CN106817385A - Cloud terminal network access system based on high speed reliable hardware module - Google Patents
Cloud terminal network access system based on high speed reliable hardware module Download PDFInfo
- Publication number
- CN106817385A CN106817385A CN201510854084.XA CN201510854084A CN106817385A CN 106817385 A CN106817385 A CN 106817385A CN 201510854084 A CN201510854084 A CN 201510854084A CN 106817385 A CN106817385 A CN 106817385A
- Authority
- CN
- China
- Prior art keywords
- cloud terminal
- high speed
- hardware module
- server
- reliable hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
Abstract
The invention discloses a kind of cloud terminal network access system based on high speed reliable hardware module, wherein, including:Cloud terminal and server;Cloud terminal includes high speed reliable hardware module, operating system and Remote desk process module;The integrality that the high speed reliable hardware module is used for the operating system kernel file and to Remote desk process module is measured;The high speed reliable hardware module is stored with the identity information of cloud terminal;The server can be authenticated to the user identity using cloud terminal, if certification passes through, then continue to be authenticated the identity of the cloud terminal in the high speed reliable hardware module, if certification passes through, the server can be measured to the platform integrity status of cloud terminal, if measurement results meet the security strategy of network insertion, cloud accessing terminal to network is allowed.
Description
Technical field
The present invention relates to a kind of cloud terminal network access technology based on high speed reliable hardware module
Field, is based particularly on the cloud terminal network access system of high speed reliable hardware module.
Background technology
Cloud terminal has been widely used for all kinds of public clouds, private clound, virtual data center, connects
Whether the cloud terminal for entering will directly affect safely whole cloud environment.Connect by using trustable network
The thought for entering, implement strict high safety cloud terminal network access ensure to access public cloud,
Private clound, virtual data center cloud terminal security it is credible, while using high speed reliable hardware mould
Block come reduce additional safety loss, realize to remotely access cloud terminal strong authentication and ensure via
The confidentiality of transmitted data on network, integrality and availability.
The extensive use of cloud terminal pattern has become the new trend of terminal applies, i.e. terminal and only makees
To exist with user mutual, itself does not undertake any calculation process task substantially, and almost complete
The task of the calculating, storage and unified management in portion is all transferred to void by way of desktop virtualization
Intend service end to be completed.Compared with conventional terminal, cloud terminal has more preferable autgmentability, peace
Full isolation, mobility and configurability.As long as user can just be enjoyed by using cloud terminal
To the various services that powerful cloud is provided.In the use pattern of cloud terminal, positioned at public cloud, private
The virtual desktop server for having cloud, virtual data center can be simultaneously hundreds of using Intel Virtualization Technology
Individual or even thousands of virtual desktop clients provide service.In such highdensity application, such as
What ensures that both sides' identity security, platform safety, communication security etc. just become main safety and ask
Topic, while it is also contemplated that reducing the factors such as additional safety loss.That is, widespread deployment
Cloud terminal whether the communication between secure and trusted, cloud terminal and server whether secure and trusted, will
Immediate constraint and the whole public cloud of influence, private clound, the safe class of virtual data center.
The content of the invention
A kind of cloud terminal network access system based on high speed reliable hardware module of the present invention, is used to
Solve above-mentioned problem of the prior art.
A kind of cloud terminal network access system based on high speed reliable hardware module of the present invention, its
In, including:Cloud terminal and server;Cloud terminal includes high speed reliable hardware module, operation
System and Remote desk process module;The high speed reliable hardware module is used for the operating system
Core document and the integrality to Remote desk process module are measured;It is hard that the high speed is credible
Part module is stored with the identity information of cloud terminal;The server can be to the user using cloud terminal
Identity is authenticated, if certification passes through, continues to the cloud in the high speed reliable hardware module
The identity of terminal is authenticated, if certification passes through, the server can be complete to the platform of cloud terminal
Whole proterties state is measured, if measurement results meet the security strategy of network insertion, is allowed
Cloud accessing terminal to network.
Cloud terminal network access system based on high speed reliable hardware module of the invention
One embodiment, wherein, if measurement results are unsatisfactory for the security strategy of network insertion, should
Cloud terminal is connected to the area of isolation specified, and security repairing and upgrading are carried out to the cloud terminal.
Cloud terminal network access system based on high speed reliable hardware module of the invention
One embodiment, wherein, server meets the security strategy of network insertion in cloud terminal measurement results
Afterwards, the cloud terminal is set up remote with the virtual machine of server also by Remote desk process module
Journey desktop is connected, can be by the desktop picture information of virtual machine in server by being sent to cloud end
End.
Cloud terminal network access system based on high speed reliable hardware module of the invention
One embodiment, wherein, the server also includes the second high speed reliable hardware module, for carrying out
The application system run in the server virtualization hardened system, the virtual machine that are run on server is carried
Data encrypting and deciphering, data signature/checking, hashed value for high speed are calculated and generating random number.
To sum up, cloud terminal network access system of the present invention based on high speed reliable hardware module, energy
Enough based on the platform information and subscriber identity information having in high speed reliable hardware module, using flat
Platform trustable network access technology realizes the secure accessing of thin-client, it is ensured that only meet safe plan
Cloud terminal slightly can access public cloud, private clound, virtual data center, while finding
After security exception occurs in the cloud SOT state of termination, Remote desk process can be in time disconnected.
Brief description of the drawings
Fig. 1 show cloud terminal network access system of the present invention based on high speed reliable hardware module
Module map.
Specific embodiment
It is below in conjunction with the accompanying drawings and real to make the purpose of the present invention, content and advantage clearer
Example is applied, specific embodiment of the invention is described in further detail.
Fig. 1 show cloud terminal network access system of the present invention based on high speed reliable hardware module
Module map, as shown in figure 1, cloud terminal 1 communicates with server 6.Cloud terminal 1 includes:At a high speed can
Letter hardware module 2, operating system 3 and Remote desk process module 4.Server 6 includes:It is high
Fast reliable hardware module 7, virtual machine monitor 8, virtual machine a- virtual machines n, operating system 10
And virtual machine monitor 8.
With reference to Fig. 1, server 6 is located at public cloud, private clound, virtual data center, is provided with
Monitor of virtual machine 8, can simultaneously run the virtual machine a-n of multiple security isolations.Virtual machine is transported
Row operating system and types of applications software, cloud terminal 1 can be connect by Remote desk process module 4
Virtual machine a-n live table image informations are received remotely to push.At a high speed can by being embedded in cloud terminal 1
Letter hardware module 2, using integrity measurement, trusted network access control, transitive trust etc.
Method under trust computing framework realizes that the secure and trusted of cloud terminal 1 is accessed, and significantly reduces publicly-owned
Cloud, private clound, virtual data center are by the probability of malicious attack.Wherein, the high speed of cloud terminal 1
Reliable hardware module can use external or built-in (USB or PCIE) mode.
With reference to Fig. 1, sketch the cloud terminal network based on high speed reliable hardware module of the invention and connect
Enter the specific work process of system, server 6 runs multiple phases by installing virtual machine monitor 8
The virtual machine a- virtual machine n for mutually isolating, so that cloud terminal 1 accesses virtual machine a as an example, in design
Under the network insertion pattern of cloud terminal 1 based on high speed reliable hardware module 2, the power-up fortune of cloud terminal 1
OK, be primarily based on high speed reliable hardware module 2 is carried out to the integrality of the core document of operating system 3
Measurement, measurement allows cloud terminal 1 to load operating system (by hash algorithm) by rear;
Then to the (desktop picture for obtaining server correspondence virtual machine of Remote desk process module 4
Information 5) integrality measured, measurement load operating is allowed by rear.In cloud terminal 1
When public cloud, private clound, the server 6 of virtual data center is accessed, server 6 pairs is used
The user identity of cloud terminal 1 is authenticated;If certification passes through, to high speed reliable hardware module 2
In the identity of cloud terminal 1 be authenticated;If certification passes through, to high speed reliable hardware module 2
The platform integrity status of medium cloud terminal 1 are measured, if measurement results meet network insertion
Security strategy, then allow the access network of cloud terminal 1, cloud terminal 1 is otherwise connected to what is specified
Area of isolation, security repairing and upgrading are carried out to it.After whole certifications pass through, by remote
Journey desktop link block 4, sets up the Remote desk process with virtual machine a in cloud server 6,
The desktop picture information of virtual machine a in server 6 can be sent to cloud end by network remote
End 1.The data input that server 6 receives cloud terminal 1 is simultaneously processed, then by desktop picture information 5
Display frame is pushed in the display output equipment of cloud terminal 1.Cloud terminal 1 itself does not undertake any fortune
Process task is calculated, the task of whole calculating, storage and unified management all passes through the side for virtualizing
Virtual machine a that formula is transferred in server 6 is completed.Based on cloud terminal 1 by with cloud service
Virtual machine a in device 6 sets up Remote desk process, can run operating system, can more realize
Compared with the safeguard protection of high safety grade.
With reference to Fig. 1, for another embodiment, high speed reliable hardware can be accessed in server 6
Module 7, is fortune in the virtualization of server 6 hardened system, the virtual machine run on Cloud Server 6
Capable application system provides data encrypting and deciphering, data signature/checking, the hashed value calculating of high speed
And the function such as generating random number.
Cloud terminal network access system of the present invention based on high speed reliable hardware module, can be based on
The platform information and subscriber identity information having in high speed reliable hardware module, using platform credible
Network access technique realizes the secure accessing of thin-client, it is ensured that only meet the cloud of security strategy
Terminal can access public cloud, private clound, virtual data center, while finding cloud terminal
After security exception occurs in state, Remote desk process can be in time disconnected.
The above is only the preferred embodiment of the present invention, it is noted that led for this technology
For the those of ordinary skill in domain, on the premise of the technology of the present invention principle is not departed from, can be with
Some improvement and deformation are made, these are improved and deformation also should be regarded as protection scope of the present invention.
Claims (4)
1. a kind of cloud terminal network access system based on high speed reliable hardware module, its feature
It is, including:Cloud terminal and server;
Cloud terminal includes high speed reliable hardware module, operating system and Remote desk process mould
Block;
The high speed reliable hardware module is used for the operating system kernel file and to long-range table
The integrality of face link block is measured;The high speed reliable hardware module is stored with cloud terminal
Identity information;
The server can be authenticated to the user identity using cloud terminal, if certification is logical
Cross, then continue to be authenticated the identity of the cloud terminal in the high speed reliable hardware module, if
Certification passes through, and the server can be measured to the platform integrity status of cloud terminal, if degree
Amount result meets the security strategy of network insertion, then allow cloud accessing terminal to network.
2. the cloud terminal network based on high speed reliable hardware module as claimed in claim 1 accesses system
System, it is characterised in that if measurement results are unsatisfactory for the security strategy of network insertion, should
Cloud terminal is connected to the area of isolation specified, and security repairing and upgrading are carried out to the cloud terminal.
3. the cloud terminal network based on high speed reliable hardware module as claimed in claim 1 accesses system
System, it is characterised in that server meets the security strategy of network insertion in cloud terminal measurement results
Afterwards, the cloud terminal is set up remote with the virtual machine of server also by Remote desk process module
Journey desktop is connected, can be by the desktop picture information of virtual machine in server by being sent to cloud end
End.
4. the cloud terminal network based on high speed reliable hardware module as claimed in claim 1 accesses system
System, it is characterised in that the server also includes the second high speed reliable hardware module, for carrying out
The application system run in the server virtualization hardened system, the virtual machine that are run on server is carried
Data encrypting and deciphering, data signature/checking, hashed value for high speed are calculated and generating random number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510854084.XA CN106817385A (en) | 2015-11-30 | 2015-11-30 | Cloud terminal network access system based on high speed reliable hardware module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510854084.XA CN106817385A (en) | 2015-11-30 | 2015-11-30 | Cloud terminal network access system based on high speed reliable hardware module |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106817385A true CN106817385A (en) | 2017-06-09 |
Family
ID=59155653
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510854084.XA Pending CN106817385A (en) | 2015-11-30 | 2015-11-30 | Cloud terminal network access system based on high speed reliable hardware module |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106817385A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110808983A (en) * | 2019-11-05 | 2020-02-18 | 西安雷风电子科技有限公司 | Cloud desktop identity recognition detection method for network access of cloud desktop terminal |
CN112434300A (en) * | 2020-11-23 | 2021-03-02 | 山东可信云信息技术研究院 | Credible super-fusion system and control method |
CN114666103A (en) * | 2022-03-04 | 2022-06-24 | 阿里巴巴(中国)有限公司 | Credible measuring device, equipment and system and credible identity authentication method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647620A (en) * | 2012-03-28 | 2012-08-22 | 华为终端有限公司 | Method, set-top box, cloud terminal application server and system for realizing cloud terminal business |
CN104601555A (en) * | 2014-12-30 | 2015-05-06 | 中国航天科工集团第二研究院七〇六所 | Trusted security control method of virtual cloud terminal |
-
2015
- 2015-11-30 CN CN201510854084.XA patent/CN106817385A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102647620A (en) * | 2012-03-28 | 2012-08-22 | 华为终端有限公司 | Method, set-top box, cloud terminal application server and system for realizing cloud terminal business |
CN104601555A (en) * | 2014-12-30 | 2015-05-06 | 中国航天科工集团第二研究院七〇六所 | Trusted security control method of virtual cloud terminal |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110808983A (en) * | 2019-11-05 | 2020-02-18 | 西安雷风电子科技有限公司 | Cloud desktop identity recognition detection method for network access of cloud desktop terminal |
CN112434300A (en) * | 2020-11-23 | 2021-03-02 | 山东可信云信息技术研究院 | Credible super-fusion system and control method |
CN112434300B (en) * | 2020-11-23 | 2024-03-12 | 山东可信云信息技术研究院 | Trusted super-fusion system and control method |
CN114666103A (en) * | 2022-03-04 | 2022-06-24 | 阿里巴巴(中国)有限公司 | Credible measuring device, equipment and system and credible identity authentication method |
CN114666103B (en) * | 2022-03-04 | 2023-08-15 | 阿里巴巴(中国)有限公司 | Trusted measurement device, equipment, system and trusted identity authentication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105095768B (en) | A kind of construction method of the trusted servers trust chain based on virtualization | |
CN103747036B (en) | Trusted security enhancement method in desktop virtualization environment | |
US8977842B1 (en) | Hypervisor enabled secure inter-container communications | |
CN101778099B (en) | Architecture accessing trusted network for tolerating untrusted components and access method thereof | |
CN103546421B (en) | Network work based on PKI technology exchange security system and its implementation | |
US20140380310A1 (en) | Sharing usb key by multiple virtual machines located at different hosts | |
EP3552131B1 (en) | Password security | |
CN103259663A (en) | User unified authentication method in cloud computing environment | |
CN202663444U (en) | Cloud safety data migration model | |
CA2974000A1 (en) | Rolling security platform | |
CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
CN103500202B (en) | Security protection method and system for light-weight database | |
CN101241528A (en) | Terminal access trusted PDA method and access system | |
CN104601555A (en) | Trusted security control method of virtual cloud terminal | |
US10958670B2 (en) | Processing system for providing console access to a cyber range virtual environment | |
CN104951712A (en) | Data safety protection method in Xen virtualization environment | |
CN106817385A (en) | Cloud terminal network access system based on high speed reliable hardware module | |
CN115001841A (en) | Identity authentication method, identity authentication device and storage medium | |
CN104506480A (en) | Cross-domain access control method and system based on marking and auditing combination | |
Kim et al. | Puf-based iot device authentication scheme on iot open platform | |
US20200145420A1 (en) | Processing System For Providing Console Access To A Cyber Range Virtual Environment | |
CN109040225A (en) | A kind of dynamic port desktop access management method and system | |
CN106713228A (en) | Cloud platform key management method and system | |
CN117389974A (en) | File secure sharing method based on super fusion system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170609 |