CN102769631A - Method, system and access equipment for accessing Cloud server - Google Patents
Method, system and access equipment for accessing Cloud server Download PDFInfo
- Publication number
- CN102769631A CN102769631A CN2012102688500A CN201210268850A CN102769631A CN 102769631 A CN102769631 A CN 102769631A CN 2012102688500 A CN2012102688500 A CN 2012102688500A CN 201210268850 A CN201210268850 A CN 201210268850A CN 102769631 A CN102769631 A CN 102769631A
- Authority
- CN
- China
- Prior art keywords
- terminal
- cloud server
- access
- access device
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, a system and access equipment for accessing a Cloud server. The method comprises the following steps: receiving by the access equipment a first access request sent by a terminal, judging the position information of the terminal, and returning a Cloud server list allowing the terminal to access according to the position information of the terminal; receiving by the access equipment a second access request sent by the terminal, and establishing safety connection by the access equipment and a Cloud server selected by the terminal; after the access equipment is successfully authenticated by the Cloud server selected by the terminal, sending by the access equipment the second access request to the Cloud server selected by the terminal; and receiving by the access equipment an access response sent by the Cloud server selected by the terminal, and sending the access response to the terminal. By applying the invention, the Cloud server is accessed through the access equipment, the access control of a Cloud service can be achieved so as to enhance the safety of an enterprise network.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method, system and access device of visiting Cloud Server.
Background technology
Cloud computing service (Cloud Computing is hereinafter to be referred as cloud service) is a kind of emerging commercial computation model.It is distributed in calculation task on the resource pool of the computer formation that is called Cloud Server in a large number, makes various application systems can obtain computing capability, memory space and various software service as required.
Cloud Server puts together all computational resources, and realizes management automatically by software, need not artificial participation.It is loaded down with trivial details details worry that this feasible supplier of application need not, and can be absorbed in the business of oneself more, helps innovating and reducing cost.
Be that cloud service is meant the various Service Sources that Cloud Server can provide.
Cloud service generally comprises three kinds of main service modes: infrastructure is promptly served (IaaS; Infrastructure as a Service), platform is promptly served (PaaS; Platform as a Service) and software promptly serve (SaaS, Software as a Service).
IaaS refers to cloud service provider can offer the user to white own infrastructure as service; The disposal ability that the user uses as required, storage, network and other computational resources etc.; Pay as required, this service can significantly reduce overlapping investment and the waste of user on infrastructure.
PaaS refers to cloud service provider provides language from developing application to the user or tool platform; Like object-oriented, literal translation formula computer programming language java, Python; And .Net etc.; That is to say that cloud service provider serves as the main business of oneself so that platform service to be provided, the user can be based on the application program of PaaS exploitation oneself.
It is that network side offers the user to application program as a kind of service that SaaS refers to cloud service provider, and the user can pass through client-side interface such as webpage (web) browser, uses these application programs whenever and wherever possible, and need not install at local host.
Along with popularizing of cloud service, more and more enterprises begins to rent the service that Cloud Server provides through the Internet, for example, use based on the web of SaaS pattern, with the application migration of enterprise in Cloud Server.The enterprise customer can use user name, password or digital certificate directly to visit each application in the Cloud Server through the Internet.
Along with popularizing of intelligent terminal, more and more enterprises employee requires enterprise can support telecommuting, still; In the prior art; Cloud Server and corporate intranet be through Internet connection, and Cloud Server can't confirm that the user logins whether safety of environment, is at corporate intranet or in exterior of enterprise.If the user is in exterior of enterprise, such as being in the public place, then the information of enterprise is revealed more easily.
Summary of the invention
The technical problem that the present invention will solve is, to above-mentioned defective, how a kind of method, system and access device of visiting cloud service is provided, and it can realize the access control of Cloud Server, strengthens the fail safe of enterprise network.
For solving the problems of the technologies described above, the invention provides a kind of method of visiting Cloud Server, this method comprises:
First access request that the access device receiving terminal sends; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Judge said location information of terminals, return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Said access device receives second access request that send at said terminal, and said second access request is used to ask to visit the Cloud Server that said terminal is selected;
Said access device is set up safety with the Cloud Server that said terminal is selected and is connected;
After the authentication of Cloud Server to said access device that said access device is selected through said terminal, said access device sends to the Cloud Server that said terminal is selected with said second access request;
Said access device receives the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, and said access response is the response to said second access request.
In an embodiment preferred of the present invention, after said access device receives first access request of sending at said terminal, further comprise:
Said access device carries out authentication to said terminal, if authentication is passed through, then returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals; Otherwise, process ends.
In an embodiment preferred of the present invention, after said access device receives second access request of sending at said terminal, further comprise:
Said access device judges whether said terminal has authority to visit the Cloud Server that said terminal is selected, if said access device is set up safety with the Cloud Server that said terminal is selected and is connected; Otherwise, process ends.
In an embodiment preferred of the present invention, said said second access request is sent to the Cloud Server of said terminal selecting after, further comprise:
The Cloud Server of selecting when said terminal is through after the authentication to said terminal, and said access device receives the access response that the Cloud Server selected at said terminal sends; Otherwise, process ends.
In an embodiment preferred of the present invention, after the authentication of the Cloud Server that said access device is selected through said terminal, said method also comprises:
Said access device sends to the Cloud Server that said terminal is selected with said location information of terminals; Said location information of terminals is used for the cloud service access rights that said Cloud Server is provided with said terminal; If said terminal has said cloud service access rights, said Cloud Server sends access response to said access device; Otherwise, process ends.
In an embodiment preferred of the present invention, said location information of terminals is added in said second access request.
In an embodiment preferred of the present invention, said access device judges that said location information of terminals specifically comprises:
Said access device is judged said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
In an embodiment preferred of the present invention, said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
In an embodiment preferred of the present invention, said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the digital certificate of said access device.
In an embodiment preferred of the present invention, said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the IP address of said access device.
In an embodiment preferred of the present invention, said safety is connected to SSL SSL and connects.
The present invention also provides a kind of system that visits Cloud Server, and this system comprises:
The terminal; Be used for sending first access request to access device; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Receive the Cloud Server tabulation of the said terminal access of permission that said access device returns, send second access request to said access device, said second access request is used to ask to visit the Cloud Server that said terminal is selected; Receive the access response that said access device sends, said access response is the response to said second access request;
Access device; Be used for first access request that receiving terminal sends; Judge said location information of terminals; Return the Cloud Server tabulation that allows said terminal access according to said location information of terminals to said terminal, receive second access request that send at said terminal, set up safety with the Cloud Server that said terminal is selected and be connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal;
Cloud Server is used for access device is carried out authentication, after authentication is passed through, receives second access request that said access device sends, and sends access response to said access device.
In an embodiment preferred of the present invention, said access device is further used for authentication is carried out at said terminal.
In an embodiment preferred of the present invention, said access device is further used for judging whether said terminal has authority to visit the Cloud Server that said terminal is selected.
In an embodiment preferred of the present invention, said Cloud Server is further used for authentication is carried out at said terminal.
In an embodiment preferred of the present invention,
Said access device is further used for said location information of terminals is sent to the Cloud Server that said terminal is selected;
Said Cloud Server is further used for being provided with according to said location information of terminals the cloud service access rights at said terminal.
In an embodiment preferred of the present invention, said access device comprises:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit is used to receive first access request and second access request that send at said terminal, sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal.
In an embodiment preferred of the present invention, said access device further comprises:
The authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
In an embodiment preferred of the present invention, said access device further comprises:
The authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
In an embodiment preferred of the present invention,
Said access device is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
In an embodiment preferred of the present invention, said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
In an embodiment preferred of the present invention,
Said access device is further used for to the Cloud Server that said terminal is selected digital certificate being provided;
Said Cloud Server is further used for the digital certificate of said access device is carried out authentication.
In an embodiment preferred of the present invention, said Cloud Server is further used for authentication is carried out in the IP address of said access device.
In an embodiment preferred of the present invention, said safety is connected to SSL SSL and connects.
The present invention also provides a kind of access device, comprising:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit; Be used to receive first access request and second access request that send at said terminal; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Said second access request is used to ask to visit the Cloud Server that said terminal is selected, and sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, said access response is the response to said second access request.
In an embodiment preferred of the present invention, further comprise: the authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
In an embodiment preferred of the present invention, further comprise: the authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
In an embodiment preferred of the present invention,
Said terminal location judging unit is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
In an embodiment preferred of the present invention, said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
In an embodiment preferred of the present invention, said safety is connected to SSL SSL and connects.
The invention discloses a kind of method, system and access device of visiting cloud service, utilize method, system and the access device of visit cloud service of the present invention, through access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
The not special restriction of the kind of terminal of the present invention, access device and Cloud Server, can realize function according to the invention various terminals, access device and Cloud Server all within the scope of the invention.
The present invention is not limited to the above mode, no matter on its shape or structure, do any variation, every technical scheme of access device visit Cloud Server of utilizing all drops within the protection range of the present invention.In addition, not a kind of modification of the present invention directly through access device but through the technical scheme of access device granted access Cloud Server, all should think within protection range of the present invention.
Description of drawings
Fig. 1 is the flow chart of the method for the described visit cloud service of the embodiment of the invention;
Fig. 2 is the system of the described visit cloud service of the embodiment of the invention and the structural representation of access device.
Embodiment
Below in conjunction with accompanying drawing and embodiment, specific embodiments of the invention is done further explain.Following examples are used to explain the present invention, but are not used for limiting scope of the present invention.
Referring to Fig. 1, the invention provides a kind of access control method of cloud service, comprise step:
First access request that A, access device receiving terminal send; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Judge said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the information such as IP address field at said terminal; Said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise; Return the Cloud Server tabulation that allows said terminal access according to said location information of terminals to said terminal, the Cloud Server that is positioned at the terminal could access of corporate intranet and exterior of enterprise is tabulated different;
Preferably, after said access device receives first access request of sending at said terminal, further comprise:
Said access device is according to first user profile that is received from the terminal; SSL (Secure Sockets Layer for example; SSL) username and password of VPN (Virtual Private Network, VPN) etc. is to carrying out authentication in said terminal; If authentication is passed through, then return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals; Otherwise, process ends.
Preferably, said first user profile is added in said first access request.
Because VPN is widely used in corporate intranet, said access device can be vpn gateway, and to the SaaS Cloud Server, said access device can be the SSL vpn gateway.
Said terminal can comprise: the terminal in exterior of enterprise or the corporate intranet, for example notebook computer, panel computer, smart mobile phone, desktop computer, PDA etc.;
B, said access device receive second access request that send at said terminal, and said second access request is used to ask to visit the Cloud Server that said terminal is selected; Said access device is set up safety with the Cloud Server that said terminal is selected and is connected;
Preferably, said safety connects and comprises SSL connection or TLS (Transport Layer Security, Transport Layer Security) connection etc.
Preferably, after said access device receives second access request of sending at said terminal, further comprise:
Said access device judges whether said terminal has authority to visit the Cloud Server that said terminal is selected, if said access device is set up safety with the Cloud Server that said terminal is selected and is connected, for example SSL connects; Otherwise, process ends;
C, after the authentication of Cloud Server that said access device is selected through said terminal to said access device, said access device will said second access request sends to the Cloud Server of said terminal selection; Said access device receives the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, and said access response is the response to said second access request.
Preferably, said access device specifically comprises through the authentication of the Cloud Server of said terminal selection:
Said access device is through the authentication of said Cloud Server to the digital certificate of said access device.
Preferably, said access device specifically comprises through the authentication of the Cloud Server of said terminal selection:
Said access device is through the authentication of said Cloud Server to the IP address of said access device, and the safe of access device initiation that Cloud Server only allows to have the assigned ip address connects, and for example SSL connects.
Only allow to visit said Cloud Server from the cloud service access request that the cloud service access request of said access device is visited said cloud service or only allowed to have the digital certificate that said access device provides; And then guarantee only could to visit enterprise at Cloud Server the key application in the SaaS Cloud Server for example from the cloud service access request of said access device.
Preferably, said said second access request is sent to the Cloud Server of said terminal selecting after, further comprise:
The Cloud Server of selecting when said terminal is according to second user profile, and after for example the username and password of SaaS server etc. passed through the authentication at said terminal, said access device received the access response that the Cloud Server selected at said terminal sends; Otherwise, process ends.
Preferably, said second user profile is added in said second access request.
Preferably, after the authentication of the Cloud Server that said access device is selected through said terminal, said method also comprises:
Said access device sends to the Cloud Server that said terminal is selected with said location information of terminals; Said location information of terminals is used for the cloud service access rights that said Cloud Server is provided with said terminal; If said terminal has said cloud service access rights, said Cloud Server sends access response to said access device; Otherwise, process ends.
Preferably, said location information of terminals is added in said second access request.
Utilize the method for visit cloud service of the present invention, through said access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
Referring to Fig. 2, the invention provides a kind of system that visits cloud service, comprising:
Preferably, said access device 200 is further used for according to first user profile, and the username and password of for example said access device 200 etc. carry out authentication to said terminal.
Preferably, said first user profile is added in said first access request.
Because VPN is widely used in corporate intranet, said access device can be vpn gateway, and to the SaaS Cloud Server, said access device can be the SSL vpn gateway.
Said terminal 100 can comprise: the terminal in exterior of enterprise or the corporate intranet, for example notebook computer, panel computer, smart mobile phone, desktop computer, PDA etc.;
The terminal 100 addressable Cloud Server tabulations that are positioned at corporate intranet and exterior of enterprise are different, owing to comprise a plurality of Cloud Servers in the cloud of enterprise, then have only the terminal of corporate intranet can visit some core Cloud Servers, reduced the risk of enterprise information security;
Preferably, said safety connects and comprises SSL connection or TLS (Transport Layer Security, Transport Layer Security) connection etc.
Preferably, said access device 200 is further used for judging whether said terminal has authority to visit the Cloud Server that said terminal is selected.
Preferably, said Cloud Server 300 is further used for according to second user profile, and the username and password of for example said Cloud Server 300 etc. are to carrying out authentication in said terminal;
(be widely used in corporate intranet, said access device 200 can be vpn gateway, and to the Cloud Server of SaaS, said access device 200 can be the SSL vpn gateway owing to VPN.
Preferably, said second user profile is added in said second access request.
Preferably, said access device 200 is further used for the positional information at said terminal 100 is sent to the Cloud Server 300 that said terminal 100 is selected;
Said Cloud Server 300; Be further used for being provided with the cloud service access rights at said terminal 100 according to the positional information at said terminal 100; Comprise access profile, access time, access times etc., it is not equal that for example the access time and the access times at said terminal 100 of application, corporate intranet and exterior of enterprise of some enterprise key can not be visited in the said terminal 100 that can visit whole application, the exterior of enterprise of said Cloud Server 300, the said terminal 100 of corporate intranet.
Use because the Cloud Server of enterprise comprises a plurality of cloud services, then have only the terminal of corporate intranet can visit some core cloud services application, reduced the risk of enterprise information security.
Preferably, said access device 200 comprises: terminal location judging unit 201 and agent unit 202, for example web proxy unit;
Said terminal location judging unit 201; Be used for according to the positional information of judging said terminal 100; And return the Cloud Server that allows said terminal 100 to visit according to the positional information at said terminal 100 to said terminal 100 and tabulate, the terminal 100 addressable Cloud Servers tabulations that are positioned at corporate intranet and exterior of enterprise are different;
Owing to comprise a plurality of Cloud Servers in the cloud of enterprise, then have only the terminal of corporate intranet can visit some core Cloud Servers, reduced the risk of enterprise information security;
Preferably, said access device 200 further comprises: authentication unit 203, be used for authentication is carried out at said terminal 100, and improved the fail safe of corporate intranet;
Correspondingly; Said terminal location judging unit 201; Be further used for after 203 pairs of said terminal 100 authentications in said authentication unit are passed through; Judge the positional information at said terminal 100, and return the Cloud Server tabulation that allows 100 visits of said terminal to said terminal 100 according to the positional information at said terminal 100.
Preferably, said access device 200 further comprises: authentication unit 203 is used to judge whether said terminal 100 has authority to visit the Cloud Server 300 that said terminal 100 is selected;
Correspondingly, said agent unit 202 is further used for after said authentication unit 203 confirms that said terminal 100 has authority to visit the Cloud Server of selecting at said terminal 100 300, setting up safety with the Cloud Server 300 that said terminal 100 is selected and being connected.
Preferably, said access device 200 is further used for to the Cloud Server 300 that said terminal 100 is selected digital certificate being provided;
Said Cloud Server 300 is further used for the digital certificate of said access device 200 is carried out authentication.
Preferably, said Cloud Server 300 is further used for authentication is carried out in the IP address of said access device 200, and the safe of access device initiation that Cloud Server only allows to have the assigned ip address connects, and for example SSL connects.
Only allow to visit said Cloud Server 300 from the cloud service access request that the cloud service access request of said access device 200 is visited said Cloud Server 300 or only allowed to have the digital certificate that said access device 200 provides; And then guarantee only could to visit enterprise at Cloud Server the key application in the SaaS Cloud Server for example from the cloud service access request of said access device 200.
Preferably, said Cloud Server 300 can comprise SaaS Cloud Server, PaaS Cloud Server or IaaS Cloud Server.
Utilize the system of visit cloud service of the present invention, through access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security; Said Cloud Server carries out authentication according to user profile and customer position information to the user, has strengthened the fail safe of enterprise network greatly.
As shown in Figure 2, the present invention also provides a kind of access device 200, comprising:
Terminal location judging unit 201 and agent unit 202, for example web proxy unit;
Said terminal location judging unit 201; The information such as IP address field that are used for domain name or the said terminal 100 at IP address, said terminal 100 according to said terminal 100 are judged the positional information at said terminal 100; Said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise; And return the Cloud Server that allows said terminal 100 to visit according to the positional information at said terminal 100 to said terminal 100 and tabulate, the terminal 100 addressable Cloud Servers tabulations that are positioned at corporate intranet and exterior of enterprise are different;
Owing to comprise a plurality of Cloud Servers in the cloud of enterprise, then have only the terminal of corporate intranet can visit some core Cloud Servers, reduced the risk of enterprise information security;
Preferably, further comprise: authentication unit 203, be used for according to first user profile, the username and passwords of for example said access device 200 etc. have improved the fail safe of corporate intranet to carrying out authentication in said terminal 100;
Correspondingly; Said terminal location judging unit 201; Be further used for after 203 pairs of said terminal 100 authentications in said authentication unit are passed through; Judge the positional information at said terminal 100, and return the Cloud Server tabulation that allows 100 visits of said terminal to said terminal 100 according to the positional information at said terminal 100.
Preferably, said first user profile is added in said first access request.
Preferably, further comprise: authentication unit 203 is used to judge whether said terminal 100 has authority to visit the Cloud Server 300 that said terminal 100 is selected;
Correspondingly, said agent unit 202 is further used for after said authentication unit 203 confirms that said terminal 100 has authority to visit the Cloud Server of selecting at said terminal 100 300, setting up safety with the Cloud Server 300 that said terminal 100 is selected and being connected.
Utilize access device of the present invention, through said access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
In sum, the invention discloses a kind of method, system and access device of visiting cloud service, utilize method, system and the access device of visit cloud service of the present invention, through access device visit Cloud Server, the fail safe that improves ERM; According to the position at user place, i.e. corporate intranet and exterior of enterprise are distinguished user's access rights, reduce the risk of enterprise information security.
Above execution mode only is used to explain the present invention; And be not limitation of the present invention; The those of ordinary skill in relevant technologies field under the situation that does not break away from the spirit and scope of the present invention, can also be made various variations and modification; Therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (30)
1. a method of visiting Cloud Server is characterized in that, this method comprises:
First access request that the access device receiving terminal sends; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Judge said location information of terminals, return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Said access device receives second access request that send at said terminal, and said second access request is used to ask to visit the Cloud Server that said terminal is selected;
Said access device is set up safety with the Cloud Server that said terminal is selected and is connected;
After the authentication of Cloud Server to said access device that said access device is selected through said terminal, said access device sends to the Cloud Server that said terminal is selected with said second access request;
Said access device receives the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, and said access response is the response to said second access request.
2. method according to claim 1 is characterized in that, after said access device receives first access request of sending at said terminal, further comprises:
Said access device carries out authentication to said terminal, if authentication is passed through, then returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals; Otherwise, process ends.
3. method according to claim 1 is characterized in that, after said access device receives second access request of sending at said terminal, further comprises:
Said access device judges whether said terminal has authority to visit the Cloud Server that said terminal is selected, if said access device is set up safety with the Cloud Server that said terminal is selected and is connected; Otherwise, process ends.
4. method according to claim 1 is characterized in that, said said second access request is sent to the Cloud Server of said terminal selecting after, further comprise:
The Cloud Server of selecting when said terminal is through after the authentication to said terminal, and said access device receives the access response that the Cloud Server selected at said terminal sends; Otherwise, process ends.
5. method according to claim 1 is characterized in that, after the authentication of the Cloud Server that said access device is selected through said terminal, said method also comprises:
Said access device sends to the Cloud Server that said terminal is selected with said location information of terminals; Said location information of terminals is used for the cloud service access rights that said Cloud Server is provided with said terminal; If said terminal has said cloud service access rights, said Cloud Server sends access response to said access device; Otherwise, process ends.
6. method according to claim 5 is characterized in that, said location information of terminals is added in said second access request.
7. according to each described method among the claim 1-6, it is characterized in that said access device judges that said location information of terminals specifically comprises:
Said access device is judged said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
8. according to each described method among the claim 1-6, it is characterized in that said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise.
9. according to each described method among the claim 1-6, it is characterized in that said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the digital certificate of said access device.
10. according to each described method among the claim 1-6, it is characterized in that said access device specifically comprises through the authentication of the Cloud Server that said terminal is selected:
Said access device is through the authentication of said Cloud Server to the IP address of said access device.
11., it is characterized in that said safety is connected to SSL SSL and connects according to each described method among the claim 1-6.
12. a system that visits Cloud Server is characterized in that, this system comprises:
The terminal; Be used for sending first access request to access device; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Receive the Cloud Server tabulation of the said terminal access of permission that said access device returns, send second access request to said access device, said second access request is used to ask to visit the Cloud Server that said terminal is selected; Receive the access response that said access device sends, said access response is the response to said second access request;
Access device; Be used for first access request that receiving terminal sends; Judge said location information of terminals; Return the Cloud Server tabulation that allows said terminal access according to said location information of terminals to said terminal, receive second access request that send at said terminal, set up safety with the Cloud Server that said terminal is selected and be connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal;
Cloud Server is used for access device is carried out authentication, after authentication is passed through, receives second access request that said access device sends, and sends access response to said access device.
13. system according to claim 12 is characterized in that,
Said access device is further used for authentication is carried out at said terminal.
14. system according to claim 12 is characterized in that,
Said access device is further used for judging whether said terminal has authority to visit the Cloud Server that said terminal is selected.
15. system according to claim 12 is characterized in that,
Said Cloud Server is further used for authentication is carried out at said terminal.
16. system according to claim 12 is characterized in that,
Said access device is further used for said location information of terminals is sent to the Cloud Server that said terminal is selected;
Said Cloud Server is further used for being provided with according to said location information of terminals the cloud service access rights at said terminal.
17. system according to claim 12 is characterized in that, said access device comprises:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit is used to receive first access request and second access request that send at said terminal, sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal.
18. system according to claim 17 is characterized in that, said access device further comprises:
The authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
19. system according to claim 17 is characterized in that, said access device further comprises:
The authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
20. according to each described system among the claim 12-19, it is characterized in that,
Said access device is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
21., it is characterized in that said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise according to each described system among the claim 12-19.
22. according to each described system among the claim 12-19, it is characterized in that,
Said access device is further used for to the Cloud Server that said terminal is selected digital certificate being provided;
Said Cloud Server is further used for the digital certificate of said access device is carried out authentication.
23. according to each described system among the claim 12-19, it is characterized in that,
Said Cloud Server is further used for authentication is carried out in the IP address of said access device.
24., it is characterized in that said safety is connected to SSL SSL and connects according to each described system among the claim 12-19.
25. an access device is characterized in that, comprising:
The terminal location judging unit is used to judge said location information of terminals, and returns the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals;
Agent unit; Be used to receive first access request and second access request that send at said terminal; Said first access request is used to ask to provide the Cloud Server that allows said terminal access tabulation; Said second access request is used to ask to visit the Cloud Server that said terminal is selected, and sets up safety with the Cloud Server that said terminal is selected and is connected; After the authentication of Cloud Server of selecting through said terminal, said second access request is sent to the Cloud Server that said terminal is selected to said access device; Receive the access response that the Cloud Server said terminal selected sends, and said access response is sent to said terminal, said access response is the response to said second access request.
26. access device according to claim 25 is characterized in that, further comprises:
The authentication unit is used for authentication is carried out at said terminal;
Said terminal location judging unit; Be further used for after said authentication unit passes through said terminal authentication; Judge said location information of terminals, and return the Cloud Server tabulation that allows said terminal access to said terminal according to said location information of terminals.
27. access device according to claim 25 is characterized in that, further comprises:
The authentication unit is used to judge whether said terminal has authority to visit the Cloud Server that said terminal is selected;
Said agent unit is further used for after said authentication unit confirms that said terminal has authority to visit the Cloud Server of selecting at said terminal, setting up safety with the Cloud Server that said terminal is selected and being connected.
28. according to each described access device among the claim 25-27, it is characterized in that,
Said terminal location judging unit is further used for judging said location information of terminals according to the domain name at the IP address at said terminal, said terminal or the IP address field at said terminal.
29., it is characterized in that said positional information is the information of the said terminal of sign in corporate intranet or exterior of enterprise according to each described access device among the claim 25-27.
30., it is characterized in that said safety is connected to SSL SSL and connects according to each described access device among the claim 25-27.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210268850.0A CN102769631B (en) | 2012-07-31 | 2012-07-31 | Access the method for Cloud Server, system and access device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210268850.0A CN102769631B (en) | 2012-07-31 | 2012-07-31 | Access the method for Cloud Server, system and access device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102769631A true CN102769631A (en) | 2012-11-07 |
CN102769631B CN102769631B (en) | 2015-09-09 |
Family
ID=47096881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210268850.0A Active CN102769631B (en) | 2012-07-31 | 2012-07-31 | Access the method for Cloud Server, system and access device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102769631B (en) |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103051607A (en) * | 2012-12-04 | 2013-04-17 | 中国电信股份有限公司云计算分公司 | Access method, equipment and system |
CN103945330A (en) * | 2014-05-12 | 2014-07-23 | 重庆邮电大学 | Virtual private cloud platform and virtual private cloud secure access method and system |
CN104092763A (en) * | 2014-07-16 | 2014-10-08 | 广州金山网络科技有限公司 | Application program installation package pushing method and device |
CN104469977A (en) * | 2014-09-10 | 2015-03-25 | 北京佰才邦技术有限公司 | Mobile communication method, device and system |
CN104754015A (en) * | 2013-12-31 | 2015-07-01 | 华为技术有限公司 | Method, device and system for establishing remote session |
WO2015131524A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Remote access server method and web server |
CN105808987A (en) * | 2014-12-30 | 2016-07-27 | 中国移动通信集团公司 | Mobile data interaction method and device |
CN105992206A (en) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团湖北有限公司 | Enterprise safety management method, equipment and system |
CN106034130A (en) * | 2015-03-18 | 2016-10-19 | 中兴通讯股份有限公司 | Data access method and device |
CN107690166A (en) * | 2016-08-03 | 2018-02-13 | 深圳市深信服电子科技有限公司 | A kind of cut-in method, the apparatus and system of VMI platforms |
WO2018145266A1 (en) * | 2017-02-08 | 2018-08-16 | 深圳市汇顶科技股份有限公司 | Permission control method, permission-controlled device, electronic device, and system |
CN108491500A (en) * | 2018-03-20 | 2018-09-04 | 新华三云计算技术有限公司 | Database cut-in method and device |
CN109167834A (en) * | 2018-09-11 | 2019-01-08 | 上海庆科信息技术有限公司 | A kind of the company's cloud method and its relevant apparatus of smart machine |
CN110602218A (en) * | 2019-09-17 | 2019-12-20 | 深圳市迅雷网络技术有限公司 | Method and related device for assembling cloud service in user-defined manner |
CN111159667A (en) * | 2018-11-08 | 2020-05-15 | 鸿合科技股份有限公司 | Resource access method and device and electronic equipment |
CN111212087A (en) * | 2020-01-20 | 2020-05-29 | 上海米哈游天命科技有限公司 | Method, device, equipment and storage medium for determining login server |
CN111262865A (en) * | 2016-09-23 | 2020-06-09 | 华为技术有限公司 | Method, device and system for making access control strategy |
WO2020248368A1 (en) * | 2019-06-10 | 2020-12-17 | 平安科技(深圳)有限公司 | Intranet accessing method, system, and related device |
CN112104603A (en) * | 2020-08-06 | 2020-12-18 | 华人运通(江苏)技术有限公司 | Access right control method, device and system of vehicle interface |
CN114172687A (en) * | 2021-11-03 | 2022-03-11 | 杭州涂鸦信息技术有限公司 | Cloud connection method, method for auxiliary equipment to be connected with cloud and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101873343A (en) * | 2010-06-03 | 2010-10-27 | 罗李敏 | Internet of things networking method and system thereof |
CN102143149A (en) * | 2010-12-10 | 2011-08-03 | 华为技术有限公司 | Method and system for mini-station to access cloud, and access management equipment |
CN102577315A (en) * | 2011-12-21 | 2012-07-11 | 华为技术有限公司 | Method, device and system for setting user access to virtual machine |
-
2012
- 2012-07-31 CN CN201210268850.0A patent/CN102769631B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101873343A (en) * | 2010-06-03 | 2010-10-27 | 罗李敏 | Internet of things networking method and system thereof |
CN102143149A (en) * | 2010-12-10 | 2011-08-03 | 华为技术有限公司 | Method and system for mini-station to access cloud, and access management equipment |
CN102577315A (en) * | 2011-12-21 | 2012-07-11 | 华为技术有限公司 | Method, device and system for setting user access to virtual machine |
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103051607B (en) * | 2012-12-04 | 2016-03-23 | 中国电信股份有限公司 | Access method, equipment and system |
CN103051607A (en) * | 2012-12-04 | 2013-04-17 | 中国电信股份有限公司云计算分公司 | Access method, equipment and system |
CN104754015A (en) * | 2013-12-31 | 2015-07-01 | 华为技术有限公司 | Method, device and system for establishing remote session |
CN104754015B (en) * | 2013-12-31 | 2018-11-13 | 华为技术有限公司 | A kind of methods, devices and systems for establishing remote session |
CN103945330B (en) * | 2014-05-12 | 2017-10-27 | 重庆邮电大学 | Virtual private cloud platform, virtual private cloud safety access method and system |
CN103945330A (en) * | 2014-05-12 | 2014-07-23 | 重庆邮电大学 | Virtual private cloud platform and virtual private cloud secure access method and system |
CN104092763A (en) * | 2014-07-16 | 2014-10-08 | 广州金山网络科技有限公司 | Application program installation package pushing method and device |
CN104469977A (en) * | 2014-09-10 | 2015-03-25 | 北京佰才邦技术有限公司 | Mobile communication method, device and system |
CN104469977B (en) * | 2014-09-10 | 2019-01-25 | 北京佰才邦技术有限公司 | Method of mobile communication, device and system |
WO2015131524A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Remote access server method and web server |
CN105516061A (en) * | 2014-09-25 | 2016-04-20 | 中兴通讯股份有限公司 | Remote server access method and web server |
CN105808987A (en) * | 2014-12-30 | 2016-07-27 | 中国移动通信集团公司 | Mobile data interaction method and device |
CN105808987B (en) * | 2014-12-30 | 2019-10-15 | 中国移动通信集团公司 | A kind of mobile data exchange method and equipment |
CN105992206A (en) * | 2015-02-04 | 2016-10-05 | 中国移动通信集团湖北有限公司 | Enterprise safety management method, equipment and system |
CN106034130A (en) * | 2015-03-18 | 2016-10-19 | 中兴通讯股份有限公司 | Data access method and device |
CN107690166A (en) * | 2016-08-03 | 2018-02-13 | 深圳市深信服电子科技有限公司 | A kind of cut-in method, the apparatus and system of VMI platforms |
CN107690166B (en) * | 2016-08-03 | 2020-11-20 | 深信服科技股份有限公司 | VMI platform access method, device and system |
CN111262865A (en) * | 2016-09-23 | 2020-06-09 | 华为技术有限公司 | Method, device and system for making access control strategy |
WO2018145266A1 (en) * | 2017-02-08 | 2018-08-16 | 深圳市汇顶科技股份有限公司 | Permission control method, permission-controlled device, electronic device, and system |
CN108491500A (en) * | 2018-03-20 | 2018-09-04 | 新华三云计算技术有限公司 | Database cut-in method and device |
CN109167834A (en) * | 2018-09-11 | 2019-01-08 | 上海庆科信息技术有限公司 | A kind of the company's cloud method and its relevant apparatus of smart machine |
CN111159667A (en) * | 2018-11-08 | 2020-05-15 | 鸿合科技股份有限公司 | Resource access method and device and electronic equipment |
WO2020248368A1 (en) * | 2019-06-10 | 2020-12-17 | 平安科技(深圳)有限公司 | Intranet accessing method, system, and related device |
CN110602218A (en) * | 2019-09-17 | 2019-12-20 | 深圳市迅雷网络技术有限公司 | Method and related device for assembling cloud service in user-defined manner |
CN110602218B (en) * | 2019-09-17 | 2023-02-14 | 深圳市迅雷网络技术有限公司 | Method and related device for assembling cloud service in user-defined manner |
CN111212087A (en) * | 2020-01-20 | 2020-05-29 | 上海米哈游天命科技有限公司 | Method, device, equipment and storage medium for determining login server |
CN112104603A (en) * | 2020-08-06 | 2020-12-18 | 华人运通(江苏)技术有限公司 | Access right control method, device and system of vehicle interface |
CN112104603B (en) * | 2020-08-06 | 2023-11-14 | 华人运通(江苏)技术有限公司 | Access authority control method, device and system of vehicle interface |
CN114172687A (en) * | 2021-11-03 | 2022-03-11 | 杭州涂鸦信息技术有限公司 | Cloud connection method, method for auxiliary equipment to be connected with cloud and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN102769631B (en) | 2015-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102769631B (en) | Access the method for Cloud Server, system and access device | |
CN103944890B (en) | Virtual interaction system based on customer end/server mode and method | |
RU2707717C2 (en) | Mobile authentication in mobile virtual network | |
CN102724647B (en) | Method and system for access capability authorization | |
US9491183B1 (en) | Geographic location-based policy | |
US11102196B2 (en) | Authenticating API service invocations | |
CN111314340B (en) | Authentication method and authentication platform | |
US9009804B2 (en) | Method and system for hybrid software as a service user interfaces | |
US10320844B2 (en) | Restricting access to public cloud SaaS applications to a single organization | |
CN110049048B (en) | Data access method, equipment and readable medium for government affair public service | |
CN104580074A (en) | Logging method of client end application and corresponding server of logging method | |
CN104468550B (en) | A kind of user login method of windows desktop, equipment and system | |
CN102984169A (en) | Single sign-on method, equipment and system | |
CN103930897A (en) | Mobile application, single sign-on management | |
US11770372B2 (en) | Unified identity and access management (IAM) control plane for services associated with a hybrid cloud | |
CN102710640A (en) | Authorization requesting method, device and system | |
CN103634301A (en) | Client side and method for accessing private data stored in server by user | |
CN103581184A (en) | Method and system for mobile terminal to get access to intranet server | |
US20170187705A1 (en) | Method of controlling access to business cloud service | |
CN112738100B (en) | Authentication method, device, authentication equipment and authentication system for data access | |
CN105550595A (en) | Private data access method and system for intelligent communication equipment | |
CN107743702A (en) | The single-sign-on of trustship mobile device | |
US20140380426A1 (en) | Method, device and system for logging in through a browser application at a client terminal | |
CN107770192A (en) | Identity authentication method and computer-readable recording medium in multisystem | |
CN103179080B (en) | The cloud computer system of a kind of Internet user and the method for connection cloud computer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |