CN117579674B - A remote control system and method - Google Patents

Abstract

This specification discloses a remote control system and method. The remote desktop management platform generates the password of the target server. When the user device receives the password of the target server, the remote desktop management platform generates a password parsing request based on the password carried in the password parsing request. Generate an encrypted identity, the user device forwards the encrypted identity and the password of the target server to the target server through the intermediate server, generates a password verification request based on the received password, the remote desktop management platform responds to the password verification request, verifies the password, and when the password is valid Send a password valid message to the target server to establish a remote connection between the target server and the user device. It can be seen that the user does not need to know the identity of the target server or the identity of the remote software installed on the target server. A remote connection is established between the target server and the user device through a password, which improves the security of the target server in a multi-person remote control scenario.

Description

A remote control system and method

Technical field

This specification relates to the field of computer technology, and in particular, to a remote control system and method.

Background technique

With the development of network technology, engineers' work is no longer limited to personal computers, but is increasingly moving to the cloud. For example, some simulation computing projects rely on graphical simulation software. Due to their high performance requirements on server resources, these software are generally installed on cloud workstations or servers. Engineers connect to these workstations or servers through remote desktop and use the above simulation software for development.

At present, common remote connection methods usually require entering the Internet Protocol (IP) address and password of the target server, or the Identity Document (ID) and password of the remote software installed on the target server to achieve remote control.

However, whether the IP and password of the target server or the ID and password of the remote software are entered, in the scenario where multiple people remotely control the target server, there will be the problem of the attacker illegally stealing the IP/ID and password, causing the target to The server is being used illegally.

Contents of the invention

This specification provides a remote control system and method to partially solve the above problems existing in the prior art.

This manual adopts the following technical solutions:

This specification provides a remote control system, which includes: a remote desktop management platform, user equipment, a target server, and an intermediate server;

The user equipment is configured to generate a password acquisition request in response to user input, and send the password acquisition request to the remote desktop management platform; receive the password corresponding to the target server sent by the remote desktop management platform , and display the password corresponding to the target server in the user interface; when receiving the password corresponding to the target server input by the user through the remote software installed on the user equipment, a password parsing request is generated, and the password is Send the parsing request to the remote desktop management platform; receive the encrypted identification returned by the remote desktop management platform, and send the encrypted identification and the password corresponding to the target server to the intermediate server; when establishing a connection with the target server When connecting remotely, remotely control the target server through the intermediate server;

The remote desktop management platform is configured to receive a password acquisition request sent by the user device, call the authority management unit of the remote desktop management platform to generate a password corresponding to the target server; and send the password corresponding to the target server to The user equipment; receives a password parsing request sent by the user equipment, determines the identity of the remote software installed on the target server based on the password carried in the password parsing request, and encrypts the identity of the remote software installed on the target server. Obtain the encrypted identification; return the encrypted identification to the user equipment; receive the password verification request sent by the target server, parse the password of the target server from the password verification request, and call the authority management unit to verify the password. Describe whether the password of the target server is valid, generate a password valid message when the password is valid, and send the password valid message to the target server;

The intermediate server is configured to receive the encryption identification sent by the user equipment and the password corresponding to the target server, determine the target server according to the encryption identification, and forward the password corresponding to the target server to the target. server;

The target server is configured to receive the password corresponding to the target server sent by the intermediate server, generate a password verification request according to the password corresponding to the target server, and send the password verification request to the remote desktop management platform ; When receiving the password valid message returned by the remote desktop management platform, establish a remote connection with the user device through the intermediate server.

This manual provides a remote control method, which is applied to a remote desktop management platform. The method includes:

Receive a password acquisition request sent by the user device, and call the permission management unit of the remote desktop management platform to generate a password corresponding to the target server; wherein the password acquisition request is generated and sent by the user device in response to the user's input;

Send the password corresponding to the target server to the user equipment, so that the user equipment displays the password corresponding to the target server in the user interface, and after receiving the remote software installed by the user through the user equipment When the password corresponding to the target server is entered, a password parsing request is generated and sent;

Receive the password parsing request sent by the user equipment, determine the identity of the remote software installed on the target server based on the password carried in the password parsing request, and encrypt the identity of the remote software installed on the target server to obtain the encrypted identity;

Return the encrypted identification to the user equipment, so that the user equipment sends the encrypted identification and the password corresponding to the target server to the intermediate server, so that the intermediate server determines the target based on the encrypted identification. server, and forward the password corresponding to the target server to the target server, so that the target server generates and sends a password verification request based on the password corresponding to the target server;

Receive the password verification request sent by the target server, parse the password of the target server from the password verification request, call the authority management unit to verify whether the password of the target server is valid, and generate a password valid when the password is valid. message, and sends the password valid message to the target server, so that the target server and the user equipment establish a remote connection through the intermediate server, so that the user equipment remotely controls the target server.

This specification provides a remote control method, which is applied to user equipment. The method includes:

In response to the user's input, generate a password acquisition request, and send the password acquisition request to the remote desktop management platform, so that the remote desktop management platform calls the authority management unit to generate a password corresponding to the target server and returns;

Receive the password corresponding to the target server sent by the remote desktop management platform, and display the password corresponding to the target server in the user interface;

When it is received that the user inputs the password corresponding to the target server through the remote software installed on the user device, a password parsing request is generated and the password parsing request is sent to the remote desktop management platform so that the The remote desktop management platform determines the identity of the remote software installed on the target server based on the password carried in the password parsing request, encrypts the identity of the remote software installed on the target server to obtain the encrypted identity, and returns the encrypted identity;

Receive the encrypted identification returned by the remote desktop management platform, and send the encrypted identification and the password corresponding to the target server to the intermediate server, so that the intermediate server determines the target server according to the encrypted identification, and sends the encrypted identification to the intermediate server. The password corresponding to the target server is forwarded to the target server, so that the target server generates a password verification request according to the password corresponding to the target server, and sends the password verification request to the remote desktop management platform. When the remote desktop management platform receives the password verification request, it parses the password of the target server from the password verification request, calls the authority management unit to verify whether the password of the target server is valid, and generates a password valid when the password is valid. message, and sends the password valid message to the target server. When receiving the password valid message returned by the remote desktop management platform, the target server establishes a remote connection with the user device through the intermediate server;

When a remote connection is established with the target server, the target server is remotely controlled through the intermediate server.

This specification provides a remote control device, which is used in a remote desktop management platform. The device includes:

A password generation module, configured to receive a password acquisition request sent by the user device, and call the authority management unit of the remote desktop management platform to generate a password corresponding to the target server; wherein the password acquisition request is made by the user device in response to User input is generated and sent;

Password sending module, configured to send the password corresponding to the target server to the user equipment, so that the user equipment displays the password corresponding to the target server in the user interface, and after receiving the password passed by the user through the When the remote software installed on the user device inputs the password corresponding to the target server, a password parsing request is generated and sent;

An encryption identification determination module, configured to receive a password parsing request sent by the user equipment, determine the identification of the remote software installed on the target server based on the password carried in the password parsing request, and encrypt the remote software installed on the target server. The identification is encrypted;

An encrypted identification sending module, configured to return the encrypted identification to the user equipment, so that the user equipment sends the encrypted identification and the password corresponding to the target server to the intermediate server, so that the intermediate server Determine a target server according to the encryption identifier, and forward the password corresponding to the target server to the target server, so that the target server generates a password verification request based on the password corresponding to the target server and sends it;

A password verification module, configured to receive a password verification request sent by the target server, parse the password verification request to obtain the password of the target server, call the authority management unit to verify whether the password of the target server is valid, and When the password is valid, a password valid message is generated, and the password valid message is sent to the target server, so that the target server establishes a remote connection with the user equipment through the intermediate server, so that the user equipment passes through the The intermediate server remotely controls the target server.

This specification provides a remote control device, which is applied to user equipment. The device includes:

A password acquisition request sending module is configured to generate a password acquisition request in response to the user's input, and send the password acquisition request to the remote desktop management platform, so that the remote desktop management platform calls the authority management unit to generate the password acquisition request corresponding to the target server. Password and return;

A password receiving module, configured to receive the password corresponding to the target server sent by the remote desktop management platform, and display the password corresponding to the target server in the user interface;

A password parsing request generation module, configured to generate a password parsing request when the user inputs a password corresponding to the target server through the remote software installed on the user equipment, and send the password parsing request to the remote a desktop management platform, so that the remote desktop management platform determines the identity of the remote software installed on the target server based on the password carried in the password parsing request, and encrypts the identity of the remote software installed on the target server to obtain the encrypted identity, and return the encrypted identification;

An encryption identification receiving module, configured to receive an encryption identification returned by the remote desktop management platform, and send the encryption identification and the password corresponding to the target server to the intermediate server, so that the intermediate server determines the encryption identification based on the encryption identification. The target server, and forwards the password corresponding to the target server to the target server, so that the target server generates a password verification request based on the password corresponding to the target server, and sends the password verification request to the target server. The remote desktop management platform, when the remote desktop management platform receives the password verification request, parses the password of the target server from the password verification request, calls the authority management unit to verify whether the password of the target server is valid, and When the password is valid, a password valid message is generated, and the password valid message is sent to the target server. When the target server receives the password valid message returned by the remote desktop management platform, it communicates with the intermediate server through the intermediate server. The user device establishes a remote connection;

A remote control module, configured to remotely control the target server through the intermediate server when establishing a remote connection with the target server.

This specification provides a computer-readable storage medium. The storage medium stores a computer program. When the computer program is executed by a processor, the above remote control method is implemented.

This specification provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the program, the above remote control method is implemented.

At least one of the above technical solutions adopted in this manual can achieve the following beneficial effects:

In the remote control system provided in this manual, the remote desktop management platform generates a password corresponding to the target server in response to a password acquisition request. When the user device receives the password corresponding to the target server input by the user, a password parsing request is generated and sent to the remote desktop management Platform, the remote desktop management platform generates an encrypted identification based on the password carried in the password parsing request. The user device forwards the encrypted identification and the password of the target server to the target server through the intermediate server. The target server generates a password verification request based on the received password. Remote The desktop management platform responds to the password verification request, verifies the password of the target server, and sends a password valid message to the target server when the password is valid, so that a remote connection is established between the target server and the user device, so that the user device can remotely control the target server. . It can be seen that through the above solution, the user does not need to know the identity of the target server or the identity of the remote software installed on the target server, and establishes a remote connection between the target server and the user device through a password, which improves the accuracy of the target server in the scenario where multiple people remotely control the target server. Server security.

Description of the drawings

The drawings described here are used to provide a further understanding of this specification and constitute a part of this specification. The illustrative embodiments and descriptions of this specification are used to explain this specification and do not constitute an improper limitation of this specification. In the attached picture:

Figure 1 is a schematic diagram of a remote control system in this manual;

Figure 2 is a schematic diagram of the interaction flow of a remote control method in this manual;

Figure 3 is a schematic diagram of the interaction flow of a remote control method in this manual;

Figure 4 is a schematic diagram of the interaction flow of a remote control method in this specification;

Figure 5 is a schematic flow chart of a remote control method in this specification;

Figure 6 is a schematic diagram of the interaction flow of a remote control method in this specification;

Figure 7 is a schematic diagram of a remote control device provided in this specification;

Figure 8 is a schematic diagram of a remote control device provided in this specification;

FIG. 9 is a schematic diagram of the electronic device corresponding to FIG. 2 provided in this specification.

Detailed ways

In order to make the purpose, technical solutions and advantages of this specification more clear, the technical solutions of this specification will be clearly and completely described below in conjunction with specific embodiments of this specification and the corresponding drawings. Obviously, the described embodiments are only some of the embodiments of this specification, but not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of this specification.

In addition, it should be noted that all actions to obtain signals, information or data in this manual are performed under the premise of complying with the corresponding data protection laws and policies of the location and with authorization from the owner of the corresponding device.

It should be noted that, as long as there is no conflict, the features in the following embodiments and implementation modes can be combined with each other.

With the development of network technology, engineers' work is no longer limited to personal computers, but is increasingly moving to the cloud. For example, some simulation computing projects rely on graphical simulation software. Due to their high performance requirements on server resources, these software are generally installed on cloud workstations or servers. Engineers connect to these workstations or servers through remote desktop and use the above simulation software for development.

There are currently two common remote desktop connection methods:

One is to use the remote desktop connection function that comes with the operating system. In this connection method, you need to enter the IP and account password of the target server. Once a user applies for permission to use the target server, the user also knows the IP and account password of the target server. Even after the user's permission expires, he can remotely connect to the target server privately and even make tampering. Account passwords and other dangerous behaviors. Obviously, this connection method is very unsafe in a multi-person scenario.

The second is through third-party remote desktop connection software. Normally, remote software needs to be installed on both the control end electronic device (user device) and the controlled end electronic device (target server). Afterwards, when the user remotely connects to the target server through the user device, he or she needs to use the remote software installed on the user device, enter the ID of the remote software installed on the target server and the password corresponding to the ID, and remotely control the target server after passing the verification. In multi-person use scenarios, this method still has security risks. Because essentially, this method replaces the IP and account password of the target server with the ID and password of the remote software. After the user applies for the remote control permission of the target server, the user also knows the ID and password of the remote software installed on the target server, and can still privately connect to the target server through the remote software after the permission expires. Although remote software can reduce risks through one-time passwords, core information used for remote connections such as remote software IDs cannot be changed and will be exposed. Considering that the one-time password is short in length (generally within 6 characters) and has no special characters, there is still a high risk of being cracked or leaked. Therefore, although this method has been improved, it still has security risks.

It can be seen that the current remote desktop connection software is based on IP (or remote software ID) and password. These core information must be disclosed to the user before the user can connect to the target server.

Based on this, this specification provides a remote control system, as shown in Figure 1. The remote control system includes a remote desktop management platform, user equipment, a target server and an intermediate server. The remote desktop management platform is a remote control system provided by this specification. A service platform that provides remote connection services to user devices through wireless communication technology. The remote desktop management platform is designed to connect user devices and target servers, and provide corresponding tools or functions to better provide remote interconnection servers. Its core functional units include The permission management unit, configuration management unit and resource management unit are based on the core functional units of the aforementioned remote desktop management platform, which can cover processes and functions such as target server resource management, user application and approval, secure connection and control, and resource recycling after use. User equipment refers to electronic equipment operated by users and used to remotely control the target server. This manual does not limit the specific type of user equipment, which can be personal computers, tablets, smartphones and other electronic equipment. The target server can be a cloud server with rich computing resources and high performance, and the graphical simulation software that the simulation computing project depends on is optionally deployed in the target server. The intermediate server is a proxy/relay server. Remote connection and remote control are carried out between the user device and the target server through the intermediate server. The remote software deployed on the user device and the remote software deployed on the target server exchange information through the intermediate server, which can reduce the need for remote control. Security issues such as network lag and data leakage when connecting to the Internet. The proxy/relay server address can be a public server on the public cloud, or a private server built by yourself. Public cloud servers are used for remote connections in the public network environment, and private servers are used for remote connections in the intranet environment.

Based on the remote control system shown in Figure 1, this manual provides a remote control method, which is executed by the remote desktop management platform, user equipment, target server and intermediate server in the remote monitoring system.

The technical solutions provided by each embodiment of this specification will be described in detail below with reference to the accompanying drawings.

Figure 2 is a schematic diagram of the interaction flow of a remote control method provided in this specification.

S100: In response to the user's input, the user device generates a password acquisition request and sends the password acquisition request to the remote desktop management platform.

In this manual, the user can generate a password acquisition request through the remote software installed on the user device before each request to remotely control the same target server. That is, the password used by the user to remotely control the target server is different each time; Alternatively, the password acquisition request can be generated only once within a certain period of time through the remote software installed on the user's device. That is, within this period of time, the user uses the same password to remotely control the target server.

Generally, when the user device generates a password acquisition request in response to the user's input, the user interface displayed on the user device can display information about each target server for which the user has obtained control permission, such as the name of the target server. Users can select the target server that currently needs to be remotely controlled among the target servers that have obtained control permissions, and generate a password acquisition request. Therefore, the password acquisition request can carry information about the target server that currently needs to be remotely controlled. However, the information about the target server generally does not refer to the IP address of the target server. It can be the name of the target server and other information that will not leak the data of the target server itself. .

It can be seen that before S100, the user needs to apply for the remote control permission of the target server through the user device. For details, please refer to Figure 6, which will not be described in detail here.

S102: The remote desktop management platform receives the password acquisition request sent by the user device, and calls the authority management unit to generate a password corresponding to the target server.

In this specification, the remote desktop management platform responds to the password acquisition request sent by the user device, parses the password acquisition request to obtain the information of the target server that the user wants to remotely control, and determines the information of the target server that the user wants to remotely control based on the parsed information of the target server. Which target server is being remotely controlled, and the authority management unit is called to generate the password corresponding to the target server.

In this specification, the password of the target server may not be generated based on the identification of the target server (the IP address of the target server) or the identification of the remote software installed on the target server (the ID of the remote software), but a randomly generated string. , in this way, even if the user has the password of the target server, he will not know the identity of the target server or the identity of the remote software installed on the target server through the password of the target server. Therefore, once the password of the target server expires and cannot be used, the user will You can only apply for a new target server password from the remote desktop management platform again, but you cannot steal the remote control permissions of the target server through the target server's identity or the identity of the remote software installed on the target server.

As mentioned before, the password of the target server can be a randomly generated string, but in order to enable users to remotely control the target server through the password of the target server, the remote desktop management platform can combine the randomly generated string with the target server's identification or installation Bind with the identity of the remote software on the target server.

In this specification, the password corresponding to the target server generated by the authority management unit does not include the identification of the target server, or the identification of the remote software installed on the target server, or other information that can characterize the target server. However, in order to ensure the remote connection between the target server and the user device, The security of the interconnection can establish a correspondence between the password corresponding to the target table server and the information of the target server, so that the validity of the password of the target server can be verified based on the password of the target server when the user device with control permissions and the target server are connected remotely. Therefore, the target The server password generation scheme can be as follows:

First, user information is obtained from the password acquisition request, and the identifier of the target server and the identifier of the remote software installed by the target server are obtained from the cache of the remote desktop management platform.

Afterwards, the user information, the identification of the target server and the identification of the remote software installed on the target server are used as target fields, and a string corresponding to the target field is generated as the password of the target server.

The string corresponding to the target field can be randomly generated, and the generation method can be any existing method. This specification does not limit this.

Then, using the string corresponding to the target field as a key and the target field as a value, the target field and the string corresponding to the target field are stored in the remote desktop management platform in the form of a key-value pair. in the cache.

Therefore, in the cache of the remote desktop management platform, the target field can be found through the string corresponding to the target field. When the remote desktop management platform verifies whether the password of the target server is valid, the received password is the key and the corresponding value is searched from the cache. If it can be found, it means that the password is valid. If it cannot be found, it means that the password is valid. invalid.

In addition, the expiration condition corresponding to the password of the target server is determined, and when the expiration condition is met, the target field and the string corresponding to the target field are deleted from the cache. Among them, the expiration condition corresponding to the password of the target server can be that the duration of storage in the cache is greater than the preset duration threshold, or the number of queries in the target field is greater than the preset threshold. Of course, it can also be other expiration conditions. This manual does not cover this. Make limitations.

For example, the expiration condition for the password of the target server is that it is stored in the cache for more than 24 hours. Once the password of the target server is stored in the cache for more than 24 hours, the password of the target server will be deleted from the cache. , even if the remote desktop management platform receives the password of the target server, it cannot find the password of the target server in the cache, or the identification of the target server corresponding to the password of the target server, so that the password of the target server is invalid. , the user also does not have permission to remotely control the target server.

S104: Send the password corresponding to the target server to the user equipment.

S106: The user device receives the password corresponding to the target server sent by the remote desktop management platform, and displays the password corresponding to the target server in the user interface.

The user device displays the received password of the target server on the user interface, and the user can master the password of the target server, and thereby verify that he has obtained the remote control authority of the target server by inputting the password of the target server when remotely controlling the target server.

S108: When receiving the password corresponding to the target server input by the user through the remote software installed on the user device, generate a password resolution request.

In practical applications, since the password of the target server can be a randomly generated string that does not contain the identification of the target server or the identification of the remote software installed on the target server, the password of the target server also needs to be set through the remote desktop management platform. Only through analysis can we determine whether it is legal and valid. Therefore, when the user device receives the password for the target server input through the remote software, a password parsing request is generated based on the password of the target server input by the user, and is sent to the remote desktop management platform for parsing.

S110: Send the password parsing request to the remote desktop management platform.

S112: The remote desktop management platform receives the password parsing request sent by the user device, determines the identity of the remote software installed on the target server based on the password carried in the password parsing request, and encrypts the remote software installed on the target server. The identity gets an encrypted identity.

Specifically, the cache of the remote desktop management platform may store the password of the target server that has been authorized for remote control by the user, the identification of the target server, the identification of the remote software installed on the target server, and their corresponding relationships. Therefore, based on the password carried in the password parsing request, the identifier of the remote software installed on the target server corresponding to the carried password is searched from the cache of the remote desktop management platform, and the found target server is installed using a preset encryption algorithm. The identification of the remote software is encrypted to obtain the encrypted identification.

S114: Return the encrypted identification to the user equipment.

S116: The user equipment receives the encrypted identification returned by the remote desktop management platform, and sends the encrypted identification and the password corresponding to the target server to the intermediate server.

S118: The intermediate server receives the encryption identifier sent by the user equipment and the password corresponding to the target server, determines the target server according to the encryption identifier, and forwards the password corresponding to the target server to the target server.

The user device sends the encryption identifier and the password corresponding to the target server to the intermediate server. In fact, the intermediate server determines to which target server the password corresponding to the target server sent by the user device needs to be sent based on the encryption identifier. The intermediate server and the remote desktop management platform can pre-agree on the encryption algorithm and decryption algorithm to be used. Therefore, the intermediate server can use the corresponding decryption algorithm to decrypt the encrypted identification, so as to obtain the identification of the remote software installed on the target server based on the decryption. , determine to which target server the password of the target server sent by the user device is forwarded.

Since the target server can register information with the intermediate server in advance, the intermediate server can store the identity of the target server and the identity of the remote software installed on the target server.

S120: The target server receives the password corresponding to the target server sent by the intermediate server, and generates a password verification request according to the password corresponding to the target server.

When the target server receives the password forwarded by the intermediate server, it can generate a password verification request based on the received password and send it to the remote desktop management platform, requesting the remote desktop management platform to verify the validity of the password received by the target server to avoid incompetence. A user device with remote control permissions violates the control of the target server.

S122: Send the password verification request to the remote desktop management platform.

S124: The remote desktop management platform receives the password verification request sent by the target server, parses the password verification request to obtain the password of the target server, and calls the authority management unit to verify whether the password of the target server is valid.

The permission management unit in the remote desktop management platform can assign, manage and revoke the remote control permissions of the target server. Therefore, the remote desktop management platform can call the authority management unit to verify whether the password is valid based on the password to be verified. The verification method may be to, based on the password to be verified, search from the cache of the remote desktop management platform whether the password to be verified exists. If it does not exist, the password to be verified can be directly verified as invalid. If it exists, then the password to be verified is invalid. It is necessary to determine whether the target field stored in the cache that corresponds to the password to be verified matches the target server that sent the password to be verified. If it does not match, the password to be verified will still be verified as invalid. Only Only when there is a match can it be determined that the password to be verified (the target server's password is parsed from the password verification request) is valid.

S126: Generate a password valid message when the password is valid, and send the password valid message to the target server.

S128: When receiving the password valid message returned by the remote desktop management platform, the target server establishes a remote connection with the user device.

S130: When the user equipment establishes a remote connection with the target server, remotely control the target server through the intermediate server.

In the remote control method provided in this description, the remote desktop management platform generates a password corresponding to the target server in response to the password acquisition request. When the user device receives the password corresponding to the target server input by the user, a password parsing request is generated and sent to the remote desktop management Platform, the remote desktop management platform generates an encrypted identification based on the password carried in the password parsing request. The user device forwards the encrypted identification and the password of the target server to the target server through the intermediate server. The target server generates a password verification request based on the received password. Remote The desktop management platform responds to the password verification request, verifies the password of the target server, and sends a password valid message to the target server when the password is valid, so that a remote connection is established between the target server and the user device, so that the user device can remotely control the target server. .

It can be seen that through the above solution, the user does not need to know the identity of the target server or the identity of the remote software installed on the target server, and establishes a remote connection between the target server and the user device through a password, which improves the accuracy of the target server in the scenario where multiple people remotely control the target server. Server security.

In one or more embodiments of this specification, the user equipment and the target server can obtain the configuration information of the intermediate server from the remote desktop management platform in advance, thereby determining which intermediate server is used for remote interconnection.

Figure 3 shows a schematic diagram of the interaction process in which the user device obtains the configuration information of the intermediate server from the remote desktop management platform and registers the information with the intermediate server.

S200: When the remote software installed on the user equipment is started, generate a first configuration acquisition request, and send the first configuration acquisition request to the remote desktop management platform.

The current remote software requires users to fill in the intermediate server information in the software settings. However, in this manual, the remote software automatically pulls the configuration information of the intermediate server from the remote desktop management platform when it is started, and the remote desktop management platform assigns the user's configuration information. Which intermediary server is used by the user device to remotely interconnect with the target server? This prevents the information of the intermediary server from being exposed. It also improves the security of the remote connection and prevents the intermediary server from being attacked.

To this end, when the remote software installed on the user device is started, a first configuration acquisition request may be automatically generated. The first configuration acquisition request is used to acquire the configuration information of the intermediate server used by the user device from the remote desktop management platform.

S202: The remote desktop management platform determines the target configuration information of the intermediate server from the configuration management unit in response to the first configuration acquisition request sent by the user equipment.

The configuration management unit of the remote desktop management platform is used to manage the configuration information of user equipment, intermediate servers and target servers in the remote control system in this manual. The configuration management unit can allocate an available intermediate server to the user equipment, and return the target configuration information of the intermediate server to the user equipment, so that the user equipment can determine which intermediate server can be used when subsequently remotely interconnecting the target server.

S204: Return the target configuration information of the intermediate server to the user equipment.

S206: Receive the target configuration information of the intermediate server sent by the remote desktop management platform; determine the intermediate server used for remote control based on the target configuration information, and use the identifier of the user equipment, the remote server installed on the user equipment The identification of the software is used as the first registration information.

S208: Send the first registration information to the intermediate server.

S210: Receive the first registration information sent by the user equipment, and store the first registration information in local storage.

Figure 4 shows a schematic diagram of the interaction process in which the target server obtains the configuration information of the intermediate server from the remote desktop management platform and registers the information with the intermediate server.

S300: The target server generates a second configuration acquisition request in advance, and sends the second configuration acquisition request to the remote desktop management platform.

Similar to the user equipment registering with the intermediate server as shown in Figure 3, the target server also needs to register with the intermediate server before remote interconnection with the user equipment. Therefore, the target server can generate a second configuration acquisition request in advance, and the second configuration acquisition request is used by the target server to obtain the configuration information of the intermediate server used by the target server from the remote desktop management platform.

S302: The remote desktop management platform determines the target configuration information of the intermediate server from the configuration management unit in response to the second configuration acquisition request sent by the target server.

S304: Return the target configuration information of the intermediate server to the target server.

S302 and S304 are similar to the aforementioned S202 and S2204, and will not be described again here.

S306: Receive the target configuration information of the intermediate server, determine the intermediate server used when the target server is remotely controlled based on the target configuration information, and obtain the identification of the target server and the remote software installed by the target server. The identification is used as the second registration information.

S308: Send the second registration information to the intermediate server.

S310: Receive the second registration information sent by the target server, and store the second registration information in local storage.

This description does not limit the order of the interaction process shown in Figure 3 and the interaction process shown in Figure 4, but generally, before executing the interaction process shown in Figure 1, the interaction processes shown in Figure 3 and Figure 4 can be executed.

In one or more embodiments of this specification, the above S124 can be implemented as follows, as shown in Figure 5:

S400: Using the password of the target server as a key, read whether there is a value corresponding to the password of the target server in the cache. If yes, execute step S402; otherwise, execute step S408.

S402: Parse the value corresponding to the password of the target server read from the cache to obtain the target field, and parse the password verification request to obtain the field to be verified.

Among them, the password verification request is generated by the target server based on the password forwarded by the intermediate server. In order to indicate to the remote desktop management platform which target server the password verification request is sent by, the password verification request can carry the identity of the target server and the target The identifier of the remote software installed on the server. Therefore, in this step, the field to be verified when parsing the password verification request may be composed of the identity of the target server that sent the password verification request and the identity of the remote software installed by the target server.

S404: Determine whether the target field matches the field to be verified. If yes, execute step S406; otherwise, execute step S408.

The specific step this time is to determine whether the target field matches the field to be verified. If they match, it means that the password of the target server sent by the target server that needs to be verified is valid. If they do not match, it means that the password of the target server sent by the target server that needs to be verified may be wrong, and the password may be leaked, so the verification of the password is invalid.

The match between the target field and the field to be verified can be that the target field and the field to be verified are the same, that is, the identity of the target server found from the cache and the identity of the remote software installed on the target server, and the identity of the target server that sent the password and The remote software installed on the target server all have the same ID. If the target field does not match the field to be verified, it may be that at least one of the identifier of the target server or the identifier of the remote software installed on the target server is different.

S406: Determine that the password of the target server is valid.

S408: Determine that the password of the target server is invalid.

In one or more embodiments of this specification, the remote desktop management platform can also allocate remote control permissions of the target server to the user device, and manage and withdraw the issued remote control permissions. The specific plan is as follows, as shown in Figure 6:

S500: The user device displays a user interface in advance, and the user interface displays the permission application control corresponding to the target server; in response to the operation input by the user through the permission application control corresponding to the target server, generate the control corresponding to the target server Permission acquisition request.

In practical applications, the user interface can display several target servers that the user device can remotely connect to. The user can select at least one target server and apply to the remote desktop management platform for remote control permissions for the selected target server.

S502: Send the control permission acquisition request to the remote desktop management platform.

S504: The remote desktop management platform receives the control permission acquisition request, calls the permission management unit to audit the user, and generates a resource allocation message after passing the audit, and the permission management unit sends the resource allocation message. to the resource management unit.

Specifically, the authority management unit may conduct manual review based on the administrator's review of the user, or may conduct automatic review based on the user's history of using the user device to remotely control the target server. This specification does not limit this.

S506: When the resource management unit receives the resource allocation message, allocate the control authority of the target server to the user equipment, and store the identification of the user equipment and the control authority of the target server in the user equipment. in the resource allocation table of the remote desktop management platform.

When the identification of the user device and the control authority of the target server are stored in the resource allocation table, it means that the user device can remotely interconnect with the target server having control authority based on the password.

In addition, the resource management unit can also add and delete information in the resource allocation table, so as to allocate remote control permissions of one or more target servers to the user device and withdraw the issued remote control permissions.

The above is the remote control method provided by one or more embodiments of this specification. Based on the same idea, this specification also provides a corresponding remote control device, as shown in Figures 7 and 8.

Figure 7 is a schematic diagram of a remote device provided in this manual. The device is applied to a remote desktop management platform and specifically includes:

The password generation module 600 is configured to receive a password acquisition request sent by the user device, and call the permission management unit of the remote desktop management platform to generate a password corresponding to the target server; wherein the password acquisition request is responded to by the user device Generated and sent based on user input;

Password sending module 602 is used to send the password corresponding to the target server to the user equipment, so that the user equipment displays the password corresponding to the target server in the user interface, and after receiving the password passed by the user, When the remote software installed on the user equipment inputs the password corresponding to the target server, a password parsing request is generated and sent;

The encryption identification determination module 604 is configured to receive a password parsing request sent by the user equipment, determine the identification of the remote software installed on the target server according to the password carried in the password parsing request, and encrypt the remote software installed on the target server. The identity of the software is encrypted;

The encrypted identification sending module 606 is configured to return the encrypted identification to the user equipment, so that the user equipment sends the encrypted identification and the password corresponding to the target server to the intermediate server, so that the intermediate server The server determines the target server based on the encryption identification, and forwards the password corresponding to the target server to the target server, so that the target server generates a password verification request based on the password corresponding to the target server and sends it;

Password verification module 608 is configured to receive a password verification request sent by the target server, parse the password verification request to obtain the password of the target server, call the authority management unit to verify whether the password of the target server is valid, and When the password is valid, a password valid message is generated, and the password valid message is sent to the target server, so that the target server establishes a remote connection with the user equipment through the intermediate server, so that the user equipment passes through the The intermediate server remotely controls the target server.

Optionally, the device also includes:

The target configuration information sending module 610 is specifically configured to respond to the first configuration acquisition request sent by the user device, determine the target configuration information of the intermediate server from the configuration management unit of the remote desktop management platform, and send the target configuration information of the intermediate server to The configuration information is returned to the user equipment, so that the user equipment determines the intermediate server used for remote control based on the target configuration information, and provides the identification of the user equipment and the identification of the remote software installed by the user equipment. As the first registration information, the first registration information is sent to the intermediate server, so that the intermediate server stores the first registration information in local storage; wherein the first configuration acquisition request is made by the The user equipment generates and sends it when the remote software installed by the user equipment starts.

Optionally, the target configuration information sending module 610 is specifically configured to, in response to the second configuration acquisition request sent by the target server, determine the target configuration information of the intermediate server from the configuration management unit of the remote desktop management platform, and return the target configuration information of the intermediate server to the target server, so that the target server determines the intermediate server used when the target server is remotely controlled based on the target configuration information, and returns the target server to the target server. The identifier and the identifier of the remote software installed by the target server are used as the second registration information, and the second registration information is sent to the intermediate server, so that the intermediate server stores the second registration information in local storage. ; Wherein, the second configuration information is pre-generated and sent by the target server.

Optionally, the password generation module 600 is specifically configured to obtain the user information from the password acquisition request, and obtain the identity of the target server and the target server from the cache of the remote desktop management platform. The identifier of the installed remote software; use the user information, the identifier of the target server and the identifier of the remote software installed by the target server as the target field, and generate a string corresponding to the target field as the target server's identifier. Password; use the string corresponding to the target field as the key, use the target field as the value, and store the target field and the string corresponding to the target field in the remote desktop management platform in the form of a key-value pair in the cache;

Optionally, the device also includes:

The deletion module 612 is specifically used to determine the invalidation condition corresponding to the password of the target server, and store the invalidation condition corresponding to the password of the target server in the cache; when the invalidation condition is met, the target server The string corresponding to the field and the target field is deleted from the cache.

Optionally, the password verification request is generated by the target server based on the password corresponding to the target server and the information of the target server. The information of the target server includes the identification of the target server and the installation of the target server. at least one of the identifiers of the remote software;

Optionally, the password verification module 608 is specifically configured to use the password of the target server as a key to read whether there is a value corresponding to the password of the target server in the cache, and if not, determine whether the target server The password is invalid; if so, parse the value corresponding to the password of the target server read from the cache to obtain the target field, parse the password verification request, obtain the field to be verified, and determine the difference between the target field and the field to be verified. Whether the fields match, if so, it is determined that the password of the target server is valid, if not, it is determined that the password of the target server is invalid.

Optionally, the device also includes:

The permission allocation module 614 is specifically used to receive the control permission acquisition request, call the permission management unit to audit the user, and generate a resource allocation message after the audit is passed, and the permission management unit sends the resource allocation message. To the resource management unit, when the resource management unit receives the resource allocation message, allocate the control authority of the target server to the user equipment, and combine the identification of the user equipment with the control authority of the target server Stored in the resource allocation table of the remote desktop management platform; wherein the control permission acquisition request is a user interface that includes the permission application control corresponding to the target server displayed in advance by the user device, in response to the user passing the target server The corresponding permission application control input operation is generated and sent.

Figure 8 is a schematic diagram of a remote device provided in this manual, which specifically includes:

The password acquisition request sending module 700 is used to generate a password acquisition request in response to the user's input, and send the password acquisition request to the remote desktop management platform, so that the remote desktop management platform calls the authority management unit to generate the target server corresponding password and return;

The password receiving module 702 is used to receive the password corresponding to the target server sent by the remote desktop management platform, and display the password corresponding to the target server in the user interface;

Password parsing request generation module 704, configured to generate a password parsing request when receiving that the user inputs a password corresponding to the target server through the remote software installed on the user device, and send the password parsing request to the A remote desktop management platform, so that the remote desktop management platform determines the identity of the remote software installed on the target server based on the password carried in the password parsing request, and encrypts the identity of the remote software installed on the target server to obtain the encrypted identity. , and return the encrypted identification;

The encrypted identification receiving module 706 is used to receive the encrypted identification returned by the remote desktop management platform, and send the encrypted identification and the password corresponding to the target server to the intermediate server, so that the intermediate server can use the encrypted identification according to the encrypted identification. Determine the target server, and forward the password corresponding to the target server to the target server, so that the target server generates a password verification request based on the password corresponding to the target server, and sends the password verification request to the target server. The remote desktop management platform, when the remote desktop management platform receives a password verification request, parses the password of the target server from the password verification request, calls the authority management unit to verify whether the password of the target server is valid, And when the password is valid, a password valid message is generated, and the password valid message is sent to the target server. When the target server receives the password valid message returned by the remote desktop management platform, it communicates with the intermediate server through the intermediate server. The user equipment establishes a remote connection;

The remote control module 708 is configured to remotely control the target server through the intermediate server when establishing a remote connection with the target server.

Optionally, the device also includes:

The registration module 710 is specifically configured to generate a first configuration acquisition request when the remote software installed on the user device is started, and send the first configuration acquisition request to the remote desktop management platform, so that the remote desktop management platform In response to the first configuration acquisition request sent by the user equipment, determine the target configuration information of the intermediate server from the configuration management unit of the remote desktop management platform, and return the target configuration information of the intermediate server to the user equipment ; Receive the target configuration information of the intermediate server sent by the remote desktop management platform; determine the intermediate server used for remote control according to the target configuration information, and obtain the identification of the user equipment and the remote software installed on the user equipment. The identification is used as the first registration information, and the first registration information is sent to the intermediate server, so that the intermediate server receives the first registration information sent by the user equipment and stores the first registration information locally. In storage.

Optionally, the device also includes:

The permission application module 712 is specifically used to display the user interface in advance, and display the permission application control corresponding to the target server on the user interface; in response to the operation input by the user through the permission application control corresponding to the target server, generate the target The control permission acquisition request corresponding to the server is sent to the remote desktop management platform, so that the remote desktop management platform receives the control permission acquisition request and calls the permission management unit to The user conducts an audit, and after passing the audit, a resource allocation message is generated. The authority management unit sends the resource allocation message to the resource management unit. When the resource management unit receives the resource allocation message, it sends the resource allocation message to the resource management unit. The user equipment allocates the control authority of the target server, and stores the identification of the user equipment and the control authority of the target server in the resource allocation table of the remote desktop management platform.

This specification also provides a computer-readable storage medium that stores a computer program. The computer program can be used to execute the remote control method shown in Figure 2 above.

This specification also provides a schematic structural diagram of the electronic device shown in Figure 9. As shown in Figure 9, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory and a non-volatile memory, and of course may also include other hardware required by the business. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it to implement the remote control method shown in Figure 2 above. Of course, in addition to software implementation, this specification does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc. That is to say, the execution subject of the following processing flow is not limited to each logical unit, and may also be hardware or logic device.

In the 1990s, improvements in a technology could be clearly distinguished as hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method processes). However, with the development of technology, many improvements in today's method processes can be regarded as direct improvements in hardware circuit structures. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that an improvement of a method flow cannot be implemented using hardware entity modules. For example, a Programmable Logic Device (PLD) (such as a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic functions are determined by the user programming the device. Designers can program themselves to "integrate" a digital system on a PLD, instead of asking chip manufacturers to design and produce dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented using "logic compiler" software, which is similar to the software compiler used in program development and writing. Before compiling, The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL). There is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc. The most commonly used ones currently are VHDL (Very-High-SpeedIntegrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also know that by simply logically programming the method flow using the above-mentioned hardware description languages and programming it into the integrated circuit, the hardware circuit that implements the logical method flow can be easily obtained.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (eg, software or firmware) executable by the (micro)processor. , logic gates, switches, Application Specific Integrated Circuit (ASIC), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, the memory controller can also be implemented as part of the memory control logic. Those skilled in the art also know that in addition to implementing the controller in the form of pure computer-readable program code, the controller can be completely programmed with logic gates, switches, application-specific integrated circuits, programmable logic controllers and embedded logic by logically programming the method steps. Microcontroller, etc. to achieve the same function. Therefore, this controller can be considered as a hardware component, and the devices included therein for implementing various functions can also be considered as structures within the hardware component. Or even, the means for implementing various functions can be considered as structures within hardware components as well as software modules implementing the methods.

The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or A combination of any of these devices.

For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing this specification, the functions of each unit can be implemented in the same or multiple software and/or hardware.

Those skilled in the art will understand that embodiments of the present specification may be provided as methods, systems, or computer program products. Thus, the present description may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

This specification is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the specification. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in a process or processes in a flowchart and/or a block or blocks in a block diagram.

These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes in the flowchart and/or in a block or blocks in the block diagram.

These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

Memory may include non-permanent storage in computer-readable media, random access memory (RAM), and/or non-volatile memory in the form of read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.

Computer-readable media includes both persistent and non-volatile, removable and non-removable media that can be implemented by any method or technology for storage of information. Information may be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), and read-only memory. (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical storage, Magnetic tape cassettes, tape magnetic disk storage or other magnetic storage devices or any other non-transmission medium can be used to store information that can be accessed by a computing device. As defined in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.

It should also be noted that the terms "comprises," "comprises," or any other variation thereof are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements not only includes those elements, but also includes Other elements are not expressly listed or are inherent to the process, method, article or equipment. Without further limitation, an element defined by the statement "comprises a..." does not exclude the presence of additional identical elements in a process, method, article, or device that includes the stated element.

Those skilled in the art will appreciate that embodiments of the present specification may be provided as methods, systems, or computer program products. Thus, the present description may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment that combines software and hardware aspects. Furthermore, the present description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

This specification may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The present description may also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through communications networks. In a distributed computing environment, program modules may be located in both local and remote computer storage media including storage devices.

Each embodiment in this specification is described in a progressive manner. The same and similar parts between the various embodiments can be referred to each other. Each embodiment focuses on its differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple. For relevant details, please refer to the partial description of the method embodiment.

The above descriptions are only examples of this specification and are not intended to limit this specification. Various modifications and changes may occur to this description to those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of this specification shall be included in the scope of the claims of this specification.

Claims (12)

1. A remote control system, the system comprising: the remote desktop management system comprises a remote desktop management platform, user equipment, a target server and an intermediate server;

the user equipment is used for responding to the input of a user, generating a password acquisition request and sending the password acquisition request to the remote desktop management platform; receiving a password corresponding to the target server sent by the remote desktop management platform, and displaying the password corresponding to the target server in a user interface; when receiving a password corresponding to the target server input by the user through remote software installed by the user equipment, generating a password analysis request, and sending the password analysis request to the remote desktop management platform; receiving an encryption identifier returned by the remote desktop management platform, and sending the encryption identifier and a password corresponding to the target server to the intermediate server; when a remote connection is established with the target server, remotely controlling the target server through the intermediate server;

the remote desktop management platform is used for receiving the password acquisition request sent by the user equipment, and calling a permission management unit of the remote desktop management platform to generate a password corresponding to the target server; transmitting the password corresponding to the target server to the user equipment; receiving a password analysis request sent by the user equipment, determining the identification of remote software installed on a target server according to the password carried in the password analysis request, and encrypting the identification of the remote software installed on the target server to obtain an encrypted identification; returning the encryption identification to the user equipment; receiving a password verification request sent by the target server, analyzing the password verification request to obtain a password of the target server, calling the authority management unit to verify whether the password of the target server is valid, generating a password valid message when the password is valid, and sending the password valid message to the target server;

The intermediate server is used for receiving the encryption identifier sent by the user equipment and the password corresponding to the target server, determining the target server according to the encryption identifier and forwarding the password corresponding to the target server;

the target server is used for receiving the password corresponding to the target server sent by the intermediate server, generating a password verification request according to the password corresponding to the target server, and sending the password verification request to the remote desktop management platform; and when receiving the password valid message returned by the remote desktop management platform, establishing remote connection with the user equipment through the intermediate server.

2. The system of claim 1, wherein the user device is further configured to generate a first configuration acquisition request and send the first configuration acquisition request to a remote desktop management platform when remote software installed by the user device is started; receiving target configuration information of an intermediate server sent by the remote desktop management platform; determining an intermediate server adopted in remote control according to the target configuration information, taking the identification of the user equipment and the identification of remote software installed by the user equipment as first registration information, and sending the first registration information to the intermediate server;

The remote desktop management platform is further used for responding to a first configuration acquisition request sent by the user equipment, determining target configuration information of an intermediate server from a configuration management unit of the remote desktop management platform, and returning the target configuration information of the intermediate server to the user equipment;

the intermediate server is further configured to receive first registration information sent by the user equipment, and store the first registration information in a local storage.

3. The system of claim 1, wherein the target server is further configured to pre-generate a second configuration acquisition request and send the second configuration acquisition request to a remote desktop management platform; receiving target configuration information of an intermediate server sent by the remote desktop management platform; determining an intermediate server adopted when the target server is remotely controlled according to the target configuration information, taking the identification of the target server and the identification of remote software installed by the target server as second registration information, and sending the second registration information to the intermediate server;

the remote desktop management platform is further used for responding to a second configuration acquisition request sent by the target server, determining target configuration information of an intermediate server from a configuration management unit of the remote desktop management platform, and returning the target configuration information of the intermediate server to the target server;

The intermediate server is further configured to receive second registration information sent by the target server, and store the second registration information in a local storage.

4. The system of claim 1, wherein the remote desktop management platform is specifically configured to obtain user information from the password obtaining request, and obtain an identifier of the target server and an identifier of remote software installed by the target server from a cache of the remote desktop management platform; taking the user information, the identification of the target server and the identification of remote software installed by the target server as target fields, and generating a character string corresponding to the target fields as a password of the target server; taking the character string corresponding to the target field as a key, taking the target field as a value, and storing the target field and the character string corresponding to the target field into a cache of the remote desktop management platform in a key value pair mode; determining a failure condition corresponding to the password of the target server, and storing the failure condition corresponding to the password of the target server into the cache; and deleting the target field and the character string corresponding to the target field from the cache when the failure condition is met.

5. The system of claim 4, wherein the password verification request is generated by the target server from a password corresponding to the target server and information of the target server, the information of the target server including at least one of an identification of the target server and an identification of remote software installed by the target server;

the remote desktop management platform is specifically configured to read whether a value corresponding to the password of the target server exists in the cache by using the password of the target server as a key, and if not, determine that the password of the target server is invalid; if yes, analyzing the value corresponding to the password of the target server read from the cache to obtain a target field, analyzing the password verification request to obtain a field to be verified, judging whether the target field is matched with the field to be verified, if yes, determining that the password of the target server is effective, and if not, determining that the password of the target server is ineffective.

6. The system of claim 1, wherein the user device is further configured to pre-present a user interface on which a rights application control corresponding to the target server is presented; responding to the operation input by a user through a permission application control corresponding to the target server, generating a control permission acquisition request corresponding to the target server, and sending the control permission acquisition request to the remote desktop management platform;

The remote desktop management platform is further configured to receive the control permission acquisition request, invoke the permission management unit to audit the user, generate a resource allocation message after the audit passes, send the resource allocation message to the resource management unit by the permission management unit, allocate the control permission of the target server to the user equipment when the resource management unit receives the resource allocation message, and store the identifier of the user equipment and the control permission of the target server in a resource allocation table of the remote desktop management platform.

7. A remote control method, wherein the method is applied to a remote desktop management platform, the method comprising:

receiving a password acquisition request sent by user equipment, and calling a permission management unit of the remote desktop management platform to generate a password corresponding to a target server; wherein the password acquisition request is generated and transmitted by the user device in response to user input;

transmitting the password corresponding to the target server to the user equipment so that the user equipment displays the password corresponding to the target server in a user interface, generating a password analysis request when receiving the password corresponding to the target server input by the user through remote software installed by the user equipment, and transmitting the password analysis request;

Receiving a password analysis request sent by the user equipment, determining the identification of remote software installed on a target server according to the password carried in the password analysis request, and encrypting the identification of the remote software installed on the target server to obtain an encrypted identification;

returning the encryption identification to the user equipment, so that the user equipment sends the encryption identification and the password corresponding to the target server to an intermediate server, so that the intermediate server determines the target server according to the encryption identification, forwards the password corresponding to the target server, and enables the target server to generate a password verification request according to the password corresponding to the target server and send the password verification request;

receiving a password verification request sent by the target server, analyzing the password verification request to obtain a password of the target server, calling the authority management unit to verify whether the password of the target server is valid, generating a password valid message when the password is valid, and sending the password valid message to the target server so that the target server and the user equipment are remotely connected through the intermediate server, and the user equipment remotely controls the target server through the intermediate server.

8. A remote control method, wherein the method is applied to a user equipment, the method comprising:

responding to the input of a user, generating a password acquisition request, and sending the password acquisition request to a remote desktop management platform so that the remote desktop management platform calls a permission management unit to generate a password corresponding to a target server and returns the password;

receiving a password corresponding to a target server sent by the remote desktop management platform, and displaying the password corresponding to the target server in a user interface;

when receiving a password corresponding to the target server input by the user through remote software installed by the user equipment, generating a password analysis request, and sending the password analysis request to the remote desktop management platform, so that the remote desktop management platform determines the identification of the remote software installed by the target server according to the password carried in the password analysis request, encrypts the identification of the remote software installed on the target server to obtain an encrypted identification, and returns the encrypted identification;

receiving an encryption identifier returned by the remote desktop management platform, sending the encryption identifier and a password corresponding to the target server to an intermediate server, enabling the intermediate server to determine the target server according to the encryption identifier, forwarding the password corresponding to the target server, enabling the target server to generate a password verification request according to the password corresponding to the target server, sending the password verification request to the remote desktop management platform, analyzing the password verification request to obtain the password of the target server when the remote desktop management platform receives the password verification request, calling the authority management unit to verify whether the password of the target server is valid, generating a password valid message when the password verification request is valid, sending the password valid message to the target server, and establishing remote connection with the user equipment through the intermediate server when the target server receives the password valid message returned by the remote desktop management platform;

When a remote connection is established with the target server, the target server is remotely controlled through the intermediate server.

9. A remote control device for use with a remote desktop management platform, the device comprising:

the password generation module is used for receiving a password acquisition request sent by the user equipment and calling a permission management unit of the remote desktop management platform to generate a password corresponding to the target server; wherein the password acquisition request is generated and transmitted by the user device in response to user input;

the password sending module is used for sending the password corresponding to the target server to the user equipment so that the user equipment displays the password corresponding to the target server in a user interface, and generates a password analysis request and sends the password analysis request when receiving the password corresponding to the target server which is input by the user through remote software installed by the user equipment;

the encryption identification determining module is used for receiving a password analysis request sent by the user equipment, determining the identification of remote software installed on a target server according to the password carried in the password analysis request, and encrypting the identification of the remote software installed on the target server to obtain an encryption identification;

The encryption identification sending module is used for returning the encryption identification to the user equipment so that the user equipment sends the encryption identification and the password corresponding to the target server to the intermediate server, so that the intermediate server determines the target server according to the encryption identification, forwards the password corresponding to the target server, and enables the target server to generate a password verification request according to the password corresponding to the target server and send the password verification request;

the password verification module is used for receiving a password verification request sent by the target server, analyzing the password verification request to obtain a password of the target server, calling the right management unit to verify whether the password of the target server is valid or not, generating a password valid message when the password is valid, and sending the password valid message to the target server so that the target server can establish remote connection with the user equipment through the intermediate server, and the user equipment can remotely control the target server through the intermediate server.

10. A remote control apparatus, the apparatus being applied to a user equipment, the apparatus comprising:

The password acquisition request sending module is used for responding to the input of a user, generating a password acquisition request and sending the password acquisition request to the remote desktop management platform so that the remote desktop management platform calls the permission management unit to generate a password corresponding to the target server and returns the password;

the password receiving module is used for receiving the password corresponding to the target server sent by the remote desktop management platform and displaying the password corresponding to the target server in a user interface;

the password analysis request generation module is used for generating a password analysis request when receiving a password corresponding to the target server, which is input by the user through the remote software installed by the user equipment, and sending the password analysis request to the remote desktop management platform, so that the remote desktop management platform determines the identification of the remote software installed by the target server according to the password carried in the password analysis request, encrypts the identification of the remote software installed on the target server to obtain an encrypted identification, and returns the encrypted identification;

the system comprises a remote desktop management platform, an encryption identification receiving module, a permission management unit and a user equipment, wherein the remote desktop management platform is used for receiving an encryption identification returned by the remote desktop management platform, sending the encryption identification and a password corresponding to a target server to an intermediate server, enabling the intermediate server to determine the target server according to the encryption identification, and forwarding the password corresponding to the target server, so that the target server generates a password verification request according to the password corresponding to the target server, and sends the password verification request to the remote desktop management platform;

And the remote control module is used for remotely controlling the target server through the intermediate server when the remote connection is established with the target server.

11. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method of any of the preceding claims 7 or 8.

12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of the preceding claims 7 or 8 when executing the program.