CN103118030A - Desktop cloud based identity authentication method - Google Patents
Desktop cloud based identity authentication method Download PDFInfo
- Publication number
- CN103118030A CN103118030A CN2013100566842A CN201310056684A CN103118030A CN 103118030 A CN103118030 A CN 103118030A CN 2013100566842 A CN2013100566842 A CN 2013100566842A CN 201310056684 A CN201310056684 A CN 201310056684A CN 103118030 A CN103118030 A CN 103118030A
- Authority
- CN
- China
- Prior art keywords
- user
- desktop cloud
- desktop
- identity management
- management service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a desktop cloud based identity authentication method. A uniform identity management service is an independent module in the system, and is mainly oriented to various application services; and the various application services can be visited conveniently only by logging in for once by a user who realizes the desktop cloud. Meanwhile, private information of the user is also protected; and various applications can be moved into a desktop cloud environment dynamically and by steps. For the identity management of a newly added application system, a newly provided uniform identity authentication mode is available for the identity management. The difference between the desktop cloud based identity authentication method and the traditional uniform identity authentication way is that the uniform identity management service is no longer responsible for the identity authentication of the user, but hands over the work to the desktop cloud system to process, so that the desktop cloud based identity authentication method is good for separating the uniform identity management service from the desktop cloud system, improves the coupling performance of the whole system, also brings about convenience to the user who finally uses the desktop cloud, and greatly improves ease of use of the system.
Description
Technical field
The present invention relates to the desktop cloud authentication techniques, desktop cloud when creating new value, also brings many new challenges improving resource utilization.The authentication of desktop cloud, how effectively and rapidly the identity of authentication of users is not only the prerequisite of desktop cloud access control and management, and is the experience that improves the user, the key factor that desktop cloud is landed at last.
Background technology
Desktop cloud is that a kind of typical case of cloud computing uses, take Intel Virtualization Technology as the basis, take network as carrier.Thereby for final user provides Extraordinary virtual work desktop.Common desktop cloud framework is divided into three levels: thin-client layer, virtual desktop service layer and hardware layer.This typical architectural framework is a kind of Enterprise SOA Design Mode, by this design, virtual desktop and applied business also are directly changed into as passing through one group of interconnective service module of the Internet or local network access, simultaneously, desktop cloud has shielded the difference of Data Source and platform for the user, thereby can provide service in a kind of consistent mode.Since desktop cloud is a kind of infrastructure, can provide convenience for the user uses various applied business, best way is that desktop cloud itself provides service in a kind of fully transparent mode as the user.In order to guarantee the use desktop cloud of end user's safety, must access desktop cloud to the user and carry out authentication and authorization, consider simultaneously the convenience that the user uses.When needing a kind of new design method of design to allow user by the desktop cloud system authentication access in cloud other resources or service, need not just again to authenticate and to use.Traditional desktop cloud user authentication technique: think to comprise authentication, mandate, audit, and the technology of the aspect such as identity combination management.And the stages of identity life cycle management has been described, as shown in Figure 1, in this identity life cycle, user's first-selection has been passed through the authentication of desktop cloud system, then the access various application and service self-service according to the authority of system authorization.But authentication and way to manage and user profile preserving type that oneself is arranged due to desktop cloud and each application system, in this process, the user need to carry out authentication repeatedly, makes troubles to the end user, and this authentication mode own also easily causes confusion.
Summary of the invention
The purpose of this invention is to provide a kind of new identity identifying method based on desktop cloud.
the objective of the invention is to realize in the following manner, the desktop cloud user only need to just once login can easily access various application services, thereby improve end user's ease for use, the Unified Identity management service is the module of independence in system, in the face of various application services, realize that the desktop cloud user only just need to once login and conveniently to access various application services, also protected simultaneously user's privacy, concrete steps are as follows: the user uses thin-client, mobile pc, the terminal equipment of pad, be connected to the desktop cloud system by portal user, through being redirected, user's connection request is submitted to virtual desktop authentication dispatch server, the authentication dispatch server is processed user's request, according to the user role in the user profile data, authority, be the specific virtual machine of user assignment and computational resource, when then the user accesses other various application service systems by virtual desktop, owing to there being the Unified Identity management service this moment, mutual owing to carrying out between application service and Unified Identity management service, the user need not show authentication information, can obtain by the Unified Identity management service authority that the user uses application system.Concrete steps are as follows:
1) user logins desktop cloud by the WEB mode, and the desktop cloud door is submitted user profile to high desktop cloud dispatching patcher;
2) the desktop cloud dispatching patcher is with the specific virtual machine desktop of user assignment;
3) user is by virtual desktop access application system;
4) inquire user right with system to using authorization server;
5) authorization server returns to user right to application system;
6) system allows according to the user right of receiving or the refusing user's access.
The invention has the beneficial effects as follows: the Unified Identity management service is the module of independence in system, mainly in the face of various application services, realizes that the desktop cloud user only just need to once login can access easily various application services.Also protected simultaneously user's privacy information, various application can be dynamic, moves to step by step in the desktop cloud environment.For the Identity Management of the application system that newly adds, the new unified identity authentication pattern that proposes also can be carried out Identity Management.The present invention distinguishes and traditional unified identity authentication mode: unified identity management services no longer is responsible for user's authentication, process but give the desktop cloud system this part work authentication, help like this Unified Identity management service to be separated in the desktop cloud system, improve the coupling of whole system, also facilitate simultaneously the final desktop cloud user that uses, greatly improve the ease for use of system.
Description of drawings
Fig. 1 is identity life cycle figure;
Fig. 2 is desktop authentication method frame diagram.
Embodiment
With reference to Figure of description, method of the present invention is described in detail below.
With reference to the accompanying drawings 1, content of the present invention is described with an instantiation process that realizes this method.
As described in summary of the invention, architecture of the present invention mainly comprises:
The desktop cloud system can dispose enforcement according to original mode, does not need redesign and secondary development.Whole enforcement roughly is divided into following 6 steps
1, the user logins desktop cloud by the WEB mode, and the desktop cloud door is submitted user profile to high desktop cloud dispatching patcher;
2, the desktop cloud dispatching patcher is with the specific virtual machine desktop of user assignment;
3, the user is by virtual desktop access application system;
4, inquire user right with system to using authorization server;
5, authorization server returns to user right to application system;
6, system allows according to the user right of receiving or the refusing user's access.
Except the described technical characterictic of specification, be the known technology of those skilled in the art.
Claims (1)
1. identity identifying method based on desktop cloud, it is characterized in that, the desktop cloud user only need to just once login can easily access various application services, thereby improve end user's ease for use, the Unified Identity management service is the module of independence in system, in the face of various application services, realize that the desktop cloud user only just need to once login and conveniently to access various application services, also protected simultaneously user's privacy, the user uses thin-client, mobile pc, the terminal equipment of pad, be connected to the desktop cloud system by portal user, through being redirected, user's connection request is submitted to virtual desktop authentication dispatch server, the authentication dispatch server is processed user's request, according to the user role in the user profile data, authority, be the specific virtual machine of user assignment and computational resource, when then the user accesses other various application service systems by virtual desktop, owing to there being the Unified Identity management service this moment, mutual owing to carrying out between application service and Unified Identity management service, the user need not show authentication information, can obtain by the Unified Identity management service authority that the user uses application system, concrete steps are as follows:
1) user logins desktop cloud by the WEB mode, and the desktop cloud door is submitted user profile to high desktop cloud dispatching patcher;
2) the desktop cloud dispatching patcher is with the specific virtual machine desktop of user assignment;
3) user is by virtual desktop access application system;
4) inquire user right with system to using authorization server;
5) authorization server returns to user right to application system;
6) system allows according to the user right of receiving or the refusing user's access.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100566842A CN103118030A (en) | 2013-02-22 | 2013-02-22 | Desktop cloud based identity authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100566842A CN103118030A (en) | 2013-02-22 | 2013-02-22 | Desktop cloud based identity authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103118030A true CN103118030A (en) | 2013-05-22 |
Family
ID=48416304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100566842A Pending CN103118030A (en) | 2013-02-22 | 2013-02-22 | Desktop cloud based identity authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103118030A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103279703A (en) * | 2013-06-07 | 2013-09-04 | 江西省电力公司信息通信分公司 | Method for building desktop cloud virtual trust safety wall |
| CN104580211A (en) * | 2015-01-08 | 2015-04-29 | 浪潮软件集团有限公司 | SOA architecture-based intrusive system |
| WO2015184811A1 (en) * | 2014-11-20 | 2015-12-10 | 中兴通讯股份有限公司 | Method and device for logging in to cloud desktop |
| CN105187362A (en) * | 2014-06-23 | 2015-12-23 | 中兴通讯股份有限公司 | Method and device for connection authentication between desktop cloud client and server-side |
| CN106330816A (en) * | 2015-06-17 | 2017-01-11 | 北京神州泰岳软件股份有限公司 | Method and system for logging in cloud desktop |
| CN107807848A (en) * | 2017-10-12 | 2018-03-16 | 曙光信息产业(北京)有限公司 | A kind of cloud desktop system |
| CN108710528A (en) * | 2018-05-09 | 2018-10-26 | 深圳安布斯网络科技有限公司 | Access, control method, device, equipment and the storage medium of desktop cloud virtual machine |
| RU2711427C1 (en) * | 2018-11-02 | 2020-01-17 | Федеральное государственное бюджетное образовательное учреждение высшего образования "Московский государственный университет имени М.В. Ломоносова" (МГУ) | Method of producing metal-polymer nanocomposite materials with metal nanoparticles |
| CN114401266A (en) * | 2021-12-30 | 2022-04-26 | 苏州中科先进技术研究院有限公司 | Tax hall desktop cloud platform and self-service tax handling method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388773A (en) * | 2007-09-12 | 2009-03-18 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
-
2013
- 2013-02-22 CN CN2013100566842A patent/CN103118030A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101388773A (en) * | 2007-09-12 | 2009-03-18 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
Non-Patent Citations (2)
| Title |
|---|
| 夏荣: ""基于桌面云的统一身份认证架构研究"", 《信息网络安全》 * |
| 岳小均: ""基于云计算的统一身份认证与管理平台研究与实现"", 《万方学位论文》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103279703A (en) * | 2013-06-07 | 2013-09-04 | 江西省电力公司信息通信分公司 | Method for building desktop cloud virtual trust safety wall |
| CN103279703B (en) * | 2013-06-07 | 2018-02-02 | 国网江西省电力公司信息通信分公司 | A kind of method for building desktop cloud virtual trust safety wall |
| CN105187362A (en) * | 2014-06-23 | 2015-12-23 | 中兴通讯股份有限公司 | Method and device for connection authentication between desktop cloud client and server-side |
| WO2015196659A1 (en) * | 2014-06-23 | 2015-12-30 | 中兴通讯股份有限公司 | Method and device for authenticating connection between desktop cloud client and serving end |
| WO2015184811A1 (en) * | 2014-11-20 | 2015-12-10 | 中兴通讯股份有限公司 | Method and device for logging in to cloud desktop |
| CN104580211A (en) * | 2015-01-08 | 2015-04-29 | 浪潮软件集团有限公司 | SOA architecture-based intrusive system |
| CN104580211B (en) * | 2015-01-08 | 2018-02-23 | 浪潮软件集团有限公司 | SOA architecture-based intrusive system |
| CN106330816A (en) * | 2015-06-17 | 2017-01-11 | 北京神州泰岳软件股份有限公司 | Method and system for logging in cloud desktop |
| CN106330816B (en) * | 2015-06-17 | 2019-09-27 | 北京神州泰岳软件股份有限公司 | A kind of method and system logging in cloud desktop |
| CN107807848A (en) * | 2017-10-12 | 2018-03-16 | 曙光信息产业(北京)有限公司 | A kind of cloud desktop system |
| CN107807848B (en) * | 2017-10-12 | 2021-07-23 | 曙光信息产业(北京)有限公司 | Cloud desktop system |
| CN108710528A (en) * | 2018-05-09 | 2018-10-26 | 深圳安布斯网络科技有限公司 | Access, control method, device, equipment and the storage medium of desktop cloud virtual machine |
| CN108710528B (en) * | 2018-05-09 | 2023-02-28 | 深圳安布斯网络科技有限公司 | Desktop cloud virtual machine access and control method, device, equipment and storage medium |
| RU2711427C1 (en) * | 2018-11-02 | 2020-01-17 | Федеральное государственное бюджетное образовательное учреждение высшего образования "Московский государственный университет имени М.В. Ломоносова" (МГУ) | Method of producing metal-polymer nanocomposite materials with metal nanoparticles |
| CN114401266A (en) * | 2021-12-30 | 2022-04-26 | 苏州中科先进技术研究院有限公司 | Tax hall desktop cloud platform and self-service tax handling method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103118030A (en) | Desktop cloud based identity authentication method | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| US10102026B2 (en) | Migrating virtual asset | |
| EP2842049B1 (en) | Secure administration of virtual machines | |
| US9985949B2 (en) | Secure assertion attribute for a federated log in | |
| US20130291068A1 (en) | Managing Cloud Zones | |
| WO2013138979A1 (en) | Hybrid multi-tenancy cloud platform | |
| US9858110B2 (en) | Virtual credential adapter for use with virtual machines | |
| CN105262780B (en) | A kind of authority control method and system | |
| CN113612740A (en) | Authority management method and device, computer readable medium and electronic equipment | |
| US9614859B2 (en) | Location based authentication of users to a virtual machine in a computer system | |
| CN104767741A (en) | Calculation service separating and safety protecting system based on light virtual machine | |
| KR20220092365A (en) | Methods, systems, articles of manufacture and apparatus to certify multi-tenant storage blocks or groups of blocks | |
| CN108170510A (en) | A kind of managing computing resources system based on virtualization technology | |
| CN103812865B (en) | Method of realizing transparent user login under cloud resource platform | |
| CN107194239A (en) | A kind of right management method and device | |
| KR20070076342A (en) | User Group Role / Permission Management System and Access Control Methods in a Grid Environment | |
| CN107071021A (en) | A kind of neutral management method of cloud computing | |
| CN116260732A (en) | Sharing system and method for multi-cloud system pipe | |
| CN102404316A (en) | Access controlling method and device using virtualization | |
| CN107608768A (en) | Resource access method, electronic equipment and storage medium based on command mode | |
| CN107562961A (en) | A kind of centralized management method and apparatus of mysql databases | |
| US20230138622A1 (en) | Emergency Access Control for Cross-Platform Computing Environment | |
| Jiang et al. | The design and implementation of cloud computing model and platform | |
| CN106330885A (en) | Cloud terminal system and method for enforcing security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130522 |
|
| WD01 | Invention patent application deemed withdrawn after publication |