data information associated with the target state information can be synchronously displayed in the list field where the target network device is located, and the plurality of pieces of operation data information displayed in the list field can be called as a plurality of pieces of second operation data corresponding to the target state information. In view of this, the maintenance person can acquire the target operation data from the plurality of second operation data. For example, if the first password state information displayed in the list field is a temporary password state and the target operation data is "set to be a long-term password", the password management apparatus may receive a password change operation triggered by a maintainer for the target operation data, so that a sub-thread (e.g., a second sub-thread) corresponding to the password change operation may be activated in the thread pool. Further, the password management device may acquire the temporary password having the temporary password state from the password database according to the password state change rule and the sub-thread corresponding to the "set long-term password", so that a connection may be established between the target network device and the sub-thread corresponding to the "set long-term password", so that an operating system of the target network device may be logged in the password management device according to the temporary password of the target network device, so that a new password corresponding to the temporary password may be generated by a password change program in the target network device, so that the new password corresponding to the temporary password may be stored in the target network device, and the new password may be synchronously added to the password database, and a tag type of the new password may be set as a long-term password login type, so that in the password management device, the new password stored in the password database may be referred to as a target password, and the password state information of the target password having the long-term password login type may be referred to as second password state information. It follows that the cryptographic state information of the target network device may be adjusted from the target state information to second cryptographic state information in a cryptographic database by the cryptographic state change rule and the second sub-thread.
It may be understood that in the embodiment of the present invention, a maintainer may select, according to an actual operation and maintenance requirement, one operation data from multiple operation data of the target network device as target operation data, for example, when a password state of the target network device is a key state, the key state currently displayed in the password management interface may be referred to as target state information, and multiple second operation data corresponding to the target state information may be synchronously displayed in a list column where the target network device is located, so as to obtain target operation data corresponding to the target state information from the multiple second operation data. For example, if the target operation data is a "download key", the password management device may receive a password obtaining operation (i.e. a key obtaining operation) for the target operation data in the password management interface, so as to generate a key downloading instruction corresponding to the password obtaining operation, so that a sub-thread corresponding to the target operation data may be activated in the password management device according to the key downloading instruction corresponding to the target operation data, so that a key of the target network device may be obtained from the password database according to the sub-thread corresponding to the target operation data. It will be appreciated that the password management device, after having obtained the key of the target network device, may remotely log into the network device via the key. In other words, the password management device may download the key of the target network device from the password database based on the received key download instruction, that is, the maintainer may trigger a key obtaining operation on the target operation information (that is, downloading the key) in the password management interface of the password management device, so that the sub-thread corresponding to the key obtaining operation may be activated in the password management device, the key of the target network device may be obtained from the password database through the sub-thread corresponding to the key obtaining operation, and the operating system of the target network device may be remotely logged in the password management device through the key.
Optionally, when the password state of the target network device is a key state and the target operation data is "set as a temporary password", the maintainer may trigger a state change operation of the "set as a temporary password" in the password management interface, so that the password state of the target network device in the password management interface may be adjusted from the key state to the temporary password state. Similarly, when the target operation data is "set as long-term password", the maintainer may trigger another state change operation of the "set as long-term password" in the password management interface, so that the password state information of the target network device in the password management interface may be changed from the key state to the long-term password state. The specific process of adjusting the password state of the target network device from the key state to the temporary password state or the long-term password state may refer to the process of adjusting the password state in the list column where the network address 4 is located from the temporary password state to the long-term password state, which will not be described in detail herein.
The target state information and the second password state information are tag types corresponding to target passwords stored in the password database; the target password is used for logging in a target operating system of the target network equipment; the tag type comprises any one of a temporary password login type, a long-term password login type and a secret key password-free login type.
Step S103, updating the first attribute information of the target network device based on the second password state information, and taking the updated first attribute information as second attribute information of the target network device.
Specifically, the data processing apparatus integrated in the password management device may update the first attribute information of the target network device in the device state list according to the second password state information. For example, the password state in the device state list may be adjusted from the temporary password state to the long-term password state, that is, the first password state information of the target network device before adjustment may be updated to the second password state information in the device state list, and at this time, the device state list including the second password state information may be referred to as a new device state list. At this time, the operation data information in the new device state list is also updated synchronously. In other words, the data processing apparatus may update the first attribute information (i.e., the first password state information and the operation data information) in the device state list according to the second password state information, so that the updated first attribute information may be referred to as second attribute information of the target network device in the new device state list. The second attribute information may be used to instruct the password management device to respond to a password request sent by the target network device when the first password state information is detected to be invalid, and return the second password state information to the target network device, so that the target network device can log in an operating system (for example, a Linux operating system) of the target network device based on a target password corresponding to the second password state information, where the Linux operating system of the target network device may be referred to as a target operating system. In view of this, the second attribute information may be used to instruct the password management device to return second password state information in the second attribute information to the target network device when the password request is acquired; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid; in other words, the second attribute information may also be used to indicate that the target network device can perform password login based on the second password state information returned by the password management device when detecting that the first password state information is invalid.
It should be understood that, in the embodiment of the present invention, the password management device may refer to a list displayed in the password management interface after the target application is successfully logged in through the target account information as a server list, and a server (or network device) having an association relationship with the password management device displayed in the server list as an association device under the proprietary cloud network. In addition, by classifying the attribute information of the associated devices, the associated devices with similar attributes can be further screened out from the associated devices according to the acquired target search information to be called as network devices (namely the second devices), so that a device state list with an association relation with each network device can be further determined according to the screened out attribute information of the network devices. Further, when the password management device integrated with the data processing apparatus receives a device selection operation performed by a maintainer in the device state list, the target network device may be acquired from a plurality of network devices included in the device state list, so that password state information in a list column where the target network device is located may be adjusted in the device state list, and the adjusted device state list is referred to as a new device state list. In view of this, the embodiment of the present invention may refer to the attribute information of the target network device displayed in the device status list before adjustment as first attribute information, and refer to the attribute information of the target network device displayed in the new device status list after adjustment as second attribute information. In order to distinguish the first password state information from the first attribute information, the embodiment of the invention may refer to the password state information in the second attribute information as second password state information, where the second password state information is obtained according to the operation data information corresponding to the first password state information in the first attribute information. If the first password state information is the entered password state, the operation data information corresponding to the entered password state may include a plurality of second operation data, and specifically, the description of the plurality of second operation data in the embodiment corresponding to fig. 3 may be referred to, and will not be described further herein. In view of this, maintenance personnel can obtain the target operand in a plurality of second operation data that this equipment state list contains according to the operation and maintenance demand to can call the corresponding sub-thread of this target operation data in this password management device, thus can carry out nimble management to the password state of this target network device, in order to improve password management's efficiency.
It may be appreciated that the password management device may periodically update the associated devices recorded in the server list, for example, when a new device accesses the private cloud network, the new device may be referred to as a newly accessed associated device, so that when the current duration reaches the list update duration of the server list, a new associated device may be added to the server list, or a non-existing associated device may be deleted, or an IP address included in a list column where each associated device is located may be updated.
It should be understood that the password management device in the embodiment of the present invention is a device that integrates an interface visual display function and a data concurrency processing function. In other words, the maintainer may perform password warehousing management on the initial passwords of one or more newly accessed network devices (or servers) in the password management interface. For example, when a newly accessed network device exists in the private cloud network described in the embodiment corresponding to fig. 1, the password of the newly accessed single server may be managed in a password warehouse, or the passwords of a batch server (for example, a plurality of second servers newly accessed in a server cluster) that is newly accessed may be managed in a password warehouse. Optionally, the maintainer may also perform a password query operation on the passwords of the single server or the plurality of servers in the password management device, so as to obtain the passwords of one or more associated devices in the password management device.
In the embodiment of the invention, a plurality of network devices can be acquired in a target application, and the target network device and the first attribute information of the target network device can be further acquired from the plurality of network devices; the first attribute information may include first password state information and operation data information; the target application can comprise a password management interface capable of flexibly managing the password of the target network equipment; the first password state information may include initial state information corresponding to an initial password of the target network device that has not been put in storage, and optionally, the first password state information may also include target state information corresponding to a target password of the target network device that has been put in storage. It should be understood that, if the first password state information is initial password state information, the state change operation corresponding to the initial state information may be understood as a password entry operation, that is, the acquired initial password of the target network device may be stored in the password database in the target application, so that the initial password before being stored may be referred to as first password state information, and the password state information of the initial password after being entered into the storage may be referred to as second password state information. Optionally, in the embodiment of the present invention, if the first password state information is target state information corresponding to a target password of a target network device that has been put in storage, the state change operation may be a password change operation performed with respect to operation data information in first attribute information, so that the password state information of the target network device may be visually managed in the target application, so as to improve efficiency of password management, and the first attribute information of the target network device may be quickly updated in the target application by means of second password state information to obtain second attribute information, so that when the target network device detects that the first password state information fails, password login may be performed based on the second password state information in the second attribute information returned by the password management device, so as to improve security and reliability of a system.
Further, please refer to fig. 4, which is a flowchart illustrating another data processing method according to an embodiment of the present invention. The method may be applied to a password management device, and the method may include:
Step S201, obtaining target account information of a target application, carrying out login authentication on the target account information, logging in the target application when the authentication passes, and outputting a password management interface in the target application;
wherein the password management interface contains attribute information of all associated devices with an associated relation with the password management device.
Step S202, obtaining target search information in the password management interface, screening associated equipment which accords with the target search information from all associated equipment as network equipment, and determining an equipment state list which has an association relation with each network equipment according to the attribute information of all screened network equipment;
Wherein the device status list contains attribute information of each network device.
Step S203, responding to the device selection operation triggered by the device state list, acquiring target network devices from a plurality of network devices contained in the device state list, and determining attribute information in a list column corresponding to the target network devices in the device state list as first attribute information of the target network devices;
The operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment.
When the password management device integrated with the data processing apparatus is a device having an interface visual display function and a data concurrency processing function, the specific implementation manner of the password management device in steps S201 to S203 may participate in the description of step S101 in the embodiment corresponding to fig. 2, which will not be described in detail here.
It should be understood that the password management device in the embodiment of the present invention may be a device having an interface visual display function and a data concurrency processing function. Alternatively, the password management device may also be a device composed of two independent devices, that is, one of the two devices may have an interface visual display function, and the other of the two devices may have a data concurrency processing function. In this case, the device having the interface visual display function may be referred to as a management front end, and the device having the data concurrency processing function may be referred to as a management back end. The management back end can be used for displaying the visual interface (namely the password management interface) and can also be used for maintenance personnel to perform man-machine operation in the password management interface. It should be understood that the management front end may send a scheduling request to the management back end according to a man-machine operation performed by a maintainer, so that when the management back end receives the scheduling request sent by the management front end, the management back end may perform data concurrency processing in the background according to the scheduling request. In other words, when receiving the scheduling request sent by the management front end, the management back end may perform password management on the password state of the target network device displayed in the device state list in the background, for example, may perform password entry management, password inquiry management, or password state change management (i.e., state change management) on the password of any one of the second servers in the service terminal cluster shown in fig. 1 in the background.
In view of this, when the password management apparatus includes two independent apparatuses (i.e., one management front end and one management back end), the specific process by which the password management apparatus performs the above-described step S101 can also be described as: the management front end can receive target account information of a target application input by a maintainer in the target application, namely, the management front end can acquire the target account information of the target application and send the target account information to a management back end which has a network connection relation with the management front end, so that the management back end can log in and authenticate the target account information in the background and allow the management front end to log in the target application through the target account information when authentication is passed, and a password management interface output by the management back end can be displayed in the target application installed by the management front end; the password management interface may include attribute information of each associated device having an association relationship with a management backend in the password management device. Further, the maintainer may perform a triggering operation on the displayed function button (for example, the button corresponding to the area a shown in fig. 3) in the management front end displaying the password management interface, so that the key value corresponding to the function button (i.e., the area a) may be used as target search information in the management front end, and the target search information may be sent to the management back end, so that when the management back end obtains the target search information in the password management interface, the management back end may screen the associated device corresponding to the target search information from all the associated devices as a network device, determine a device state list associated with each network device according to the attribute information of all the screened network devices, and output the device state list to the password management interface, so that the previously displayed server list including all the associated devices may be updated into the device state list for displaying the specific associated device (i.e., the network device corresponding to the target search information) in the password management interface; in other words, the device status list may include attribute information of each network device. Further, the maintainer may perform a device selection operation on the plurality of network devices displayed in the device status list in the management front end, so that the management back end may obtain a target network device from the plurality of network devices included in the device status list in response to the device selection operation triggered for the device status list, and determine attribute information in a list column corresponding to the target network device in the device status list as first attribute information of the target network device; the operation data information in the list column may be used to instruct the management backend to further perform state management on the first password state information in the list column corresponding to the target network device in the background when receiving the scheduling request sent by the management front end for the operation data information.
The management front end may be any one of the user terminals (for example, the user terminal 3000 a) in the embodiment corresponding to fig. 1; the management backend may be the first server 2000 in the embodiment corresponding to fig. 1; the associated device in the server list may be any one of the second servers (e.g., the second server 4000 a) in the service terminal cluster in the embodiment corresponding to fig. 1. The network device in the device status list may be a second server that matches the target search information and is screened from the service terminal cluster in the embodiment corresponding to fig. 1.
Step S204, judging whether the first password state information in the equipment list column corresponding to the target network equipment is initial state information;
The initial state information is the password state information when the password state described in the embodiment corresponding to fig. 2 is the non-warehouse-in state. Optionally, the first password state information may further include target state information, that is, the target state information may be the password state information when the password state is the put-in state as described in the embodiment corresponding to fig. 2. The put-in state can be understood as a password state corresponding to the target password after setting the corresponding tag type for the obtained initial password. For the target network device described in the embodiment of the present invention, if the password state in the list column where the target network device is located is a put-in state, the password state may specifically include one of a key state, a long-term password state, and a temporary password state.
Step S205, if yes, a password warehousing operation triggered by first operation data related to the initial state information is responded, a password warehousing task corresponding to the first operation data is added to a task list to be processed, and a first sub-thread corresponding to the first operation data is activated;
step S206, according to the password state changing rule and the first sub-thread, the password state information of the target network device is adjusted from the initial state information to second password state information;
The second password state information is determined after the initial password with the initial state information is input into a password database. It should be understood that, for the specific implementation manner of the password management device in step S205 and step S206, reference may be made to the description of the password entry operation in the embodiment corresponding to fig. 3, and the detailed description will not be repeated here.
Optionally, step S207, if no, acquires a plurality of second operation data corresponding to the target state information from the list field;
In other words, the password management device may determine that the first password state information is the target state information, and may further obtain, from the list field, a plurality of second operation data corresponding to the target state information in the list field where the target network device is located.
Step S208, obtaining target operation data from the plurality of second operation data, responding to a password change operation triggered by the target operation data, adding a password change task corresponding to the password change operation to a task list to be processed, and activating a second sub-thread corresponding to the target operation data;
step S209, according to the password state change rule and the second sub-thread, adjusting the password state information of the target network device from the target state information to second password state information in a password database.
The specific implementation manner of step S207 to step S209 may refer to the description of the password changing operation in the embodiment corresponding to fig. 2, and the detailed description will not be repeated here.
Step S210, updating the first attribute information of the target network device based on the second password state information, taking the updated first attribute information as the second attribute information of the target network device,
The second attribute information is used for indicating the password management equipment to return second password state information in the second attribute information to the target network equipment when the password request is acquired; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid; that is, the password management device may return the second password state information to the target network device in response to a password request sent by the target network device when the first password state information is detected to be invalid, so that the target network device performs password login based on the second password state information. In other words, the second attribute information is used for indicating that the target network device can perform password login based on the second password state information returned by the password management device when the target network device detects that the first password state information is invalid.
Optionally, when the target state information of the target network device is the temporary password login type and the target operation data obtained from the plurality of second operation data is a password query operation, recording an application time stamp corresponding to the password query operation, and recording the application time stamp into the password database; further, adding the password inquiry task corresponding to the password inquiry operation to a task list to be processed, and activating a timing inquiry process corresponding to the password inquiry operation; further, according to the timing inquiry process and the application time stamp, a temporary password corresponding to the password inquiry operation is obtained from the password database, and the temporary password is used as the target password to be output.
It can be understood that the timing query process in the embodiment of the present invention may be used to poll any one of the tasks to be processed added to the task table to obtain the processing progress of each task to be processed. The task table to be processed can be stored in a timing task database, so that the task to be processed added into the task table to be processed can be locked in the timing task database, and the sub-threads in the thread pool can be preempted to execute the corresponding tasks. For ease of understanding, further, please refer to fig. 5, which is a schematic diagram of a task table to be processed according to an embodiment of the present invention. The management backend shown in fig. 5 may be the first server 2000 in the embodiment corresponding to fig. 1, where the management backend may receive the scheduling request sent by one or more management terminals shown in fig. 5 (i.e., the management front end 1, the management terminal 2, and the management terminal 3), and may further add the scheduling task in the received scheduling request to the task list to be processed shown in fig. 5, where each scheduling task in the task list to be processed may include a password change application task and a timing detection task.
The password change application task may be understood as the task of adjusting the first password state information to the second password state information. The timing detection tasks can comprise a password inquiry task, a temporary password expiration detection task and a deadlock detection task.
For convenience of understanding, further, please refer to fig. 6a and fig. 6b, which are schematic diagrams for acquiring a temporary password according to an embodiment of the present invention. It should be understood that, for a temporary password whose password state is the temporary password state, the temporary password needs to be updated periodically, that is, a temporary password expiration detection task (i.e., expiration detection task) needs to be set for the temporary password in the management back-end to detect whether the temporary password stored in fig. 6a has failed. The management back end shown in fig. 6b (for example, the management back end in the embodiment corresponding to fig. 5) may receive the scheduling request (i.e., the scheduling request 1 in the embodiment corresponding to fig. 5) sent by the management front end (for example, the management front end 1 in the embodiment corresponding to fig. 5) based on the password query operation of the temporary password when the current time is the time T1. It should be understood that when the management back-end shown in fig. 6b receives the scheduling request 1, an application time stamp (for example, time T1) corresponding to the password query operation may be recorded, and the application time stamp is recorded in the password database shown in fig. 6b, and it should be understood that the password databases shown in fig. 6a and 6b are the same password database. At this time, if the scheduling request (for example, the scheduling request 1 shown in fig. 5) received by the management back end indicates a password query task for a temporary password, the password query task for the temporary password may be added to the task list to be processed, and a timing query process corresponding to the password query operation (i.e., the timing query process shown in fig. 6 a) is activated, so that the password query task may be accumulated in the task list to be processed according to the application timestamp and the timing query process to be the accumulated duration of the task to be processed. In other words, as shown in fig. 6b, when the current time is the time T2, the management backend may accumulate the accumulated duration corresponding to the password query task in the task queue to be processed according to the timing query process corresponding to the password query operation and the application timestamp (i.e. the time interval between the time T2 and the time T1 shown in fig. 6b may be calculated). Meanwhile, the management backend shown in fig. 6b may further determine the remaining valid duration of the temporary password corresponding to the temporary password login type according to the effective timestamp (for example, the time K1) of the temporary password corresponding to the temporary password login type stored in the password database, the update duration (for example, the update is performed every 8 hours) and the application timestamp, so as to further determine whether the accumulated duration reaches the remaining valid duration in the schematic diagram shown in fig. 6 a. If yes, the update sub-process corresponding to the timing query process is connected to the target network device shown in fig. 6b, so that the target operating system of the target network device can be logged in the management back-end according to the queried temporary password about to be invalidated (for example, the old password M1 shown in fig. 6 b), so that the generated new password M2 can be recorded in the target operating system, and the new password M2 can be synchronously added into the password database according to the schematic diagram shown in fig. 6a, so that the new password can be called as a new temporary password in the password database, so that the schematic diagram shown in fig. 6a can be further followed, The ciphertext password of the new temporary password is called as a second ciphertext password in the password database shown in fig. 6a, so that the obtained second ciphertext password can be decrypted in the schematic diagram shown in fig. 6a, so that the temporary password corresponding to the second ciphertext password can be obtained, and the obtained temporary password can be returned to the management front end 1 in the embodiment corresponding to fig. 5 for display.
Optionally, if the judgment is no, that is, the accumulated time length reaches the scheduling time length and the accumulated time length does not reach the remaining effective time length, the ciphertext password corresponding to the temporary password may be directly obtained from the password database shown in fig. 6a, the ciphertext password obtained at this time may be referred to as a first ciphertext password, and the first ciphertext password is decrypted by an asymmetric encryption manner to obtain the temporary password corresponding to the first ciphertext password, so that the temporary password corresponding to the first ciphertext password may be further returned to the management front end 1, and the target password may be displayed in the management front end 1.
It should be understood that, if the scheduling task carried in the scheduling request shown in fig. 6b is a password change application task, the password change application task may be added to the task to be processed at the management back end shown in fig. 6b, and a locking operation may be performed on the password change application task in the task to be processed list, so that limited task resources may be preempted, and further, the password state at the time T1 may be referred to as the temporary password state as the first password state information through a state change operation corresponding to the password change application task, so that the password state of the temporary password (i.e., the old password M1 shown in fig. 6 b) may be adjusted to the password state of the new password M2 shown in fig. 6b at the time T2 shown in fig. 6b, where the password state at the time T2 may be the long-term password state. It should be understood that, for the specific process of adjusting the password state in other forms, reference may be made to the description of adjusting the password state from the temporary password state to the long-term password state in the embodiment of the present invention, and the description will not be repeated here.
The timing query process in the embodiment of the present invention may perform timing polling on the sub-process corresponding to the corresponding operation data, for example, may poll each task to be processed in the task list to be processed once every one minute. For example, for the scheduled tasks corresponding to the 3 scheduling requests (i.e., the scheduling request 1, the scheduling request 2, and the scheduling request 3) in the embodiment corresponding to fig. 5, it may be detected by the timing inquiry process that whether the scheduled task indicated by the scheduling request 1 shown in fig. 5 exists every one minute, whether the scheduled task indicated by the scheduling request 2 shown in fig. 5 exists every one minute, and whether the scheduled task indicated by the scheduling request 2 shown in fig. 5 exists every one minute.
If the management back end determines that the accumulated time length (i.e., the accumulated time length is the time length difference between the current time stamp accumulated according to the application time stamp and the application time stamp) reaches the scheduling time length (e.g., 10 minutes) and the accumulated time length does not reach the remaining effective time length (e.g., 60 minutes), it is indicated that the currently queried temporary password is not invalid, so that the first ciphertext password corresponding to the temporary password may be obtained from the password database of the management back end, and the temporary password may be returned to the management terminal 1 corresponding to the scheduling request 1, so that the target password (the target password at this time is a plaintext password obtained after decrypting the first ciphertext password) may be displayed in the management terminal 1.
It should be understood that, in the embodiment of the present invention, each scheduled task may be referred to as a to-be-processed task, and in the process of adding each scheduled task to the to-be-processed task list, a locking operation may be performed on each scheduled task to preempt task resources in the to-be-processed task list, so as to facilitate understanding, further, please refer to fig. 7, which is a schematic diagram for polling the scheduled task according to the embodiment of the present invention. The management front end shown in fig. 7 may be the management front end 1, the management front end 2, and the management front end 3 in the embodiment corresponding to fig. 5. As shown in fig. 5, the three management front ends may send scheduling requests to the management back end shown in fig. 5 at the time T1, and if all the three scheduling requests carry the password change application task, the task A1 corresponding to the management terminal 1 may be set in the task list to be processed shown in fig. 7, the task B1 corresponding to the management terminal 2 and the task C2 corresponding to the management terminal 3 may be set with the locking tag shown in fig. 7, so that the password change application task carrying the locking tag may be preferentially executed in the task list to be processed, and at this time, the password change application task may be understood as the task corresponding to the adjustment of the password state information of the target network device from the first password state information to the second password state information.
It may be understood that, for all the tasks to be processed included in the task list to be processed, each task to be processed in the task list to be processed may be polled by a process of timing query to obtain an accumulated duration or a locking duration of each task to be processed, it should be understood that, for the task A2 corresponding to the management front end 1 shown in fig. 7, the locking duration of the task B2 corresponding to the management terminal 2 and the task C1 corresponding to the management terminal 3 is 0, so that in the embodiment of the present invention, a task to be processed (for example, the task C2 shown in fig. 7) with a locking duration greater than a deadlock duration threshold may be found as a task to be unlocked, and the task to be unlocked may be unlocked in the task queue to be processed, so that the task C2 after the unlocking process may be cleared in the task queue to release system resources.
In the embodiment of the present invention, before outputting the password management interface to the management front end for display, the management back end may further include the following steps: detecting the grade information of the target account information at the target application; if the grade information of the target account information is detected to be the first grade with the password management authority, executing the step of outputting a password management interface in the target application; the target account information corresponding to the first level has the authority to manage all associated devices in the password management interface; optionally, if the level information of the target account information is detected to be the second level with the state query authority, outputting a state query interface in the target application, and displaying all associated devices with association relation with the password management device in the state query interface; the grade information of the second grade is lower than the grade information of the first grade, and the target account information corresponding to the second grade has the authority of inquiring all the associated devices in the state inquiry interface.
It can be appreciated that, for a plurality of maintenance personnel to log in the target application through the corresponding account information, the password management interface with the same data content can be seen in the corresponding management front end. Because the account information used by each maintainer is different, the operation authority of each maintainer in the password management interface with the same data content is different, for example, only the target account information with the highest level information can carry out corresponding password management operation on the data content in the password database, and the target account information with other level information can browse the data content displayed in the password management interface, so that the password management interfaces corresponding to the target account information with the query authority are collectively called as a state query interface in the embodiment of the invention. In other words, each maintainer, after logging in the password management application (i.e., the target application) separately, can see the password management interface (the content is the same but the operation authority is different) with the same data content, and can see the interface with different data content. For example, the data content in the aforementioned status query interface may be different from the data content in the password management interface. By dividing the interface displayed after login into two different interfaces, the level information of maintenance personnel can be clearly indicated, and different interfaces can be displayed according to different level information.
In the embodiment of the invention, a plurality of network devices can be acquired in a target application, and the target network device and the first attribute information of the target network device can be further acquired from the plurality of network devices; the first attribute information may include first password state information and operation data information; the target application can comprise a password management interface capable of flexibly managing the password of the target network equipment; the first password state information may include initial state information corresponding to an initial password of the target network device that has not been put in storage, and optionally, the first password state information may also include target state information corresponding to a target password of the target network device that has been put in storage. It should be understood that, if the first password state information is initial password state information, the state change operation corresponding to the initial state information may be understood as a password entry operation, that is, the acquired initial password of the target network device may be stored in the password database in the target application, so that the initial password before being stored may be referred to as first password state information, and the password state information of the initial password after being entered into the storage may be referred to as second password state information. Optionally, in the embodiment of the present invention, if the first password state information is target state information corresponding to a target password of a target network device that has been put in storage, the state change operation may be a password change operation performed with respect to operation data information in first attribute information, so that the password state information of the target network device may be visually managed in the target application, so as to improve efficiency of password management, and the first attribute information of the target network device may be quickly updated in the target application by means of second password state information to obtain second attribute information, so that when the target network device detects that the first password state information fails, password login may be performed based on the second password state information in the second attribute information returned by the password management device, so as to improve security and reliability of a system.
Further, please refer to fig. 8, which is a schematic diagram illustrating a structure of a data processing apparatus according to an embodiment of the present invention, the data processing apparatus 1 may be applied to a password management device. As shown in fig. 8, the data processing apparatus 1 may include: the device acquisition module 10, the state adjustment module 20 and the attribute updating module 30;
an apparatus obtaining module 10, configured to obtain a plurality of network apparatuses in a target application, and obtain a target network apparatus and first attribute information of the target network apparatus from the plurality of network apparatuses; the first attribute information comprises first password state information and operation data information; the target application comprises a password management interface;
Wherein the device acquisition module 10 comprises: the account authentication unit 101, the interface output unit 102, the device screening unit 103, the target determining unit 104, further, the device obtaining module 10 may further include: a rank detection unit 105, a notification unit 106, and a query interface output unit 107;
An account authentication unit 101, configured to obtain target account information of a target application, perform login authentication on the target account information, and log in the target application when authentication passes;
an interface output unit 102, configured to output a password management interface in the target application; the password management interface comprises attribute information of all associated devices with an associated relation with the password management device;
A device screening unit 103, configured to obtain target search information in the password management interface, screen association devices that match the target search information from all association devices, as network devices, and determine a device status list that has an association relationship with each network device according to attribute information of all the screened network devices; the equipment state list contains attribute information of each network equipment;
A target determining unit 104, configured to obtain a target network device from a plurality of network devices included in the device state list in response to a device selection operation triggered for the device state list, and determine attribute information in a list column corresponding to the target network device in the device state list as first attribute information of the target network device; the operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment.
Alternatively, the level detection unit 105 is configured to detect, at the target application, level information of the target account information;
A notification unit 106, configured to notify the interface output unit to execute the outputting of the password management interface in the target application if it is detected that the level information of the target account information is the first level having the password management authority; the target account information corresponding to the first level has the authority to manage all associated devices in the password management interface;
A query interface output unit 107, configured to output a state query interface in the target application if it is detected that the level information of the target account information is a second level having a state query authority, and display all associated devices having an association relationship with the password management device in the state query interface; the grade information of the second grade is lower than the grade information of the first grade, and the target account information corresponding to the second grade has the authority of inquiring all the associated devices in the state inquiry interface.
The specific implementation manner of the account authentication unit 101, the interface output unit 102, the device screening unit 103, the target determination unit 104, the level detection unit 105, the notification unit 106, and the query interface output unit 107 may be referred to the description of step S201 to step S203 in the embodiment corresponding to fig. 4, and will not be further described herein.
A state adjustment module 20, configured to adjust the password state information of the target network device from the first password state information to second password state information in response to a state change operation triggered with respect to the operation data information in the password management interface;
Wherein, the state adjustment module 20 includes: the first task adding unit 201, the first adjusting unit 202, and optionally, the state adjusting module 20 may further include: the operation obtaining unit 203, the second task adding unit 204, the second adjusting unit 205 may further include: a time stamp entry unit 206, a query task unit 207, and a password acquisition unit 208;
a first task adding unit 201, configured to, if the first password state information in the list field corresponding to the target network device is initial state information, respond to a password entry operation triggered by first operation data associated with the initial state information, add a password entry task corresponding to the first operation data to a task list to be processed, and activate a first sub-thread corresponding to the first operation data;
a first adjusting unit 202, configured to adjust the password state information of the target network device from the initial state information to second password state information according to a password state change rule and the first sub-thread; the second password state information is the password state information determined after the initial password with the initial state information is entered into a password database.
Optionally, the operation obtaining unit 203 is configured to obtain, if the first password state information is target state information, a plurality of second operation data corresponding to the target state information from the list field;
A second task adding unit 204, configured to obtain target operation data from the plurality of second operation data, respond to a password change operation triggered for the target operation data, add a password change task corresponding to the password change operation to a task list to be processed, and activate a second sub-thread corresponding to the target operation data;
and a second adjusting unit 205, configured to adjust, in a password database, the password state information of the target network device from the target state information to second password state information according to a password state change rule and the second sub-thread.
The target state information and the second password state information are tag types corresponding to target passwords stored in the password database; the target password is used for logging in a target operating system of the target network equipment; the tag type comprises any one of a temporary password login type, a long-term password login type and a secret key password-free login type.
Optionally, the timestamp entry unit 206 records an application timestamp corresponding to the password query operation when the target state information of the target network device is the temporary password login type and the target operation data acquired from the plurality of second operation data is the password query operation, and enters the application timestamp into the password database;
a query task unit 207, configured to add a password query task corresponding to the password query operation to a task list to be processed, and activate a timing query process corresponding to the password query operation;
and the password obtaining unit 208 is configured to obtain, from the password database, a temporary password corresponding to the password query operation according to the timing query process and the application timestamp, and output the temporary password as the target password.
Wherein the password acquisition unit 208 includes: a duration accumulating sub-unit 2081, a duration determining sub-unit 2082, a first determining sub-unit 2083, a first decrypting sub-unit 2084, optionally, the password obtaining unit further includes: a second determination subunit 2085, a system access subunit 2086, a password modification subunit 2087, and a second decryption subunit 2088, optionally, the password acquisition unit further includes: a task locking sub-unit 2089 and a task unlocking sub-unit 2090;
a duration accumulating subunit 2081, configured to accumulate an accumulated duration corresponding to the password query task in the task queue to be processed according to the timing query process and the application timestamp;
A duration determining subunit 2082, configured to determine a remaining valid duration of the temporary password corresponding to the temporary password login type according to an effective timestamp, an update duration, and the application timestamp of the temporary password corresponding to the temporary password login type stored in the password database;
A first determining subunit 2083, configured to obtain, if the accumulated duration reaches the scheduling duration and the accumulated duration does not reach the remaining effective duration, a first ciphertext password corresponding to the temporary password from the password database;
the first decryption subunit 2084 is configured to decrypt the first ciphertext password by using an asymmetric encryption manner, obtain a temporary password corresponding to the first ciphertext password, and output the temporary password corresponding to the first ciphertext password as a target password.
Optionally, the second determining subunit 2085 is configured to determine, through the timing query process, that the temporary password is a invalid password if the accumulated duration reaches the remaining valid duration;
a system access subunit 2086, configured to access and control a target operating system of the target network device through the invalid password and an update sub-thread corresponding to the timing inquiry process;
A password modification subunit 2087, configured to modify the temporary password based on the target operating system, update the first ciphertext password in the password database with a ciphertext password of the modified temporary password, and determine the updated first ciphertext password as a second ciphertext password;
The second decryption subunit 2088 is configured to decrypt the second ciphertext password by using an asymmetric encryption manner, obtain a temporary password corresponding to the second ciphertext password, and output the temporary password corresponding to the second ciphertext password as a target password.
Optionally, a task locking subunit 2089 is configured to obtain, when the task queue to be processed includes a plurality of tasks to be processed, a locking duration corresponding to each task to be processed through the timing query process; the plurality of tasks to be processed comprise unprocessed password inquiry tasks;
The task unlocking subunit 2090 is configured to determine, if there is a to-be-processed task whose locking duration reaches a deadlock duration threshold in the plurality of to-be-processed tasks, to-be-unlocked tasks in the to-be-processed task queue, to unlock the to-be-unlocked tasks in the to-be-processed task queue, and to clear the unlocked password query task in the to-be-processed task queue
The time length accumulating sub-unit 2081, the time length determining sub-unit 2082, the first determining sub-unit 2083, the first decrypting sub-unit 2084, the second determining sub-unit 2085, the system accessing sub-unit 2086, the password modifying sub-unit 2087, and the second decrypting sub-unit 2088, the task locking sub-unit 2089 and the task unlocking sub-unit 2090 may refer to the description of the temporary password obtaining in the embodiments corresponding to fig. 6a and fig. 6b, and will not be further described herein.
The specific implementation manner of the first task adding unit 201, the first adjusting unit 202, the operation obtaining unit 203, the second task adding unit 204, the second adjusting unit 205, the timestamp entering unit 206, the query task unit 207 and the password obtaining unit 208 may participate in the description of step S102 in the embodiment corresponding to fig. 2, and will not be further described herein.
An attribute updating module 30, configured to update the first attribute information of the target network device based on the second password state information, and use the updated first attribute information as second attribute information of the target network device, where the second attribute information is used to instruct the password management device to return, when acquiring a password request, second password state information in the second attribute information to the target network device; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid.
The specific implementation manners of the device obtaining module 10, the state adjusting module 20, and the attribute updating module 30 may refer to the descriptions of the step S101 to the step S103 in the embodiment corresponding to fig. 2, and the detailed description will not be repeated here.
In the embodiment of the invention, a plurality of network devices can be acquired in a target application, and the target network device and the first attribute information of the target network device can be further acquired from the plurality of network devices; the first attribute information may include first password state information and operation data information; the target application can comprise a password management interface capable of flexibly managing the password of the target network equipment; the first password state information may include initial state information corresponding to an initial password of the target network device that has not been put in storage, and optionally, the first password state information may also include target state information corresponding to a target password of the target network device that has been put in storage. It should be understood that, if the first password state information is initial password state information, the state change operation corresponding to the initial state information may be understood as a password entry operation, that is, the acquired initial password of the target network device may be stored in the password database in the target application, so that the initial password before being stored may be referred to as first password state information, and the password state information of the initial password after being entered into the storage may be referred to as second password state information. Optionally, in the embodiment of the present invention, if the first password state information is target state information corresponding to a target password of a target network device that has been put in storage, the state change operation may be a password change operation performed with respect to operation data information in first attribute information, so that the password state information of the target network device may be visually managed in the target application, so as to improve efficiency of password management, and the first attribute information of the target network device may be quickly updated in the target application by means of second password state information to obtain second attribute information, so that when the target network device detects that the first password state information fails, password login may be performed based on the second password state information in the second attribute information returned by the password management device, so as to improve security and reliability of a system.
Further, please refer to fig. 9, which is a schematic diagram illustrating another data processing apparatus according to an embodiment of the present invention. As shown in fig. 9, the data processing apparatus 1000 may be applied to a password management device, and the data processing apparatus 1000 may include: processor 1001, network interface 1004 and memory 1005, in addition, the data processing apparatus 1000 may further comprise: a user interface 1003, and at least one communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display (Display), a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface, among others. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory. The memory 1005 may also optionally be at least one storage device located remotely from the processor 1001. As shown in fig. 9, an operating system, a network communication module, a user interface module, and a device control application program may be included in the memory 1005, which is one type of computer storage medium.
The network interface 1004 in the data processing apparatus 1000 may also be connected to the first server, and the optional user interface 1003 may further include a Display screen (Display), a Keyboard (Keyboard). In the data processing apparatus 1000 shown in fig. 9, the network interface 1004 may provide a network communication function; while user interface 1003 is primarily used as an interface for providing input to a user; and the processor 1001 may be used to invoke a device control application stored in the memory 1005 to implement:
Acquiring a plurality of network devices in a target application, and acquiring target network devices and first attribute information of the target network devices from the plurality of network devices; the first attribute information comprises first password state information and operation data information; the target application comprises a password management interface;
Responding to a state change operation triggered by the operation data information in the password management interface, and adjusting the password state information of the target network equipment from the first password state information to second password state information;
Updating the first attribute information of the target network equipment based on the second password state information, taking the updated first attribute information as second attribute information of the target network equipment, wherein the second attribute information is used for indicating the password management equipment to respond to a request sent by the target network equipment when the first password state information is detected to be invalid, and returning the second password state information to the target network equipment so as to enable the target network equipment to perform password login based on the second password state information.
It should be understood that the data processing apparatus 1000 described in the embodiment of the present invention may perform the description of the data processing method in the embodiment corresponding to fig. 2 or fig. 4, and may also perform the description of the data processing apparatus 1 in the embodiment corresponding to fig. 8, which is not repeated herein. In addition, the description of the beneficial effects of the same method is omitted.
Furthermore, it should be noted here that: the embodiment of the present invention further provides a computer storage medium, in which the aforementioned computer program executed by the data processing apparatus 1 is stored, and the computer program includes program instructions, when executed by the processor, can execute the description of the data processing method in the embodiment corresponding to fig. 2 or fig. 4, and therefore, a detailed description will not be given here. In addition, the description of the beneficial effects of the same method is omitted. For technical details not disclosed in the embodiments of the computer storage medium according to the present invention, please refer to the description of the method embodiments of the present invention.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random-access Memory (Random Access Memory, RAM), or the like.
The foregoing disclosure is illustrative of the present invention and is not to be construed as limiting the scope of the invention, which is defined by the appended claims.

Claims (13)

1. A data processing method, the method being applied to a password management device, comprising:
Acquiring target account information of a target application, carrying out login authentication on the target account information, logging in the target application when the authentication passes, and outputting a password management interface in the target application; the password management interface comprises attribute information of all associated devices with an associated relation with the password management device;
acquiring target search information in the password management interface, screening associated equipment which accords with the target search information from all associated equipment as network equipment, and determining an equipment state list which has an association relation with each network equipment according to the attribute information of all screened network equipment; the equipment state list contains attribute information of each network equipment;
Responding to a device selection operation triggered by the device state list, acquiring target network devices from a plurality of network devices contained in the device state list, and determining attribute information in a list column corresponding to the target network devices in the device state list as first attribute information of the target network devices; the operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment; the first attribute information comprises the first password state information and the operation data information;
responding to a state change operation triggered by the operation data information in the password management interface, and adjusting the password state information of the target network equipment from the first password state information to second password state information;
Updating the first attribute information of the target network equipment based on the second password state information, and taking the updated first attribute information as second attribute information of the target network equipment, wherein the second attribute information is used for indicating the password management equipment to return the second password state information in the second attribute information to the target network equipment when acquiring a password request; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid.
2. The method of claim 1, further comprising, prior to outputting a password management interface in the target application:
Detecting the grade information of the target account information in the target application;
If the grade information of the target account information is detected to be the first grade with the password management authority, executing the step of outputting a password management interface in the target application; the target account information corresponding to the first level has the authority to manage all associated devices in the password management interface;
If the grade information of the target account information is detected to be the second grade with the state query authority, outputting a state query interface in the target application, and displaying all associated devices with association relation with the password management device in the state query interface; the grade information of the second grade is lower than the grade information of the first grade, and the target account information corresponding to the second grade has the authority of inquiring all the associated devices in the state inquiry interface.
3. The method of claim 1, wherein the adjusting the password state information of the target network device from the first password state information to second password state information in response to the state change operation triggered for the operation data information in the password management interface comprises:
If the first password state information in the list column corresponding to the target network equipment is initial state information, responding to a password warehousing operation triggered by first operation data related to the initial state information, adding a password warehousing task corresponding to the first operation data to a task list to be processed, and activating a first sub-thread corresponding to the first operation data;
According to a password state changing rule and the first sub-thread, the password state information of the target network equipment is adjusted from the initial state information to second password state information; the second password state information is the password state information determined after the initial password with the initial state information is entered into a password database.
4. The method of claim 1, wherein the adjusting the password state information of the target network device from the first password state information to second password state information in response to the state change operation triggered for the operation data information in the password management interface comprises:
if the first password state information is target state information, acquiring a plurality of second operation data corresponding to the target state information from the list column;
acquiring target operation data from the plurality of second operation data, responding to a password change operation triggered by the target operation data, adding a password change task corresponding to the password change operation to a task list to be processed, and activating a second sub-thread corresponding to the target operation data;
And according to a password state change rule and the second sub-thread, adjusting the password state information of the target network equipment from the target state information to second password state information in a password database.
5. The method of claim 4, wherein the target state information and the second password state information are tag types corresponding to a target password stored in the password database; the target password is used for logging in a target operating system of the target network equipment; the tag type comprises any one of a temporary password login type, a long-term password login type and a secret key password-free login type.
6. The method as recited in claim 5, further comprising:
when the target state information of the target network equipment is the temporary password login type and the target operation data obtained from the plurality of second operation data is a password query operation, recording an application time stamp corresponding to the password query operation and recording the application time stamp into the password database;
adding the password inquiry task corresponding to the password inquiry operation to a task list to be processed, and activating a timing inquiry process corresponding to the password inquiry operation;
And acquiring a temporary password corresponding to the password inquiry operation from the password database according to the timing inquiry process and the application time stamp, and outputting the temporary password as the target password.
7. The method according to claim 6, wherein the obtaining the temporary password corresponding to the password query operation from the password database according to the timing query process and the application timestamp, and outputting the temporary password as the target password, comprises:
Accumulating accumulated time length corresponding to the password query task in the task queue to be processed according to the timing query process and the application time stamp;
Determining the remaining effective duration of the temporary password corresponding to the temporary password login type according to the effective time stamp, the updating duration and the application time stamp of the temporary password corresponding to the temporary password login type stored in the password database;
If the accumulated time length reaches the scheduling time length and the accumulated time length does not reach the residual effective time length, a first ciphertext password corresponding to the temporary password is obtained from the password database, the first ciphertext password is decrypted in an asymmetric encryption mode, a temporary password corresponding to the first ciphertext password is obtained, and the temporary password corresponding to the first ciphertext password is used as a target password to be output.
8. The method as recited in claim 7, further comprising:
if the accumulated time length reaches the residual effective time length, determining that the temporary password is a failure password through the timing inquiry process;
Accessing and controlling a target operating system of the target network equipment through the invalid password and an update sub-thread corresponding to the timing inquiry process;
Modifying the temporary password based on the target operating system, updating the first ciphertext password in the password database by using the ciphertext password of the modified temporary password, and determining the updated first ciphertext password as a second ciphertext password;
Decrypting the second ciphertext password in an asymmetric encryption mode to obtain a temporary password corresponding to the second ciphertext password, and outputting the temporary password corresponding to the second ciphertext password as a target password.
9. The method as recited in claim 7, further comprising:
When the task queue to be processed contains a plurality of tasks to be processed, acquiring locking time length corresponding to each task to be processed through the timing inquiry process; the plurality of tasks to be processed comprise unprocessed password inquiry tasks;
If the to-be-processed tasks with the locking time reaching the deadlock time threshold exist in the plurality of to-be-processed tasks, determining the to-be-processed tasks with the locking time reaching the deadlock time threshold in the to-be-processed task queue as to-be-unlocked tasks, unlocking the to-be-unlocked tasks in the to-be-processed task queue, and clearing the password inquiry tasks after unlocking in the to-be-processed task queue.
10. A data processing apparatus, the apparatus being applied to a password management device, comprising:
The device acquisition module is used for acquiring target account information of a target application, carrying out login authentication on the target account information, logging in the target application when the authentication passes, and outputting a password management interface in the target application; the password management interface comprises attribute information of all associated devices with an associated relation with the password management device;
The device acquisition module is further used for acquiring target search information in the password management interface, screening associated devices conforming to the target search information from all associated devices, serving as network devices, and determining a device state list with an association relation with each network device according to the attribute information of all the screened network devices; the equipment state list contains attribute information of each network equipment;
The device obtaining module is further configured to obtain a target network device from a plurality of network devices included in the device state list in response to a device selection operation triggered by the device state list, and determine attribute information in a list column corresponding to the target network device in the device state list as first attribute information of the target network device; the operation data information in the list column is used for carrying out state management on the first password state information in the list column corresponding to the target network equipment; the first attribute information comprises the first password state information and the operation data information;
The state adjustment module is used for responding to a state change operation triggered by the operation data information in the password management interface and adjusting the password state information of the target network equipment from the first password state information to second password state information;
The attribute updating module is used for updating the first attribute information of the target network equipment based on the second password state information, and taking the updated first attribute information as second attribute information of the target network equipment, wherein the second attribute information is used for indicating the password management equipment to return second password state information in the second attribute information to the target network equipment when acquiring a password request; the password request is sent to the password management device when the target network device detects that the first password state information for password login is invalid.
11. The apparatus of claim 10, wherein the device acquisition module further comprises:
The grade detection unit is used for detecting grade information of the target account information at the target application;
The notification unit is used for notifying the interface output unit to execute the password management interface output in the target application if the grade information of the target account information is detected to be the first grade with the password management authority; the target account information corresponding to the first level has the authority to manage all associated devices in the password management interface;
The query interface output unit is used for outputting a state query interface in the target application and displaying all associated devices with association relation with the password management device in the state query interface if the grade information of the target account information is detected to be a second grade with state query authority; the grade information of the second grade is lower than the grade information of the first grade, and the target account information corresponding to the second grade has the authority of inquiring all the associated devices in the state inquiry interface.
12. A data processing apparatus, the apparatus being applied to a password management device comprising: a processor, a memory, and a network interface;
the processor is connected to a memory, a network interface for connecting a plurality of network devices, the memory for storing program code, the processor for invoking the program code to perform the method of any of claims 1-9.
13. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, perform the method of any of claims 1-9.
CN201910213911.5A 2019-03-20 2019-03-20 Data processing method and related device Active CN110210191B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910213911.5A CN110210191B (en) 2019-03-20 2019-03-20 Data processing method and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910213911.5A CN110210191B (en) 2019-03-20 2019-03-20 Data processing method and related device

Publications (2)

Publication Number Publication Date
CN110210191A CN110210191A (en) 2019-09-06
CN110210191B true CN110210191B (en) 2024-08-20

Family

ID=67785249

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910213911.5A Active CN110210191B (en) 2019-03-20 2019-03-20 Data processing method and related device

Country Status (1)

Country Link
CN (1) CN110210191B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111953562B (en) * 2020-07-29 2022-05-24 新华三信息安全技术有限公司 Equipment state monitoring method and device
CN113225305A (en) * 2021-02-16 2021-08-06 蒋云帆 Intelligent password center and smart client implementation thereof
CN114489897B (en) * 2022-01-21 2023-08-08 北京字跳网络技术有限公司 Object processing method, device, terminal equipment and medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102866998A (en) * 2011-07-05 2013-01-09 中兴通讯股份有限公司 Centralized password management method and centralized password management system in synchronous system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6826700B1 (en) * 1999-11-24 2004-11-30 Unisys Corporation Method and apparatus for a web application server to automatically solicit a new password when an existing password has expired
US9425958B2 (en) * 2005-08-05 2016-08-23 Hewlett Packard Enterprise Development Lp System, method and apparatus for cryptography key management for mobile devices
CN105391744B (en) * 2015-12-30 2019-10-18 浙江宇视科技有限公司 A kind of method and system of management and monitoring equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102866998A (en) * 2011-07-05 2013-01-09 中兴通讯股份有限公司 Centralized password management method and centralized password management system in synchronous system

Also Published As

Publication number Publication date
CN110210191A (en) 2019-09-06

Similar Documents

Publication Publication Date Title
US11088903B2 (en) Hybrid cloud network configuration management
US9813509B1 (en) Template generator for frequently occurring application programming interface call sequences
CN108563958B (en) Role permission updating method and device, computer equipment and storage medium
KR102095334B1 (en) Log information generating device and recording medium and log information extraction device and recording medium
US20220217182A1 (en) Dynamic security policy management
EP2989543B1 (en) Method and device for updating client
US11477247B2 (en) Systems and methods for authenticating platform trust in a network function virtualization environment
CN112231168A (en) Micro server control method, device, equipment and storage medium
CN112104617B (en) Rights management method, device, equipment and storage medium for micro-service
CN110210191B (en) Data processing method and related device
CN112364110A (en) Metadata management method, device and equipment and computer storage medium
CN111400355B (en) Data query method and device
US20180026986A1 (en) Data loss prevention system and data loss prevention method
CN106339629A (en) Application management method and device
US8949930B1 (en) Template representation of security resources
CN108965291A (en) Registration login method, system and the computer equipment of mixed application
US8185639B2 (en) Server identification in storage networks
CN110061876B (en) Optimization method and system of operation and maintenance auditing system
CN112714166B (en) Multi-cluster management method and device for distributed storage system
CN111147496B (en) Data processing method and device
EP3844933B1 (en) Method and system for providing access to data stored in a security data zone of a cloud platform
EP3635935B1 (en) Managing alerts regarding additions to user groups
KR101651392B1 (en) Additional authentication execution system through execution specialized module and method thereof
CN113765869A (en) Login method, device, server and storage medium
KR102379098B1 (en) Database login information management system using virtual driver and control method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TG01 Patent term adjustment
TG01 Patent term adjustment