CN104468491A - Virtual desktop system and method based on secure channel - Google Patents
Virtual desktop system and method based on secure channel Download PDFInfo
- Publication number
- CN104468491A CN104468491A CN201310440365.1A CN201310440365A CN104468491A CN 104468491 A CN104468491 A CN 104468491A CN 201310440365 A CN201310440365 A CN 201310440365A CN 104468491 A CN104468491 A CN 104468491A
- Authority
- CN
- China
- Prior art keywords
- agent client
- module
- virtual desktop
- administrative center
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a virtual desktop system and method based a secure channel. The virtual desktop system based on the secure channel is characterized by comprising a management center module, a proxy client module, a virtual desktop client side and a virtual server. The invention further discloses the method matched with the virtual desktop system. According to the virtual desktop system and method based on the secure channel, password authentication is set, and corresponding security measures are set for the security of a channel between a virtual server and a proxy client side, all the operation records generated when the proxy client side operates the virtual server and the like.
Description
Technical field
The present invention relates to a kind of virtual desktop system based on safe lane and method.
Background technology
Virtual desktop refers to supports that the Remote Dynamic that enterprise-level realizes desktop system accesses the technology unifying trustship with data center.A vivid analogy is exactly today, and we can pass through any equipment, in any place, our mailing system of access on network, or net dish any time; And future, we can pass through any equipment, in any place, the desktop system belonging to we individual on network is accessed any time.Desktop virtual and thin-client computer have been proposed a lot of year, give data and safety is more controls by the function of data center server centralization computer, data and application program.But existing virtual desktop software exists the safety problem of greater risk, corresponding safety measure is not all had for all operations record the etc. when safety of channel between virtual server and agent client and agent client operation virtual server.
Therefore, prior art needs to be improved.
Summary of the invention
The present invention is in order to solve the deficiencies in the prior art, a kind of virtual desktop system based on safe lane and method are provided, cipher authentication is set, and corresponding safety measure is all arranged for all operations record the etc. when safety of channel between virtual server and agent client and agent client operation virtual server.
For solving the problems of the technologies described above, a kind of virtual desktop system based on safe lane that the embodiment of the present invention provides and method, adopt following technical scheme:
Based on a virtual desktop system for safe lane, it is characterized in that,
Comprise management center module, agent client module, virtual desktop client, virtual server.
Particularly, described management center module comprises double authentication module, user is arranged and administration module, right assignment module, behavior monitoring module, safe lane module.
Particularly, described agent client module comprises termination management module, TSM Security Agent module.
Based on an implementation method for the virtual desktop of safe lane, comprise the steps:
S1: the distribution being carried out authority by administrative center according to different agent client, and the corresponding key of title essential information granting of each agent client that follows up and initial password;
S2: arrange different administrator rights, has super keeper, system manager, file manager and log audit person, and different keepers carries out different rights management and distribution;
S3: agent client inserts respective key, then inputs password and carries out certification;
S4: generate public private key pair when administrative center provides key, and private key is imported in key, PKI is stayed administrative center, after agent client inserts key, stochastic generation one piece of data, issue administrative center, by administrative center to this segment data public key encryption, then issue agent client, agent client private key to changing decrypt data, and is compared the data after deciphering and former data, if identical, then certification is passed through, and points out user to input password, and password correctly then allows the normal virtual server that logs in do corresponding operating; Otherwise otherwise;
S5: after double authentication success, connect between administrative center and agent client, the data transmitted in the connection PKI that all use management center is deposited is encrypted, when being then transferred to agent client, use private key to be decrypted reading by agent client, ensure the data security on transmission channel between administrative center and agent client;
S6: agent client accesses virtual server, and when operating the related content on virtual server, by the corresponding operating of each agent client of behavior monitoring module real time record of administrative center, and the information encryption of record is kept in administrative center's storage medium, is convenient to later stage inquiry.
Particularly, described behavior monitoring module can also monitor the price bidding with control agent client.
A kind of virtual desktop system based on safe lane provided by the invention and method, by arranging cipher authentication, and corresponding safety measure is all arranged for all operations record the etc. when safety of channel between virtual server and agent client and agent client operation virtual server.
Accompanying drawing explanation
Fig. 1 is the structural representation of a kind of virtual desktop system based on safe lane described in the embodiment of the present invention.
Fig. 2 is the step schematic diagram of the implementation method of a kind of virtual desktop based on safe lane described in the embodiment of the present invention.
Embodiment
A kind of virtual desktop system based on safe lane that the embodiment of the present invention provides and method, by arranging cipher authentication, and corresponding safety measure is all arranged for all operations record the etc. when safety of channel between virtual server and agent client and agent client operation virtual server.
A kind of virtual desktop system based on safe lane be supplied to the embodiment of the present invention below in conjunction with accompanying drawing and method are described in detail.
As shown in Figure 1, 2, a kind of virtual desktop system based on safe lane that the embodiment of the present invention provides, is characterized in that,
Comprise management center module, agent client module, virtual desktop client, virtual server.
Particularly, described management center module comprises double authentication module, user is arranged and administration module, right assignment module, behavior monitoring module, safe lane module.
Particularly, described agent client module comprises termination management module, TSM Security Agent module.
Based on an implementation method for the virtual desktop of safe lane, comprise the steps:
S1: the distribution being carried out authority by administrative center according to different agent client, and the corresponding key of title essential information granting of each agent client that follows up and initial password;
S2: arrange different administrator rights, has super keeper, system manager, file manager and log audit person, and different keepers carries out different rights management and distribution;
S3: agent client inserts respective key, then inputs password and carries out certification;
S4: generate public private key pair when administrative center provides key, and private key is imported in key, PKI is stayed administrative center, after agent client inserts key, stochastic generation one piece of data, issue administrative center, by administrative center to this segment data public key encryption, then issue agent client, agent client private key to changing decrypt data, and is compared the data after deciphering and former data, if identical, then certification is passed through, and points out user to input password, and password correctly then allows the normal virtual server that logs in do corresponding operating; Otherwise otherwise;
S5: after double authentication success, connect between administrative center and agent client, the data transmitted in the connection PKI that all use management center is deposited is encrypted, when being then transferred to agent client, use private key to be decrypted reading by agent client, ensure the data security on transmission channel between administrative center and agent client;
S6: agent client accesses virtual server, and when operating the related content on virtual server, by the corresponding operating of each agent client of behavior monitoring module real time record of administrative center, and the information encryption of record is kept in administrative center's storage medium, is convenient to later stage inquiry.
Particularly, described behavior monitoring module can also monitor the price bidding with control agent client.
A kind of virtual desktop system based on safe lane provided by the invention and method, by arranging cipher authentication, and corresponding safety measure is all arranged for all operations record the etc. when safety of channel between virtual server and agent client and agent client operation virtual server.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.
Claims (5)
1., based on a virtual desktop system for safe lane, it is characterized in that,
Comprise management center module, agent client module, virtual desktop client, virtual server.
2. a kind of virtual desktop system based on safe lane according to claim 1, is characterized in that, described management center module comprises double authentication module, user is arranged and administration module, right assignment module, behavior monitoring module, safe lane module.
3. a kind of virtual desktop system based on safe lane according to claim 1, is characterized in that, described agent client module comprises termination management module, TSM Security Agent module.
4., based on an implementation method for the virtual desktop of safe lane, comprise the steps:
S1: the distribution being carried out authority by administrative center according to different agent client, and the corresponding key of title essential information granting of each agent client that follows up and initial password;
S2: arrange different administrator rights, has super keeper, system manager, file manager and log audit person, and different keepers carries out different rights management and distribution;
S3: agent client inserts respective key, then inputs password and carries out certification;
S4: generate public private key pair when administrative center provides key, and private key is imported in key, PKI is stayed administrative center, after agent client inserts key, stochastic generation one piece of data, issue administrative center, by administrative center to this segment data public key encryption, then issue agent client, agent client private key to changing decrypt data, and is compared the data after deciphering and former data, if identical, then certification is passed through, and points out user to input password, and password correctly then allows the normal virtual server that logs in do corresponding operating; Otherwise otherwise;
S5: after double authentication success, connect between administrative center and agent client, the data transmitted in the connection PKI that all use management center is deposited is encrypted, when being then transferred to agent client, use private key to be decrypted reading by agent client, ensure the data security on transmission channel between administrative center and agent client;
S6: agent client accesses virtual server, and when operating the related content on virtual server, by the corresponding operating of each agent client of behavior monitoring module real time record of administrative center, and the information encryption of record is kept in administrative center's storage medium, is convenient to later stage inquiry.
5. the implementation method of a kind of virtual desktop based on safe lane according to claim 4, is characterized in that, described behavior monitoring module can also monitor the price bidding with control agent client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310440365.1A CN104468491A (en) | 2013-09-25 | 2013-09-25 | Virtual desktop system and method based on secure channel |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310440365.1A CN104468491A (en) | 2013-09-25 | 2013-09-25 | Virtual desktop system and method based on secure channel |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104468491A true CN104468491A (en) | 2015-03-25 |
Family
ID=52913870
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310440365.1A Pending CN104468491A (en) | 2013-09-25 | 2013-09-25 | Virtual desktop system and method based on secure channel |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104468491A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105337955A (en) * | 2015-09-22 | 2016-02-17 | 电子科技大学 | Domestic, safe and controllable virtual desktop management control system |
| CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
| CN106096426A (en) * | 2016-06-21 | 2016-11-09 | 南阳柯丽尔科技有限公司 | A kind of big data store safely terminal |
| CN107346380A (en) * | 2016-05-05 | 2017-11-14 | 北京北信源软件股份有限公司 | A kind of anti-data-leakage system and method based on RDP |
| CN108093041A (en) * | 2017-12-12 | 2018-05-29 | 武汉噢易云计算股份有限公司 | Single channel VDI proxy servers and implementation method |
-
2013
- 2013-09-25 CN CN201310440365.1A patent/CN104468491A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105337955A (en) * | 2015-09-22 | 2016-02-17 | 电子科技大学 | Domestic, safe and controllable virtual desktop management control system |
| CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
| CN105376216B (en) * | 2015-10-12 | 2019-04-26 | 华为技术有限公司 | A kind of remote access method, proxy server and client |
| CN107346380A (en) * | 2016-05-05 | 2017-11-14 | 北京北信源软件股份有限公司 | A kind of anti-data-leakage system and method based on RDP |
| CN106096426A (en) * | 2016-06-21 | 2016-11-09 | 南阳柯丽尔科技有限公司 | A kind of big data store safely terminal |
| CN108093041A (en) * | 2017-12-12 | 2018-05-29 | 武汉噢易云计算股份有限公司 | Single channel VDI proxy servers and implementation method |
| CN108093041B (en) * | 2017-12-12 | 2020-07-28 | 武汉噢易云计算股份有限公司 | Single-channel VDI proxy service system and implementation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6941146B2 (en) | Data security service | |
| CN101159556B (en) | Group key server based key management method in sharing encryption file system | |
| CN103731475B (en) | A kind of data protection system | |
| CN114513533A (en) | Classified and graded fitness and health big data sharing system and method | |
| CN103534976A (en) | Data security protection method, server, host, and system | |
| CN103530570A (en) | Electronic document safety management system and method | |
| CN104184743A (en) | Three-layer authentication system and method oriented to cloud computing platform | |
| CN105103488A (en) | Policy enforcement with associated data | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| CN102025503B (en) | Data security implementation method in cluster environment and high-security cluster | |
| CN103152179A (en) | Uniform identity authentication method suitable for multiple application systems | |
| CN104333545B (en) | The method that cloud storage file data is encrypted | |
| CN102427447A (en) | Method of sharing identity authentication information among tax cloud computing systems | |
| CN103078841A (en) | Method and system for preventive electronic data security | |
| CN103326999A (en) | File safety management system based on cloud service | |
| CN102377788A (en) | Single sign-on (SSO) system and single sign-on (SSO) method | |
| CN111010430B (en) | Cloud computing security data sharing method based on double-chain structure | |
| CN104468491A (en) | Virtual desktop system and method based on secure channel | |
| CN103516523A (en) | Data encryption system structure based on cloud storage | |
| CN103580868A (en) | Secure transmission method of electronic official document secure transmission system | |
| CN106936579A (en) | Cloud storage data storage and read method based on trusted third party agency | |
| CN109379360A (en) | Auditing method, electronic device and computer readable storage medium | |
| CN104506480A (en) | Cross-domain access control method and system based on marking and auditing combination | |
| CN105279453A (en) | Separate storage management-supporting file partition hiding system and method thereof | |
| CN101118639A (en) | Safety electric national census system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150325 |
|
| WD01 | Invention patent application deemed withdrawn after publication |