CN105306427A - Method for logging in to virtual machine, method for allowing logging in to virtual machine and virtual machine login system - Google Patents
Method for logging in to virtual machine, method for allowing logging in to virtual machine and virtual machine login system Download PDFInfo
- Publication number
- CN105306427A CN105306427A CN201410351115.5A CN201410351115A CN105306427A CN 105306427 A CN105306427 A CN 105306427A CN 201410351115 A CN201410351115 A CN 201410351115A CN 105306427 A CN105306427 A CN 105306427A
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- ukey
- information
- check
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for logging in to a virtual machine. The method comprises the following steps of when insertion of a ukey device is detected, generating checking information of the ukey device; transmitting the checking information to a server for checking; receiving checking result fed back by the server, and transmitting a request of logging in to the virtual machine under the condition that the checking result is passing. The virtual machine is corresponding to the ukey device. The technical scheme provided by the embodiment of the invention can simplify a process of logging in to the virtual machine, and can avoid safety problems caused by ID theft, leakage of confidential matters, and the like, to a greater degree, and thus, safety of logging in to the virtual machine is improved.
Description
Technical field
The present invention relates to Internet technology, particularly relate to a kind of method, the method allowing to log in virtual machine, client, server and the virtual machine login system that log in virtual machine.
Background technology
Along with developing rapidly and desktop cloud universal of cloud computing, had increasing people to use desktop cloud (dummy machine system), thus safety and efficiently accesses virtual machine become particularly important.The mode of existing use virtual machine mainly contains:
1) naked login: both can log in virtual machine without any need for checking, such mode is dangerous, and anyone can log in, no longer applicable in the modern times stressing information security;
2) the input validation info class such as user name password logs in: most of user can make in this way, but fail safe improves the process making to log in virtual machine becomes loaded down with trivial details, and still cannot evade the risk of steal-number.
In view of this, be necessary to provide a kind of simple, safety and the technical scheme of depositing.
Summary of the invention
For this reason, the embodiment of the present invention provides a kind of and logs in the method for virtual machine, the method allowing to log in virtual machine, client, server and virtual machine login system, in order to simplify the process logging in virtual machine, and the safety problem of evading to a greater extent because steal-number, divulge a secret etc. causes, improve fail safe when logging in virtual machine.
The embodiment of the present invention adopts following technical scheme:
First aspect, provides a kind of method logging in virtual machine, comprising:
When the insertion of ukey equipment being detected, generate the check information of described ukey equipment;
Described check information is sent to server verification;
Receive the check results of described server feedback, and when described check results be by send to server and log in the request of virtual machine; Wherein, described virtual machine is corresponding with described ukey equipment.
In the first possible implementation of first aspect, the method for described login virtual machine also comprises:
Receive and show at least one virtual machine log-on message corresponding with described ukey equipment of server feedback.
In conjunction with the implementation that the first is possible, in the implementation that the second is possible, the method for described login virtual machine also comprises: the virtual machine selected information receiving input, and described virtual machine selected information is sent to server.
In conjunction with first aspect, in the implementation that the third is possible, the check information of the described ukey equipment of described generation comprises:
Read the ukey information preset in described ukey equipment;
Check information is generated based on described ukey information.
In conjunction with first aspect, in the 4th kind of possible implementation, the check information of the described ukey equipment of described generation comprises:
Read the pin check code of ukey information and the input preset in described ukey equipment;
Check information is generated based on described ukey information, pin check code.
In conjunction with second aspect, in the 5th kind of possible implementation, the method for described login virtual machine also comprises: the correctness of monitoring described ukey equipment, and again detects the insertion of described ukey equipment when the correctness of described ukey equipment occurs abnormal.
Second aspect, provides a kind of method allowing to log in virtual machine, comprising:
Receive the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates;
According to described check information, whether legally verify described ukey equipment, generate by whether check results;
Send described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
In conjunction with second aspect, in the implementation that the first is possible, the described method allowing login virtual machine, also comprises:
Resolve the request of described login virtual machine, read at least one virtual machine log-on message corresponding with described ukey equipment;
Described at least one virtual machine log-on message is sent to described client.
In conjunction with the implementation that the first is possible, in the implementation that the second is possible, the described method logging in virtual machine that allows also comprises:
Receive the virtual machine selected information that client sends, obtain corresponding selected target virtual machine log-on message;
Described target virtual machine log-on message is sent to described client.
In conjunction with second aspect, in the implementation that the third is possible, described check information generates based on the ukey information preset in described ukey equipment.
In conjunction with second aspect, in the 4th kind of possible implementation, described check information generates based on the pin check code of the ukey information preset in described ukey equipment and input.
In conjunction with second aspect, in the 5th kind of possible implementation, the described method logging in virtual machine that allows also comprises: receive the monitoring information that client sends, and again receive the check information of described client when described monitoring information occurs abnormal; Wherein, described monitoring information is for generating during ukey equipment correctness based on described in described client monitors.
The third aspect, provides a kind of client, comprising:
First generation module, for when the insertion of ukey equipment being detected, generates the check information of described ukey equipment;
First sending module, for being sent to server verification by described check information;
First receiver module, for receiving the check results of described server feedback, and when described check results be by send to server and log in the request of virtual machine; Wherein, described virtual machine is corresponding with described ukey equipment.
Fourth aspect, provides a kind of server, comprising:
Second receiver module, for receiving the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates;
Whether legal second generation module, for according to described check information, verify described ukey equipment, generate by whether check results;
Second sending module, for sending described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
5th aspect, provides a kind of virtual machine login system, comprising:
Client, for
When the insertion of ukey equipment being detected, generate the check information of described ukey equipment;
Described check information is sent to server verification;
Receive the check results of described server feedback, and send to server the logging request logging in corresponding virtual machine when described check results is and correctly passes through; Wherein, described virtual machine is corresponding with described ukey equipment;
Server, for
Receive the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates;
According to described check information, whether legally verify described ukey equipment, generate by whether check results;
Send described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
Be different from prior art, the check information that technique scheme is generated based on ukey equipment by verification, when verify by directly log in correspondence virtual machine, simplify the process logging in virtual machine, and due to the fail safe of ukey equipment, evade the safety problem because steal-number, divulge a secret etc. causes to a greater extent, improve fail safe when logging in virtual machine.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet that the embodiment of the present invention one logs in the method for virtual machine;
Fig. 2 is the schematic flow sheet that the embodiment of the present invention two logs in the method for virtual machine;
Fig. 3 is the schematic flow sheet that the embodiment of the present invention three logs in the method for virtual machine;
Fig. 4 is the schematic flow sheet that the embodiment of the present invention four allows the method logging in virtual machine;
Fig. 5 is the schematic flow sheet that the embodiment of the present invention five allows the method logging in virtual machine;
Fig. 6 is the schematic flow sheet that the embodiment of the present invention six allows the method logging in virtual machine;
Fig. 7 is the module diagram of the embodiment of the present invention seven client;
Fig. 8 is the module diagram of the embodiment of the present invention eight server;
Fig. 9 is the method flow schematic diagram of the embodiment of the present invention nine virtual machine login system.
Embodiment
By describe in detail technical scheme technology contents, structural feature, realized object and effect, coordinate accompanying drawing to be explained in detail below in conjunction with specific embodiment.
Embodiment one
Refer to Fig. 1, the present embodiment provides a kind of method logging in virtual machine, and the method can comprise the following steps:
S101, when the insertion of ukey equipment being detected, generate the check information of described ukey equipment;
S102, described check information is sent to server verification;
S103, receive the check results of described server feedback, and when described check results be by send to server the request logging in virtual machine; Wherein, described virtual machine is corresponding with described ukey equipment.
Said method can be applied to client, and described client is log in the window of virtual machine, and this client can for having the electronic equipment of virtual machine login window/interface, such as: handheld terminal, PC terminal, notebook computer, net book etc.; Also can for having the server apparatus of virtual machine login window/interface, this server apparatus shows corresponding virtual machine login window/interface by display.
High based on ukey device security, technical specification consistency is strong, Compatibility of Operating System good, portably use the feature such as flexibly, only need insert corresponding ukey equipment when client is run when logging in virtual machine, client can automatically identify ukey equipment and generate corresponding check information, and is sent to server verification.Then directly enter dummy machine system if the verification passes; Do not pass through/failure if verified, prompting lack of competence uses, and improves Consumer's Experience in lifting fail safe, simplification while logging in.
From the above, the check information that the present embodiment is generated based on ukey equipment by verification, when verify by directly log in correspondence virtual machine, simplify the process logging in virtual machine, and due to the fail safe of ukey equipment, evade the safety problem because steal-number, divulge a secret etc. causes to a greater extent, improve fail safe when logging in virtual machine.
Embodiment two
Refer to Fig. 2, the present embodiment provides a kind of method logging in virtual machine, the method can be applied in the client for logging in virtual machine, and this client can for having the electronic equipment of virtual machine login window/interface, such as: handheld terminal, PC terminal, notebook computer, net book etc.; Also can for having the server apparatus of virtual machine login window/interface, this server apparatus shows corresponding virtual machine login window/interface by display.At the present embodiment, client should have the communication interface with ukey devices communicating, can be realized the communication connection of client and ukey equipment by this communication interface, concrete, and this interface can be USB interface, data line interface, wave point etc.
In the present embodiment, store ukey information in advance in ukey equipment, this ukey information comprises device id, user profile and cipher key pair information, wherein, user profile mainly comprises user name, user's group and exabyte, and above-mentioned ukey information arranges instrument by ukey and is stored in ukey equipment.User name and device id are also formed corresponding relation and derive by the present embodiment, and are sent to the lane database of server, form matching relationship table.Here, server is also pre-stored with at least one virtual machine information corresponding with user name, and server finds corresponding virtual machine information, it can thus be appreciated that virtual machine is corresponding with user name/ukey equipment by user name.Ukey equipment also arranges several to cipher key pair information at random, be encrypted when client and server carry out data interaction decipher, data verification, to ensure the fail safe of data interaction.
Lower mask body sets forth the specific implementation of the present embodiment, can comprise the following steps.
S201, startup client, client detects the electronic equipment whether having ukey equipment to insert client place in real time.When client cannot detect available ukey equipment, client can be pointed out " detect that you also do not insert ukey equipment, please insert ".If user inserts ukey equipment, client can detect the insertion of ukey equipment, then automatically identifies the ukey equipment inserted and generates the check information of described ukey equipment.In the present embodiment, the check information of described ukey equipment is generated by following several mode.
First kind of way:
Read the ukey information preset in described ukey equipment;
Utilize encryption key to be encrypted described ukey information, thus generate corresponding check information.
Known by foregoing description, through the check information that encryption generates, because encryption key and decruption key are specific key pair, when deciphering this check information, fail safe is better.Further, store in ukey equipment several be stochastic generation to cipher key pair information, so more irregularly to follow when deciphering, being necessary for specific random decryption key and can deciphering this check information, the fail safe of data more can be protected, the accuracy of following step verification is high.
When the technical scheme utilizing the present embodiment to provide logs in virtual machine, if demand for security is comparatively strong, then can the available following second way.
The second way:
Read the pin check code of ukey information and the input preset in described ukey equipment;
Utilize encryption key to be encrypted described ukey information, pin check code, generate corresponding check information.
Here, pin check code is arranged for user, needs user to input.The above-mentioned second way generates check information based on ukey information, pin check code two kinds of information, need verify when deciphering and verify this check information ukey information, pin check code simultaneously correct time verification just can be pointed out to pass through, have double shield, fail safe obtains further reinforcement.
S202, described check information is sent to server verification.
S203, receive the check results of described server feedback, described check results comprise verification by with verify unsuccessfully.When described check results be by send to server and log in the request of virtual machine, wherein, described virtual machine is corresponding with described ukey equipment.The information of showing " lack of competence use virtual machine " is triggered when described check results is failed.
Here, in order to ensure the fail safe of data, the request of described login virtual machine is the logging request based on ukey information encryption.
S204, reception show at least one virtual machine log-on message corresponding with described ukey equipment of server feedback.
Concrete, if a described ukey equipment only corresponding virtual machine, then direct virtual machine log-on message of being shown by client is logged in automatically.
If the corresponding multiple virtual machine of described ukey equipment, then show this multiple virtual machine log-on message by client, select the virtual machine that will log in, and perform following step S205 to enable user.Concrete, we can suppose that client is be loaded as the application software in a certain touch screen electronic equipment, above-mentioned multiple virtual machine log-on message by the login icon arrangement of multiple correspondence at display interface, user triggers a certain login icon and selectes and directly log in the virtual machine that will log in, and has multiple user, system can show that this multiple user selects to operator when starting as xp operating system.
The virtual machine selected information of S205, reception user input, and described virtual machine selected information is sent to server.
This programme uses ukey equipment as the storage medium of check information, high based on ukey device security, technical specification consistency is strong, Compatibility of Operating System good, portably use the feature such as flexibly, only need insert corresponding ukey equipment when client is run when logging in virtual machine, client can automatically identify ukey equipment and generate corresponding check information, then directly enters dummy machine system if the verification passes; Do not pass through/failure if verified, prompting lack of competence uses, and improves Consumer's Experience in lifting fail safe, simplification while logging in.
Further, multiple virtual machine log-on messages corresponding for user are also showed user, to make user select the target virtual machine that will log in by the technical program by the present embodiment, exiting again without the need to logging in one by one, simplifying login process and improve fail safe.
Embodiment three
Refer to Fig. 3, the present embodiment and embodiment one, two roughly the same, difference is to comprise step S306, monitors the correctness of described ukey equipment, and again detects the insertion of described ukey equipment when the correctness of described ukey equipment occurs abnormal.
Based on the technical scheme that the present embodiment provides, can in the correctness of virtual machine running Real-Time Monitoring ukey equipment, if when the correctness of ukey equipment occurs abnormal, need the process re-starting step S301-303, just again can log in virtual machine corresponding to ukey equipment.
In the present embodiment, occur extremely including but not limited to following several situation:
If after 1 login, in the process of data interaction, ukey equipment is pulled out or changes other ukey equipment, client is then pointed out " ukey equipment removes " or " this ukey equipment unauthorized access ", then virtual machine is withdrawn into login interface automatically, need again identity verification just again can log in this virtual machine that ukey equipment is corresponding or other ukey equipment are corresponding, improve the fail safe of data during data interaction.
2, after logging in virtual machine corresponding to ukey equipment, all checking can be encrypted by the random encryption key in ukey equipment to mutual data in the whole process of data interaction, can only be verified rear just can normal data mutual, otherwise need again identity verification just again can log in virtual machine corresponding to this ukey equipment, improve the fail safe of data during data interaction.
In embodiment provided by the invention, above-mentioned situation can and deposit.
Embodiment four
Refer to Fig. 4, the present embodiment provides a kind of method allowing to log in virtual machine, and the method can be applied to server, and described server should store and run virtual machine, and shows login window or the login interface of virtual machine by other electronic equipments.The electronic equipment that can show virtual machine login window or login interface can be called as client.
The method that the present embodiment provides can comprise the following steps:
The check information that S401, reception client send, wherein, the ukey equipment that described check information detects based on described client generates;
S402, according to described check information, whether legally verify described ukey equipment, generate by whether check results;
S403, send described check results to described client, and when described check results be by receive the request of the login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
High based on ukey device security, technical specification consistency is strong, Compatibility of Operating System good, portably use the feature such as flexibly, only need insert corresponding ukey equipment when client is run when logging in virtual machine, client can automatically identify ukey equipment and generate corresponding check information, and is sent to server verification.Then directly enter dummy machine system if the verification passes; Do not pass through/failure if verified, prompting lack of competence uses, and improves Consumer's Experience in lifting fail safe, simplification while logging in.
From the above, the check information that the present embodiment is generated based on ukey equipment by verification, when verify by directly log in correspondence virtual machine, simplify the process logging in virtual machine, and due to the fail safe of ukey equipment, evade the safety problem because steal-number, divulge a secret etc. causes to a greater extent, improve fail safe when logging in virtual machine.
Embodiment five
Refer to Fig. 5, the present embodiment provides a kind of method allowing to log in virtual machine, and the method can be applied to server, and described server should store and run virtual machine, and shows login window or the login interface of virtual machine by other electronic equipments.The electronic equipment that can show virtual machine login window or login interface can be called as client.Described server also should have the communication interface communicated with other electronic equipments, can be realized the data communication of server and other electronic equipments by this communication interface.
In the present embodiment, store ukey information in advance in ukey equipment, this ukey information comprises device id, user profile and cipher key pair information, wherein, user profile mainly comprises user name, user's group and exabyte, and above-mentioned ukey information arranges instrument by ukey and is stored in ukey equipment.User name and device id are also formed corresponding relation and derive by the present embodiment, and are sent to the lane database of server, form matching relationship table.Here, server is also pre-stored with at least one virtual machine information corresponding with user name, and server finds corresponding virtual machine information, it can thus be appreciated that virtual machine is corresponding with user name/ukey equipment by user name.Ukey equipment also arranges several to cipher key pair information at random, be encrypted when client and server carry out data interaction decipher, data verification, to ensure the fail safe of data interaction.
Lower mask body sets forth the specific implementation of the present embodiment, can comprise the following steps.
The check information that S501, reception client send, wherein, the ukey equipment that described check information detects based on described client generates.In the present embodiment, client generates the check information of described ukey equipment by following several mode.
First kind of way:
Read the ukey information preset in described ukey equipment;
Utilize encryption key to be encrypted described ukey information, thus generate corresponding check information.
Known by foregoing description, through the check information that encryption generates, because encryption key and decruption key are specific key pair, when deciphering this check information, fail safe is better.Further, store in ukey equipment several be stochastic generation to cipher key pair information, so more irregularly to follow when deciphering, being necessary for specific random decryption key and can deciphering this check information, the fail safe of data more can be protected, the accuracy of following step verification is high.
When the technical scheme utilizing the present embodiment to provide logs in virtual machine, if demand for security is comparatively strong, then can the available following second way.
The second way:
Read the pin check code of ukey information and the input preset in described ukey equipment;
Utilize encryption key to be encrypted described ukey information, pin check code, generate corresponding check information.
Here, pin check code is arranged for user, needs user to input.The above-mentioned second way generates check information based on ukey information, pin check code two kinds of information, need verify when deciphering and verify this check information ukey information, pin check code simultaneously correct time verification just can be pointed out to pass through, have double shield, fail safe obtains further reinforcement.
S502, according to described check information, whether legally verify described ukey equipment, generate by whether check results.Based on the mode of the described check information of above-mentioned several generation, server verifies described check information by following several mode.
One, based on the check information that ukey information generates
Server obtains the decruption key matched with encryption key, is decrypted described check information by this decruption key.
If decipher unsuccessful, then generate verification and do not pass through/verify failed check results.
If successful decryption, then obtain the user name in described ukey information, and in the matching relationship table preset, carry out searching of device id according to this user name.If the device id in the device id found and described ukey information is inconsistent, then generates verification and do not pass through/verify failed check results.If the device id found is consistent with the device id in described ukey information, then verification is passed through, and generates the check results verifying and pass through.
Two, based on the check information that ukey information and pin check code generate
Server obtains the decruption key matched with encryption key, is decrypted described check information by this decruption key.
If decipher unsuccessful, then generate verification and do not pass through/verify failed check results.
If successful decryption, then obtain the pin code of the user name in described ukey information, user's input, and in the matching relationship table preset, carry out searching of device id according to this user name.If the device id in the device id found and described ukey information is inconsistent, then generates verification and do not pass through/verify failed check results.
If the device id found is consistent with the device id in described ukey information, then verify default pin code whether consistent with the pin code of acquisition.If inconsistent, then generate verification and do not pass through/verify failed check results.If consistent, then generate the check results verifying and pass through.
The checking procedure of above-mentioned ukey information, pin code can carry out simultaneously, also can first carry out pin code check, carry out ukey information checking again, verification just can be pointed out to pass through when its principle is correct while of only having ukey information, pin check code, have double shield, fail safe obtains further reinforcement.
S503, send described check results to described client, and when described check results be by receive the request of the login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
S504, resolve the request of described login virtual machine, read at least one virtual machine log-on message corresponding with described ukey equipment; Described at least one virtual machine log-on message is sent to described client.
Concrete, the request of described login virtual machine is the logging request based on ukey information encryption.Server is decrypted after receiving this logging request, obtains the user name in this ukey information, searches and starts virtual machine corresponding to user name, then this virtual machine log-on message being sent to client.
Concrete, if a described user name only corresponding virtual machine, then server directly starts this virtual machine.For user, its representation is: the virtual machine log-on message of being shown by client is logged in automatically.
If the corresponding multiple virtual machine of described user name, then this multiple virtual machine is set to wait for starting state by server, generates corresponding multiple virtual machine log-on messages, and this multiple virtual machine log-on message is sent to client.For user, its representation is: show this multiple virtual machine log-on message by client, to allow to the virtual machine selecting to log in, and performs following step S505.Concrete, we can suppose that client is be loaded as the application software in a certain touch screen electronic equipment, above-mentioned multiple virtual machine log-on message by the login icon arrangement of multiple correspondence at display interface, user triggers a certain login icon and selectes and directly log in the virtual machine that will log in, and has multiple user, system can show that this multiple user selects to operator when starting as xp operating system.
The virtual machine selected information that S505, reception client send, obtains corresponding selected target virtual machine log-on message; Described target virtual machine log-on message is sent to described client.Server directly starts this target virtual machine.For user, its representation is: the target virtual machine log-on message of being shown by client is logged in automatically.
The present embodiment is compared with previous embodiment four, there is following technique effect: multiple virtual machine log-on messages corresponding for user are showed user, to make user select the target virtual machine that will log in by the technical program, exiting again without the need to logging in one by one, simplifying login process and improve fail safe.
Embodiment six
The present embodiment and embodiment four, five roughly the same, its difference is that the described method logging in virtual machine that allows also comprises S606: receive the monitoring information that client sends, and again receive the check information of described client when described monitoring information occurs abnormal; Wherein, described monitoring information is for generating during ukey equipment correctness based on described in described client monitors.
Based on the technical scheme that the present embodiment provides, can in the correctness of virtual machine running Real-Time Monitoring ukey equipment, if when the correctness of ukey equipment occurs abnormal, need the process re-starting step S601-603, just again can log in virtual machine corresponding to ukey equipment.
In the present embodiment, occur extremely including but not limited to following several situation:
If after 1 login, in the process of data interaction, ukey equipment is pulled out or changes other ukey equipment, client is then pointed out " ukey equipment removes " or " this ukey equipment unauthorized access ", then virtual machine is withdrawn into login interface automatically, need again identity verification just again can log in this virtual machine that ukey equipment is corresponding or other ukey equipment are corresponding, improve the fail safe of data during data interaction.
2, after logging in virtual machine corresponding to ukey equipment, all checking can be encrypted by the random encryption key in ukey equipment to mutual data in the whole process of data interaction, can only be verified rear just can normal data mutual, otherwise need again identity verification just again can log in virtual machine corresponding to this ukey equipment, improve the fail safe of data during data interaction.
In embodiment provided by the invention, above-mentioned situation can and deposit.
Embodiment seven
Refer to Fig. 7, the present embodiment provides a kind of client, comprising: the first generation module 701, first sending module 702 and the first receiver module 703.
First generation module 701, for when the insertion of ukey equipment being detected, generates the check information of described ukey equipment.
First sending module 702, is connected with the first generation module 701, for described check information being sent to server verification;
First receiver module 703, is connected with the first sending module 702, for receiving the check results of described server feedback, and when described check results be by send to server and log in the request of virtual machine; Wherein, described virtual machine is corresponding with described ukey equipment.
Embodiment eight
Refer to Fig. 8, the present embodiment provides a kind of server, comprising: the second receiver module 801, second generation module 802 and the second sending module 803.
Second receiver module 801, for receiving the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates.
Second generation module 802, is connected with the second receiver module 801, for according to described check information, whether legally verifies described ukey equipment, generates by whether check results.
Second sending module 803, is connected with the second generation module 803, for sending described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
Embodiment nine
Refer to Fig. 9, the present embodiment provides a kind of virtual machine login system, comprising: client, server, and described client is connected with server communication.
At the present embodiment, client can for having the electronic equipment of virtual machine login window/interface, such as: handheld terminal, PC terminal, notebook computer, net book etc.; Also can for having the server apparatus of virtual machine login window/interface, this server apparatus shows corresponding virtual machine login window/interface by display.At the present embodiment, client should have the communication interface with ukey devices communicating, can be realized the communication connection of client and ukey equipment by this communication interface, concrete, and this interface can be USB interface, data line interface, wave point etc.
Described server should store and run virtual machine, and shows login window or the login interface of virtual machine by other electronic equipments.The electronic equipment that can show virtual machine login window or login interface can be called as client.Described server also should have the communication interface communicated with other electronic equipments, can be realized the data communication of server and other electronic equipments by this communication interface.
Ukey information is stored in advance in described ukey equipment, this ukey information comprises device id, user profile and cipher key pair information, wherein, user profile mainly comprises user name, user's group and exabyte, and above-mentioned ukey information arranges instrument by ukey and is stored in ukey equipment.User name and device id are also formed corresponding relation and derive by the present embodiment, and are sent to the lane database of server, form matching relationship table.Here, server is also pre-stored with at least one virtual machine information corresponding with user name, and server finds corresponding virtual machine information, it can thus be appreciated that virtual machine is corresponding with user name/ukey equipment by user name.Ukey equipment also arranges several to cipher key pair information at random, be encrypted when client and server carry out data interaction decipher, data verification, to ensure the fail safe of data interaction.
Lower mask body sets forth the specific implementation of the present embodiment.
After client is activated, for detecting the electronic equipment whether having ukey equipment to insert client place in real time.When client cannot detect available ukey equipment, client can be pointed out " detect that you also do not insert ukey equipment, please insert ".If user inserts ukey equipment, client can detect the insertion of ukey equipment, then automatically identifies the ukey equipment inserted and generates the check information of described ukey equipment.In the present embodiment, the check information of described ukey equipment is generated by following several mode.
First kind of way:
Read the ukey information preset in described ukey equipment;
Utilize encryption key to be encrypted described ukey information, thus generate corresponding check information.
Known by foregoing description, through the check information that encryption generates, because encryption key and decruption key are specific key pair, when deciphering this check information, fail safe is better.Further, store in ukey equipment several be stochastic generation to cipher key pair information, so more irregularly to follow when deciphering, being necessary for specific random decryption key and can deciphering this check information, the fail safe of data more can be protected, the accuracy of following step verification is high.
When the technical scheme utilizing the present embodiment to provide logs in virtual machine, if demand for security is comparatively strong, then can the available following second way.
The second way:
Read the pin check code of ukey information and the input preset in described ukey equipment;
Utilize encryption key to be encrypted described ukey information, pin check code, generate corresponding check information.
Here, pin check code is arranged for user, needs user to input.The above-mentioned second way generates check informations based on ukey information, pin check code two kinds of information, need verify when decipher and verify this check information ukey information, pin check code simultaneously correctly time verification just can be pointed out to pass through.
Client is used for the check information of above-mentioned generation to be sent to server.
Whether legal server, for receiving the check information that client sends, and according to described check information, verify described ukey equipment, generate by whether check results.Based on the mode of the described check information of above-mentioned several generation, server verifies described check information by following several mode.
One, based on the check information that ukey information generates
Server obtains the decruption key matched with encryption key, is decrypted described check information by this decruption key.
If decipher unsuccessful, then generate verification and do not pass through/verify failed check results.
If successful decryption, then obtain the user name in described ukey information, and in the matching relationship table preset, carry out searching of device id according to this user name.If the device id in the device id found and described ukey information is inconsistent, then generates verification and do not pass through/verify failed check results.If the device id found is consistent with the device id in described ukey information, then verification is passed through, and generates the check results verifying and pass through.
Two, based on the check information that ukey information and pin check code generate
Server obtains the decruption key matched with encryption key, is decrypted described check information by this decruption key.
If decipher unsuccessful, then generate verification and do not pass through/verify failed check results.
If successful decryption, then obtain the pin code of the user name in described ukey information, user's input, and in the matching relationship table preset, carry out searching of device id according to this user name.If the device id in the device id found and described ukey information is inconsistent, then generates verification and do not pass through/verify failed check results.
If the device id found is consistent with the device id in described ukey information, then verify default pin code whether consistent with the pin code of acquisition.If inconsistent, then generate verification and do not pass through/verify failed check results.If consistent, then generate the check results verifying and pass through.
The checking procedure of above-mentioned ukey information, pin code can carry out simultaneously, also can first carry out pin code check, carry out ukey information checking again, verification just can be pointed out to pass through when its principle is correct while of only having ukey information, pin check code, have double shield, fail safe obtains further reinforcement.
Server is used for the check results of above-mentioned generation to be sent to client.
Client for receiving the check results of described server feedback, and sends to server the logging request logging in corresponding virtual machine when described check results is and correctly passes through; Wherein, described virtual machine is corresponding with described ukey equipment.Here, in order to ensure the fail safe of data, the request of described login virtual machine is the logging request based on ukey information encryption.
Server, for receiving the request of the login virtual machine that client sends.Concrete, the request of described login virtual machine is the logging request based on ukey information encryption.Server is decrypted after receiving this logging request, obtains the user name in this ukey information, searches and starts virtual machine corresponding to user name, then this virtual machine log-on message being sent to client.
Concrete, if a described user name only corresponding virtual machine, then server directly starts this virtual machine.For user, its representation is: the virtual machine log-on message of being shown by client is logged in automatically.
If the corresponding multiple virtual machine of described user name, then this multiple virtual machine is set to wait for starting state by server, generates corresponding multiple virtual machine log-on messages, and this multiple virtual machine log-on message is sent to client.For user, its representation is: show this multiple virtual machine log-on message by client, to allow to the virtual machine selecting to log in.
For the corresponding multiple virtual machine of user name, described virtual machine selected information for receiving the virtual machine selected information of user's input, and is sent to server by client.The virtual machine selected information that server sends for receiving client, obtains corresponding selected target virtual machine log-on message; Described target virtual machine log-on message is sent to described client.Server directly starts this target virtual machine.For user, its representation is: the target virtual machine log-on message of being shown by client is logged in automatically.
Concrete, we can suppose that client is be loaded as the application software in a certain touch screen electronic equipment, above-mentioned multiple virtual machine log-on message by the login icon arrangement of multiple correspondence at display interface, user triggers a certain login icon and selectes and directly log in the virtual machine that will log in, and has multiple user, system can show that this multiple user selects to operator when starting as xp operating system.
Preferably, client, also for the correctness of ukey equipment described in Real-Time Monitoring, generates and sends monitoring information to server.Again the insertion of described ukey equipment is detected when the correctness of described ukey equipment occurs abnormal.Here, monitoring information refers to the monitoring result that the correctness based on ukey equipment produces: if the correctness of ukey equipment is without exception, then monitoring result is that server can send data to client; If the correctness of ukey equipment occurs abnormal, then monitoring result is that server can not send data to client, need client to resend check information that check information, server verify client again.
Server also for receiving the monitoring information that client sends, and receives the check information of described client again when described monitoring information occurs abnormal.
Based on the technical scheme that the present embodiment provides, can in the correctness of virtual machine running Real-Time Monitoring ukey equipment, if when the correctness of ukey equipment occurs abnormal, need the process re-starting step S601-603, just again can log in virtual machine corresponding to ukey equipment.
In the present embodiment, occur extremely including but not limited to following several situation:
If after 1 login, in the process of data interaction, ukey equipment is pulled out or changes other ukey equipment, client is then pointed out " ukey equipment removes " or " this ukey equipment unauthorized access ", then virtual machine is withdrawn into login interface automatically, need again identity verification just again can log in this virtual machine that ukey equipment is corresponding or other ukey equipment are corresponding, improve the fail safe of data during data interaction.
2, after logging in virtual machine corresponding to ukey equipment, all checking can be encrypted by the random encryption key in ukey equipment to mutual data in the whole process of data interaction, can only be verified rear just can normal data mutual, otherwise need again identity verification just again can log in virtual machine corresponding to this ukey equipment, improve the fail safe of data during data interaction.
In embodiment provided by the invention, above-mentioned situation can and deposit.
In sum, the embodiment of the present invention has following technique effect:
This programme uses ukey equipment as the storage medium of check information, high based on ukey device security, technical specification consistency is strong, Compatibility of Operating System good, portably use the feature such as flexibly, only need insert corresponding ukey equipment when client is run when logging in virtual machine, client can automatically identify ukey equipment and generate corresponding check information, then directly enters dummy machine system if the verification passes; Do not pass through/failure if verified, prompting lack of competence uses, and improves Consumer's Experience in lifting fail safe, simplification while logging in.
Further, multiple virtual machine log-on messages corresponding for user are also showed user, to make user select the target virtual machine that will log in by the technical program by the present embodiment, exiting again without the need to logging in one by one, simplifying login process and improve fail safe.
In addition, based on the technical scheme that the present embodiment provides, can in the correctness of virtual machine running Real-Time Monitoring ukey equipment, if when the correctness of ukey equipment occurs abnormal, need the check information again verifying client, just again can log in virtual machine corresponding to ukey equipment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Those skilled in the art it should be understood that the sequential of the method step that above-described embodiment provides can carry out accommodation according to actual conditions, also can carry out according to actual conditions are concurrent.
The hardware that all or part of step in the method that above-described embodiment relates to can carry out instruction relevant by program has come, described program can be stored in the storage medium that computer equipment can read, for performing all or part of step described in the various embodiments described above method.Described computer equipment, such as: personal computer, server, the network equipment, intelligent mobile terminal, intelligent home device, wearable intelligent equipment, vehicle intelligent equipment etc.; Described storage medium, such as: the storage of RAM, ROM, magnetic disc, tape, CD, flash memory, USB flash disk, portable hard drive, storage card, memory stick, the webserver, network cloud storage etc.
Finally, also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, commodity or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, commodity or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, commodity or the equipment comprising described key element and also there is other identical element.
The foregoing is only embodiments of the invention; not thereby scope of patent protection of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (15)
1. log in a method for virtual machine, it is characterized in that, comprising:
When the insertion of ukey equipment being detected, generate the check information of described ukey equipment;
Described check information is sent to server verification;
Receive the check results of described server feedback, and when described check results be by send to server and log in the request of virtual machine; Wherein, described virtual machine is corresponding with described ukey equipment.
2. the method for login virtual machine according to claim 1, is characterized in that, also comprise:
Receive and show at least one virtual machine log-on message corresponding with described ukey equipment of server feedback.
3. the method for login virtual machine according to claim 2, is characterized in that, also comprise:
Receive the virtual machine selected information of input, and described virtual machine selected information is sent to server.
4. the method for login virtual machine according to claim 1, is characterized in that, the check information of the described ukey equipment of described generation comprises:
Read the ukey information preset in described ukey equipment;
Check information is generated based on described ukey information.
5. the method for login virtual machine according to claim 1, is characterized in that, the check information of the described ukey equipment of described generation comprises:
Read the pin check code of ukey information and the input preset in described ukey equipment;
Check information is generated based on described ukey information, pin check code.
6. the method for login virtual machine according to claim 1, is characterized in that, also comprise:
Monitor the correctness of described ukey equipment, and again detect the insertion of described ukey equipment when the correctness of described ukey equipment occurs abnormal.
7. allow the method logging in virtual machine, it is characterized in that, comprising:
Receive the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates;
According to described check information, whether legally verify described ukey equipment, generate by whether check results;
Send described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
8. the method allowing login virtual machine according to claim 7, is characterized in that, also comprise:
Resolve the request of described login virtual machine, read at least one virtual machine log-on message corresponding with described ukey equipment;
Described at least one virtual machine log-on message is sent to described client.
9. the method allowing login virtual machine according to claim 8, is characterized in that, also comprise:
Receive the virtual machine selected information that client sends, obtain corresponding selected target virtual machine log-on message;
Described target virtual machine log-on message is sent to described client.
10. the method allowing login virtual machine according to claim 7, is characterized in that, described check information generates based on the ukey information preset in described ukey equipment.
11. methods allowing login virtual machine according to claim 7, is characterized in that, described check information generates based on the pin check code of the ukey information preset in described ukey equipment and input.
12. methods allowing login virtual machine according to claim 7, is characterized in that, also comprise:
Receive the monitoring information that client sends, and again receive the check information of described client when described monitoring information occurs abnormal; Wherein, described monitoring information is for generating during ukey equipment correctness based on described in described client monitors.
13. 1 kinds of clients, is characterized in that, comprising:
First generation module, for when the insertion of ukey equipment being detected, generates the check information of described ukey equipment;
First sending module, for being sent to server verification by described check information;
First receiver module, for receiving the check results of described server feedback, and when described check results be by send to server and log in the request of virtual machine; Wherein, described virtual machine is corresponding with described ukey equipment.
14. 1 kinds of servers, is characterized in that, comprising:
Second receiver module, for receiving the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates;
Whether legal second generation module, for according to described check information, verify described ukey equipment, generate by whether check results;
Second sending module, for sending described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
15. 1 kinds of virtual machine login systems, is characterized in that, comprising:
Client, for
When the insertion of ukey equipment being detected, generate the check information of described ukey equipment;
Described check information is sent to server verification;
Receive the check results of described server feedback, and send the request logging in virtual machine when described check results is correct to server; Wherein, described virtual machine is corresponding with described ukey equipment;
Server, for
Receive the check information that client sends, wherein, the ukey equipment that described check information detects based on described client generates;
According to described check information, whether legally verify described ukey equipment, generate by whether check results;
Send described check results to described client, and when described check results be by receive the request of login virtual machine that client sends; Wherein, described virtual machine is corresponding with described ukey equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410351115.5A CN105306427A (en) | 2014-07-22 | 2014-07-22 | Method for logging in to virtual machine, method for allowing logging in to virtual machine and virtual machine login system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410351115.5A CN105306427A (en) | 2014-07-22 | 2014-07-22 | Method for logging in to virtual machine, method for allowing logging in to virtual machine and virtual machine login system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105306427A true CN105306427A (en) | 2016-02-03 |
Family
ID=55203184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410351115.5A Pending CN105306427A (en) | 2014-07-22 | 2014-07-22 | Method for logging in to virtual machine, method for allowing logging in to virtual machine and virtual machine login system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105306427A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107612913A (en) * | 2017-09-20 | 2018-01-19 | 贵州恒昊软件科技有限公司 | A kind of on-line bid system and method |
| CN111092731A (en) * | 2019-11-04 | 2020-05-01 | 西安万像电子科技有限公司 | Authentication method and server |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546601A (en) * | 2011-12-19 | 2012-07-04 | 广州杰赛科技股份有限公司 | Auxiliary device of cloud computing terminal for accessing virtual machine |
| US20140082717A1 (en) * | 2012-09-19 | 2014-03-20 | Seon Geun Kang | System and Method for Providing Secure Access to a Remote File |
| CN103731756A (en) * | 2014-01-02 | 2014-04-16 | 中国科学院信息工程研究所 | Smart home remote security access control implementation method based on smart cloud television gateway |
-
2014
- 2014-07-22 CN CN201410351115.5A patent/CN105306427A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546601A (en) * | 2011-12-19 | 2012-07-04 | 广州杰赛科技股份有限公司 | Auxiliary device of cloud computing terminal for accessing virtual machine |
| US20140082717A1 (en) * | 2012-09-19 | 2014-03-20 | Seon Geun Kang | System and Method for Providing Secure Access to a Remote File |
| CN103731756A (en) * | 2014-01-02 | 2014-04-16 | 中国科学院信息工程研究所 | Smart home remote security access control implementation method based on smart cloud television gateway |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107612913A (en) * | 2017-09-20 | 2018-01-19 | 贵州恒昊软件科技有限公司 | A kind of on-line bid system and method |
| CN111092731A (en) * | 2019-11-04 | 2020-05-01 | 西安万像电子科技有限公司 | Authentication method and server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111917773B (en) | Service data processing method and device and server | |
| CN101051904B (en) | Method for landing by account number cipher for protecting network application sequence | |
| JP2018501567A (en) | Device verification method and equipment | |
| CN108322461A (en) | Method, system, device, equipment and the medium of application program automated log on | |
| CN103581108A (en) | Login authentication method, login authentication client, login authentication server and login authentication system | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| CN105162764A (en) | Dual authentication method, system and device for SSH safe login | |
| CN101529366A (en) | Identification and visualization of trusted user interface objects | |
| CN111865889B (en) | Login request processing method, system, device, electronic equipment and storage medium | |
| CN105512576A (en) | Method for secure storage of data and electronic equipment | |
| CN104735065A (en) | Data processing method, electronic device and server | |
| CN110909340B (en) | Login processing method, system, device, electronic equipment and storage medium | |
| CN104199657A (en) | Call method and device for open platform | |
| CN106992859B (en) | Bastion machine private key management method and device | |
| CN111695097A (en) | Login checking method and device and computer readable storage medium | |
| CN103592927A (en) | Method for binding product server and service function through license | |
| CN103532979A (en) | Method for generating and verifying multi-conversation verification codes under CGI (common gateway interface) for web | |
| CN103336918B (en) | Electronic hard disk system authorization method and device | |
| CN104753879B (en) | Method and system, the method and system of cloud service provider certification terminal of terminal authentication cloud service provider | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
| CN105306427A (en) | Method for logging in to virtual machine, method for allowing logging in to virtual machine and virtual machine login system | |
| CN104601532A (en) | Method and device for logging in account | |
| CN109547404A (en) | The acquisition methods and server of data | |
| CN114139131A (en) | Operating system login method and device and electronic equipment | |
| CN112825093B (en) | Security baseline checking method, host, server, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160203 |