CN104811455A - Cloud computing identity authentication method - Google Patents
Cloud computing identity authentication method Download PDFInfo
- Publication number
- CN104811455A CN104811455A CN201510254039.0A CN201510254039A CN104811455A CN 104811455 A CN104811455 A CN 104811455A CN 201510254039 A CN201510254039 A CN 201510254039A CN 104811455 A CN104811455 A CN 104811455A
- Authority
- CN
- China
- Prior art keywords
- cloud
- cloud server
- cloud terminal
- terminal
- encryption device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a cloud computing identity authentication method. The cloud computing identity authentication method comprises the following steps that (1) a cloud terminal identifies inserted cryptographic equipment and sends a login request message to a cloud server after identification; (2) after the cloud server receives the message, the cloud server sends an authentication message to the cloud terminal; (3) the cloud terminal extracts a digital certificate in the cryptographic equipment according to the authentication message, and encrypts the digital certificate and sends the digital certificate to the cloud server; (4) the cloud server verifies the user identity according to the digital certificate, when the verification passes, a virtual machine corresponding to the cloud server is directly connected to the cloud terminal through an RDP (Remote Desktop Protocol). According to the cloud computing identity authentication method, the cryptographic equipment is integrated, so that strong identity authentication of a user of a virtual desktop can be realized, and the potential safety hazard due to the single verification of a user name and a password in the existing cloud computing is made up.
Description
Technical field
The present invention relates to a kind of cloud computing security technology area, especially relate to a kind of cloud computing identity identifying method.
Background technology
At present, cloud computing technology is widely used, the over-borrowing of existing cloud computing identity identifying technology helps AD (Active Directory) territory of Microsoft, and the Single Sign-On Technology Used combined based on agreements such as OPenID realizes authentication, the mode of the many employings of this authentication mode " user name+password " realizes authentication, authentication strength is inadequate, this situation ubiquity in the main flow cloud computing platforms such as VMware, Citrix.In addition, when using RDP (RDP, SPICE etc.) to transmit data in existing cloud computing platform, many employings Cloud Servers is to the unilateral authentication of cloud terminal, and this can cause the potential safety hazard occurring " man-in-the-middle attack ".
Summary of the invention
The object of the invention is to: for prior art Problems existing, there is provided a kind of cloud computing identity identifying method that can meet the demands for security such as access security, channel security, application safety, it can solve existing based on the safety problem in the cloud computing authentication of AD field technique and RDP effectively.
Goal of the invention of the present invention is achieved through the following technical solutions:
A kind of cloud computing identity identifying method, it is characterized in that, the method comprising the steps of:
(1) cloud terminal identifies the encryption device inserted, and sends login request message after identification to Cloud Server;
(2), after cloud server message, checking message is sent to cloud terminal;
(3) cloud terminal is according to the digital certificate in checking message extraction encryption device, and sends to Cloud Server after being encrypted digital certificate;
(4) Cloud Server is according to digital certificate authentication user identity, after being verified, virtual machine corresponding in Cloud Server by RDP agreement directly and cloud terminal connect.
As further scheme, described login request message obtains after the account of login Cloud Server user inputted is encrypted.
As further scheme, the step of described identifying user identity is: first carry out certification to digital certificate, after certification is passed through, login request message is verified with the information in digital certificate.
As further scheme, virtual machine corresponding in described Cloud Server by RDP agreement directly and the method that connects of cloud terminal comprise step: encryption device is redirected in virtual machine by RDP agreement by cloud terminal, virtual machine can obtain certificate in encryption device to complete the secure log of operating system in virtual desktop, the image information of acquisition is transferred in cloud terminal by RDP agreement by virtual machine, and cloud terminal will input information transmission in virtual machine by RDP agreement too.
As further scheme, described RDP agreement comprises TCP layer, ISO layer, TLS layer, MCS layer, SEC layer and RDP layer.
As further scheme, by RDP agreement, by encryption device, the method step be redirected in virtual machine is described cloud terminal:
A, when the encryption device of cloud terminal is to Cloud Server transmission information:
1) encryption device transfers data in cloud terminal;
2) filter course tackles interruption and the packet of driver transmission;
3) this packet and interruption are sent to Cloud Server by RDP agreement by this filter course;
4) Cloud Server obtains packet and interruption, by Packet Generation to the encryption device driver fictionalized;
B, when Cloud Server is to cloud terminal password device transmission information:
1) application layer of Cloud Server sends packet and interruption to virtual encryption device driver;
2) virtual encryption device driver is by packet and interrupt sending to cloud terminal by RDP agreement;
3) this interruption of encryption device actuator response of cloud terminal.
Compared with prior art, the present invention has the following advantages:
1, integrated encryption device, realizes the strong identity authentication to virtual desktop user, makes up " user name+password " single in current cloud computing and verifies the potential safety hazard brought;
2, realize cloud terminal user safety to log in and virtual desktop user safety certification, by distinguishing deployment secure plug-in unit in cloud terminal and Cloud Server, the passage that a safety is controlled is set up between user and virtual desktop, malicious user cannot be connected in virtual desktop, and safety officer can implement access control easily;
3, plug-in type framework, easy-to-use close friend, can with existing desktop cloud platform (VMware, Citrix etc.) Seamless integration-;
4, support many algorithms, meet different business demand, support that algorithm comprises the close algorithm of state's business men and general-purpose algorithm;
5, realize " once logging in, repeatedly certification ", by inputting a PIN code, utilizing digital certificate technique can realize terminal use and connecting certification and authenticating user identification, and virtual desktop user debarkation authentication.
Accompanying drawing explanation
Fig. 1 is the illustraton of model of cloud computing identity authorization system;
Fig. 2 is the method flow diagram of cloud terminal authentication;
Fig. 3 is the method flow diagram of Cloud Server certification;
Fig. 4 is for strengthening rear RDP diagram of protocol architecture;
Fig. 5 is that USB is redirected schematic diagram.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
Embodiment
The invention provides a kind of cloud computing identity identifying method strengthening RDP based on USBKey and safety, the method is using USBKey as encryption device, use digital certificate technique, SSL (Secure Socket Layer, security socket layer) encryption technology, safety strengthen after RDP RDP (Remote Desktop Protocol, RDP), by at cloud terminal, Cloud Server deployment secure assembly respectively, realize cloud terminal use and log in Cloud Server strong identity authentication and virtual desktop user safety certification.
The present invention will use USBKey in cloud terminal (TC or conventional P C terminal), the mode of " USBKEY+PIN code " is utilized to realize " double factor " strong identity authentication, and in conjunction with digital certificate technique, safe enhancing is carried out to existing RDP agreement, the USBKey device security of cloud terminal is controllably mapped in virtual desktop, set up virtual desktop and connect escape way, realize user and log in Cloud Server strong identity authentication and be connected safety certification with virtual desktop.
The present invention, by setting up the Cloud Server secure log model based on USBKey, proposes the identity identifying method based on USBKey in cloud computing.Based on USBKey Cloud Server secure log model as shown in Figure 1, it is being deployed with certificate acquisition module, USBKey monitoring module and SSL encrypting module in cloud terminal, is deployed with USBKey and monitors module, security authentication module, Union user management module, CA module, Virtual Machine Manager module and strengthen RDP module in Cloud Server.Identity identifying method based on USBKey comprises the access of cloud terminal user safety and authentication, path protection and virtual desktop user safety certification.Cloud terminal disposition certificate acquisition module, USBKey monitoring module and Cloud Server deployment secure authentication module, Union user management module, CA module is utilized to realize cloud terminal use based on the secure accessing of USBKey encryption device and authentication.SSL encrypting module in the security authentication module utilizing the SSL encrypting module of cloud terminal disposition and Cloud Server to dispose, realize the channel security between cloud terminal and Cloud Server, effectively solve digital certificate transmission, cloud terminal and Cloud Server information interaction time problem of data safety.Between the ISO layer and TCP layer of RDP agreement, insert tls protocol, to increase the two-way signature certificate verification between Cloud Server and cloud terminal, ensured the legitimacy of communicating pair identity by certification, guarantee the legitimacy of virtual desktop user identity.
The main innovate point of the inventive method is: before the virtual machine of cloud terminal use in access Cloud Server, first will through authentication, after certification is passed through, the monitoring module of Cloud Server will determine according to subscriber authorisation situation whether user has the authority of the required virtual desktop resource of access.Cloud Server based on USBKey logs in model carrys out identifying user identity legitimacy by digital certificate technique, and provides safety data transmission passage.By adding TLS layer in RDP, increasing the two-way signature certificate verification between Cloud Server and cloud terminal, being ensured the legitimacy of the other side's identity by certification, set up the virtual desktop interface channel of safety, guarantee desktop application safety.
Idiographic flow of the present invention is as follows:
Step 1: after USBKey is inserted into the USB interface of cloud terminal, first cloud terminal utilizes the USBKey monitoring module disposed to identify USBKey, sends login request message R again after being identified by Cloud Server.
Step 2: Cloud Server monitors the logging request of module responds cloud terminal based on the USBKey disposed, and sends an authorization information V to cloud terminal; Cloud terminal extracts the digital certificate in USBKey according to received authorization information V, carries out authenticating user identification by being sent to Cloud Server after the encryption of SSL encrypting module.
Step 3: Cloud Server use safety authentication module identifying user identity, after authentication is passed through, in Cloud Server, Virtual Machine Manager module will issue virtual desktop according to user's request and resources of virtual machine situation to cloud terminal use.
Step 4: virtual machine directly will set up secure connection and authentication with cloud terminal by RDP module after strengthening, and complete cloud terminal user safety login virtual desktop process.
The specific implementation process of the authentication of cloud end user logs Cloud Server is described below respectively in detail from cloud end side, Cloud Server side, channel side.
1, cloud end side
Cloud terminal use is before sending logging request to Cloud Server, first the insertion situation of USBKey is detected, after USBKey is inserted into the USB interface of cloud terminal, cloud terminal will identify USBKey, during identification, need user to belong to the PIN code of USBKey, after being identified by, then reminding user input logs in the account of Cloud Server, is sent to Cloud Server request and logs in after encryption.After cloud server to login request message R, authorization information V is sent to cloud terminal, USBKey monitoring module in cloud terminal calls certificate acquisition module according to authorization information V and obtain digital certificate from USBKey, and send it to SSL encrypting module and be encrypted, send it to Cloud Server after encryption again and carry out certification; Certification by virtual machine corresponding in rear Cloud Server will by RDP agreement directly and cloud terminal connect.The request login process of cloud terminal as shown in Figure 2.
2, Cloud Server side
After USBKey monitoring module in Cloud Server detects the login request message R that cloud terminal sends, reached the connection authentication request submodule in security authentication module, connection authentication request submodule sends authorization information V according to the login request message R received to cloud terminal; The digital certificate got is sent to Cloud Server according to this authorization information V by cloud terminal.After USBKey monitoring module detects digital certificate information, reached the digital certificate authentication submodule in security authentication module, this module carries out certification to the digital certificate received, after certification is passed through, connect authentication sub module to verify with the information in digital certificate the login request message R received, after being verified, then the resources of virtual machine of invoke user application, set up contacting of virtual desktop and user by RDP agreement, and set up virtual desktop application safety passage.The flow for authenticating ID of Cloud Server as shown in Figure 3.
3, channel side
After login Cloud Server, cloud terminal is undertaken by the virtual machine of RDP agreement directly and in Cloud Server alternately.USBKey is redirected in virtual machine by RDP agreement by cloud terminal, and virtual machine can obtain certificate in USBKey to complete the secure log of operating system in virtual desktop.The image information of acquisition is transferred in cloud terminal by RDP agreement by virtual machine, and cloud terminal will input information transmission in virtual machine by RDP agreement too.The application service certificate that virtual machine is provided by the USBKey of verification terminal, confirms whether user has the authority obtaining certain application service, realizes application safety.The security strategy adopted in connection authentication phase due to RDP agreement is the unilateral authentication of Cloud Server to cloud terminal, so cloud terminal is easy to be subject to man-in-the-middle attack, assailant can adopt disguise oneself as Cloud Server and cloud terminal of the methods such as deception to carry out exchanges data, thus and cloud terminal set up a false connection, to gain the sensitive information of cloud terminal by cheating.Therefore, can carry out from the angle of certification the improvement of agreement, directly between the ISO layer and TCP layer of RDP agreement, insert TLS (Transport Layer Security, secure transport layers) agreement, to increase the two-way signature certificate verification between Cloud Server and cloud terminal, ensured the legitimacy of the other side's identity by certification, thus strengthen the fail safe of RDP agreement.RDP agreement after enhancing as shown in Figure 4.
The principle that in RDP agreement, USBKey is redirected as shown in Figure 5.Implementation step is as follows.
When cloud terminal USBKey is to Cloud Server transmission information, step is as follows:
1) USBKey transfers data in cloud terminal.
2) filter course tackles interruption and the packet of driver transmission.
3) this packet and interruption are sent to service end by RDP agreement by this filter course.
4) Cloud Server obtains packet and interruption, is driven by Packet Generation to the USB fictionalized.
When Cloud Server is to cloud terminal USBKey transmission information, step is as follows:
1) application layer of Cloud Server sends packet and interruption to virtual USBKey driver.
2) virtual USBKey driver is by packet and interrupt sending to cloud terminal by RDP agreement.
3) the USBKey driver of cloud terminal responds this interruption mutually.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, it should be pointed out that all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. a cloud computing identity identifying method, is characterized in that, the method comprising the steps of:
(1) cloud terminal identifies the encryption device inserted, and sends login request message after identification to Cloud Server;
(2), after cloud server message, checking message is sent to cloud terminal;
(3) cloud terminal is according to the digital certificate in checking message extraction encryption device, and sends to Cloud Server after being encrypted digital certificate;
(4) Cloud Server is according to digital certificate authentication user identity, after being verified, virtual machine corresponding in Cloud Server by RDP agreement directly and cloud terminal connect.
2. a kind of cloud computing identity identifying method according to claim 1, is characterized in that, described login request message obtains after the account of login Cloud Server user inputted is encrypted.
3. a kind of cloud computing identity identifying method according to claim 1, is characterized in that, the step of described identifying user identity is: first carry out certification to digital certificate, after certification is passed through, login request message is verified with the information in digital certificate.
4. a kind of cloud computing identity identifying method according to claim 1, it is characterized in that, virtual machine corresponding in described Cloud Server by RDP agreement directly and the method that connects of cloud terminal comprise step: encryption device is redirected in virtual machine by RDP agreement by cloud terminal, virtual machine can obtain certificate in encryption device to complete the secure log of operating system in virtual desktop, the image information of acquisition is transferred in cloud terminal by RDP agreement by virtual machine, and cloud terminal will input information transmission in virtual machine by RDP agreement too.
5. a kind of cloud computing identity identifying method according to claim 4, is characterized in that, described RDP agreement comprises TCP layer, ISO layer, TLS layer, MCS layer, SEC layer and RDP layer.
6. a kind of cloud computing identity identifying method according to claim 4, is characterized in that, by RDP agreement, by encryption device, the method step be redirected in virtual machine is described cloud terminal:
A, when the encryption device of cloud terminal is to Cloud Server transmission information:
1) encryption device transfers data in cloud terminal;
2) filter course tackles interruption and the packet of driver transmission;
3) this packet and interruption are sent to Cloud Server by RDP agreement by this filter course;
4) Cloud Server obtains packet and interruption, by Packet Generation to the encryption device driver fictionalized;
B, when Cloud Server is to cloud terminal password device transmission information:
1) application layer of Cloud Server sends packet and interruption to virtual encryption device driver;
2) virtual encryption device driver is by packet and interrupt sending to cloud terminal by RDP agreement;
3) this interruption of encryption device actuator response of cloud terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510254039.0A CN104811455B (en) | 2015-05-18 | 2015-05-18 | A kind of cloud computing identity identifying method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510254039.0A CN104811455B (en) | 2015-05-18 | 2015-05-18 | A kind of cloud computing identity identifying method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104811455A true CN104811455A (en) | 2015-07-29 |
| CN104811455B CN104811455B (en) | 2018-05-04 |
Family
ID=53695948
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510254039.0A Active CN104811455B (en) | 2015-05-18 | 2015-05-18 | A kind of cloud computing identity identifying method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104811455B (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721441A (en) * | 2016-01-22 | 2016-06-29 | 华中科技大学 | Method for authenticating identity under virtualized environment |
| CN106231267A (en) * | 2016-08-24 | 2016-12-14 | 成都中英锐达科技有限公司 | View data managing and control system, data download method, playback of data processing method |
| CN106603607A (en) * | 2015-10-16 | 2017-04-26 | 中兴通讯股份有限公司 | Private cloud desktop system and method and device for implementing service |
| CN106936760A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | A kind of apparatus and method of login Openstack cloud system virtual machines |
| CN107147609A (en) * | 2016-03-01 | 2017-09-08 | 中兴通讯股份有限公司 | A kind of method and cloud terminal, Cloud Server for lifting cloud terminal security energy-conservation |
| CN107241345A (en) * | 2017-06-30 | 2017-10-10 | 西安电子科技大学 | Cloud computing resources management method based on UKey |
| CN107612913A (en) * | 2017-09-20 | 2018-01-19 | 贵州恒昊软件科技有限公司 | A kind of on-line bid system and method |
| CN108011876A (en) * | 2017-11-29 | 2018-05-08 | 中国银行股份有限公司 | A kind of real name identification method, apparatus and system |
| CN108269091A (en) * | 2018-01-25 | 2018-07-10 | 北京明华联盟科技有限公司 | standby processing method, device, system and computer readable storage medium |
| CN108886530A (en) * | 2016-04-11 | 2018-11-23 | 华为技术有限公司 | The activation of mobile device in Enterprise Mobile management |
| CN109583182A (en) * | 2018-11-29 | 2019-04-05 | 北京元心科技有限公司 | Start method, apparatus, electronic equipment and the computer storage medium of remote desktop |
| CN109639697A (en) * | 2018-12-24 | 2019-04-16 | 广州微算互联信息技术有限公司 | Cloud mobile phone safe throws method, mobile terminal and the server of screen |
| CN110659471A (en) * | 2019-09-23 | 2020-01-07 | 江苏恒宝智能系统技术有限公司 | Identity authentication login method in cloud environment |
| CN110768993A (en) * | 2019-10-30 | 2020-02-07 | 北京天融信网络安全技术有限公司 | RDP (remote desktop protocol) -based verification method and device |
| CN112272162A (en) * | 2020-09-27 | 2021-01-26 | 西安万像电子科技有限公司 | Login method, device and system |
| CN112636927A (en) * | 2020-12-28 | 2021-04-09 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
| CN113742713A (en) * | 2021-09-09 | 2021-12-03 | 格尔软件股份有限公司 | Windows platform login authentication method |
| CN113779539A (en) * | 2021-09-09 | 2021-12-10 | 格尔软件股份有限公司 | Linux platform login authentication method |
| CN113794729A (en) * | 2021-09-17 | 2021-12-14 | 上海仙塔智能科技有限公司 | Communication processing method and device for AVP (Audio video tape Audio video protocol) equipment, electronic equipment and medium |
| CN113992346A (en) * | 2021-09-16 | 2022-01-28 | 深圳市证通电子股份有限公司 | Implementation method of security cloud desktop based on state password reinforcement |
| CN114866253A (en) * | 2022-04-27 | 2022-08-05 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method realized by same |
| CN115065493A (en) * | 2022-04-06 | 2022-09-16 | 电子科技大学中山学院 | Autonomous security VDI model based on Spice protocol and optimization method thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100146127A1 (en) * | 2008-12-09 | 2010-06-10 | Microsoft Corporation | User-mode based remote desktop protocol (rdp) encoding architecture |
| CN102420692A (en) * | 2011-12-28 | 2012-04-18 | 广州杰赛科技股份有限公司 | Safety authentication method and system of universal serial bus (USB) key of client terminal based on cloud computation |
| CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
| CN104318179A (en) * | 2014-10-30 | 2015-01-28 | 成都卫士通信息产业股份有限公司 | File redirection technology based virtualized security desktop |
-
2015
- 2015-05-18 CN CN201510254039.0A patent/CN104811455B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100146127A1 (en) * | 2008-12-09 | 2010-06-10 | Microsoft Corporation | User-mode based remote desktop protocol (rdp) encoding architecture |
| CN102420692A (en) * | 2011-12-28 | 2012-04-18 | 广州杰赛科技股份有限公司 | Safety authentication method and system of universal serial bus (USB) key of client terminal based on cloud computation |
| CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
| CN104318179A (en) * | 2014-10-30 | 2015-01-28 | 成都卫士通信息产业股份有限公司 | File redirection technology based virtualized security desktop |
Non-Patent Citations (1)
| Title |
|---|
| 罗劢: "基于RDP协议的安全方案研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106603607A (en) * | 2015-10-16 | 2017-04-26 | 中兴通讯股份有限公司 | Private cloud desktop system and method and device for implementing service |
| CN106936760A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | A kind of apparatus and method of login Openstack cloud system virtual machines |
| CN105721441B (en) * | 2016-01-22 | 2020-06-02 | 华中科技大学 | Identity authentication method in virtualization environment |
| CN105721441A (en) * | 2016-01-22 | 2016-06-29 | 华中科技大学 | Method for authenticating identity under virtualized environment |
| CN107147609A (en) * | 2016-03-01 | 2017-09-08 | 中兴通讯股份有限公司 | A kind of method and cloud terminal, Cloud Server for lifting cloud terminal security energy-conservation |
| CN108886530B (en) * | 2016-04-11 | 2021-02-12 | 华为技术有限公司 | Method for activating mobile device in enterprise mobile management and mobile device |
| CN108886530A (en) * | 2016-04-11 | 2018-11-23 | 华为技术有限公司 | The activation of mobile device in Enterprise Mobile management |
| CN106231267A (en) * | 2016-08-24 | 2016-12-14 | 成都中英锐达科技有限公司 | View data managing and control system, data download method, playback of data processing method |
| CN107241345A (en) * | 2017-06-30 | 2017-10-10 | 西安电子科技大学 | Cloud computing resources management method based on UKey |
| CN107241345B (en) * | 2017-06-30 | 2020-07-17 | 西安电子科技大学 | Cloud computing resource management method based on UKey |
| CN107612913A (en) * | 2017-09-20 | 2018-01-19 | 贵州恒昊软件科技有限公司 | A kind of on-line bid system and method |
| CN108011876A (en) * | 2017-11-29 | 2018-05-08 | 中国银行股份有限公司 | A kind of real name identification method, apparatus and system |
| CN108269091A (en) * | 2018-01-25 | 2018-07-10 | 北京明华联盟科技有限公司 | standby processing method, device, system and computer readable storage medium |
| CN109583182B (en) * | 2018-11-29 | 2021-06-04 | 北京元心科技有限公司 | Method and device for starting remote desktop, electronic equipment and computer storage medium |
| CN109583182A (en) * | 2018-11-29 | 2019-04-05 | 北京元心科技有限公司 | Start method, apparatus, electronic equipment and the computer storage medium of remote desktop |
| CN109639697A (en) * | 2018-12-24 | 2019-04-16 | 广州微算互联信息技术有限公司 | Cloud mobile phone safe throws method, mobile terminal and the server of screen |
| CN110659471A (en) * | 2019-09-23 | 2020-01-07 | 江苏恒宝智能系统技术有限公司 | Identity authentication login method in cloud environment |
| CN110768993A (en) * | 2019-10-30 | 2020-02-07 | 北京天融信网络安全技术有限公司 | RDP (remote desktop protocol) -based verification method and device |
| CN110768993B (en) * | 2019-10-30 | 2022-03-11 | 北京天融信网络安全技术有限公司 | RDP (remote desktop protocol) -based verification method and device |
| CN112272162A (en) * | 2020-09-27 | 2021-01-26 | 西安万像电子科技有限公司 | Login method, device and system |
| CN112636927A (en) * | 2020-12-28 | 2021-04-09 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
| CN112636927B (en) * | 2020-12-28 | 2022-08-16 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
| CN113742713A (en) * | 2021-09-09 | 2021-12-03 | 格尔软件股份有限公司 | Windows platform login authentication method |
| CN113779539A (en) * | 2021-09-09 | 2021-12-10 | 格尔软件股份有限公司 | Linux platform login authentication method |
| CN113992346A (en) * | 2021-09-16 | 2022-01-28 | 深圳市证通电子股份有限公司 | Implementation method of security cloud desktop based on state password reinforcement |
| CN113992346B (en) * | 2021-09-16 | 2024-01-26 | 深圳市证通电子股份有限公司 | Implementation method of security cloud desktop based on national security reinforcement |
| CN113794729A (en) * | 2021-09-17 | 2021-12-14 | 上海仙塔智能科技有限公司 | Communication processing method and device for AVP (Audio video tape Audio video protocol) equipment, electronic equipment and medium |
| CN115065493A (en) * | 2022-04-06 | 2022-09-16 | 电子科技大学中山学院 | Autonomous security VDI model based on Spice protocol and optimization method thereof |
| CN114866253A (en) * | 2022-04-27 | 2022-08-05 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method realized by same |
| CN114866253B (en) * | 2022-04-27 | 2024-05-28 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method implemented by same |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104811455B (en) | 2018-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104811455A (en) | Cloud computing identity authentication method | |
| CN109309565B (en) | Security authentication method and device | |
| US8769289B1 (en) | Authentication of a user accessing a protected resource using multi-channel protocol | |
| CN106453361B (en) | A kind of security protection method and system of the network information | |
| CN106921663B (en) | Identity continuous authentication system and method based on intelligent terminal software/intelligent terminal | |
| CN102638346B (en) | Method and device for authorizing subscriber digital certificate | |
| CN103916363B (en) | The communication security management method and system of encryption equipment | |
| CN104767731A (en) | Identity authentication protection method of Restful mobile transaction system | |
| CN101841525A (en) | Secure access method, system and client | |
| CN102868702B (en) | System login device and system login method | |
| CN104283886A (en) | Web safety access implementation method based on intelligent terminal local authentication | |
| CN112333214B (en) | Safe user authentication method and system for Internet of things equipment management | |
| CZ2013373A3 (en) | Authentication method of safe data channel | |
| CN103036883A (en) | Secure communication method and system of secure server | |
| CN104821951B (en) | A kind of method and apparatus of secure communication | |
| CN102571874A (en) | On-line audit method and device in distributed system | |
| CN106789845A (en) | A kind of method of network data security transmission | |
| CN110659471A (en) | Identity authentication login method in cloud environment | |
| US20140250499A1 (en) | Password based security method, systems and devices | |
| CN103841097A (en) | Safe NAS authentication method based on digital certificate | |
| CN113872989A (en) | Authentication method and device based on SSL protocol, computer equipment and storage medium | |
| CN104168111A (en) | Method for realizing unified identity authentication of mobile applications based on portable security module | |
| CN107113316A (en) | A kind of system and method for APP certifications | |
| CN108989302B (en) | OPC proxy connection system and connection method based on secret key | |
| EP2506485A1 (en) | Method and device for enhancing security of user security model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |