CN106817385A - Cloud terminal network access system based on high speed reliable hardware module - Google Patents

Cloud terminal network access system based on high speed reliable hardware module Download PDF

Info

Publication number
CN106817385A
CN106817385A CN201510854084.XA CN201510854084A CN106817385A CN 106817385 A CN106817385 A CN 106817385A CN 201510854084 A CN201510854084 A CN 201510854084A CN 106817385 A CN106817385 A CN 106817385A
Authority
CN
China
Prior art keywords
cloud terminal
high speed
hardware module
server
reliable hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510854084.XA
Other languages
Chinese (zh)
Inventor
曾颖明
王斌
曾淑娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201510854084.XA priority Critical patent/CN106817385A/en
Publication of CN106817385A publication Critical patent/CN106817385A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications

Abstract

The invention discloses a kind of cloud terminal network access system based on high speed reliable hardware module, wherein, including:Cloud terminal and server;Cloud terminal includes high speed reliable hardware module, operating system and Remote desk process module;The integrality that the high speed reliable hardware module is used for the operating system kernel file and to Remote desk process module is measured;The high speed reliable hardware module is stored with the identity information of cloud terminal;The server can be authenticated to the user identity using cloud terminal, if certification passes through, then continue to be authenticated the identity of the cloud terminal in the high speed reliable hardware module, if certification passes through, the server can be measured to the platform integrity status of cloud terminal, if measurement results meet the security strategy of network insertion, cloud accessing terminal to network is allowed.

Description

Cloud terminal network access system based on high speed reliable hardware module
Technical field
The present invention relates to a kind of cloud terminal network access technology based on high speed reliable hardware module Field, is based particularly on the cloud terminal network access system of high speed reliable hardware module.
Background technology
Cloud terminal has been widely used for all kinds of public clouds, private clound, virtual data center, connects Whether the cloud terminal for entering will directly affect safely whole cloud environment.Connect by using trustable network The thought for entering, implement strict high safety cloud terminal network access ensure to access public cloud, Private clound, virtual data center cloud terminal security it is credible, while using high speed reliable hardware mould Block come reduce additional safety loss, realize to remotely access cloud terminal strong authentication and ensure via The confidentiality of transmitted data on network, integrality and availability.
The extensive use of cloud terminal pattern has become the new trend of terminal applies, i.e. terminal and only makees To exist with user mutual, itself does not undertake any calculation process task substantially, and almost complete The task of the calculating, storage and unified management in portion is all transferred to void by way of desktop virtualization Intend service end to be completed.Compared with conventional terminal, cloud terminal has more preferable autgmentability, peace Full isolation, mobility and configurability.As long as user can just be enjoyed by using cloud terminal To the various services that powerful cloud is provided.In the use pattern of cloud terminal, positioned at public cloud, private The virtual desktop server for having cloud, virtual data center can be simultaneously hundreds of using Intel Virtualization Technology Individual or even thousands of virtual desktop clients provide service.In such highdensity application, such as What ensures that both sides' identity security, platform safety, communication security etc. just become main safety and ask Topic, while it is also contemplated that reducing the factors such as additional safety loss.That is, widespread deployment Cloud terminal whether the communication between secure and trusted, cloud terminal and server whether secure and trusted, will Immediate constraint and the whole public cloud of influence, private clound, the safe class of virtual data center.
The content of the invention
A kind of cloud terminal network access system based on high speed reliable hardware module of the present invention, is used to Solve above-mentioned problem of the prior art.
A kind of cloud terminal network access system based on high speed reliable hardware module of the present invention, its In, including:Cloud terminal and server;Cloud terminal includes high speed reliable hardware module, operation System and Remote desk process module;The high speed reliable hardware module is used for the operating system Core document and the integrality to Remote desk process module are measured;It is hard that the high speed is credible Part module is stored with the identity information of cloud terminal;The server can be to the user using cloud terminal Identity is authenticated, if certification passes through, continues to the cloud in the high speed reliable hardware module The identity of terminal is authenticated, if certification passes through, the server can be complete to the platform of cloud terminal Whole proterties state is measured, if measurement results meet the security strategy of network insertion, is allowed Cloud accessing terminal to network.
Cloud terminal network access system based on high speed reliable hardware module of the invention One embodiment, wherein, if measurement results are unsatisfactory for the security strategy of network insertion, should Cloud terminal is connected to the area of isolation specified, and security repairing and upgrading are carried out to the cloud terminal.
Cloud terminal network access system based on high speed reliable hardware module of the invention One embodiment, wherein, server meets the security strategy of network insertion in cloud terminal measurement results Afterwards, the cloud terminal is set up remote with the virtual machine of server also by Remote desk process module Journey desktop is connected, can be by the desktop picture information of virtual machine in server by being sent to cloud end End.
Cloud terminal network access system based on high speed reliable hardware module of the invention One embodiment, wherein, the server also includes the second high speed reliable hardware module, for carrying out The application system run in the server virtualization hardened system, the virtual machine that are run on server is carried Data encrypting and deciphering, data signature/checking, hashed value for high speed are calculated and generating random number.
To sum up, cloud terminal network access system of the present invention based on high speed reliable hardware module, energy Enough based on the platform information and subscriber identity information having in high speed reliable hardware module, using flat Platform trustable network access technology realizes the secure accessing of thin-client, it is ensured that only meet safe plan Cloud terminal slightly can access public cloud, private clound, virtual data center, while finding After security exception occurs in the cloud SOT state of termination, Remote desk process can be in time disconnected.
Brief description of the drawings
Fig. 1 show cloud terminal network access system of the present invention based on high speed reliable hardware module Module map.
Specific embodiment
It is below in conjunction with the accompanying drawings and real to make the purpose of the present invention, content and advantage clearer Example is applied, specific embodiment of the invention is described in further detail.
Fig. 1 show cloud terminal network access system of the present invention based on high speed reliable hardware module Module map, as shown in figure 1, cloud terminal 1 communicates with server 6.Cloud terminal 1 includes:At a high speed can Letter hardware module 2, operating system 3 and Remote desk process module 4.Server 6 includes:It is high Fast reliable hardware module 7, virtual machine monitor 8, virtual machine a- virtual machines n, operating system 10 And virtual machine monitor 8.
With reference to Fig. 1, server 6 is located at public cloud, private clound, virtual data center, is provided with Monitor of virtual machine 8, can simultaneously run the virtual machine a-n of multiple security isolations.Virtual machine is transported Row operating system and types of applications software, cloud terminal 1 can be connect by Remote desk process module 4 Virtual machine a-n live table image informations are received remotely to push.At a high speed can by being embedded in cloud terminal 1 Letter hardware module 2, using integrity measurement, trusted network access control, transitive trust etc. Method under trust computing framework realizes that the secure and trusted of cloud terminal 1 is accessed, and significantly reduces publicly-owned Cloud, private clound, virtual data center are by the probability of malicious attack.Wherein, the high speed of cloud terminal 1 Reliable hardware module can use external or built-in (USB or PCIE) mode.
With reference to Fig. 1, sketch the cloud terminal network based on high speed reliable hardware module of the invention and connect Enter the specific work process of system, server 6 runs multiple phases by installing virtual machine monitor 8 The virtual machine a- virtual machine n for mutually isolating, so that cloud terminal 1 accesses virtual machine a as an example, in design Under the network insertion pattern of cloud terminal 1 based on high speed reliable hardware module 2, the power-up fortune of cloud terminal 1 OK, be primarily based on high speed reliable hardware module 2 is carried out to the integrality of the core document of operating system 3 Measurement, measurement allows cloud terminal 1 to load operating system (by hash algorithm) by rear; Then to the (desktop picture for obtaining server correspondence virtual machine of Remote desk process module 4 Information 5) integrality measured, measurement load operating is allowed by rear.In cloud terminal 1 When public cloud, private clound, the server 6 of virtual data center is accessed, server 6 pairs is used The user identity of cloud terminal 1 is authenticated;If certification passes through, to high speed reliable hardware module 2 In the identity of cloud terminal 1 be authenticated;If certification passes through, to high speed reliable hardware module 2 The platform integrity status of medium cloud terminal 1 are measured, if measurement results meet network insertion Security strategy, then allow the access network of cloud terminal 1, cloud terminal 1 is otherwise connected to what is specified Area of isolation, security repairing and upgrading are carried out to it.After whole certifications pass through, by remote Journey desktop link block 4, sets up the Remote desk process with virtual machine a in cloud server 6, The desktop picture information of virtual machine a in server 6 can be sent to cloud end by network remote End 1.The data input that server 6 receives cloud terminal 1 is simultaneously processed, then by desktop picture information 5 Display frame is pushed in the display output equipment of cloud terminal 1.Cloud terminal 1 itself does not undertake any fortune Process task is calculated, the task of whole calculating, storage and unified management all passes through the side for virtualizing Virtual machine a that formula is transferred in server 6 is completed.Based on cloud terminal 1 by with cloud service Virtual machine a in device 6 sets up Remote desk process, can run operating system, can more realize Compared with the safeguard protection of high safety grade.
With reference to Fig. 1, for another embodiment, high speed reliable hardware can be accessed in server 6 Module 7, is fortune in the virtualization of server 6 hardened system, the virtual machine run on Cloud Server 6 Capable application system provides data encrypting and deciphering, data signature/checking, the hashed value calculating of high speed And the function such as generating random number.
Cloud terminal network access system of the present invention based on high speed reliable hardware module, can be based on The platform information and subscriber identity information having in high speed reliable hardware module, using platform credible Network access technique realizes the secure accessing of thin-client, it is ensured that only meet the cloud of security strategy Terminal can access public cloud, private clound, virtual data center, while finding cloud terminal After security exception occurs in state, Remote desk process can be in time disconnected.
The above is only the preferred embodiment of the present invention, it is noted that led for this technology For the those of ordinary skill in domain, on the premise of the technology of the present invention principle is not departed from, can be with Some improvement and deformation are made, these are improved and deformation also should be regarded as protection scope of the present invention.

Claims (4)

1. a kind of cloud terminal network access system based on high speed reliable hardware module, its feature It is, including:Cloud terminal and server;
Cloud terminal includes high speed reliable hardware module, operating system and Remote desk process mould Block;
The high speed reliable hardware module is used for the operating system kernel file and to long-range table The integrality of face link block is measured;The high speed reliable hardware module is stored with cloud terminal Identity information;
The server can be authenticated to the user identity using cloud terminal, if certification is logical Cross, then continue to be authenticated the identity of the cloud terminal in the high speed reliable hardware module, if Certification passes through, and the server can be measured to the platform integrity status of cloud terminal, if degree Amount result meets the security strategy of network insertion, then allow cloud accessing terminal to network.
2. the cloud terminal network based on high speed reliable hardware module as claimed in claim 1 accesses system System, it is characterised in that if measurement results are unsatisfactory for the security strategy of network insertion, should Cloud terminal is connected to the area of isolation specified, and security repairing and upgrading are carried out to the cloud terminal.
3. the cloud terminal network based on high speed reliable hardware module as claimed in claim 1 accesses system System, it is characterised in that server meets the security strategy of network insertion in cloud terminal measurement results Afterwards, the cloud terminal is set up remote with the virtual machine of server also by Remote desk process module Journey desktop is connected, can be by the desktop picture information of virtual machine in server by being sent to cloud end End.
4. the cloud terminal network based on high speed reliable hardware module as claimed in claim 1 accesses system System, it is characterised in that the server also includes the second high speed reliable hardware module, for carrying out The application system run in the server virtualization hardened system, the virtual machine that are run on server is carried Data encrypting and deciphering, data signature/checking, hashed value for high speed are calculated and generating random number.
CN201510854084.XA 2015-11-30 2015-11-30 Cloud terminal network access system based on high speed reliable hardware module Pending CN106817385A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510854084.XA CN106817385A (en) 2015-11-30 2015-11-30 Cloud terminal network access system based on high speed reliable hardware module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510854084.XA CN106817385A (en) 2015-11-30 2015-11-30 Cloud terminal network access system based on high speed reliable hardware module

Publications (1)

Publication Number Publication Date
CN106817385A true CN106817385A (en) 2017-06-09

Family

ID=59155653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510854084.XA Pending CN106817385A (en) 2015-11-30 2015-11-30 Cloud terminal network access system based on high speed reliable hardware module

Country Status (1)

Country Link
CN (1) CN106817385A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808983A (en) * 2019-11-05 2020-02-18 西安雷风电子科技有限公司 Cloud desktop identity recognition detection method for network access of cloud desktop terminal
CN112434300A (en) * 2020-11-23 2021-03-02 山东可信云信息技术研究院 Credible super-fusion system and control method
CN114666103A (en) * 2022-03-04 2022-06-24 阿里巴巴(中国)有限公司 Credible measuring device, equipment and system and credible identity authentication method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647620A (en) * 2012-03-28 2012-08-22 华为终端有限公司 Method, set-top box, cloud terminal application server and system for realizing cloud terminal business
CN104601555A (en) * 2014-12-30 2015-05-06 中国航天科工集团第二研究院七〇六所 Trusted security control method of virtual cloud terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102647620A (en) * 2012-03-28 2012-08-22 华为终端有限公司 Method, set-top box, cloud terminal application server and system for realizing cloud terminal business
CN104601555A (en) * 2014-12-30 2015-05-06 中国航天科工集团第二研究院七〇六所 Trusted security control method of virtual cloud terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110808983A (en) * 2019-11-05 2020-02-18 西安雷风电子科技有限公司 Cloud desktop identity recognition detection method for network access of cloud desktop terminal
CN112434300A (en) * 2020-11-23 2021-03-02 山东可信云信息技术研究院 Credible super-fusion system and control method
CN112434300B (en) * 2020-11-23 2024-03-12 山东可信云信息技术研究院 Trusted super-fusion system and control method
CN114666103A (en) * 2022-03-04 2022-06-24 阿里巴巴(中国)有限公司 Credible measuring device, equipment and system and credible identity authentication method
CN114666103B (en) * 2022-03-04 2023-08-15 阿里巴巴(中国)有限公司 Trusted measurement device, equipment, system and trusted identity authentication method

Similar Documents

Publication Publication Date Title
CN105095768B (en) A kind of construction method of the trusted servers trust chain based on virtualization
CN103747036B (en) Trusted security enhancement method in desktop virtualization environment
US8977842B1 (en) Hypervisor enabled secure inter-container communications
CN101778099B (en) Architecture accessing trusted network for tolerating untrusted components and access method thereof
CN103546421B (en) Network work based on PKI technology exchange security system and its implementation
US20140380310A1 (en) Sharing usb key by multiple virtual machines located at different hosts
EP3552131B1 (en) Password security
CN103259663A (en) User unified authentication method in cloud computing environment
CN202663444U (en) Cloud safety data migration model
CA2974000A1 (en) Rolling security platform
CN104320389A (en) Fusion identify protection system and fusion identify protection method based on cloud computing
CN105099705B (en) A kind of safety communicating method and its system based on usb protocol
CN103500202B (en) Security protection method and system for light-weight database
CN101241528A (en) Terminal access trusted PDA method and access system
CN104601555A (en) Trusted security control method of virtual cloud terminal
US10958670B2 (en) Processing system for providing console access to a cyber range virtual environment
CN104951712A (en) Data safety protection method in Xen virtualization environment
CN106817385A (en) Cloud terminal network access system based on high speed reliable hardware module
CN115001841A (en) Identity authentication method, identity authentication device and storage medium
CN104506480A (en) Cross-domain access control method and system based on marking and auditing combination
Kim et al. Puf-based iot device authentication scheme on iot open platform
US20200145420A1 (en) Processing System For Providing Console Access To A Cyber Range Virtual Environment
CN109040225A (en) A kind of dynamic port desktop access management method and system
CN106713228A (en) Cloud platform key management method and system
CN117389974A (en) File secure sharing method based on super fusion system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170609