CN115544589A - I/O port prevention and control method and electronic equipment - Google Patents

I/O port prevention and control method and electronic equipment Download PDF

Info

Publication number
CN115544589A
CN115544589A CN202210780735.5A CN202210780735A CN115544589A CN 115544589 A CN115544589 A CN 115544589A CN 202210780735 A CN202210780735 A CN 202210780735A CN 115544589 A CN115544589 A CN 115544589A
Authority
CN
China
Prior art keywords
information
verified
port
verification
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210780735.5A
Other languages
Chinese (zh)
Inventor
苟浩淞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Sichuan Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Sichuan Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Sichuan Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202210780735.5A priority Critical patent/CN115544589A/en
Publication of CN115544589A publication Critical patent/CN115544589A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Alarm Systems (AREA)

Abstract

The application discloses a prevention and control method of an I/O port and electronic equipment, and belongs to the field of computer information security management. The prevention and control method comprises the following steps: receiving request information to be verified, wherein the request information comprises the information to be verified for requesting to start an I/O port; and starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information, or executing an alarm operation under the condition that the information to be verified fails the verification according to the stored verification information.

Description

I/O port prevention and control method and electronic equipment
Technical Field
The application belongs to the field of computer information security management, and particularly relates to a method for preventing and controlling an I/O port and electronic equipment.
Background
With the development of computer technology and network technology, the office automation level of modern enterprises is gradually improved, the dependence of enterprises on computers and networks is increasingly strengthened, and the problem of information security becomes an inevitable major problem for enterprises. Among them, the problem of confidential data leakage is an abnormal concern for many high and new technology enterprises, because the leakage of confidential data will cause immeasurable loss to the enterprises. In order to avoid leakage of confidential data, many enterprises take a series of measures.
Most enterprises isolate the computer storing confidential data from the external network, and use the intranet and private network of the enterprise to prevent the outside personnel from illegally accessing the unit data, but cannot avoid the unit personnel from accessing the data information on the computers of other people, and most of the input/output (I/O) ports of the existing computers are not encrypted, so that the data on the computers cannot be effectively prevented from being transmitted through the I/O ports under the condition of not allowing, and the data is illegally stolen, thereby causing great loss to users.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method for preventing and controlling an I/O port and an electronic device, which can solve the problem that data is stolen through the I/O port, and prevent the data from being illegally accessed.
In a first aspect, an embodiment of the present application provides a method for preventing and controlling an I/O port, where the method includes: receiving request information to be verified, wherein the request information comprises the information to be verified for requesting to start an I/O port; and starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information.
In a second aspect, an embodiment of the present application provides a method for preventing and controlling an I/O port, where the method includes: receiving request information to be verified, wherein the request information comprises the information to be verified for requesting to start an I/O port; and executing alarm operation under the condition that the information to be verified is not verified according to the stored verification information.
In a third aspect, an embodiment of the present application provides an apparatus for preventing and controlling an I/O port, where the apparatus includes: the device comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving request information to be verified, and the request information comprises the information to be verified for requesting to start an I/O port; the verification module is used for verifying the request information; and the execution module is used for starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information, or executing an alarm operation under the condition that the information to be verified fails the verification according to the stored verification information.
In a fourth aspect, embodiments of the present application provide an electronic device comprising a processor and a memory, the memory storing a program or instructions executable on the processor, the program or instructions, when executed by the processor, implementing the steps of the method according to the first aspect or the second aspect.
In a fifth aspect, the present embodiments provide a readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the method according to the first or second aspect.
In the embodiment of the application, before the I/O port is started, the information to be verified is obtained, and the I/O port is started again under the condition that the information to be verified passes verification according to the stored verification information, so that the problem that data is stolen through the I/O port can be avoided, and the data is effectively prevented from being illegally read or stolen.
Drawings
FIG. 1 is a flow chart illustrating a method for controlling an I/O port according to an embodiment of the present disclosure;
FIG. 2 is a flow chart illustrating a method for controlling an I/O port according to another embodiment of the present disclosure;
FIG. 3 is a schematic diagram of the I/O port protection device according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a prevention and control device of an I/O port in another embodiment of the present application;
FIG. 5 is a schematic diagram of an information processing module in an embodiment of the present application;
FIG. 6 is a diagram of a database module in an embodiment of the present application;
FIG. 7 is a schematic diagram of an alarm module in one embodiment of the present application;
FIG. 8 is a schematic view of an electronic device in one embodiment of the present application;
fig. 9 is a schematic hardware structure diagram of an electronic device implementing an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present disclosure.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application are capable of operation in sequences other than those illustrated or described herein, and that the terms "first," "second," etc. are generally used in a generic sense and do not limit the number of terms, e.g., a first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
The following describes in detail a method for preventing and controlling an I/O port according to an embodiment of the present application with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating a method for preventing an I/O port according to an embodiment of the present application, where as shown in fig. 1, the method 100 may include the following steps.
S110: receiving request information to be verified, wherein the request information comprises the information to be verified for requesting to enable the I/O port.
In the embodiment of the present application, if a host or a related terminal needs to be accessed (including reading or storing data on the host or the related terminal), an I/O port needs to be enabled, and only when the I/O port is enabled, an accessor is allowed to access the host or the related terminal, where the enabling of the I/O port is premised on that whether external access meets a preset requirement needs to be determined. Therefore, when the visitor inputs the relevant request information to be verified (including the request information to be verified), the prevention and control method of the embodiment of the application needs to receive the request information to be verified, so as to verify the request information to be verified subsequently. In one possible implementation, the information to be verified may be a password; for example, it may be a commonly used password composed of numbers and/or characters and/or letters, etc.
S112: and starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information.
In the embodiment of the application, after the request information to be verified is received, the information to be verified is verified, whether the information to be verified meets the condition that the verification is passed or not is judged, and if the information to be verified meets the condition that the verification is passed, the I/O port is started. Taking a common password as an example, if the stored password is 123456, when the password to be verified input by the visitor is 123456, the stored password is the same as the input password to be verified and meets the condition that the verification passes, so that the I/O port can be enabled to allow the visitor to access the host or the related terminal; when the password to be verified input by the visitor is 456123, the stored password is different from the password to be verified and does not meet the condition of passing verification, so that the I/O port cannot be started, and illegal or unauthorized access of the visitor is prevented. Of course, according to actual situations or requirements, other verification manners similar to or capable of achieving the same effect may be adopted in the embodiments of the present application, and the embodiments of the present application do not limit the embodiments of the present application.
S114: and executing alarm operation under the condition that the information to be verified is not verified according to the stored verification information.
In the embodiment of the application, after the request information to be verified is received, the information to be verified is verified, whether the information to be verified meets the condition that the verification fails or not is judged, and if the information to be verified meets the condition that the verification fails, an alarm operation is executed. Taking a common password as an example, if the stored password is 123456, when the password to be verified input by the visitor is 456123, the stored password is different from the password to be verified, and does not meet the condition of passing verification, so that the I/O port cannot be enabled, and illegal or unauthorized access of the visitor is prevented. Meanwhile, as the information to be verified is not verified, related alarm operation can be executed for ensuring the data security; for example, the performed alert operation may be issuing an alert message to a visitor, sending an alert message to an administrator, locking an associated device, and so forth.
Obviously, the above steps S112 and S114 respectively describe two cases (pass and fail) of the verification result in detail, that is, there are two possibilities that the verification result of the information to be verified passes and fails, but those skilled in the art should understand that when the information to be verified is specifically verified for a certain time, it has only one verification result, either verification passes or verification fails.
In one possible implementation, before receiving the request information to be verified, the method further includes: and prompting to input the information to be verified under the condition that the I/O port is monitored to be requested to be enabled.
And monitoring the starting state of the I/O port, and indicating that a visitor needs to access the host or the related terminal under the condition that the I/O port is monitored to be requested to be started. When there is external access, it is necessary to verify whether the external access meets the requirements (authorized access or unauthorized access), and further, it is necessary to verify whether the information to be verified meets the passing conditions, and then the visitor is prompted to input the information to be verified. Under the condition that the I/O port is not monitored to be requested to be started, relevant verification work is not needed, the information to be verified is not needed to be prompted to be input, the prevention and control method of the embodiment of the application is not needed, and the monitoring work is continued. By monitoring whether the I/O port is requested to be enabled or not, the execution efficiency of the I/O port prevention and control method in the embodiment of the application can be improved.
In a possible implementation manner, the verifying the to-be-verified information according to the stored verification information includes:
carrying out format conversion on the information to be verified; comparing the information to be verified after format conversion with stored verification information; and determining whether the verification of the information to be verified passes according to whether the information to be verified is matched with the verification information.
Obviously, it should be understood by those skilled in the art that, besides formatting the information to be verified, other related processing may also be performed on the information to be verified (if needed), and the purpose of the processing is to facilitate comparing the information to be verified with stored verification information and determine whether verification passes, and in order to avoid redundancy, various ways of processing the information to be verified in the embodiments of the present application are not listed one by one.
In one possible implementation, the method further includes:
judging whether the current verification times exceed preset times or not under the condition that the information to be verified is not verified according to the stored verification information;
prompting to input the information to be verified again under the condition that the current verification times do not exceed the preset times, and verifying the information to be verified which is input again;
and executing alarm operation under the condition that the current verification times exceed the preset times.
As described above, in the case where the information to be verified is not verified according to the stored verification information, the alarm operation is performed. However, in practical situations, it is inevitable that the valid or authorized visitor fails the authentication for its own or external reasons. For example, the most common situation is that the visitor inadvertently causes the authentication information to be inputted this time to be different from the stored authentication information, resulting in the authentication failing. Therefore, if the alarm operation is mechanically executed as long as the input information to be verified is wrong, not only some psychological stress is brought to the visitor, but also unnecessary resource waste is brought due to the execution of the alarm operation. In order to solve the problem, the times of failed verification can be preset or related fault tolerance is established, and whether the current verification times exceed the preset times or not is judged under the condition that the information to be verified is not verified according to the stored verification information; and prompting to input the information to be verified again when the current verification frequency does not exceed the preset frequency, and verifying the input information to be verified again. As for the preset times, the fault tolerance is large, and the fault tolerance can be set according to the actual situation. And executing the alarm operation under the condition that the current verification times exceed the preset times, thereby avoiding some unnecessary alarm operations.
In one possible implementation, the performing the alarm operation includes at least one of:
sending an alarm message to a target terminal;
recording the occurrence time of the information to be verified failing to be verified;
identifying and storing face information of unauthorized persons;
sending the face information of the identified unauthorized person;
storing photo information for photographing unauthorized persons;
sending photo information for photographing unauthorized persons;
controlling a shutdown of a host associated with the I/O port. And the host is closed, so that the further damage of dangerous behaviors (unauthorized behaviors) can be effectively prevented.
Obviously, it should be understood by those skilled in the art that, in addition to the above-listed alarm operations, other alarm operations may be set according to actual requirements to achieve the same or similar technical effects, and details are not described herein again.
In a possible implementation manner, before the receiving the request information to be verified, the method further includes: storing at least one of the following information:
identity information of the administrator; the identity information of the administrator can be used for determining the identity of the administrator and determining the related management authority of the administrator.
The authentication information; the verification information is mainly used for comparing the information to be verified subsequently, and distinguishing or judging which accesses are authorized accesses and which accesses are unauthorized accesses.
And description information of the alarm operation. The description information of various alarm operations can be set and stored according to actual requirements.
In the embodiment of the application, request information to be verified is received, wherein the request information comprises the information to be verified for requesting to enable an I/O port; starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information; or executing alarm operation under the condition that the information to be verified is not verified according to the stored verification information. Because the access (or the starting of the I/O port) needs to be verified, when the I/O port is used, information to be verified needs to be input so as to judge whether the I/O port is used by an administrator or an authorized visitor, so that illegal use of unauthorized personnel can be limited, the basic channel of information leakage can be started, the safety of the use of the I/O port can be effectively protected, and the phenomenon of leakage (including data leakage) is avoided.
Fig. 2 is a flowchart illustrating a method for preventing an I/O port according to another embodiment of the present application, and as shown in fig. 2, the method 200 may include the following steps.
And S210, presetting related parameters or information.
In the embodiment of the present application, relevant parameters or information may be preset according to a prevention and control requirement for the I/O port, including entering administrator information (including identity information of an administrator) and setting authentication information (for example, an authentication password) of the I/O port. Meanwhile, preset relevant parameters or information can be stored in a database. And calling the parameters or the information when the I/O port prevention and control method is executed. For example, when a password to be authenticated input by a visitor needs to be authenticated, an authentication password (also referred to as an activation password) stored in advance in a database is called, and the activation password is used for authenticating the received password to be authenticated.
S212, receiving the password to be verified input by the visitor.
In the embodiment of the application, if the visitor needs to read or store the host or the related terminal (including reading or storing data of the host or the related terminal), since the prevention and control of the I/O port is set, the visitor is allowed to access only if the I/O port is enabled. When the visitor needs to access the host or the related terminal, the visitor can input the password to be verified according to the prompt message; accordingly, the prevention and control method according to the embodiment of the present application needs to receive a password to be authenticated, which is input by an accessor, so as to subsequently determine whether the accessor is a valid accessor, and whether the access is a valid access (authorized access).
S214, the password to be verified is verified.
In the embodiment of the application, after a password to be verified input by an accessor is received, the password to be verified is compared with a verification password (activation password) existing in a database (or other storage forms), whether the input password to be verified meets the requirement is verified, if the password to be verified meets the requirement, the verification is passed, otherwise, the verification is not passed.
And S216, performing corresponding operation according to the verification result.
In the embodiment of the application, corresponding operations are performed according to the verification result, wherein the operations comprise operations when the verification passes and operations when the verification fails. In a possible implementation manner, the I/O port is enabled when the password to be authenticated is authenticated according to the stored authentication password, or an alarm operation is performed when the password to be authenticated is not authenticated according to the stored authentication password. Obviously, in a possible implementation, the I/O port may also be enabled if the verification is passed, and may also be prevented from unauthorized access without performing any operation if the verification is not passed (i.e., the I/O port is still in an enabled state).
In one possible implementation manner, the prevention and control method further includes: and setting management authority, including the authority for changing the administrator information and the authority for modifying the I/O port activation password. For example, setting the administrator information may include setting the administrator identity information and a mobile phone number (indicating a target terminal), the set administrator identity information may be used for only the administrator has the right to change the entered port activation password, and the set administrator mobile phone number may be used for receiving the alarm information.
In a possible implementation manner, the prevention and control method further includes monitoring an enabling state of the I/O port, and in a case that it is monitored that the I/O port is requested to be enabled, indicating that a visitor needs to access the host or the related terminal. When there is external access, it needs to verify whether the external access meets the requirements (authorized access or unauthorized access), and further, if it needs to verify whether the information to be verified meets the passing conditions, it needs to prompt the visitor to input the information to be verified. Under the condition that the I/O port is not requested to be started, relevant verification work is not needed, the information to be verified is not needed to be prompted to be input, the prevention and control method of the embodiment of the application is not needed, and the monitoring work is continued.
In an embodiment of the application, the alarm operation in the prevention and control method includes at least one of the following modes:
sending an alarm message to a target terminal; for example, the generated alarm information is sent to a target terminal preset by an administrator (a terminal corresponding to a preset mobile phone number) to warn the administrator of illegal or unauthorized access.
Recording the occurrence time of the information to be verified failing to be verified;
identifying and storing face information of unauthorized persons;
sending the face information of the identified unauthorized person;
storing photo information for photographing unauthorized persons; for example, for access to an unauthorized enabled I/O port, an unauthorized person is photographed and the recorded photograph information is stored in a database.
Sending photo information for photographing unauthorized persons;
controlling a host associated with the I/O port to shut down; when the visitor is identified as unauthorized access, the control information is sent out to control the computer to automatically shut down, so that the prevention and control safety is further improved.
In an embodiment of the application, the prevention and control method further includes storing data of multiple types and purposes. For example, the identity information of the set administrator is stored in an encrypted manner; encrypting and storing the set I/O port activation password; storing data and photo information generated after the alarm operation is executed; the time when the alarm occurred and facial information of unauthorized persons may also be stored.
In a possible implementation manner, verifying the password to be verified according to the stored verification password further includes:
carrying out format conversion processing on the data format of the password to be verified of the I/O port input by the visitor, comparing the password to be verified after data format conversion with the stored verification password, outputting a comparison result, determining whether the password to be verified of the I/O port input by the visitor is correct or not, and controlling whether the I/O port can be started or not according to the correctness of the password to be verified.
In the embodiment of the application, request information to be verified is received, wherein the request information comprises a password to be verified for requesting to start an I/O port; starting the I/O port under the condition that the password to be verified passes the verification according to the stored verification password; or executing alarm operation under the condition that the password to be verified is not verified according to the stored verification password. Because the access (or the starting of the I/O port) needs to be verified, when the I/O port is used, a password to be verified needs to be input so as to judge whether the password is used by an administrator or an accessor authorized by the administrator, thereby limiting the illegal use of unauthorized personnel, starting from a basic channel of information leakage, effectively protecting the use safety of the I/O port and avoiding the leakage phenomenon.
According to the I/O port prevention and control method provided by the embodiment of the application, the execution main body can be an I/O port prevention and control device. In the embodiment of the present application, a method for executing the prevention and control of the I/O port by using the prevention and control device of the I/O port is taken as an example, and the prevention and control device of the I/O port provided in the embodiment of the present application is described.
The embodiment of the application provides a prevention and control device for an I/O port, as shown in fig. 3. Fig. 3 is a schematic structural diagram of an I/O port protection device according to an embodiment of the present application, where the protection device 300 mainly includes: a receiving module 301, a verifying module 302 and an executing module 303.
The receiving module 301 is configured to receive request information to be authenticated, where the request information includes information to be authenticated for requesting to enable an I/O port.
For more detailed implementation of the receiving module 301 in the embodiment of the present application, reference may be specifically made to the related description of step S110 in the method 100, and for avoiding repetition, details are not described herein again.
A verification module 302, configured to verify the request information;
an executing module 303, configured to enable the I/O port when the to-be-verified information is verified according to the stored verification information, or execute an alarm operation when the to-be-verified information is not verified according to the stored verification information.
For more detailed implementation of the verification module 302 and the execution module 303 in this embodiment, reference may be specifically made to relevant descriptions of step S112 and step S114 in the method 100, and for avoiding repetition, details are not repeated here.
In a possible implementation manner, the prevention and control device further includes a monitoring module, configured to prompt to input information to be verified when it is monitored that the I/O port is requested to be enabled before receiving the information to be verified. For more detailed implementation of the monitoring module in the embodiment of the present application, reference may be specifically made to relevant descriptions in the method 100, and for avoiding repetition, details are not described herein again.
In a possible implementation manner, the verifying module 302 verifying the to-be-verified information according to the stored verification information includes:
carrying out format conversion on the information to be verified;
comparing the information to be verified after format conversion with stored verification information;
and determining whether the verification of the information to be verified passes according to whether the information to be verified is matched with the verification information.
For more detailed implementation of the verification module 302 in the embodiment of the present application, reference may be specifically made to relevant descriptions in the method 100, and for avoiding repetition, details are not described herein again.
In a possible implementation manner, the prevention and control device further includes a statistical module, configured to determine whether the current verification frequency exceeds a preset frequency under the condition that the stored verification information fails to verify the information to be verified; prompting to input the information to be verified again under the condition that the current verification times do not exceed the preset times, and verifying the information to be verified which is input again; and executing alarm operation under the condition that the current verification times exceed the preset times.
For a more detailed implementation of the statistical module in the embodiment of the present application, reference may be specifically made to the related description in the method 100, and details are not repeated here to avoid repetition.
In a possible implementation manner, the executing module 303 executes an alarm operation, which includes at least one of:
sending an alarm message to a target terminal;
recording the occurrence time of the failed verification of the information to be verified;
identifying and storing face information of unauthorized persons;
sending the face information of the identified unauthorized person;
storing photo information for photographing unauthorized persons;
sending photo information for photographing unauthorized persons;
controlling a shutdown of a host associated with the I/O port.
For more detailed implementation of the execution module 303 in the embodiment of the present application, reference may be specifically made to relevant descriptions in the method 100, and for avoiding repetition, details are not described herein again.
In a possible implementation manner, the apparatus further includes a storage module, configured to store, before the receiving of the request information to be verified, at least one of the following information:
identity information of the administrator;
the verification information;
and description information of the alarm operation.
For more detailed implementation of the storage module in the embodiment of the present application, reference may be specifically made to the related description in the method 100, and details are not repeated here for avoiding repetition.
In the embodiment of the application, the prevention and control device receives request information to be verified, wherein the request information comprises the information to be verified for requesting to start an I/O port; enabling the I/O port under the condition that the information to be verified passes the verification according to the stored verification information; or executing alarm operation under the condition that the information to be verified is not verified according to the stored verification information. Because the access (or the starting of the I/O port) needs to be verified, when the I/O port is used, information to be verified needs to be input so as to judge whether the information is used by an administrator or an accessor authorized by the administrator, thereby limiting the illegal use of unauthorized personnel, starting from a basic channel of information leakage, effectively protecting the use safety of the I/O port and avoiding the leakage phenomenon. In addition, the prevention and control device provided by the embodiment of the application can realize hardware and productization, and is convenient to manufacture and produce in batches.
The embodiment of the application provides another prevention and control device for an I/O port, as shown in FIG. 4. Fig. 4 is a schematic structural diagram of an I/O port prevention and control device according to another embodiment of the present application, where the prevention and control device mainly includes: the system comprises a central processing unit, a client module, a user information input module, an I/O port state monitoring module, a database module, an identity information verification module and an alarm module.
The client module, the user information input module, the I/O port state monitoring module, the database module, the identity information verification module and the alarm module are all connected with the central processing unit, and the user information input module is connected with the client module. The user information input module is used for inputting user information (administrator information) and setting an activation password of the I/O port, the database module is used for storing the information input by the user information input module, the identity information verification module is used for verifying identity information of a client operation visitor, and the alarm module is used for giving an alarm for illegal use of the I/O port.
In a possible implementation manner, the client module can set administrator information through the user information input module and input identity information of an administrator, the administrator can input an activation password of the used I/O port through the user information input module, when the identity information of the administrator is input, a mobile phone number of the administrator is input and used for sending alarm information in a later period, and only the administrator can change the activation password after the activation password of the I/O port is input.
In a possible implementation manner, the I/O port state monitoring module is configured to monitor a state of whether the I/O port is enabled, and feed back a monitoring result to the central processing unit in real time, start the identity information verification module when it is monitored that the I/O port is requested to be enabled, and feed back the status to the central processing unit when it is monitored that the I/O port is not requested to be used, and then continue monitoring.
In a possible implementation manner, the prevention and control device may further include: the device comprises a verification information feedback module, a verification information counting module and a wireless signal transmission module. The verification information counting module is used for counting the verification times of the identity information verification module. The verification information counting module only counts wrong verification times (failure verification times), compares the wrong verification times with preset times in the database module every time the wrong verification times are counted, and sends a signal to the central processing unit until the wrong verification times are the same as the preset times. The verification information feedback module is used for feeding back the result processed by the information processing module to the central processing unit, and the central processing unit controls whether the I/O port can be started or not according to the result fed back by the verification information feedback module.
In one possible implementation manner, the identity information verification module comprises a verification information input module and an information processing module; the authentication information input module is used for inputting information to be authenticated (such as a password to be authenticated) of the I/O port input by the visitor; the information processing module is used for carrying out verification processing on the information to be verified of the I/O port input by the visitor. The verification information entry module is used for entering information to be verified input by an accessor.
In one possible implementation, the information processing module may adopt a structure as shown in fig. 5. Fig. 5 is a schematic structural diagram of an information processing module in an embodiment of the present application. As shown in fig. 5, the information processing module includes: the device comprises a data sorting unit, a data comparison unit and a comparison result integration unit. The data sorting unit is used for converting the data format of the information to be verified of the I/O port input by the visitor and sending the processed data information to the data comparison unit; the data comparison unit is used for comparing the data after the data format conversion with the stored verification information and transmitting a comparison result to the comparison result integration unit; and the comparison result comprehensive unit is used for comprehensively judging the result processed by the data comparison unit and determining whether the information to be verified of the I/O port input by the visitor is correct or not.
In one possible implementation, the database module is shown in fig. 6. FIG. 6 is a schematic structural diagram of a database module in an embodiment of the present application, where the database module includes a user information storage unit, a port activation password storage unit, and an alarm information storage unit. The user information storage unit is used for encrypting and storing the set identity information of the administrator; the port activation password storage unit is used for carrying out encryption storage on the activation password of the set I/O port; the alarm information storage unit is used for storing data and picture (photo) information generated after the alarm module is started, and is mainly used for storing the time when the alarm occurs and the face information of unauthorized people.
In one possible implementation, the alarm module is shown in fig. 7. Fig. 7 is a schematic structural diagram of an alarm module in an embodiment of the present application, and as shown in fig. 7, the alarm module includes an alarm information sending unit, a picture recording unit, a face recognition unit, and an automatic shutdown unit. The alarm information sending unit is used for sending the generated alarm information to a mobile phone of an administrator to warn the administrator; the picture recording unit is used for shooting the visitor illegally starting the I/O port, storing the shot picture (photo) information into the database module and also sending the photo information for shooting unauthorized people; and the automatic shutdown unit controls the computer to automatically shut down after receiving the signal of the central processing unit.
In a possible implementation manner, the prevention and control device further comprises a wireless signal transmission module, the wireless signal transmission module is connected with the central processing unit, and the alarm information sending unit sends the alarm information to the mobile phone of the administrator through the wireless signal transmission module; the picture recording unit may perform shooting recording for the visitor using a camera on the computer.
In a possible implementation manner, the face recognition unit is configured to recognize and analyze a face. The face recognition is carried out based on Haar features, the face feature extraction is carried out based on Local Binary Pattern (LBP) feature extraction of a key point neighborhood, the face features are extracted, classification is carried out by utilizing a Support Vector Machine (SVM) algorithm, discrimination parameter calculation is carried out based on the extracted face features, and the face is recognized and judged.
In a possible implementation manner, the face recognition unit may be further configured to: the image frame number is acquired, each frame of the image is read (frame separation acquisition can be carried out according to needs), framing operation is carried out, and gray scale operation is carried out on the image obtained after framing processing is finished (in order to reduce the original data quantity of the image, the calculation quantity is less when subsequent processing is facilitated). After the face image is recognized, an integral image is constructed, the pixel accumulation sum of all matrix areas in the image is calculated, the difference of the pixel sum of a white area and the pixel sum of a black area is subtracted to obtain a Haar characteristic value, and face characteristic quantization is achieved to distinguish a face from a non-face.
In a possible implementation manner, in the face recognition unit, during face feature extraction, the whole image is read and divided into 16 × 16 small regions, for one pixel in each region, the gray values of 8 adjacent pixels are compared with each other to obtain the LBP value of the pixel point in the center of the window, the frequency of occurrence of each number (assumed to be a decimal LBP value) is calculated, then normalization processing is performed on the frequency histogram, and finally the obtained statistical histograms of each region are connected to form a feature vector. The extraction of the face features, the adoption of geometric features for face recognition on the front side generally extracts the positions of characteristic points of human eyes, mouth and nose and the geometric shapes of important organs such as eyes and the like as classification features, because the face is composed of parts such as eyes, nose, mouth, chin and the like, and because the shapes, sizes and structural differences of the parts cause each face to be different in the world, the geometric description of the shapes and structural relationships of the parts can be used as the important features of face recognition.
When the prevention and control device works, the client module can enter the prevention and control device, and in the using process of the device, the I/O port state monitoring module is used for monitoring whether the I/O port state is started or not and feeding back the monitoring result to the central processing unit in real time; when the I/O port state is monitored to be requested to be used, the identity information verification module is started, and the visitor processes and judges the password to be verified of the I/O port through the verification information input module and the information processing module. Firstly, the data sorting unit is used for converting the data format of the information to be verified of the I/O port input by the visitor and sending the processed data information to the data comparison unit; the data comparison unit is used for comparing the data after the data format conversion with the data stored in the port activation password storage unit and transmitting a comparison result to the comparison result integration unit; the comparison result comprehensive unit is used for comprehensively judging the result processed by the data comparison unit, determining whether the information to be verified of the I/O port input by the visitor is correct or not, and feeding back the result to the central processing unit through the verification information feedback module; and then, identity information verification is continued, the verification information counting module counts once every time when verification is wrong, the count is compared with a preset value (preset times) in the database module every time, a signal is sent to the central processing unit until the count is the same as the preset value, and at the moment, the alarm module is started. The system comprises a verification information counting module, an alarm module, a wireless signal transmission module, a picture recording unit, a database module and a terminal activation password storage unit, wherein the preset value of the verification information counting module can be set by an administrator through the user information input module and stored in the terminal activation password storage unit in the database module; meanwhile, the automatic shutdown unit controls the computer to automatically shut down after receiving the signal of the central processing unit, further damage of dangerous behaviors is effectively prevented, the safety is high, and the use is convenient.
The prevention and control device of the I/O port in the embodiment of the present application may be an electronic device, or may be a component in the electronic device, such as an integrated circuit or a chip. The electronic device may be a terminal, or may be a device other than a terminal. The electronic Device may be, for example, a Mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic Device, a Mobile Internet Device (MID), an Augmented Reality (AR)/Virtual Reality (VR) Device, a robot, a wearable Device, an ultra-Mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and may also be a server, a Network Attached Storage (Network Attached Storage, NAS), a personal computer (NAS), a Television (TV), an assistant, a teller machine, a self-service machine, and the like, and the embodiments of the present application are not limited in particular.
The prevention and control device of the I/O port in the embodiment of the present application may be a device having an operating system. The operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, and embodiments of the present application are not limited specifically.
The I/O port prevention and control apparatus provided in this embodiment of the present application can implement each process implemented in the method embodiments of fig. 1 to fig. 2, and is not described here again to avoid repetition.
Optionally, as shown in fig. 8, an electronic device 800 is further provided in this embodiment of the present application, and includes a processor 801 and a memory 802, where the memory 802 stores a program or an instruction that can be executed on the processor 801, and when the program or the instruction is executed by the processor 801, the steps of the method embodiment described in fig. 1 to 2 are implemented, and the same technical effect can be achieved, and are not described again here to avoid repetition.
It should be noted that the electronic device in the embodiment of the present application includes the mobile electronic device and the non-mobile electronic device described above.
Fig. 9 is a schematic diagram of a hardware structure of an electronic device implementing the embodiment of the present application.
The electronic device 900 includes, but is not limited to: a radio frequency unit 901, a network module 902, an audio output unit 903, an input unit 904, a sensor 905, a display unit 906, a user input unit 907, an interface unit 908, a memory 909, and a processor 910.
Those skilled in the art will appreciate that the electronic device 900 may further include a power source (e.g., a battery) for supplying power to various components, and the power source may be logically connected to the processor 910 through a power management system, so as to manage charging, discharging, and power consumption management functions through the power management system. The electronic device structure shown in fig. 9 does not constitute a limitation to the electronic device, and the electronic device may include more or less components than those shown, or combine some components, or arrange different components, and thus, the description is omitted here.
The processor 910 is configured to execute corresponding functions in the method for preventing and controlling an I/O port according to the embodiment of the present application.
It should be understood that, in the embodiment of the present application, the input Unit 904 may include a Graphics Processing Unit (GPU) 9041 and a microphone 9042, and the Graphics processor 9041 processes image data of a still picture or a video obtained by an image capturing device (such as a camera) in a video capture mode or an image capture mode. The display unit 906 may include a display panel 9061, and the display panel 9061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 907 includes at least one of a touch panel 9071 and other input devices 9072. A touch panel 9071 also referred to as a touch screen. The touch panel 9071 may include two parts, a touch detection device and a touch controller. Other input devices 9072 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.
The memory 909 may be used to store software programs as well as various data. The memory 909 may mainly include a first storage area storing a program or an instruction and a second storage area storing data, wherein the first storage area may store an operating system, an application program or an instruction (such as a sound playing function, an image playing function, and the like) required for at least one function, and the like. Further, the memory 909 may include volatile memory or nonvolatile memory, or the memory 909 may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. The volatile Memory may be a Random Access Memory (RAM), a Static Random Access Memory (Static RAM, SRAM), a Dynamic Random Access Memory (Dynamic RAM, DRAM), a Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), a Double Data Rate Synchronous Dynamic Random Access Memory (Double Data Rate SDRAM, ddr SDRAM), an Enhanced Synchronous SDRAM (ESDRAM), a Synchronous Link DRAM (SLDRAM), and a Direct bus RAM (DRRAM). The memory 909 in the embodiments of the subject application includes, but is not limited to, these and any other suitable types of memory.
Processor 910 may include one or more processing units; optionally, the processor 910 integrates an application processor, which mainly handles operations related to the operating system, user interface, and applications, and a modem processor, which mainly handles wireless communication signals, such as a baseband processor. It is to be appreciated that the modem processor described above may not be integrated into processor 910.
The embodiment of the present application further provides a readable storage medium, where a program or an instruction is stored on the readable storage medium, and when the program or the instruction is executed by a processor, the program or the instruction implements the processes of the embodiments of the method 100 and the method 200, and can achieve the same technical effect, and in order to avoid repetition, details are not repeated here.
The processor is the processor in the electronic device described in the above embodiment. The readable storage medium includes a computer readable storage medium, such as a computer read only memory ROM, a random access memory RAM, a magnetic or optical disk, and the like.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element. Further, it should be noted that the scope of the methods and apparatus of the embodiments of the present application is not limited to performing the functions in the order illustrated or discussed, but may include performing the functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the methods described may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation. Based on such understanding, the technical solutions of the present application may be embodied in the form of a computer software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
While the present embodiments have been described with reference to the accompanying drawings, it is to be understood that the present embodiments are not limited to those precise embodiments, which are intended to be illustrative rather than restrictive, and that various changes and modifications may be effected therein by one skilled in the art without departing from the scope of the appended claims.

Claims (10)

1. A method for preventing and controlling an I/O port, comprising:
receiving request information to be verified, wherein the request information comprises the information to be verified for requesting to start an I/O port;
and starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information.
2. The method of claim 1, further comprising: and executing alarm operation under the condition that the information to be verified is not verified according to the stored verification information.
3. The method of claim 1, wherein prior to receiving the requested information to be authenticated, the method further comprises:
and prompting to input the information to be verified under the condition that the I/O port is monitored to be requested to be enabled.
4. The method according to any one of claims 1 to 3, wherein the verifying the information to be verified according to the stored verification information comprises:
carrying out format conversion on the information to be verified;
comparing the information to be verified after format conversion with stored verification information;
and determining whether the verification of the information to be verified passes according to whether the information to be verified is matched with the verification information.
5. The method according to claim 2, wherein in case that the information to be verified is not verified according to the stored verification information, performing an alarm operation, comprising:
judging whether the current verification times exceed preset times or not under the condition that the information to be verified is not verified according to the stored verification information;
prompting to input the information to be verified again under the condition that the current verification times do not exceed the preset times, and verifying the information to be verified which is input again;
and executing alarm operation under the condition that the current verification times exceed the preset times.
6. The method of claim 2 or 5, wherein the performing an alarm operation comprises at least one of:
sending an alarm message to a target terminal;
recording the occurrence time of the information to be verified failing to be verified;
identifying and storing face information of unauthorized persons;
sending the face information of the identified unauthorized person;
storing photo information for photographing unauthorized persons;
sending photo information for photographing unauthorized persons;
controlling a shutdown of a host associated with the I/O port.
7. The method of claim 1, wherein prior to the receiving the requested information to be verified, the method further comprises:
storing at least one of:
identity information of the administrator;
the verification information;
and description information of the alarm operation.
8. An I/O port protection device, comprising:
the device comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving request information to be verified, and the request information comprises the information to be verified for requesting to start an I/O port;
the verification module is used for verifying the request information;
and the execution module is used for starting the I/O port under the condition that the information to be verified passes the verification according to the stored verification information, or executing alarm operation under the condition that the information to be verified fails the verification according to the stored verification information.
9. An electronic device, comprising: a processor and a memory, said memory storing a program or instructions executable on said processor, said program or instructions when executed by said processor implementing the steps of the method of prevention of an I/O port according to any of claims 1-7.
10. A readable storage medium, characterized in that it stores thereon a program or instructions which, when executed by a processor, implement the steps of the method for the prevention and control of an I/O port according to any one of claims 1 to 7.
CN202210780735.5A 2022-07-04 2022-07-04 I/O port prevention and control method and electronic equipment Pending CN115544589A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210780735.5A CN115544589A (en) 2022-07-04 2022-07-04 I/O port prevention and control method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210780735.5A CN115544589A (en) 2022-07-04 2022-07-04 I/O port prevention and control method and electronic equipment

Publications (1)

Publication Number Publication Date
CN115544589A true CN115544589A (en) 2022-12-30

Family

ID=84723787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210780735.5A Pending CN115544589A (en) 2022-07-04 2022-07-04 I/O port prevention and control method and electronic equipment

Country Status (1)

Country Link
CN (1) CN115544589A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499998A (en) * 2008-01-28 2009-08-05 精品科技股份有限公司 Apparatus and method for selectively removing function by single time password
CN101888442A (en) * 2010-04-16 2010-11-17 中兴通讯股份有限公司 Security management method for mobile terminal and mobile terminal
CN106412325A (en) * 2016-11-03 2017-02-15 罗志华 Mobile intelligent terminal theft prevention method based on on-off encryption verification
US20170093896A1 (en) * 2015-09-25 2017-03-30 Intel Corporation Techniques for radio frequency identification (rfid) input/output (i/o) port management
CN113609540A (en) * 2021-08-03 2021-11-05 深圳市闪联信息技术有限公司 Trusted management method and system for USB interface of electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499998A (en) * 2008-01-28 2009-08-05 精品科技股份有限公司 Apparatus and method for selectively removing function by single time password
CN101888442A (en) * 2010-04-16 2010-11-17 中兴通讯股份有限公司 Security management method for mobile terminal and mobile terminal
US20170093896A1 (en) * 2015-09-25 2017-03-30 Intel Corporation Techniques for radio frequency identification (rfid) input/output (i/o) port management
CN106412325A (en) * 2016-11-03 2017-02-15 罗志华 Mobile intelligent terminal theft prevention method based on on-off encryption verification
CN113609540A (en) * 2021-08-03 2021-11-05 深圳市闪联信息技术有限公司 Trusted management method and system for USB interface of electronic equipment

Similar Documents

Publication Publication Date Title
EP3545462A1 (en) Analysis of reflections of projected light in varying colors, brightness, patterns, and sequences for liveness detection in biometric systems
CN111935349B (en) Terminal-based information display method and device, terminal and storage medium
CN111866600B (en) Method, device and system for protecting privacy
CN111767583A (en) Block chain-based enterprise internal information security guarantee method and system
CN115758398B (en) Access control data processing method and device, access control system and storage medium
CN106446667B (en) Password data processing method, device and equipment
Kwon et al. CCTV-based multi-factor authentication system
CN111222172A (en) Electronic signature method and system for mobile terminal based on face real-name authentication protection
CN114048504A (en) File processing method and device, electronic equipment and storage medium
CN113158156A (en) Service processing method, system, device, electronic equipment and storage medium
Han et al. The privacy protection framework for biometric information in network based CCTV environment
KR101754014B1 (en) Information Leakage Prevention Apparatus Based Face Recognition And Method of Threof
CN111698253A (en) Computer network safety system
CN115544589A (en) I/O port prevention and control method and electronic equipment
CN110738499A (en) User identity authentication method and device, computer equipment and storage medium
CN115359539A (en) Office place information security detection method, device, equipment and storage medium
CN106162083B (en) A kind of HD video superposition processing system and its method for carrying out safety certification
CN111177770A (en) Protection method of sensitive information, mobile equipment and storage device
JP2010073112A (en) Face collating system
CN114021201A (en) Intelligent detection method and system for cipher machine key
CN105959329B (en) High-definition video superposition processing system
KR20170043855A (en) Method of user authentication using a variable keypad and facial recognition and, the system thereof
US20230262053A1 (en) Intelligent authentication mechanism for applications
CN115767025B (en) Method, device, electronic equipment and storage medium for preventing data leakage
CN113221087B (en) Method, device and equipment for protecting mobile phone information and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination