[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN106453262B - A kind of KVM user's access authorization methods based on two dimensional code - Google Patents

A kind of KVM user's access authorization methods based on two dimensional code Download PDF

Info

Publication number
CN106453262B
CN106453262B CN201610828057.XA CN201610828057A CN106453262B CN 106453262 B CN106453262 B CN 106453262B CN 201610828057 A CN201610828057 A CN 201610828057A CN 106453262 B CN106453262 B CN 106453262B
Authority
CN
China
Prior art keywords
user
kvm
dimensional code
host
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610828057.XA
Other languages
Chinese (zh)
Other versions
CN106453262A (en
Inventor
庞晓琼
史元浩
温杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
North University of China
Original Assignee
North University of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by North University of China filed Critical North University of China
Priority to CN201610828057.XA priority Critical patent/CN106453262B/en
Publication of CN106453262A publication Critical patent/CN106453262A/en
Application granted granted Critical
Publication of CN106453262B publication Critical patent/CN106453262B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Toxicology (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Artificial Intelligence (AREA)
  • Electromagnetism (AREA)
  • Storage Device Security (AREA)

Abstract

KVM user's access authorization methods based on two dimensional code that the invention discloses a kind of.This method is that 1) management end is that KVM generates an initialization two dimensional code and is saved in KVM;Initializing two dimensional code includes clock t and port information corresponding with n host of the KVM connection;2) management end is that user i generates user's two dimensional code;User's two dimensional code includes port information m corresponding to the operable host of user i, authorization time started t1 and authorization end time t2;3) when the user i accesses host by the KVM, the two-dimensional code scanning device of the KVM scans user's two dimensional code of the user i, obtains port information m corresponding to the operable host of user i, authorization time started t1 and authorization end time t2;4) KVM port information m, t1 and t2 according to corresponding to the user i operable host controls access of the user i to the corresponding host of access port information m.The present invention improves safety.

Description

A kind of KVM user's access authorization methods based on two dimensional code
Technical field
The present invention relates to field of computer technology more particularly to a kind of KVM user's access authorization methods based on two dimensional code.
Background technique
The abbreviation of KVM, that is, Keyboard Video Mouse (keyboard display mouse), Chinese are commonly referred to as switch, are The common infrastructure device of computer room, multiple stage computers host are connected to same set of keyboard, mouse and display by KVM On, by pressing the switching push button on KVM, it can connect to keyboard, mouse and display on different hosts, thus realization pair The manipulation of destination host.The use of KVM reduces the quantity of display etc., has saved cabinet space, facilitates the pipe to host Reason.
Traditional KVM is in the upper Shortcomings of host O&M safety, and especially under trustship computer room scene, A host and B host are connect On same KVM, in the case where unauthorized, there are the operators of A host to pass through the risk of KVM manipulation B host.Shen Please numbers 201510216060.1, a kind of Chinese patent Shen of title " KVM local management system subscriber authentication design method " Master controller and pin-saving chip of the MCU and EEPROM as local management please be use, then the external EEPROM of MCU leads to Cross the subscriber authentication that verification scheme realizes local management system on KVM;This application is used stores user name and close on KVM Code mode, by local KVM OSD menu prompt user input username and password, then verified on KVM with Enhance the safety of KVM user management.Which has the disadvantage that 1, simple username and password mode is easy to a mouthful ear According to legend, it causes to reveal, safety requires the mode authorized again lower than login every time;2, management end is arranged on KVM, so that Modification username and password is required in KVM local operation, for the Large-scale Data Rooms for managing hundreds and thousands of hosts It is quite inconvenient.
Based on this, a kind of KVM user's access authorization methods based on two dimensional code are now provided.
Summary of the invention
The technology of the present invention in view of the deficiencies of the prior art, proposes a kind of KVM user access mandate side based on two dimensional code Method, the two dimensional code provided by scanning user achieve the purpose that limit user's operation.
The technical solution of the present invention is as follows:
A kind of KVM user's access authorization methods based on two dimensional code, the steps include:
1) management end is that KVM generates an initialization two dimensional code and is saved in KVM;The initialization two dimensional code includes clock t With port information corresponding with the n host that the KVM is connected;Has two-dimensional code scanning device in the KVM;
2) management end is that user i generates user's two dimensional code;User's two dimensional code includes the operable host of user i Corresponding port information m, authorization time started t1 and authorization end time t2;
3) when the user i accesses host by the KVM, the two-dimensional code scanning device of the KVM scans the user of the user i Two dimensional code obtains port information m corresponding to the operable host of user i, authorization time started t1 and authorization end time t2;
4) KVM port information m according to corresponding to the operable host of user i, authorization time started t1 and authorization knot Beam time t2 controls access of the user i to the corresponding host of access port information m.
Further, which further includes key k;The management end is by key k to the user two of user i Dimension code is sent to the user i after being encrypted;The KVM is by the key k in the initialization two dimensional code to the user two of the user i Dimension code is decrypted, and obtaining port information m corresponding to the operable host of user i, authorization time started t1 and authorization terminates Time t2.
Further, has a timer in the KVM, when the keyboard of the KVM or mouse are without operation, which starts Timing;When being more than given threshold between being clocked, which enters screen protection state.
Further, KVM default is in screen protection state, and under screen protection state, which only shows that screen is protected Information is protected, without exporting any host information.
Further, each host corresponds to a port.
It further, include one or more ports in the port information m.
Further, the implementation method of step 4) are as follows: the port according to corresponding to the user i operable host KVM letter Breath m, authorization time started t1 with authorization end time t2 determine the user i can to the corresponding host of access port information m into Row access, if it is possible to access, then limit the user i corresponding host of operation port information m in t1 and t2 time range, use Family can switch between the port for obtaining authorization.
Further, when user's i application accesses host by the KVM, which is that user i generates a user two Tie up code.
In the present invention, KVM has a set of management end software, to manage h platform KVM (h >=1).Way to manage are as follows: management Software Create, printing two dimensional code are held, KVM receives the management of management end by scanning, identifying two dimensional code.Two dimensional code includes initial Change two dimensional code and two kinds of user's two dimensional code.
The two dimensional code that management end is interacted with KVM be it is encrypted by cryptography tool, can both take symmetric cryptography mode Asymmetric encryption mode can also be taken.When taking symmetric cryptography mode, management end is that h platform KVM generates different symmetrical close of h Key k1, k2 ... kh, i-th KVM save oneself corresponding symmetric key ki, i ∈ [1, h].Management end symmetric key encryption, KVM symmetric key decryption.When taking asymmetric encryption mode, management end is that h platform KVM generates h to different asymmetric close Key is to k1, k2 ... kh, i-th KVM save the private key of oneself corresponding asymmetric key pair ki, and management end saves all asymmetric The public key of key pair.Management end public key encryption, KVM are decrypted with private key.
As shown in Figure 1, having two-dimensional code scanning device in KVM, administrator or user can trigger device progress manually Two-dimensional code scanning.
KVM should be initialized first, and management end generates initialization two dimensional code, and initialization two dimensional code includes clock t, key k Above- mentioned information are saved with data, KVM such as ports 1 to n;Port 1 to n be port corresponding with n host of the KVM connection.Pipe Reason end also saves the port KVM corresponding informance.
Process of the invention is as shown in Fig. 2, user proposes the application of operation host to administrator, and administrator is in management software Upper generation user's two dimensional code, user operate on KVM with user's two dimensional code, and KVM scans user's two dimensional code and limits user right.With Family two dimensional code includes at least port m corresponding to the operable host of user, authorization time started t1 and authorization end time t2 etc. Information, it means that the user in t1 to t2 time range, can operate the port the m corresponding host of the KVM;If transcending time Range, user then need to apply for operating right again to administrator, regenerate user's two dimensional code.
The port m can be individual integer and be also possible to an integer set, when m is integer set, it is meant that whole Each integer corresponds to a port in manifold conjunction, and the value range of m is 1 to n;(such as 8 mouthfuls of KVM, it provides 1 and arrives 8, totally 8 ports, 8 hosts of ining succession, user obtains and licenses the 2nd, 5, the host of 6 ports connection, i.e. m be set 2,5, 6})。
User's two dimensional code that the user provides is encrypted by key k.
KVM default is in screen protection state, and under screen protection state, KVM only shows screen protection information, without defeated Any host information out.
Has timer in KVM, it is more than certain between being clocked that when keyboard and mouse are without operation, timer, which starts timing, When one threshold value, KVM enters screen protection state.
The two dimensional code that KVM is provided by scanning user, is decrypted with key k, obtains the operable host port m of user With time range t1 and t2, so that limiting user allows to operate the corresponding host in the port m in t1 and t2 time range.KVM from It spreads its tail an act guard mode, into normal operating conditions.
User can also trigger screen protection button manually when leaving KVM and KVM is made to enter screen protection state.
It can record the event logs such as scanning input, authorization, standby in KVM, for audit.
The two dimensional code that management end generates can not also print, but by taking pictures preservation, KVM by scan the two-dimensional code photo come Identification information.
Compared with prior art, beneficial effects of the present invention:
The present invention passes to KVM, authorization message using encrypted two dimensional code as information transmitting medium, by authorized user message In define time and the host range of user's operation, can accomplish that authorized granularity is more careful compared to the user name and password mode, Deepen the management to host authorization, improves the safety of trustship computer room host service function.
Detailed description of the invention
Fig. 1 is KVM structure schematic diagram;
Fig. 2 is the method for the present invention flow chart.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is to be understood that described embodiments are only a part of the embodiments of the present invention, rather than whole implementation Example.Based on the embodiments of the present invention, those skilled in the art are obtained all without making creative work Other embodiments shall fall within the protection scope of the present invention.
Embodiment
Data center computer room Admin Administration 100 KVM, every KVM have 8 ports, be connected to 8 hosts, amount to 800 Platform host, administrator are that this 100 KVM are initialized in KVM management end.Management end and the two-dimensional barcode information at the end KVM pass It passs using asymmetric encryption mode.Management end has recorded the public key of 100 KVM, and by managing two dimensional code for this 100 KVM Private key be initialised in every KVM.Management end also has recorded the host information that every KVM is connected.
User A uses two hosts of s1, s2 each 2 hours, the timing since current time to administrator's application.S1 and s2 It is both connected on the KVM that number is k, connectivity port is respectively p1 and p2.
Administrator has agreed to the application of user A, and generates user's two dimensional code for it.User's two dimensional code has recorded following letter Breath, name A, KVM the number k of user, host name s1, s2, the port KVM p1, p2, the information such as Authorized operation beginning and ending time t1, t2, User's two dimensional code uses number for the public key encryption of the KVM of k.
User's A handset user two dimensional code is scanned on the KVM that number is k, and KVM is decrypted using the machine private key, confirmation Authorization message, and logged in local record user A in t moment, in p1, p2 port operation s1, s2 host, authorize time range For t1, t2.
User A can be switched between the port p1, p2 before the t2 moment arrives using KVM, and the mesh of operation s1, s2 host is reached 's.
When the t2 moment arrives, if user A does not operate completion, KVM terminates the authorization to A, is transferred to screen protection shape State.
If user's A advance operation is completed, can trigger manually, so that KVM is transferred to screen protection state.
Within the authorization time, if user A is more than not operate for 5 minutes, KVM will be transferred to screen protection state, user A automatically User's two dimensional code can be rescaned, continues to operate.

Claims (6)

1. a kind of KVM user's access authorization methods based on two dimensional code, the steps include:
1) management end is that KVM generates an initialization two dimensional code and is saved in KVM;The initialization two dimensional code include clock t and with The corresponding port information of n host of the KVM connection;Has two-dimensional code scanning device in the KVM;
2) management end is that user i generates user's two dimensional code;User's two dimensional code includes that the operable host institute of the user i is right Answer port information m, authorization time started t1 and authorization end time t2;It include one or more ports in the port information m;
3) when the user i accesses host by the KVM, the two-dimensional code scanning device of the KVM scans user's two dimension of the user i Code obtains port information m corresponding to the operable host of user i, authorization time started t1 and authorization end time t2;
4) at the end of KVM port information m according to corresponding to the operable host of user i, authorization time started t1 and authorization Between t2 determine that can the user i access to the corresponding host of access port information m, if it is possible to access, then limit the use Family i corresponding host of operation port information m in t1 and t2 time range, user can switch between the port for obtaining authorization.
2. the method as described in claim 1, which is characterized in that the initialization two dimensional code further includes key k;The management end passes through Key k is sent to the user i after encrypting to user's two dimensional code of user i;The KVM passes through in the initialization two dimensional code User's two dimensional code of the user i is decrypted in key k, obtains port information m corresponding to the operable host of user i, awards Weigh time started t1 and authorization end time t2.
3. the method as described in claim 1, which is characterized in that have a timer in the KVM, keyboard or mouse as the KVM When mark is without operation, which starts timing;When being more than given threshold between being clocked, which enters screen protection state.
4. method as claimed in claim 3, which is characterized in that KVM default is in screen protection state, in screen protection shape Under state, which only shows screen protection information, without exporting any host information.
5. the method as described in claim 1, which is characterized in that each host corresponds to a port.
6. the method as described in Claims 1 to 5 is any, which is characterized in that when user's i application accesses host by the KVM When, which is that user i generates user's two dimensional code.
CN201610828057.XA 2016-09-18 2016-09-18 A kind of KVM user's access authorization methods based on two dimensional code Expired - Fee Related CN106453262B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610828057.XA CN106453262B (en) 2016-09-18 2016-09-18 A kind of KVM user's access authorization methods based on two dimensional code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610828057.XA CN106453262B (en) 2016-09-18 2016-09-18 A kind of KVM user's access authorization methods based on two dimensional code

Publications (2)

Publication Number Publication Date
CN106453262A CN106453262A (en) 2017-02-22
CN106453262B true CN106453262B (en) 2019-06-28

Family

ID=58169288

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610828057.XA Expired - Fee Related CN106453262B (en) 2016-09-18 2016-09-18 A kind of KVM user's access authorization methods based on two dimensional code

Country Status (1)

Country Link
CN (1) CN106453262B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8473651B1 (en) * 2009-04-29 2013-06-25 Clisertec Corporation Isolated protected access device
CN104065652B (en) * 2014-06-09 2015-10-14 北京石盾科技有限公司 A kind of auth method, device, system and relevant device
CN104809378A (en) * 2015-04-30 2015-07-29 山东超越数控电子有限公司 User authentication design method of KVM (Kernel-based Virtual Machine) local management system
CN105117032A (en) * 2015-08-26 2015-12-02 无锡伊佩克科技有限公司 Two-dimensional code verification-based computer wireless keyboard

Also Published As

Publication number Publication date
CN106453262A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN106104562B (en) System and method for securely storing and recovering confidential data
Lin et al. Spate: small-group pki-less authenticated trust establishment
CN102687483B (en) The provisional registration of equipment
CN101447010B (en) Login system and method for logging in
EP1610202B1 (en) Using a portable security token to facilitate public key certification for devices in a network
US8769289B1 (en) Authentication of a user accessing a protected resource using multi-channel protocol
CN109361508B (en) Data transmission method, electronic device and computer readable storage medium
TWI642288B (en) Instant communication method and system
CN104410967B (en) A kind of method, apparatus and system being attached
CN107251035A (en) Account recovers agreement
CN106790037B (en) User mode encrypted instant messaging method and system
JP2016502377A (en) How to provide safety using safety calculations
KR20070107160A (en) Secure device authentication
CN102195930B (en) Security access method among equipment and communication equipment
CN106230594B (en) Method for user authentication based on dynamic password
CN103546421A (en) Network work communication security and secrecy system on basis of PKI (public key infrastructure) technology and method for implementing network work communication security and secrecy system
CN106713279A (en) Video terminal identity authentication system
CN104202163A (en) Password system based on mobile terminal
CN104901940A (en) 802.1X network access method based on combined public key cryptosystem (CPK) identity authentication
CN108881243A (en) (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK
Studer et al. Mobile user location-specific encryption (MULE) using your office as your password
KR102068041B1 (en) Appratus and method of user authentication and digital signature using user's biometrics
JP2012181716A (en) Authentication method using color password and system
CN106453262B (en) A kind of KVM user's access authorization methods based on two dimensional code
JP2017530636A (en) Authentication stick

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190628

Termination date: 20210918