CN117459527A - External network terminal and cloud desktop secure connection system and method based on gateway access - Google Patents
External network terminal and cloud desktop secure connection system and method based on gateway access Download PDFInfo
- Publication number
- CN117459527A CN117459527A CN202311210104.0A CN202311210104A CN117459527A CN 117459527 A CN117459527 A CN 117459527A CN 202311210104 A CN202311210104 A CN 202311210104A CN 117459527 A CN117459527 A CN 117459527A
- Authority
- CN
- China
- Prior art keywords
- gateway
- cloud desktop
- external network
- network terminal
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000011664 signaling Effects 0.000 claims abstract description 81
- 238000004891 communication Methods 0.000 claims abstract description 67
- 238000012544 monitoring process Methods 0.000 claims abstract description 33
- 238000012795 verification Methods 0.000 claims description 14
- 230000007246 mechanism Effects 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of communication, and particularly discloses a gateway access-based external network terminal and cloud desktop secure connection system, which comprises an external network terminal and a cloud desktop server which are connected through a gateway; the gateway comprises an application gateway, a signaling gateway and a media gateway, wherein the application gateway is used for forwarding and acquiring cloud desktop information, the signaling gateway is used for controlling connection and disconnection of a cloud desktop server and an external network terminal, and the media gateway is used for monitoring the cloud desktop server information; the cloud desktop server generates cloud desktop information; the invention also discloses a secure connection method of the external network terminal and the cloud desktop based on gateway access based on the system. The application gateway can safely issue the information for verifying the authentication token to the signaling gateway and the media gateway at any time when authorizing the authentication token to the terminal, and can verify the authentication token and access the cloud desktop when the authentication token is carried by the external network terminal.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a gateway access-based external network terminal and cloud desktop secure connection system and method.
Background
The external network terminal of the VDI cloud desktop needs to obtain connection information for accessing the appointed cloud desktop through the gateway connected with the cloud desktop platform. The external network terminal can normally access and use the cloud desktop by using the connection information of the cloud desktop. The gateway is generally used for safely accessing the cloud platform from the external network to acquire the cloud desktop connection information; however, after the terminals exposed on the external network acquire the connection information of the cloud desktops, users who acquire the connection information access the cloud desktops without control in any time, any place, and any other place, so that a certain threat and a certain challenge are brought to the safe use of the cloud desktops. Moreover, the gateway of the cloud desktop platform can only be deployed in a centralized way, has limited expansion capacity, and can increase downtime risk.
Disclosure of Invention
In the prior art, a gateway acquires cloud desktop information by using a user name password through HTTPS connection at an external network terminal, and the external network terminal accesses the cloud desktop through TLS direct connection. The cloud desktop access and connection process has safety guarantee, however, the usage safety can be reduced when the cloud desktop is authorized to be occupied without control for a long time; and the gateway bears the functions of acquiring cloud desktop information, switching on and off desktops, monitoring desktop resources and the like, is unfavorable for flexible deployment and expansion, and reduces load and disaster recovery capacity.
The invention provides a gateway access-based external network terminal and cloud desktop secure connection system, which comprises an external network terminal and a cloud desktop server which are connected through a gateway;
the gateway comprises an application gateway, a signaling gateway and a media gateway, wherein the application gateway is used for forwarding and acquiring cloud desktop information, the signaling gateway is used for controlling connection and disconnection of a cloud desktop server and an external network terminal, and the media gateway is used for monitoring the cloud desktop server information;
the application gateway is connected with the signaling gateway and the media gateway through SSH protocol respectively;
the cloud desktop server generates cloud desktop information based on the request information of the external network terminal;
and the application gateway generates an authentication token based on the cloud desktop information, and the signaling gateway and the media gateway respectively verify the authentication token.
The application gateway is configured with a sending module;
the signaling gateway and the media gateway are both configured with a receiving module;
the sending module is used for sending the authentication token to the receiving module, and the receiving module receives and stores the authentication token.
The application gateway is further provided with a KEY generation module, the KEY generation module generates a string of random public KEYs (MAC_KEY) as unique identifiers of the cloud desktop information based on the cloud desktop information, generates a string of private KEYs (KEY), and generates an authentication token by using an encryption algorithm.
The cloud desktop information at least comprises an IP (Internet protocol) of a cloud desktop, a port, a connection duration and a flow threshold.
The media gateway is configured with a flow monitoring module, a duration monitoring module and a second sending module;
the flow monitoring module is used for monitoring communication flow between the external network terminal and the cloud desktop server after the authentication token passes through one-time verification;
the time length monitoring module is used for monitoring the communication time length between the external network terminal and the cloud desktop server after the authentication token passes one-time verification;
the second sending module is used for sending the communication flow information and the communication duration information to the signaling gateway, and the signaling gateway controls connection and disconnection of the cloud desktop server and the external network terminal based on the communication flow information and the communication duration information.
The second aspect of the present invention provides a method for securely connecting an external network terminal and a cloud desktop based on gateway access, and the method comprises the following steps:
the application gateway actively initiates SSH protocol connection to the signaling gateway and the media gateway to establish a communication channel;
the external network terminal logs in a request page through HTTPS and a user name password and requests cloud desktop information available for the user name to the application gateway;
the application gateway transmits an external network terminal request to the cloud desktop server, and the cloud desktop server generates an authentication token after responding to the external network terminal request;
and the signaling gateway and the media gateway respectively verify the authentication token, if the authentication is passed, the external network terminal and the cloud desktop server establish communication based on cloud desktop information, and if the authentication is not passed, the external network terminal and the cloud desktop server cannot establish communication.
The further scheme is that the method for generating the authentication token comprises the following steps: the application gateway generates a string of random public KEY (MAC_KEY) as a unique identifier of the cloud desktop based on the cloud desktop information, generates a string of private KEY KEY, and generates an authentication token by using an encryption algorithm.
The further scheme is that the verification process is as follows:
the application gateway transmits a random public KEY MAC_KEY and a private KEY KEY to a signaling gateway and a media gateway, and the signaling gateway and the media gateway maintain the public KEY MAC_KEY and the private KEY KEY;
the application gateway sends the random public KEY MAC_KEY and the authentication token I to the external network terminal;
the external network terminal carries cloud desktop information, a random public KEY (MAC_KEY) and an authentication token and initiates a request to a signaling gateway and a media gateway;
after receiving the request, the signaling gateway and the media gateway search the pairing of the maintained random public KEY MAC_KEY and the private KEY KEY according to the random public KEY MAC_KEY, and decrypt the authentication token by using the private KEY KEY.
The cloud desktop information at least comprises an IP (Internet protocol) of a cloud desktop, a port, a connection duration and a flow threshold.
After the communication between the external network terminal and the cloud desktop server is established, the media gateway monitors the communication flow information between the external network terminal and the cloud desktop server in real time through a flow monitoring module and sends the communication flow information to the signaling gateway; the signaling gateway receives the communication traffic information and loads a control mechanism, and based on the control mechanism, the signaling gateway sends a corresponding control instruction to control communication on-off between the external network terminal and the cloud desktop server, and
the media gateway monitors communication duration information between the external network terminal and the cloud desktop server in real time through a duration monitoring module, and sends the communication duration information to the signaling gateway; the signaling gateway receives the communication duration information and loads a control mechanism, and based on the control mechanism, the signaling gateway sends a corresponding control instruction to control communication on-off between the external network terminal and the cloud desktop server.
Compared with the prior art, the invention has the beneficial effects that:
the invention improves the load and disaster tolerance capability, decomposes the original gateway function into the application gateway, the signaling gateway and the media gateway, and increases the functions of generating the authentication token and checking the validity of the authentication token, so that the application gateway can send the information for verifying the authentication token to the signaling gateway and the media gateway at any time and safely when authorizing the authentication token to the terminal, and can verify the authentication token and access the cloud desktop instantly when the external network terminal carries the authentication token.
The invention decomposes the cloud desktop server gateway function into an application gateway, a signaling gateway and a media gateway. An application gateway can be connected with a plurality of signaling gateways and media gateways, so that the signaling gateways and the media gateways face the transverse expansion of the application gateway, the load capacity of the signaling gateways and the media gateways is increased, the risk that a certain signaling gateway or media gateway is down and cannot be used is reduced, and the disaster recovery capacity and the usability are improved. When the application gateway generates the authentication token, the SSH is used for issuing information for verifying the authentication token to the signaling gateway and the media gateway, so that the real-time performance and the safety of the communication between the application gateway and the signaling gateway and the media gateway are realized. The signaling gateway and the media gateway determine whether the external network terminal can continuously access the cloud desktop when checking the validity of the authentication token from the external network terminal, so that the security of the authorized access of the desktop is improved.
The authentication token is generated based on the request of the external network terminal, each authentication token corresponds to a group of cloud desktop information, namely, the IP, the port, the connection duration and the flow threshold of the cloud desktop, wherein the IP and the port of the cloud desktop are used for connecting the external network terminal and the cloud desktop, the connection duration and the communication flow are monitored in real time through the media gateway, when the connection duration or the communication flow reaches the preset threshold, the signaling gateway executes the communication disconnection operation, so that the cloud desktop is prevented from being occupied without control for a long time after one-time authorization, and the use safety of the cloud desktop is improved.
Drawings
The following drawings are illustrative of the invention and are not intended to limit the scope of the invention, in which:
fig. 1: the external network terminal and the cloud desktop are safely connected with a system frame diagram;
fig. 2: an application gateway, a signaling gateway and a media gateway access schematic;
fig. 3: the application gateway actively connects the signaling gateway and the media gateway through SSH and verifies the flow diagram.
Detailed Description
The present invention will be further described in detail with reference to the following specific examples, which are given by way of illustration, in order to make the objects, technical solutions, design methods and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
As shown in fig. 3, the embodiment of the present application provides a secure connection method between an external network terminal and a cloud desktop based on gateway access, which includes the following steps:
s1, a signaling gateway starts SSH service, an application gateway actively initiates SSH connection to the signaling gateway, and a communication channel is established; the media gateway starts SSH service, the application gateway actively initiates SSH connection to the media gateway, and a communication channel is established; after the two communication channels are established, the application gateway can issue relevant information of verification authentication token to the signaling gateway and the media gateway at any time.
S2, the external network terminal requests cloud desktop information available for the user name to the application gateway through HTTPS and user name password login, wherein the cloud desktop information comprises IP (Internet protocol) of a cloud desktop, port, communication flow information and connection duration information;
s3, after carrying out necessary parameter inspection, the application gateway forwards a request of an external network terminal to the cloud desktop server to acquire cloud desktop information;
s4, the cloud desktop server acquires an available cloud desktop according to the incoming parameters and returns relevant information to the application gateway;
s5, the application gateway generates a string of random public KEY (MAC_KEY) for the cloud desktop as a unique identifier of the cloud desktop, generates a string of private KEY KEY, and generates an authentication token by using an AES encryption algorithm;
s6, the application gateway transmits the public KEY MAC_KEY and the private KEY KEY generated in the S5 to the signaling gateway, and the signaling gateway maintains the public KEY MAC_KEY and the private KEY KEY; the application gateway transmits the public KEY MAC_KEY and the private KEY KEY generated in the S5 to the media gateway, and the media gateway maintains the public KEY MAC_KEY and the private KEY KEY;
s7, the application gateway responds the related information returned by the cloud desktop server, the public KEY MAC_KEY and the authentication token to the external network terminal;
s8, the external network terminal carries cloud desktop related information, and a corresponding public KEY MAC_KEY and an authentication token initiate a request to a signaling gateway and a media gateway;
s9, after receiving the request, the signaling gateway searches for the pairing of the maintained public KEY MAC_KEY and the private KEY KEY according to the public KEY MAC_KEY, decrypts the authentication token by using the private KEY KEY, and checks related parameters and whether the parameters are matched with the public KEY MAC_KEY; if the matching is successful, the signaling gateway can forward and access the cloud desktop according to the carried cloud desktop information, generate session connection and return to the external network terminal, and the external network terminal can interact with the cloud desktop through the session; if the matching fails, the verification fails; after receiving the request, the media gateway searches the maintained public KEY MAC_KEY and private KEY KEY group according to the public KEY MAC_KEY, decrypts the authentication token by using the private KEY KEY, and checks related parameters and whether the parameters are matched with the public KEY MAC_KEY; if the matching is successful, the media gateway forwards and accesses the cloud desktop according to the carried cloud desktop information, and communicates with the cloud desktop, controls the uplink and downlink rates of the external network terminal and the cloud desktop, controls the frame rate returned by the cloud desktop to the external network terminal and the like; if the matching fails, the verification fails.
In step S5, the authentication token corresponds to the request information of the external network terminal, that is, after each authentication token passes the verification, the cloud desktop available for the external network terminal is determined, including the IP, the port, the communication traffic information and the connection duration information of the cloud desktop.
In step S9, after the authentication token passes the authentication, the external network terminal establishes communication with the cloud desktop server, and the media gateway monitors communication flow information between the external network terminal and the cloud desktop server in real time through the flow monitoring module and sends the communication flow information to the signaling gateway; and the signaling gateway receives the communication traffic information and loads a control mechanism, and based on the control mechanism, the signaling gateway sends a corresponding control instruction to control the communication on-off between the external network terminal and the cloud desktop server. Specifically, after each authentication token passes verification, cloud desktop information which can be used by the external network terminal is fixed, the cloud desktop is connected with the external network terminal by utilizing the IP and the port of the cloud desktop, when the media gateway monitors that the communication flow information of the monitoring external network terminal and the cloud desktop server exceeds a preset threshold, the signaling gateway controls the monitoring external network terminal to disconnect the communication connection with the cloud desktop server, and if the cloud desktop is required to be continuously used, the external network terminal is required to resend the request. The media gateway also monitors communication duration information between the external network terminal and the cloud desktop server in real time through a duration monitoring module, and sends the communication duration information to the signaling gateway; the signaling gateway receives the communication duration information and loads a control mechanism, and based on the control mechanism, the signaling gateway sends a corresponding control instruction to control communication on-off between the external network terminal and the cloud desktop server. Specifically, after each authentication token passes verification, cloud desktop information which can be used by the external network terminal is fixed, the cloud desktop is connected with the external network terminal by utilizing the IP and the port of the cloud desktop, and when the media gateway monitors that the communication duration information of the monitoring external network terminal and the cloud desktop server exceeds a preset threshold value, the signaling gateway controls the monitoring external network terminal to disconnect the communication connection with the cloud desktop server, if the cloud desktop needs to be continuously used, the external network terminal needs to resend a request.
It should be noted that the method for generating and verifying the authentication token according to the above steps is not limited to AES encryption algorithm, but includes any method that can implement symmetric encryption and/or asymmetric encryption of the method for generating and verifying the authentication token according to the present invention, and uses secret key and/or public-key-private key pairing.
In order to implement the above method for securely connecting the external network terminal and the cloud desktop, as shown in fig. 1 and fig. 2, the embodiment also discloses a gateway access-based external network terminal and cloud desktop secure connection system, which includes an external network terminal and a cloud desktop server connected through a gateway;
the gateway comprises an application gateway, a signaling gateway and a media gateway, wherein the application gateway is used for forwarding and acquiring cloud desktop information, the signaling gateway is used for controlling connection and disconnection of a cloud desktop server and an external network terminal, and the media gateway is used for monitoring the cloud desktop information;
the application gateway is connected with the signaling gateway and the media gateway through SSH protocol respectively;
the cloud desktop server generates cloud desktop information based on the request information of the external network terminal;
and the application gateway generates an authentication token based on the cloud desktop information, and the signaling gateway and the media gateway respectively verify the authentication token.
The application gateway is configured with a sending module; the signaling gateway and the media gateway are both configured with a receiving module; the sending module is used for sending the authentication token to the receiving module, and the receiving module receives and stores the authentication token.
In the above, the application gateway is configured with a KEY generation module, and the KEY generation module generates a string of random public KEY mac_key as a unique identifier of the cloud desktop information based on the cloud desktop information, generates a string of private KEY, and generates the authentication token by using an encryption algorithm.
In the above description, the cloud desktop information at least includes an IP, a port, a connection duration, and a traffic threshold of the cloud desktop.
In the above, the media gateway is configured with a flow monitoring module, a duration monitoring module and a second sending module;
the flow monitoring module is used for monitoring communication flow between the external network terminal and the cloud desktop server after the authentication token passes through one-time verification;
the time length monitoring module is used for monitoring the communication time length between the external network terminal and the cloud desktop server after the authentication token passes one-time verification;
the second sending module is used for sending the communication flow information and the communication duration information to the signaling gateway, and the signaling gateway controls connection and disconnection of the cloud desktop server and the external network terminal based on the communication flow information and the communication duration information.
It is emphasized that the present application breaks down gateway functions into application gateways, signaling gateways and media gateways. The method can be deployed on the same physical machine or can be independently deployed on different physical machines; the method can also deploy the multi-instance signaling gateway and the media gateway on different physical machines, and the application gateway actively connects the signaling gateway and the media gateway and carries out secure communication, thereby improving the load capacity when a large number of cloud desktops are accessed. By using the technology of the invention to deploy the application gateway, the signaling gateway and the media gateway, the terminal on the external network accesses the cloud desktop, and the security of authorizing the use of the cloud desktop can be effectively improved.
The foregoing description of embodiments of the invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvements in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (10)
1. The external network terminal and cloud desktop security connection system based on gateway access is characterized by comprising an external network terminal and a cloud desktop server which are connected through a gateway;
the gateway comprises an application gateway, a signaling gateway and a media gateway, wherein the application gateway is used for forwarding and acquiring cloud desktop information, the signaling gateway is used for controlling connection and disconnection of a cloud desktop server and an external network terminal, and the media gateway is used for monitoring the cloud desktop server information;
the application gateway is connected with the signaling gateway and the media gateway through SSH protocol respectively;
the cloud desktop server generates cloud desktop information based on the request information of the external network terminal;
and the application gateway generates an authentication token based on the cloud desktop information, and the signaling gateway and the media gateway respectively verify the authentication token.
2. The gateway access-based external network terminal and cloud desktop secure connection system according to claim 1, wherein the application gateway is configured with a sending module;
the signaling gateway and the media gateway are both configured with a receiving module;
the sending module is used for sending the authentication token to the receiving module, and the receiving module receives and stores the authentication token.
3. The gateway access-based external network terminal and cloud desktop secure connection system according to claim 2, wherein the application gateway is configured with a KEY generation module, the KEY generation module generates a string of random public KEY mac_key as a unique identifier of the cloud desktop information based on the cloud desktop information, and generates a string of private KEY, and generates the authentication token by using an encryption algorithm.
4. The gateway access-based external network terminal and cloud desktop secure connection system according to claim 3, wherein the cloud desktop information at least comprises an IP, a port, a connection duration and a traffic threshold of the cloud desktop.
5. The gateway access-based external network terminal and cloud desktop secure connection system according to claim 4, wherein the media gateway is configured with a flow monitoring module, a duration monitoring module and a second sending module;
the flow monitoring module is used for monitoring communication flow between the external network terminal and the cloud desktop server after the authentication token passes through one-time verification;
the time length monitoring module is used for monitoring the communication time length between the external network terminal and the cloud desktop server after the authentication token passes one-time verification;
the second sending module is used for sending the communication flow information and the communication duration information to the signaling gateway, and the signaling gateway controls connection and disconnection of the cloud desktop server and the external network terminal based on the communication flow information and the communication duration information.
6. The method for safely connecting the external network terminal and the cloud desktop based on gateway access is characterized by applying the system of any one of claims 1-5, and comprises the following steps:
the application gateway actively initiates SSH protocol connection to the signaling gateway and the media gateway to establish a communication channel;
the external network terminal logs in a request page through HTTPS and a user name password and requests cloud desktop information available for the user name to the application gateway;
the application gateway transmits an external network terminal request to the cloud desktop server, and the cloud desktop server generates an authentication token after responding to the external network terminal request;
and the signaling gateway and the media gateway respectively verify the authentication token, if the authentication is passed, the external network terminal and the cloud desktop server establish communication based on cloud desktop information, and if the authentication is not passed, the external network terminal and the cloud desktop server cannot establish communication.
7. The gateway access-based secure connection method between an external network terminal and a cloud desktop according to claim 6, wherein the method for generating the authentication token is as follows: the application gateway generates a string of random public KEY (MAC_KEY) as a unique identifier of the cloud desktop based on the cloud desktop information, generates a string of private KEY KEY, and generates an authentication token by using an encryption algorithm.
8. The gateway access-based secure connection method between the external network terminal and the cloud desktop according to claim 7, wherein the verification process is as follows:
the application gateway transmits a random public KEY MAC_KEY and a private KEY KEY to a signaling gateway and a media gateway, and the signaling gateway and the media gateway maintain the public KEY MAC_KEY and the private KEY KEY;
the application gateway sends the random public KEY MAC_KEY and the authentication token I to the external network terminal;
the external network terminal carries cloud desktop information, a random public KEY (MAC_KEY) and an authentication token and initiates a request to a signaling gateway and a media gateway;
after receiving the request, the signaling gateway and the media gateway search the pairing of the random public KEY MAC_KEY and the private KEY KEY maintained by the media gateway according to the random public KEY MAC_KEY, and decrypt the authentication token by using the private KEY KEY.
9. The gateway access-based external network terminal and cloud desktop secure connection method according to claim 8, wherein the cloud desktop information at least comprises an IP, a port, a connection duration and a traffic threshold of the cloud desktop.
10. The gateway access-based external network terminal and cloud desktop secure connection method according to claim 9, wherein after the external network terminal establishes communication with the cloud desktop server, the media gateway monitors communication traffic information between the external network terminal and the cloud desktop server in real time through a traffic monitoring module and sends the communication traffic information to the signaling gateway; the signaling gateway receives the communication traffic information and loads a control mechanism, and based on the control mechanism, the signaling gateway sends a corresponding control instruction to control communication on-off between the external network terminal and the cloud desktop server, and
the media gateway monitors communication duration information between the external network terminal and the cloud desktop server in real time through a duration monitoring module, and sends the communication duration information to the signaling gateway; the signaling gateway receives the communication duration information and loads a control mechanism, and based on the control mechanism, the signaling gateway sends a corresponding control instruction to control communication on-off between the external network terminal and the cloud desktop server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311210104.0A CN117459527A (en) | 2023-09-19 | 2023-09-19 | External network terminal and cloud desktop secure connection system and method based on gateway access |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311210104.0A CN117459527A (en) | 2023-09-19 | 2023-09-19 | External network terminal and cloud desktop secure connection system and method based on gateway access |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117459527A true CN117459527A (en) | 2024-01-26 |
Family
ID=89580664
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311210104.0A Pending CN117459527A (en) | 2023-09-19 | 2023-09-19 | External network terminal and cloud desktop secure connection system and method based on gateway access |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117459527A (en) |
-
2023
- 2023-09-19 CN CN202311210104.0A patent/CN117459527A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111556025B (en) | Data transmission method, system and computer equipment based on encryption and decryption operations | |
| JP4488719B2 (en) | Fast authentication or re-authentication between layers for network communication | |
| JP5651313B2 (en) | SIP signaling that does not require continuous re-authentication | |
| JP5123209B2 (en) | Method, system, and authentication center for authentication in end-to-end communication based on a mobile network | |
| CN112235235B (en) | SDP authentication protocol implementation method based on cryptographic algorithm | |
| JP5068495B2 (en) | Distributed authentication function | |
| EP3972293B1 (en) | Bluetooth device connection methods and bluetooth devices | |
| CN104135494A (en) | Same-account incredible terminal login method and system based on credible terminal | |
| CN105871920A (en) | Communication system and method of terminal and cloud server as well as terminal and cloud server | |
| US10250581B2 (en) | Client, server, radius capability negotiation method and system between client and server | |
| CN108134672B (en) | Data transmission system based on quantum encryption switch device and transmission method thereof | |
| CN110808834B (en) | Quantum key distribution method and quantum key distribution system | |
| CN110999223A (en) | Secure encrypted heartbeat protocol | |
| US20120331538A1 (en) | Method and communication device for accessing to devices in security | |
| CN112312393A (en) | 5G application access authentication method and 5G application access authentication network architecture | |
| CN111163470B (en) | Core network element communication method and device, computer storage medium and electronic equipment | |
| CN107135228B (en) | Authentication system and authentication method based on central node | |
| CN113691394B (en) | VPN communication establishing and switching method and system | |
| CN116669032A (en) | Metropolitan area internet of things system, security authentication method and device thereof and storage medium | |
| CN117459527A (en) | External network terminal and cloud desktop secure connection system and method based on gateway access | |
| CN106851634B (en) | Method for managing online state of equipment in Portal environment | |
| CN112235320B (en) | Cipher-based video networking multicast communication method and device | |
| CN113727059A (en) | Multimedia conference terminal network access authentication method, device, equipment and storage medium | |
| CN114386020A (en) | Quick secondary identity authentication method and system based on quantum security | |
| CN113660285A (en) | Multimedia conference on-line terminal control method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |