Operation execution method and electronic device

By establishing a communication channel with the environment within electronic devices to obtain tokens and perform local verification, the problem of restricted access to electronic devices is solved, enabling fast and secure permission recovery and improving user experience and operational efficiency.

CN122293418APending Publication Date: 2026-06-26LENOVO (BEIJING) LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
LENOVO (BEIJING) LTD
Filing Date
2026-04-29
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Electronic devices may enter a restricted access state during use and maintenance due to human error, security policies, or system protection mechanisms. This requires external network connections and supplier assistance, resulting in long processing times, high manpower costs, and a poor user experience.

Method used

By establishing a communication channel with the same target environment in the electronic device, a token based on the device's unique identifier is obtained, and verification data and operation information are generated. The token is then verified and executed locally, including through physical interfaces and wireless connections. Combined with control programs that utilize non-volatile storage and an independent operating system, this ensures the recovery of permissions in an offline environment.

Benefits of technology

It enables the rapid and secure restoration of device permissions without the need for an external network connection, reducing system downtime and maintenance time, improving user experience and operational efficiency, and ensuring the security and compliance of operations.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122293418A_ABST
    Figure CN122293418A_ABST
Patent Text Reader

Abstract

This disclosure provides an operation execution method applied to a first device, comprising: in response to a restriction on the first device's access to a target server, establishing a target communication channel with a second device; the target communication channel characterizing a communication channel established when the first device and the second device are in the same target environment; obtaining a target token from the second device based on the target communication channel, the target token including verification data generated based on the unique identifier of the first device and operation information indicating a target operation; verifying the verification data based on the target verification information stored in the first device; and in response to successful verification, executing the target operation corresponding to the operation information to remove the restriction on the first device's access to the target server.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of information security, and more specifically, to an operation execution method and an electronic device. Background Technology

[0002] During the use and maintenance of electronic devices, access restrictions often arise due to human error, security policies, identity verification, or system protection mechanisms. This typically requires an external network connection, online authorization after verification by the supplier, or assistance from supplier personnel, which is time-consuming, resource-intensive, and results in a poor user experience. Summary of the Invention

[0003] In view of this, the present disclosure provides an operation execution method and an electronic device.

[0004] One aspect of this disclosure provides an operation execution method applied to a first device, comprising: in response to a restriction on the first device's access to a target server, establishing a target communication channel with a second device; the target communication channel characterizing a communication channel established when the first device and the second device are in the same target environment; obtaining a target token from the second device based on the target communication channel, the target token including verification data generated based on the unique identifier of the first device and operation information indicating a target operation; verifying the verification data based on the target verification information stored in the first device; and in response to successful verification, executing the target operation corresponding to the operation information to remove the restriction on the first device's access to the target server.

[0005] According to embodiments of this disclosure, verifying verification data includes: verifying the verification data based on target verification information stored at a target location; wherein the target storage location is a non-volatile storage location in a first device.

[0006] According to an embodiment of this disclosure, the first device includes a target device having a control program independent of the operating system of the first device, which verifies verification data, including: verifying the verification data based on target verification information stored in the target device of the first device; the method further includes: sending a verification pass instruction to a target server; and executing a target operation corresponding to the operation information, including: in response to receiving a feedback instruction from the target server for the verification pass instruction, executing the target operation corresponding to the operation information.

[0007] According to an embodiment of this disclosure, establishing a target communication channel with a second device includes: establishing a first communication channel with the second device based on a first method, wherein the first method represents establishing a communication channel through a physical data line based on a first physical interface configured on the first device and a second physical interface configured on the second device.

[0008] According to embodiments of this disclosure, establishing a target communication channel with a second device includes: establishing a second communication channel with the second device based on a second method, wherein the second method represents a communication channel established via wireless connection based on a first wireless communication interface configured on a first device and a second wireless communication interface configured on a second device, when the second wireless communication interface is within the wireless signal coverage range of the first wireless communication interface.

[0009] According to embodiments of this disclosure, the first device is supplied by the target supplier, and the target token is a unique token generated by the target supplier based on the device unique identifier of the first device, or the target token is a unique token generated based on the device unique identifier of the first device after authorization by the target supplier.

[0010] According to embodiments of this disclosure, the target token further includes an expiration time. Verifying the verification data includes: in response to the current time not exceeding the expiration time, verifying the target token based on the target verification information stored in the first device; and in response to the current time exceeding the expiration time, failing the verification.

[0011] According to embodiments of this disclosure, the target token further includes a token ID and a target usage count. Verifying the verification data includes: determining the number of times the target token has been used based on the token ID; and verifying the verification data based on the target verification information stored in the first device in response to the number of times the token has been used being less than the target usage count. The method further includes: recording the number of times the target token has been used in response to the verification being successful.

[0012] According to embodiments of this disclosure, the operation execution further includes: recording usage information of the target token, the usage information including at least one of the following: the number of times the target token is used, the time when the target token is used, the verification result of the target token, the execution status of the target operation, and the device identifier of the second device providing the target token; and sending the usage information to the target server in response to the first device establishing a connection with the target server.

[0013] Another aspect of this disclosure provides an operation execution apparatus, comprising: a channel establishment module, configured to establish a target communication channel with a second device in response to a first device being restricted from accessing a target server; the target communication channel characterizing a communication channel established when the first device and the second device are in the same target environment; a token acquisition module, configured to acquire a target token from the second device based on the target communication channel, the target token including verification data generated based on the unique identifier of the first device and operation information indicating a target operation; a verification module, configured to verify the verification data based on target verification information stored in the first device; and an execution module, configured to execute the target operation corresponding to the operation information in response to successful verification, thereby removing the restriction on the first device's access to the target server.

[0014] Another aspect of this disclosure provides an electronic device, including: at least one processor; and a memory connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the following operations: in response to a first device being restricted from accessing a target server, establishing a target communication channel with a second device; the target communication channel characterizing a communication channel established when the first device and the second device are in the same target environment; obtaining a target token from the second device based on the target communication channel, the target token including verification data generated based on the device unique identifier of the first device and operation information indicating a target operation; verifying the verification data based on the target verification information stored in the first device; and in response to successful verification, executing the target operation corresponding to the operation information to remove the restriction on the first device's access to the target server.

[0015] Another aspect of this disclosure provides a computer-readable storage medium storing computer instructions, wherein the computer instructions are used to cause a computer to perform an operation execution method according to any of the foregoing embodiments.

[0016] Another aspect of this disclosure provides a computer program product, including a computer program / instructions, characterized in that the computer program / instructions, when executed by a processor, implement the operation of the operation execution method of any of the foregoing embodiments. Attached Figure Description

[0017] The above and other objects, features and advantages of this disclosure will become clearer from the following description of embodiments with reference to the accompanying drawings, in which:

[0018] Figure 1 A flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0019] Figure 2 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0020] Figure 3 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0021] Figure 4 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0022] Figure 5 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0023] Figure 6 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0024] Figure 7 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0025] Figure 8 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically;

[0026] Figure 9 A block diagram schematically illustrates an operation execution apparatus according to embodiments of the present disclosure; and

[0027] Figure 10 A block diagram of an electronic device suitable for implementing the methods described above, according to embodiments of the present disclosure, is illustrated schematically. Detailed Implementation

[0028] The embodiments of the present disclosure will now be described with reference to the accompanying drawings. However, it should be understood that these descriptions are exemplary only and are not intended to limit the scope of the disclosure. In the following detailed description, numerous specific details are set forth to provide a thorough understanding of the embodiments of the present disclosure for ease of explanation. However, it will be apparent that one or more embodiments may be practiced without these specific details. Furthermore, descriptions of well-known structures and techniques are omitted in the following description to avoid unnecessarily obscuring the concepts of the present disclosure.

[0029] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit this disclosure. The terms “comprising,” “including,” etc., as used herein indicate the presence of the stated features, steps, operations, and / or components, but do not exclude the presence or addition of one or more other features, steps, operations, or components.

[0030] All terms used herein (including technical and scientific terms) have the meanings commonly understood by those skilled in the art, unless otherwise defined. It should be noted that the terms used herein are to be interpreted in a manner consistent with the context of this specification, and not in an idealized or overly rigid way.

[0031] When using expressions such as "at least one of A, B and C", they should generally be interpreted in accordance with the meaning that is commonly understood by those skilled in the art (e.g., "a system having at least one of A, B and C" should include, but is not limited to, a system having A alone, a system having B alone, a system having C alone, a system having A and B, a system having A and C, a system having B and C, and / or a system having A, B and C, etc.).

[0032] In the embodiments disclosed herein, the collection, updating, analysis, processing, use, transmission, provision, disclosure, and storage of data (e.g., including but not limited to user personal information) comply with relevant laws and regulations, are used for legitimate purposes, and do not violate public order and good morals. In particular, necessary measures have been taken to prevent unauthorized access to user personal information data and to safeguard user personal information security, network security, and national security.

[0033] Embodiments of this disclosure provide an operation execution method applied to a first device, comprising: in response to a restriction on the first device's access to a target server, establishing a target communication channel with a second device; the target communication channel characterizing a communication channel established when the first device and the second device are in the same target environment; obtaining a target token from the second device based on the target communication channel, the target token including verification data generated based on the unique device identifier of the first device and operation information indicating a target operation; verifying the verification data based on the target verification information stored in the first device; and in response to successful verification, executing the target operation corresponding to the operation information to remove the restriction on the first device's access to the target server.

[0034] Figure 1 A flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0035] like Figure 1 As shown, the operation execution method may include at least operations S110 to S140.

[0036] In operation S110, in response to the first device's restricted access to the target server, a target communication channel is established with the second device. The target communication channel represents a communication channel established when the first and second devices are in the same target environment. The first device can be a logical unit or hardware entity with management, monitoring, or low-level control functions, typically existing as an auxiliary processor or management controller of the target server. Restricted access encompasses states where management privileges are unavailable due to lost authentication credentials, system lockout caused by triggering security defense mechanisms, or the inactivation of specific privileged functions. The target communication channel has physical proximity or exclusivity within a specific environment to ensure that the initiator of the operation has the possibility of physical contact with the first device. The process of establishing this channel can be accomplished by identifying level changes in a specific physical interface or by establishing a wireless connection within a limited wireless signal coverage area.

[0037] For example, the first device establishes serial communication with the mobile terminal by detecting insertion events at the physical maintenance port, or pairs with the second device within a centimeter range via a near-field communication protocol.

[0038] During the establishment of the target communication channel, the first device can also detect the access characteristic parameters of the physical interface. These parameters include the duration of the physical connection or the level transition sequence of a specific pin. The first device only opens the token acquisition interface when it detects a physical access signal that meets the preset operation and maintenance characteristics (such as the physical link remaining stable for more than a preset duration, or the detection of a specific combination of analog signal pulses).

[0039] For example, after the second device is connected to the physical port, the operator must simultaneously press the physical confirmation button on the panel of the first device. This dual physical factor access mechanism of "physical link + manual confirmation" can effectively intercept illegal probe behavior that uses automated scripts to perform blind insertion scanning.

[0040] In operation S120, a target token is obtained from the second device via the target communication channel. The target token includes verification data generated based on the unique device identifier of the first device, and operation information indicating the target operation. The target token is an encrypted data packet generated by the authorizing end based on the hardware identity information of the first device. The verification data it contains is globally unique and deeply bound to the physical identity of the first device. The unique device identifier can be a unique identification code embedded in an integrated circuit or feature information generated based on hardware characteristics, or a composite fingerprint generated by multiple underlying hardware physical attributes collected by the first device. These attributes include, but are not limited to: the inherent media access control address of the board management controller, the processor's unique serial number, and the factory physical ID of the non-volatile memory. The operation information specifies the specific logical action or configuration modification instruction that the first device is authorized to execute. For example, the first device reads a binary file containing a token sequence from the second device accessed via a universal serial bus, or receives a token-encoded string transmitted by the second device via a serial port session.

[0041] When generating a verification request, the first device reads these physical parameters in real time and generates a composite fingerprint using a preset algorithm. For example, if the target token is generated based on a unique media access control address and motherboard ID, the first device will rescan the hardware bus to obtain the current physical parameters and recalculate the fingerprint during verification. This ensures that the token is deeply coupled with a specific hardware board within a specific physical rack. Even if the user migrates the chip storing the verification information to another server of the same model, verification will fail due to physical attribute mismatch.

[0042] In operation S130, the verification data is verified based on the target verification information stored in the first device. The target verification information is a verification benchmark pre-set in a protected storage medium during the factory configuration or security initialization phase of the first device, used to determine the authenticity and legitimacy of the target token in offline mode. The verification process is completed independently by the first device using its internal computing resources, without generating real-time requests to the external network. For example, the first device uses a pre-stored asymmetric key to verify the signature of the verification data and compares whether the machine identifier carried in the token matches the physical serial number embedded in the device.

[0043] In operation S140, in response to successful verification, the target operation corresponding to the operation information is executed to remove the restriction on the first device's access to the target server. The target operation is an intervention action targeting the underlying management policy of the target server, which changes the access status of the target server from restricted to available by resetting security parameters, clearing access barriers, or updating the permission list. For example, the first device sends a password reset command to the target server via the control bus, or injects an unlocking key into the storage control unit to unlock the self-encrypting hard drive.

[0044] According to embodiments of this disclosure, by pre-setting verification information within the first device and obtaining a token through a communication channel bound to the physical environment, localized and offline recovery is achieved after server access is restricted. Since both verification and execution processes are completed locally in a closed loop, no supplier intervention is required, significantly reducing system downtime and maintenance time costs. Simultaneously, the hardware binding mechanism between the token and the device's unique identifier, combined with physical contact requirements, ensures the security and compliance of high-privilege operations, optimizing the user experience while reducing operational resource consumption.

[0045] In another embodiment, after operation S120, a string of challenge data containing a random number or a monotonically increasing counter is first generated and sent to the second device through the target communication channel. The second device uses this challenge data as one of the input parameters, combined with its unique device identifier, to request a target token from the target supplier. Correspondingly, in operation S130, the first device not only verifies the legality of the token but also checks whether the challenge data embedded in the token matches the challenge data just generated locally. For example, the first device uses a locally generated 128-bit random number as a "freshness" credential. Only when the returned token contains the random number signed by the supplier is the token considered an immediate response to the current recovery request, thereby completely eliminating the risk of unauthorized access by recording and replaying historical valid communication packets at the protocol layer.

[0046] Figure 2 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0047] like Figure 2As shown, based on the aforementioned embodiments, operation S130 may include operation S210.

[0048] In operation S210, the verification data is verified based on the target verification information stored at the target location. The target storage location is a non-volatile storage location within the first device. The target location can be a hardware area within the first device with persistent storage capabilities, ensuring that the preset verification criteria maintain integrity and availability even after the first device loses power or restarts. The non-volatile storage location can be a storage chip integrated within the first device, a specific physical partition within a storage module, or a hardware-protected secure storage unit.

[0049] The verification process reads pre-stored root trust data or verification parameters from the aforementioned non-volatile storage location and compares them with the token content acquired in real time, thereby completing the legitimacy determination in an environment without an external network connection. For example, the first device reads the pre-stored authorization public key from the internally integrated electrically erasable programmable read-only memory, or extracts a pre-set verification digest from the non-volatile register of the trusted platform module.

[0050] According to embodiments of this disclosure, by permanently storing the target verification information in a non-volatile storage location of the first device, the persistence and stability of the verification basis are ensured. This storage mechanism, combined with the local verification method of the first device, enables the recovery process to break free from dependence on real-time network connections and the supplier's online database, ensuring that security verification can still be completed using the information stored in the device itself in a fully offline environment, thus improving recoverability in network-free conditions.

[0051] Figure 3 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0052] like Figure 3 As shown, based on the aforementioned embodiments, the first device includes a target device, which has a control program independent of the operating system of the first device. The target device may be an auxiliary processor or management microcontroller integrated within the first device, and its operating environment is isolated from the operating environment of the operating system that carries the main business of the first device. Having a control program independent of the operating system of the first device enables the target device to independently execute hardware monitoring and configuration modification tasks even when the main system is down, locked, or not booted. In one specific implementation, the target device acts as a baseboard management controller, or exists in the form of an embedded controller, relying on independent power supply and clock domain to take over hardware security verification.

[0053] Operation S130 may include operation S310, and the operation execution method may also include S320. Operation S140 may include operation S330.

[0054] In operation S310, verification data is verified based on the target verification information stored in the target device of the first device. Verification based on the target device leverages the high privileges and security isolation characteristics of this independent hardware entity. By reading the verification credentials pre-installed in this independent control unit and matching them with the dynamically received verification data using an algorithm, the legitimacy of identity authentication and authorization status is independently confirmed. Taking digital signature verification as an example, the encryption coprocessor inside the target device calls the locally isolated public key to decrypt and compare the feature digest of the incoming data. The entire comparison process is independent of and does not affect the operation of the main processor.

[0055] In operation S310, the verification data includes not only an encrypted digest for identity verification, but also verification content such as a checksum / cyclic redundancy check code to ensure that the operation instructions are not tampered with. During the verification process, in addition to comparing the target verification information, the target device also calculates the real-time checksum of the operation information and compares it with the preset checksum in the token.

[0056] Furthermore, when the first device receives multiple valid tokens simultaneously, it can determine the unique target operation to be executed based on the priority identifier or generated serial number within the token. For example, if two tokens are received, one for "Reset BIOS Password" and the other for "Full System Recovery," the target device will prioritize parsing the recovery command with the higher priority field value, thereby avoiding logical conflicts.

[0057] When operating the S320, a verification pass command is sent to the target server. Based on the successful verification, a command is sent to the target server to notify it that the restricted entity has now completed security verification in the out-of-band environment, triggering the target server's underlying firmware to prepare for receiving permission configuration or state reset.

[0058] In operation S330, in response to receiving a feedback instruction from the target server indicating successful verification, the first device executes the target operation corresponding to the operation information. Upon receiving the feedback instruction, the first device confirms that the target server is in a state where it can receive instructions. At this point, the target operation corresponding to the operation information is executed, and by manipulating the target server's underlying registers or storage areas, permissions are restored or functions are activated. For example, after receiving a ready signal from the basic input / output system, the target device performs an operation to reset the administrator password or to unlock the self-encrypting hard drive.

[0059] According to embodiments of this disclosure, verification is performed locally on a target device with an independent control program, ensuring that the recovery operation can still be completed independently and securely even when access to the target server is restricted or the main system cannot be started. This hardware-level isolation mechanism, combined with bidirectional confirmation logic between the first device and the target server, ensures that the recovery action is accurately applied to the underlying hardware while avoiding the impact of main system security vulnerabilities on the verification process. This improves the reliability of the entire repair process while ensuring offline recovery efficiency.

[0060] Figure 4 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0061] like Figure 4 As shown, based on the foregoing embodiments, operation S110 may include operation S410.

[0062] In operation S410, a first communication channel is established with the second device based on a first method. The first method represents establishing a communication channel via a physical data line based on a first physical interface configured on the first device and a second physical interface configured on the second device. The first method establishes a point-to-point communication path between the first and second devices through a physical transmission medium. This method presupposes that the first device has a specific physical communication interface, and that this interface is physically connected to the physical interface of the second device via a data line conforming to a communication protocol. This connection method establishes a physical near-field access relationship between the second device and the first device; the initiator of the operation must physically contact the first device to complete the token transmission. The first and second physical interfaces can be universal serial bus interfaces, asynchronous serial communication interfaces, or debugging interfaces located on the front panel, back, or internal maintenance area of ​​the server. For example, a mobile terminal can be connected to the USB service port of the first device via a USB data cable; or a physical port of a laptop can be connected to the console port of the first device via a dedicated debugging serial cable to establish a data transmission link.

[0063] According to embodiments of this disclosure, a communication channel established via a physical data cable strongly binds token transmission to physical contact with the device. Since establishing the physical link requires the operator to be physically present at the device, this method physically eliminates the possibility of unauthorized remote access to the token, ensuring that recovery operations can only be performed when authorized personnel physically access the device, significantly improving the security level for server-side permission recovery.

[0064] Figure 5 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0065] like Figure 5As shown, based on the aforementioned embodiments, operation S110 may include operation S510.

[0066] In operation S510, a second communication channel is established with a second device based on a second method. The second method represents a communication channel established wirelessly when the second wireless communication interface is within the wireless signal coverage range of the first wireless communication interface, based on a first wireless communication interface configured on the first device and a second wireless communication interface configured on the second device. The second method establishes a non-physical contact, short-range communication link between the first and second devices using spatial electromagnetic wave signals. This method relies on the premise that the first wireless communication interface is configured to have a limited signal coverage radius, requiring the second device to be within a specific physical space surrounding the first device. This connection method utilizes the limited signal coverage radius to achieve convenient transmission of token data while ensuring the near-field presence of the operator.

[0067] The first wireless communication interface can be a wireless module that supports short-range personal area network protocols, or an interface that supports magnetic field induction communication. For example, the first device establishes a wireless connection with a mobile terminal in the same computer room via a Bluetooth module; or the first device uses a near field communication (NFC) antenna to identify and read token data from a second device that is attached to it.

[0068] According to embodiments of this disclosure, a communication channel is established using a wireless connection within a limited signal coverage area, improving the flexibility of token transmission while ensuring the operator's physical proximity. Since physical cable plugging and unplugging is eliminated, and operators can quickly issue tokens via portable mobile devices, operational efficiency in complex data center environments is improved. Because the first wireless communication interface is configured with a limited signal coverage radius, requiring the operator to be physically present at the device, the security level for server access control restoration is enhanced.

[0069] Based on the foregoing embodiments, the first device is supplied by the target supplier, and the target token is a unique token generated by the target supplier based on the unique device identifier of the first device, or, the target token is a unique token generated based on the unique device identifier of the first device after authorization by the target supplier. The target supplier can be the original equipment manufacturer (OEM) of the first device, a supplier, or a service platform with authorized qualifications. The unique token represents a one-to-one exclusive mapping relationship between the token and a specific first device, and cannot be verified on non-target devices. By limiting the source of the target token's generation to the target supplier or its authorized entity, the authority and unforgeability of the recovery credential generation are ensured.

[0070] The generation process of the target token is based on the hardware root information recorded in the supplier's database when the first device leaves the factory, and is signed using a specific encryption algorithm. For example, a user applies for a recovery certificate through the online support portal provided by the supplier, and the supplier's backend retrieves the encryption root key corresponding to the server serial number and generates a digital token that can only run on the server with that serial number; or, the supplier's authorized enterprise private management platform calls a certified application programming interface to generate a one-time recovery instruction package for a restricted device with a specific identifier.

[0071] According to embodiments of this disclosure, by limiting the generation of tokens by the target supplier based on the device's unique identifier, a trust chain is constructed from the supply source to the execution terminal, preventing the risk of abuse of generic recovery credentials and ensuring that each token is customized for a specific hardware instance. Simultaneously, since the authority to generate tokens is controlled by the supplier or its authorized party, even in the event of device loss or unauthorized physical access, unauthorized third parties cannot forge valid tokens, enhancing the rigor and security of the server's underlying permission recovery process.

[0072] Figure 6 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0073] like Figure 6 As shown, based on the aforementioned embodiments, the target token also includes an expiration time, and operation S130 may include operations S610 to S620.

[0074] In operation S610, in response to the current time not exceeding the expiration time, the target token is verified based on the target verification information stored in the first device. The expiration time can be a time parameter encapsulated within the target token, defining the final deadline for the token to perform verification. The current time can be provided by the system clock of the first device or the system clock of the target server. Specifically, the first device can independently identify its validity when parsing the token, or it can include the time parameter when sending the instruction to the target server and have the target server independently verify whether the operation occurred within the authorized time window, or the first device and the target server can perform dual verification.

[0075] When operating the S620, the verification failed because the current time has exceeded the expiration time.

[0076] When executing a branch decision, if the current time point is before the expiration time, the time verification is passed and the process enters the substantive verification stage of the verification data; if the current time point has passed the expiration time, the branch that fails the verification is triggered directly, terminating all subsequent operations involving permission restoration.

[0077] For example, after receiving the token, the first device determines the validity period by comparing the expiration time in the token with its local real-time clock. If the token has not expired, the verification continues. Alternatively, the first device may attach the expiration time when sending the instruction, which the target server receives and uses its own hardware clock for unilateral verification. Or, the first device may send an instruction after verifying that the token has not expired locally, and the target server may receive the instruction and compare it with its local clock again, forming a dual verification combining both ends.

[0078] According to embodiments of this disclosure, by introducing an expiration time into the target token and verifying it on the first device and / or the target server, it is ensured that any expired token cannot trigger underlying privileged operations. This eliminates the risk of tokens being retained for a long time and abused a second time, while flexibly accommodating single-end or dual-end time determination requirements. It also establishes a rigorous and customizable time limit in an offline environment, effectively ensuring the security of the system recovery process.

[0079] Figure 7 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0080] like Figure 7 As shown, based on the aforementioned embodiments, the target token also includes a token ID and a target number of uses. Operation S130 may include operations S710~S720, and the method also includes operation S730.

[0081] When operating the S710, the number of times a target token has been used is determined based on the token ID. The token ID is a unique identifier used to distinguish different target tokens. The target usage count is the maximum amount of time a target token is allowed to pass verification and execute the target operation. The number of times it has been used is the number of historical successful executions corresponding to a specific token ID recorded locally on the first device.

[0082] In operation S720, in response to the fact that the number of times it is used is less than the target number of times it is used, the verification data is verified based on the target verification information stored in the first device.

[0083] When operating the S730, in response to successful verification, the number of times the target token has been used is recorded.

[0084] During the verification process, the first device extracts the token ID from the target token and retrieves the usage count record corresponding to that token ID from its local storage (such as non-volatile memory). If the usage count is less than the set target usage count, it means that the token has not exceeded its usage limit, and the process continues to the substantive verification data verification stage; if the usage count is equal to or greater than the target usage count, verification is directly rejected. Once the verification data verification is successful, the first device updates and records the usage count corresponding to the token ID, thus completing the counting loop.

[0085] For example, the target token contains a token ID "A1B2" and a target usage count of "3 times". The first device reads the token and queries its local records, determining that "A1B2" has been used "1 time". Since 1 time is less than 3 times, the first device continues to verify the data. After successful verification, the first device updates the usage count of "A1B2" in its local records to "2 times". Alternatively, for a one-time use scenario, the target token has a target usage count of "1 time". If the first device finds that the token ID has been used "0 times" (or there is no record of this token ID locally), it allows the verification process to begin. After successful verification, the first device records the token ID's usage count as "1 time", preventing the token from passing verification again.

[0086] According to embodiments of this disclosure, by introducing a token ID and a target usage count into the target token, and in conjunction with local read and record operations on the first device, precise control over the usage limit of offline tokens is achieved. This allows the system to flexibly configure one-time tokens or limited-use tokens according to operational needs, effectively preventing the replay risk of intercepting historically valid tokens for repeated verification. Without relying on external network records, the device's local counter can prevent the unlimited reuse of tokens, further enhancing the security of the local offline recovery mechanism.

[0087] Figure 8 Another flowchart illustrating an operation execution method according to an embodiment of the present disclosure is shown schematically.

[0088] like Figure 8 As shown, based on the foregoing embodiments, the operation execution method may include operations S810 to S820.

[0089] In operation S810, the usage information of the target token is recorded. The usage information includes at least one of the following: the number of times the target token is used, the time when the target token is used, the verification result of the target token, the execution status of the target operation, and the device identifier of the second device that provided the target token.

[0090] The recording process is triggered synchronously at each key node of the operation execution. Regardless of whether the verification passes or the target operation is successfully executed, the corresponding status parameters, time parameters, and associated external device identifiers are stored together. For example, the first device will encapsulate and store the read mobile device ID, the successful verification status code, and the feedback of the successful execution of the password reset command in the local audit log partition; or, it will record the record of a token ID failing verification at a specific time and mark the reason for failure as "expired" or "exceeded limit".

[0091] In operation S820, in response to the establishment of a connection between the first device and the target server, usage information is sent to the target server. Sending usage information to the target server occurs after the communication link between the first device and the target server is restored or a logical connection is established. The first device may actively or passively synchronize the usage information accumulated during offline time to the target server or forward it to the management terminal through the target server. For example, after the first device completes the target operation and removes access restrictions, it uploads the offline logs to the server's operating system log management component via the internal bus; or, when the network connection is restored, the first device packages the stored usage records and sends them to the remote supply-side management platform through the target server.

[0092] According to the embodiments of this disclosure, by comprehensively recording the usage process of the target token and transmitting it back over the network, the problem of unmonitored operation and maintenance during offline operation and maintenance is effectively solved. This not only provides authentic and detailed original evidence for subsequent fault tracing and compliance review, but also ensures that the management end can perceive the physical contact behavior of the device through the information recording after networking, preventing unauthorized operations on the server's underlying layer and significantly improving the rigor of the device's full life cycle management.

[0093] According to embodiments of this disclosure, the operation execution method may further include: in response to verification failure, recording the number of consecutive failures; and adjusting the response delay time for the next verification based on the number of failures. Specifically, when the number of verification failures exceeds a preset threshold, the first device will enter a locked state and refuse to process any new token access requests for a preset penalty time. For example, if three consecutive token verifications fail, the first device will lock the communication interface for 5 minutes. If further attempts fail, the penalty time will increase exponentially to provide the first device with proactive defense capabilities in a fully offline environment, effectively blocking attempts to brute-force attacks using forged token sequences and ensuring the robustness of the underlying verification logic.

[0094] Figure 9 A block diagram of an operation execution apparatus according to an embodiment of the present disclosure is shown schematically.

[0095] like Figure 9 As shown, the operation execution device 900 may include a channel establishment module 910, a token acquisition module 920, a verification module 930, and an execution module 950.

[0096] The channel establishment module 910 is used to establish a target communication channel with the second device in response to the first device's restricted access to the target server; the target communication channel represents a communication channel established when the first device and the second device are in the same target environment. In some embodiments, the channel establishment module 910 can be used to perform operation S110 in the above-described operation execution method, which will not be elaborated here.

[0097] The token acquisition module 920 is used to acquire a target token from the second device based on the target communication channel. The target token includes verification data generated based on the unique device identifier of the first device, and operation information indicating the target operation. In some embodiments, the token acquisition module 920 can be used to perform operation S120 in the above-described operation execution method, which will not be elaborated here.

[0098] The verification module 930 is used to verify the verification data based on the target verification information stored in the first device. In some embodiments, the verification module 930 can be used to perform operation S130 in the above operation execution method, which will not be described in detail here.

[0099] The execution module 940 is used to execute the target operation corresponding to the operation information in response to successful verification, so as to remove the restriction on the first device accessing the target server. In some embodiments, the execution module 940 can be used to execute operation S140 in the above operation execution method, which will not be described in detail here.

[0100] Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure, or at least part of the functions of any one or more of them, can be implemented in one module. Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be implemented by dividing them into multiple modules. Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be at least partially implemented as hardware circuitry, such as a Field-Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a System-on-Chip, a System-on-a-Substrate, a System-on-Package, an Application-Specific Integrated Circuit (ASIC), or implemented in hardware or firmware by any other reasonable means of integrating or packaging circuitry, or implemented in software, hardware, or firmware, or in any suitable combination of any of these three implementation methods. Alternatively, one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be at least partially implemented as computer program modules, which, when run, can perform corresponding functions.

[0101] For example, any multiple of the channel establishment module 910, token acquisition module 920, verification module 930, and execution module 950 can be combined into one module / unit / subunit, or any one of these modules / units / subunits can be split into multiple modules / units / subunits. Alternatively, at least part of the functionality of one or more of these modules / units / subunits can be combined with at least part of the functionality of other modules / units / subunits and implemented in one module / unit / subunit. According to embodiments of this disclosure, at least one of the channel establishment module 910, token acquisition module 920, verification module 930, and execution module 950 can be at least partially implemented as hardware circuitry, such as a field-programmable gate array (FPGA), a programmable logic array (PLA), a system-on-a-chip, a system-on-a-substrate, a system-on-package, an application-specific integrated circuit (ASIC), or any other reasonable means of integrating or packaging the circuitry, or implemented in software, hardware, or firmware, or in any suitable combination of any of these three implementation methods. Alternatively, at least one of the channel establishment module 910, token acquisition module 920, verification module 930, and execution module 950 may be implemented at least partially as a computer program module, which can perform corresponding functions when the computer program module is run.

[0102] It should be noted that the data processing system part in the embodiments of this disclosure corresponds to the data processing method part in the embodiments of this disclosure. The specific description of the data processing system part is referred to in the data processing method part, and will not be repeated here.

[0103] Figure 10 A block diagram of an electronic device suitable for implementing the methods described above, according to embodiments of the present disclosure, is illustrated schematically. Figure 10 The electronic device shown is merely an example and should not be construed as limiting the functionality and scope of the embodiments disclosed herein.

[0104] like Figure 10 As shown, an electronic device 1000 according to an embodiment of the present disclosure includes a processor 1001, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 1002 or a program loaded from a storage portion 1008 into a random access memory (RAM) 1003. The processor 1001 may include, for example, a general-purpose microprocessor (e.g., a CPU), an instruction set processor and / or an associated chipset and / or a special-purpose microprocessor (e.g., an application-specific integrated circuit (ASIC)), etc. The processor 1001 may also include onboard memory for caching purposes. The processor 1001 may include a single processing unit or multiple processing units for performing different actions of the method flow according to an embodiment of the present disclosure.

[0105] RAM 1003 stores various programs and data required for the operation of electronic device 1000. Processor 1001, ROM 1002, and RAM 1003 are interconnected via bus 1004. Processor 1001 performs various operations of the method flow according to embodiments of the present disclosure by executing programs in ROM 1002 and / or RAM 1003. It should be noted that the programs may also be stored in one or more memories other than ROM 1002 and RAM 1003. Processor 1001 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in said one or more memories.

[0106] According to embodiments of this disclosure, the electronic device 1000 may further include an input / output (I / O) interface 1005, which is also connected to a bus 1004. The electronic device 1000 may also include one or more of the following components connected to the input / output (I / O) interface 1005: an input section 1006 including a keyboard, mouse, etc.; an output section 1007 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and a speaker, etc.; a storage section 1008 including a hard disk, etc.; and a communication section 1009 including a network interface card such as a LAN card, modem, etc. The communication section 1009 performs communication processing via a network such as the Internet. A drive 1010 is also connected to the input / output (I / O) interface 1005 as needed. A removable medium 1011, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on the drive 1010 as needed so that computer programs read from it can be installed into the storage section 1008 as needed.

[0107] According to embodiments of this disclosure, the method flow according to embodiments of this disclosure can be implemented as a computer software program. For example, embodiments of this disclosure include a computer program product comprising a computer program carried on a computer-readable storage medium, the computer program containing program code for performing the methods shown in the flowchart. In such embodiments, the computer program can be downloaded and installed from a network via communication section 1009, and / or installed from removable medium 1011. When the computer program is executed by processor 1001, it performs the functions defined in the system of embodiments of this disclosure. According to embodiments of this disclosure, the systems, devices, apparatuses, modules, units, etc., described above can be implemented by computer program modules.

[0108] This disclosure also provides a computer-readable storage medium, which may be included in the device / apparatus / system described in the above embodiments; or it may exist independently and not assembled into the device / apparatus / system. The computer-readable storage medium carries one or more programs that, when executed, implement the method according to the embodiments of this disclosure.

[0109] According to embodiments of this disclosure, the computer-readable storage medium can be a non-volatile computer-readable storage medium. Examples include, but are not limited to: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof. In this disclosure, the computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.

[0110] For example, according to embodiments of this disclosure, a computer-readable storage medium may include the ROM 1002 and / or RAM 1003 described above and / or one or more memories other than ROM 1002 and RAM 1003.

[0111] Embodiments of this disclosure also include a computer program product comprising a computer program containing program code for performing the methods provided in the embodiments of this disclosure. When the computer program product is run on an electronic device, the program code is used to enable the electronic device to implement the operation execution methods provided in the embodiments of this disclosure.

[0112] When the computer program is executed by the processor 1001, it performs the functions defined in the system / apparatus of this disclosure embodiments. According to embodiments of this disclosure, the systems, apparatuses, modules, units, etc., described above can be implemented by computer program modules.

[0113] In one embodiment, the computer program may rely on tangible storage media such as optical storage devices or magnetic storage devices. In another embodiment, the computer program may also be transmitted and distributed in the form of signals over a network medium, and downloaded and installed via communication section 1009, and / or installed from removable medium 1011. The program code contained in the computer program can be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination thereof. According to embodiments of this disclosure, program code for executing the computer programs provided in embodiments of this disclosure can be written in any combination of one or more programming languages. Specifically, these computational programs can be implemented using high-level procedural and / or object-oriented programming languages, and / or assembly / machine languages. Programming languages ​​include, but are not limited to, languages ​​such as Java, C++, Python, "C", or similar programming languages. The program code may be executed entirely on a user computing device, partially on a user device, partially on a remote computing device, or entirely on a remote computing device or server. In cases involving remote computing devices, the remote computing devices can be connected to user computing devices via any type of network, including local area networks (LANs) or wide area networks (WANs), or they can be connected to external computing devices (e.g., via the Internet using an Internet service provider).

[0114] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present disclosure. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, may be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions. Those skilled in the art will understand that the features described in the various embodiments of the present disclosure can be combined and / or combined in various ways, even if such combinations are not explicitly described in the present disclosure. In particular, the features described in the various embodiments of this disclosure may be combined and / or combined in various ways without departing from the spirit and teachings of this disclosure. All such combinations and / or combinations fall within the scope of this disclosure.

[0115] The embodiments of this disclosure have been described above. However, these embodiments are for illustrative purposes only and are not intended to limit the scope of this disclosure. Although various embodiments have been described above, this does not mean that the measures in the various embodiments cannot be used advantageously in combination. Various substitutions and modifications can be made by those skilled in the art without departing from the scope of this disclosure, and all such substitutions and modifications should fall within the scope of this disclosure.

Claims

1. An operation execution method applied to a first device, comprising: In response to the first device's restricted access to the target server, a target communication channel is established with the second device; The target communication channel represents the communication channel established when the first device and the second device are in the same target environment; A target token is obtained from a second device based on the target communication channel. The target token includes verification data generated based on the unique device identifier of the first device, and operation information indicating the target operation. The verification data is verified based on the target verification information stored in the first device; Upon successful verification, the target operation corresponding to the operation information is executed to remove the restriction on the first device's access to the target server.

2. The method according to claim 1, wherein verifying the verification data includes: The verification data is verified based on the target verification information stored at the target location; The target storage location is the non-volatile storage location in the first device.

3. The method according to claim 1, wherein the first device includes a target device, the target device having a control program independent of the operating system of the first device, and the verification of the verification data includes: The verification data is verified based on the target verification information stored in the target device of the first device. The method further includes: Send a verification pass command to the target server; The execution of the target operation corresponding to the operation information includes: In response to receiving feedback from the target server regarding the verification pass instruction, the target operation corresponding to the operation information is executed.

4. The method according to claim 1, wherein establishing a target communication channel with the second device comprises: A first communication channel is established with the second device based on a first method, wherein the first method represents establishing a communication channel through a physical data line based on a first physical interface configured on the first device and a second physical interface configured on the second device.

5. The method according to claim 1, wherein establishing a target communication channel with the second device comprises: A second communication channel is established with the second device based on a second method. The second method represents a communication channel established wirelessly when the second wireless communication interface is within the wireless signal coverage range of the first wireless communication interface, based on a first wireless communication interface configured on the first device and a second wireless communication interface configured on the second device.

6. The method according to claim 1, wherein the first device is supplied by the target supplier, and the target token is a unique token generated by the target supplier based on the device unique identifier of the first device, or the target token is a unique token generated based on the device unique identifier of the first device after authorization by the target supplier.

7. The method according to claim 1, wherein the target token further includes an expiration time. The verification of the verification data includes: In response to the fact that the current time point does not exceed the expiration time, the target token is verified based on the target verification information stored in the first device; The verification failed because the current time point has exceeded the expiration time.

8. The method according to claim 1, wherein the target token further includes a token ID and a target usage count, and the verification of the verification data includes: Based on the token ID, determine the number of times the target token has been used; In response to the fact that the number of times it has been used is less than the target number of times it has been used, the verification data is verified based on the target verification information stored in the first device; The method further includes: Upon successful verification, the number of times the target token has been used is recorded.

9. The method according to claim 1, further comprising: Record the usage information of the target token, which includes at least one of the following: the number of times the target token is used, the time when the target token is used, the verification result of the target token, the execution status of the target operation, and the device identifier of the second device that provides the target token; In response to the first device establishing a connection with the target server, the usage information is sent to the target server.

10. A first device, comprising: At least one processor; as well as The memory connected to the at least one processor; wherein, The memory stores instructions executable by the at least one processor, which, when executed, enable the at least one processor to perform at least one of the following operations: in response to a restriction on the first device's access to the target server, establish a target communication channel with a second device; the target communication channel represents a communication channel established when the first device and the second device are in the same target environment; obtain a target token from the second device based on the target communication channel, the target token including verification data generated based on the unique identifier of the first device and operation information indicating a target operation; verify the verification data based on the target verification information stored in the first device; and, in response to successful verification, execute the target operation corresponding to the operation information to remove the restriction on the first device's access to the target server.