CN103442007A - Far-end application service accessing method based on virtual desktop control mode - Google Patents
Far-end application service accessing method based on virtual desktop control mode Download PDFInfo
- Publication number
- CN103442007A CN103442007A CN2013103824598A CN201310382459A CN103442007A CN 103442007 A CN103442007 A CN 103442007A CN 2013103824598 A CN2013103824598 A CN 2013103824598A CN 201310382459 A CN201310382459 A CN 201310382459A CN 103442007 A CN103442007 A CN 103442007A
- Authority
- CN
- China
- Prior art keywords
- application
- user
- gateway
- desktop
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a far-end application service accessing method based on a virtual desktop control mode. The identification of personnel identities and the control over user rights are carried out through a secure gateway, the shortcut that a user has the right to access applications is shown through secure gateway client software in a virtual desktop mode, the secure gateway is matched with a virtual desktop, and the fact that a user has access to far-end application service is controlled. After the security authentication gateway receives a list, a windows desktop is recreated through a windows virtual desktop technology, a desktop shortcut is created for each application to be shown in the desktop according to the attribute information of each application in the list of the user, and the user can see each application which the user has the right to access when switching to a desktop program. The user can start an application client-side by double clicking an application system shortcut icon. The accessing mode achieved through the method is intuitionistic, humanized and wide in application range, and the using habits of the user are met.
Description
Technical field
The present invention relates to a kind of method that realizes the application service of access far-end based on the virtual desktop control mode, particularly relate to a kind of being applicable to based on security gateway, adopt the virtual desktop control mode to realize the method for access far-end application service.
Background technology
The virtual desktop technology is a kind of application technology that can simultaneously represent a plurality of windows desktops that the windows system provides.In the ordinary course of things, windows operating system only shows a desktop, and this desktop is being undertaken the management responsibility of all application shortcuts.
Identity identifying technology is to differentiate user identity, extracts a kind of safe practice of User Identity, is the prerequisite of carrying out control of authority.Security gateway utilizes identity identifying technology to be differentiated user identity, extracts User Identity control of authority to user's access application for gateway from authentication information.
Access control technology is for controlling a kind of security means of user access activity.
The application system that mode protect of security gateway system by the access control of opening circuit needs reinforcement.The user only has by the authentication of gateway could access the application service that is subject to the security gateway protection.Common security gateway system adopts transparent mode protection application; do not possess a kind of mode intuitively and tell the user authenticates by rear which user application Internet access the user; only have when user's operational applications system and just because the user has authority, do not refuse the user, processing mode is simple and crude.Some security gateway is also supported web door function, the user authenticate by after represent to the user application that the user can access with the situation of web page interlinkage, but this kind of mode only supported the B/S application.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of method that realizes the application service of access far-end based on the virtual desktop control mode.The method utilizes security gateway to carry out the identification of personnel identity and the control of user right, utilize secure gateway client software to represent in the virtual desktop mode shortcut that the user has the authority access application, coordinate by security gateway and virtual desktop, control the access of user to the far-end application service.Security Certificate gateway utilizes windows virtual desktop technology again to create a windows desktop after receiving list, and be presented in this desktop for each application creates each desktop shortcuts according to the attribute information of each application in these row of user, the user is switched to this desktop programs can see each application that the authority access is arranged oneself.The user double-clicks the application system shortcut icon can start applications client.The access mode that the method realizes is directly perceived, hommization, applied range, meets user's use habit.
The technical solution used in the present invention is as follows: a kind of method that realizes the application service of access far-end based on the virtual desktop control mode, and its concrete grammar is: one, the user starts security client software; Two, the user shows the voucher for authentication, and carries out authentication with Security Certificate gateway, if by authenticating carrying out next step; Three, Security Certificate gateway pushes application system sign and the relevant information of this user's Internet access to secure gateway client software, and passes to the Security Certificate gateway client software; Four, secure gateway client software is resolved the application system sign, starts virtual desktop, and creates the application system shortcut in virtual desktop; Five, the user starts application system in virtual desktop; Six, the application system client is by the escape way access application system of setting up between security client software and security gateway; Seven, user's rear disconnection authentication client software of finishing using, virtual desktop exits automatically.
The concrete grammar of described step 3 is: security gateway from keeper's configured in advance in the user right list security gateway by the application of subscriber identity information inquiring user Internet access, then according to these application queries relevant attribute information.
Security gateway passes to the Security Certificate gateway client software by the association attributes of the application message of user's Internet access and application in the mode of list.
Security Certificate gateway utilizes windows virtual desktop technology again to create a windows desktop after receiving 3 lists, and is presented in this desktop for each application creates each desktop shortcuts.
According to the attribute information of each application in these row of user, for creating each desktop shortcuts, each application is presented in this desktop.
Applications client connects application service, and the method that secure gateway client is intercepted and captured the applications client request is: set up the VPN passage with security gateway, and transmit application request by the VPN passage.
Described escape way is the VPN passage.
In described step 3, if the user has authority to access this application, the security gateway proxy user is forwarded to application service by this application request, is transmitted to applications client by the VPN passage after processing this request by application service.
Compared with prior art, the invention has the beneficial effects as follows: the virtual desktop function based on security gateway, represent the application of user's Internet access to the user with the situation of windows desktop, represent the application of each user's Internet access in the mode of shortcut icon.Be different from the security gateway system in web door mode, the windows desktop function can define the shortcut of application software, and it is addressable appointment application that the user clicks shortcut.No matter shortcut icon mode B/S application, C/S application can be defined.The desktop that system provides also is different from the intrinsic desktop of windows operating system, with one fully independently desktop to the user, represent.But user's Self-operating is switching back and forth in the original desktop of original operating system and this desktop.The shortcut represented in the desktop that security gateway generates only comprises the application of user's Internet access and by the more self-defining systemic-function icons of keeper.Simple and clear concerning the user, meet user's use habit.The multiple different contents such as general virtual desktop normally will be played, work are assigned to different desktops, and each desktop needs user's self-defining.Virtual desktop application based on security gateway forms an independent desktop by the application of user's Internet access automatically, without user's customized.
The accompanying drawing explanation
Fig. 1 is the wherein system construction drawing of an embodiment of the present invention.
The flow chart that Fig. 2 is middle user's access application system embodiment illustrated in fig. 1.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Disclosed all features in this specification, except the feature of mutual eliminating, all can combine by any way.
Disclosed arbitrary feature in this specification (comprising any accessory claim, summary and accompanying drawing), unless special narration all can be replaced by other equivalences or the alternative features with similar purpose.That is,, unless special narration, each feature is an example in a series of equivalences or similar characteristics.
The invention discloses security gateway and represent access privilege, the application entrance is provided, facilitates the method for user starts application, realize a sample system configuration of the present invention as shown in Figure 1, Security Certificate gateway is deployed between application system and client, plays the break type access control.The flow process that the user wants the access application system is as shown in Figure 2:
A kind of method that realizes the application service of access far-end based on the virtual desktop control mode, its concrete grammar is: one, the user starts security client software; Two, the user shows the voucher for authentication, and carries out authentication with Security Certificate gateway, if by authenticating carrying out next step; Three, Security Certificate gateway pushes application system sign and the relevant information of this user's Internet access to secure gateway client software, and passes to the Security Certificate gateway client software; Four, secure gateway client software is resolved the application system sign, starts virtual desktop, and creates the application system shortcut dynamically in virtual desktop; Five, the user clicks the application system shortcut that will use in virtual desktop, starts application system; Six, the application system client is by the escape way access application system of setting up between security client software and security gateway; Seven, user's rear disconnection authentication client software of finishing using, virtual desktop exits automatically.
Security Certificate gateway is not limited to concrete implementation, can be the SSLVPN gateway, can be Application control gateway.Security gateway can be used the different authentication factors, different authentication protocols to realize the authentication to the user; Can proxy user access be deployed in the application system after Security Certificate gateway; Can be controlled the authority of user's access application system.Described Security Certificate gateway system receives the authentication request that comes from secure gateway client software, and the different authentication factor pair user who shows according to client carries out authentication.After authentication success, security gateway and secure gateway client software are set up escape way, and the user right of authorizing according to the keeper is pushed to security client software by the application system of user's Internet access sign.When the user passes through security client access application system, security gateway judges according to user's identify label and the sign of required access application system whether the user has the authority of access application system, if Internet access, proxy user is accessed this application system, otherwise refuses user's access request.
Can accept the different authentication factor and security gateway that the user shows is authenticated; Can authentication protocol and security gateway based on different be authenticated; Can be deployed in Security Certificate gateway application software afterwards by the access of different modes agent application client software; Can represent in the virtual desktop mode shortcut of user's Internet access application.The different authentication factor that described safety certification client software provides according to the user is carried out authentication by different authentication protocols as SSL and security gateway as user password, certificate etc.After authentication is passed through, described security client software is identified at the shortcut that creates application system virtual desktop according to the application system of obtaining from security gateway.When user starts application system client software, described safety certification client software agent application client software access application system.
The concrete grammar of described step 3 is: security gateway from keeper's configured in advance in the user right list security gateway by the application of subscriber identity information inquiring user Internet access, then according to these application queries relevant attribute information.
Security gateway passes to the Security Certificate gateway client software by the association attributes of the application message of user's Internet access and application in the mode of list.
Security Certificate gateway utilizes windows virtual desktop technology again to create a windows desktop after receiving 3 lists, and is presented in this desktop for each application creates each desktop shortcuts.
For operating system provides a plurality of desktops, security gateway agency's the independent desktop that is applied in is shown, be user-friendly to.
According to the attribute information of each application in these row of user, for creating each desktop shortcuts, each application is presented in this desktop.
Applications client connects application service, and the method that secure gateway client is intercepted and captured the applications client request is: set up the VPN passage with security gateway, and transmit application request by the VPN passage.
Described escape way is the VPN passage.
In described step 3, if the user has authority to access this application, the security gateway proxy user is forwarded to application service by this application request, is transmitted to applications client by the VPN passage after processing this request by application service.
Virtual desktop based on security gateway, represent a proprietary windows desktop that is independent of existing windows desktop by windows virtual desktop technology for the user; Utilize the control of authority function of Security Certificate gateway to be controlled at the content that desktop shows.
The present invention does not limit the concrete mode of authentication.In the present invention, do not limit concrete access control model.Security gateway utilizes user's identify label to filter out according to Access Control List (ACL) the application that the user has the authority access, with desktop shortcuts, these application is presented in to one and independently in the windows desktop, offers the user.When the user accesses by security gateway the application that is subject to the security gateway protection, security gateway judges according to application resource and the Access Control List (ACL) of User Identity, access whether the user has the authority access.
Claims (8)
1. a method that realizes the application service of access far-end based on the virtual desktop control mode, its concrete grammar is: one, the user starts security client software; Two, the user shows the voucher for authentication, and carries out authentication with Security Certificate gateway, if by authenticating carrying out next step; Three, Security Certificate gateway pushes application system sign and the relevant information of this user's Internet access to secure gateway client software, and passes to the Security Certificate gateway client software; Four, secure gateway client software is resolved the application system sign, starts virtual desktop, and creates the application system shortcut in virtual desktop; Five, the user starts application system in virtual desktop; Six, the application system client is by the escape way access application system of setting up between security client software and security gateway; Seven, user's rear disconnection authentication client software of finishing using, virtual desktop exits automatically.
2. method according to claim 1, the concrete grammar of described step 3 is: security gateway from keeper's configured in advance in the user right list security gateway by the application of subscriber identity information inquiring user Internet access, then according to these application queries relevant attribute information.
3. method according to claim 2, security gateway passes to the Security Certificate gateway client software by the association attributes of the application message of user's Internet access and application in the mode of list.
4. according to the method in claim 2 or 3, Security Certificate gateway utilizes windows virtual desktop technology again to create a windows desktop after receiving 3 lists, and is presented in this desktop for each application creates each desktop shortcuts.
5. method according to claim 4, be presented in this desktop for each application creates each desktop shortcuts according to the attribute information of each application in these row of user.
6. method according to claim 1, applications client connects application service, and the method that secure gateway client is intercepted and captured the applications client request is: set up the VPN passage with security gateway, and transmit application request by the VPN passage.
7. method according to claim 6, described escape way is the VPN passage.
8. method according to claim 6, in described step 3, if the user has authority to access this application, the security gateway proxy user is forwarded to application service by this application request, is transmitted to applications client by the VPN passage after processing this request by application service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103824598A CN103442007A (en) | 2013-08-29 | 2013-08-29 | Far-end application service accessing method based on virtual desktop control mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103824598A CN103442007A (en) | 2013-08-29 | 2013-08-29 | Far-end application service accessing method based on virtual desktop control mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103442007A true CN103442007A (en) | 2013-12-11 |
Family
ID=49695672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103824598A Pending CN103442007A (en) | 2013-08-29 | 2013-08-29 | Far-end application service accessing method based on virtual desktop control mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103442007A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716325A (en) * | 2013-12-31 | 2014-04-09 | 网神信息技术(北京)股份有限公司 | Security control method, device and system for network access |
| CN104333557A (en) * | 2014-11-19 | 2015-02-04 | 成都卫士通信息安全技术有限公司 | Single sign on system and method based on VPN gateway |
| CN104468530A (en) * | 2014-11-19 | 2015-03-25 | 成都卫士通信息安全技术有限公司 | Method for mobile phone user to have access to far-end application service through VPN channel |
| CN104536802A (en) * | 2014-12-19 | 2015-04-22 | 中兴通讯股份有限公司 | Method for achieving calling of applications and virtual machine |
| CN104753930A (en) * | 2015-03-17 | 2015-07-01 | 成都盛思睿信息技术有限公司 | Cloud desktop management system based on security gateway and security access control method thereof |
| CN104780156A (en) * | 2015-03-17 | 2015-07-15 | 成都盛思睿信息技术有限公司 | Secure cloud desktop system and USB access control method thereof |
| CN105049414A (en) * | 2015-06-03 | 2015-11-11 | 北京朋创天地科技有限公司 | Dataflow control method facing virtual desktop and information safety device |
| CN105162762A (en) * | 2015-07-29 | 2015-12-16 | 深圳市深信服电子科技有限公司 | Network isolation method, device and system |
| CN107256162A (en) * | 2017-06-13 | 2017-10-17 | 时瑞科技(深圳)有限公司 | Based on Windows visual characteristics and personalized desktop management method |
| CN109495480A (en) * | 2018-11-22 | 2019-03-19 | 北京车和家信息技术有限公司 | Right management method, device and server |
| CN112615810A (en) * | 2020-11-17 | 2021-04-06 | 新华三技术有限公司 | Access control method and device |
| CN112783596A (en) * | 2021-02-03 | 2021-05-11 | 广东中兴新支点技术有限公司 | Operating system, method and medium for realizing multitask view response of virtual desktop |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101473628A (en) * | 2006-04-12 | 2009-07-01 | 思杰系统有限公司 | Systems and methods for accelerating delivery of a computing environment to remote user |
| CN101651743A (en) * | 2009-09-10 | 2010-02-17 | 华耀环宇科技(北京)有限公司 | Remote desktop access system facing to mobilephone terminal user |
| CN101676875A (en) * | 2008-08-15 | 2010-03-24 | 北京北大众志微系统科技有限责任公司 | Method for seamless access remote Windows application program by Linux terminal and apparatus thereof |
-
2013
- 2013-08-29 CN CN2013103824598A patent/CN103442007A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101473628A (en) * | 2006-04-12 | 2009-07-01 | 思杰系统有限公司 | Systems and methods for accelerating delivery of a computing environment to remote user |
| CN101676875A (en) * | 2008-08-15 | 2010-03-24 | 北京北大众志微系统科技有限责任公司 | Method for seamless access remote Windows application program by Linux terminal and apparatus thereof |
| CN101651743A (en) * | 2009-09-10 | 2010-02-17 | 华耀环宇科技(北京)有限公司 | Remote desktop access system facing to mobilephone terminal user |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716325A (en) * | 2013-12-31 | 2014-04-09 | 网神信息技术(北京)股份有限公司 | Security control method, device and system for network access |
| CN104333557A (en) * | 2014-11-19 | 2015-02-04 | 成都卫士通信息安全技术有限公司 | Single sign on system and method based on VPN gateway |
| CN104468530A (en) * | 2014-11-19 | 2015-03-25 | 成都卫士通信息安全技术有限公司 | Method for mobile phone user to have access to far-end application service through VPN channel |
| CN104536802A (en) * | 2014-12-19 | 2015-04-22 | 中兴通讯股份有限公司 | Method for achieving calling of applications and virtual machine |
| CN104536802B (en) * | 2014-12-19 | 2021-05-04 | 中兴通讯股份有限公司 | Method for realizing application calling and virtual machine |
| CN104753930A (en) * | 2015-03-17 | 2015-07-01 | 成都盛思睿信息技术有限公司 | Cloud desktop management system based on security gateway and security access control method thereof |
| CN104780156A (en) * | 2015-03-17 | 2015-07-15 | 成都盛思睿信息技术有限公司 | Secure cloud desktop system and USB access control method thereof |
| CN105049414A (en) * | 2015-06-03 | 2015-11-11 | 北京朋创天地科技有限公司 | Dataflow control method facing virtual desktop and information safety device |
| CN105162762B (en) * | 2015-07-29 | 2019-03-26 | 深信服科技股份有限公司 | Network Isolation methods, devices and systems |
| CN105162762A (en) * | 2015-07-29 | 2015-12-16 | 深圳市深信服电子科技有限公司 | Network isolation method, device and system |
| CN107256162A (en) * | 2017-06-13 | 2017-10-17 | 时瑞科技(深圳)有限公司 | Based on Windows visual characteristics and personalized desktop management method |
| CN107256162B (en) * | 2017-06-13 | 2020-12-08 | 时瑞科技(深圳)有限公司 | Desktop management method based on Windows visual characteristics and personalization |
| CN109495480A (en) * | 2018-11-22 | 2019-03-19 | 北京车和家信息技术有限公司 | Right management method, device and server |
| CN112615810A (en) * | 2020-11-17 | 2021-04-06 | 新华三技术有限公司 | Access control method and device |
| CN112783596A (en) * | 2021-02-03 | 2021-05-11 | 广东中兴新支点技术有限公司 | Operating system, method and medium for realizing multitask view response of virtual desktop |
| CN112783596B (en) * | 2021-02-03 | 2024-04-05 | 广东中兴新支点技术有限公司 | Operating system, method and medium for realizing virtual desktop multitasking view response |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103442007A (en) | Far-end application service accessing method based on virtual desktop control mode | |
| CN106411857B (en) | A kind of private clound GIS service access control method based on virtual isolation mech isolation test | |
| EP2894814B1 (en) | Monitoring sessions with a session-specific transient agent | |
| US7644434B2 (en) | Computer security system | |
| US9614874B2 (en) | Network session management based on contextual information | |
| US9300670B2 (en) | Remote access to resources over a network | |
| US8255973B2 (en) | Provisioning remote computers for accessing resources | |
| US7827590B2 (en) | Controlling access to a set of resources in a network | |
| US8893243B2 (en) | Method and system protecting against identity theft or replication abuse | |
| US8001610B1 (en) | Network defense system utilizing endpoint health indicators and user identity | |
| CN102984159B (en) | Based on secure accessing logic control method and the Platform Server of terminal access behavior | |
| EP2620893A1 (en) | Role-based access control permissions | |
| EP1933264A1 (en) | Policy enforcement via attestations | |
| US9882965B2 (en) | Techniques for network process identity enablement | |
| CN102724189A (en) | Method and device for controlling user URL (uniform resource locator) access | |
| CN100512107C (en) | Security identification method | |
| CN113364800A (en) | Resource access control method, device, electronic equipment and medium | |
| US20060190990A1 (en) | Method and system for controlling access to a service provided through a network | |
| RU2415466C1 (en) | Method of controlling identification of users of information resources of heterogeneous computer network | |
| US8910250B2 (en) | User notifications during computing network access | |
| Cisco | Authentication Server Panel | |
| Cisco | Authentication Server Panel | |
| Zefferer et al. | Best of two worlds: Secure cloud federations meet eIDAS | |
| CN104935645A (en) | Viral transmission prevention method for safely transmitting USB flash disk file on financial network counter | |
| CN104468530A (en) | Method for mobile phone user to have access to far-end application service through VPN channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131211 |
|
| RJ01 | Rejection of invention patent application after publication |