CN110032414B - Apparatus and method for secure user authentication in remote console mode - Google Patents
Apparatus and method for secure user authentication in remote console mode Download PDFInfo
- Publication number
- CN110032414B CN110032414B CN201910169027.6A CN201910169027A CN110032414B CN 110032414 B CN110032414 B CN 110032414B CN 201910169027 A CN201910169027 A CN 201910169027A CN 110032414 B CN110032414 B CN 110032414B
- Authority
- CN
- China
- Prior art keywords
- secure
- input device
- user input
- change
- information processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
Abstract
A method for authenticating a user of an information processing apparatus before a change is applied to a setting of the information processing apparatus is disclosed. The user is the party initiating the change. The method includes the steps of determining whether a user is judged to be safe; creating a flag for the change prior to applying the change if the user is determined to be safe; if the flag of the change is found, the change is applied to the setting of the information processing apparatus. The present invention provides a simple and effective solution for authenticating users and providing them with different access rights/roles when changing the settings of an information processing apparatus.
Description
Technical Field
The present invention relates to remote access of computing devices, and more particularly to remote operations on computing devices having authentication required to alter settings of the computing device.
Background
Today, some information processing devices provide a local mode of operation and a remote (virtual) mode of operation. For example, a typical server has a local console (display) and a local keyboard/mouse, and also has a remote KVM (kernel-based virtual machine) that supports the remote console and keyboard/mouse. In addition, modern servers provide remote control functions such as remote viewing of video with graphic resolution and remote access using a virtual keyboard/mouse, and some support simultaneous access to remote KVM from multiple clients.
On the other hand, an information processing apparatus such as a server has security settings in firmware of the information processing apparatus, such as enabling or disabling an on-board security chip (e.g., trusted platform module-TPM), enabling and disabling secure booting, and the like. For users supporting information processing devices and fully controlling local consoles and even information processing device hardware, they should have full access rights. However, this presents a security risk due to the access that a remote user attempting to operate the information processing apparatus using a remote console and a remote keyboard/mouse may have, because not all remote users should be allowed to change every setting in the information processing apparatus, in particular the security setting. Some users with remote KVM access may even secretly use the statement of others to alter the security settings.
Disclosure of Invention
Thus, there is a need to control access by remote users to at least some settings of an information processing apparatus.
In one aspect, the present invention provides a method for authenticating a user of an information processing apparatus before a change is applied to a setting of the information processing apparatus. The user is the party initiating the change. The method comprises the steps of determining whether a user is secure; if the user is secure, creating a flag for the change prior to applying the change; if the flag of the change is found, the change is applied to the setting of the information processing apparatus.
In another aspect, the present invention provides an information processing apparatus including a main processor and a motherboard on which the processor is mounted. If the user is secure, the firmware is adapted to create a flag for the change before applying the change. The firmware is further adapted to subsequently apply the change to the settings of the information processing apparatus if the flag for the change can be found.
Thus, the present invention provides a simple but secure solution for remote users to alter critical security settings of an information handling device. All operations are transparent to the remote user and once they begin operating on the remote console, the user can be automatically provided with the appropriate virtual user input device according to the access rights/roles that the user may have. Then, a user with sufficient authority can change the security setting of the information processing apparatus, and a user without sufficient authority can change only the non-security setting and cannot change the security setting. Thus, this solution provides a good experience for the remote user.
In addition, the solution provided by the present invention is simple and efficient, since no specific hardware is required to distinguish between secure and non-secure users. Traditionally, some techniques implementing similar differentiation require specific hardware circuitry to set the physical jumper of the chip (e.g., by pulling up the voltage at the pins), and then the secure or non-secure settings can be adjusted according to the state of the jumper. However, relying on hardware can make the overall mechanism very complex and incompatible with the security test requirements of modern operating systems. In contrast, the solution provided by the present invention does not require special hardware, as it is mainly based on software modules, requiring only firmware such as UEFI and a service processor such as BMC. Thus, the solution provided by the present invention can be universally used for different operating systems and even for hardware from different vendors.
Drawings
The foregoing and further features of the invention will become apparent from the following description of preferred embodiments, provided by way of example only in conjunction with the accompanying drawings, in which:
FIG. 1a is a diagram of a server having a local console and a local user input device, and a remote console and a remote user input device.
FIG. 1b shows a block diagram of a motherboard and a portion of components on the motherboard in the server of FIG. 1 a.
Fig. 2 shows a schematic diagram of a BMC of a server connected to a UEFI-enabled keyboard driver and a BMC providing a setup screen to a user according to another embodiment of the present invention.
Fig. 3 is a flow chart illustrating a method for authenticating a user prior to making a change to a setting of the server in fig. 2.
Fig. 4 illustrates a secure user authentication method for a server in a remote console mode according to one embodiment of the present invention.
In the drawings, like numerals refer to like parts throughout the several embodiments described herein.
Detailed Description
Turning now to fig. 1a, 1b, a server 20, which is an information processing apparatus, includes a local console 22, a local keyboard 24, and a local mouse 26. The local console 22 is a display device adapted to display a user interface (not shown) including settings of the server 20 to a local user in front of the server 20. The local console 22, local keyboard 24 and local mouse 26 are all physically connected to the motherboard 29 of the server 20 to perform their respective functions. The local keyboard 24 and the local mouse 26 are types of local user input devices that allow, for example, a local user to provide user input to control operation of the server 20, such as to alter the settings described above.
Also connected to server 20 are a remote console 32, a remote keyboard 34 and a remote mouse 36, which have similar functions as local console 22, local keyboard 24 and local mouse 26, respectively. However, the remote console 32, remote keyboard 34, and remote mouse 36 are not physically connected to the motherboard 29 or chassis (not shown) of the server 20. Rather, they are geographically spaced apart or remote from the server 20. Remote console 32, remote keyboard 34 and remote mouse 36 are connected to server 20 through a communication network (not shown) such as the internet. The remote keyboard 34 and the local mouse 36 are types of remote user input devices. The remote console 32, remote keyboard 34, and remote mouse 36 are adapted to operate with the server 20 in a KVM mode.
As shown in fig. 1b, the server 20 has mounted on its motherboard 29 a main processor 21, a service processor 23, and a memory 25. The main processor 21 is, for example, a Central Processing Unit (CPU) of one or more servers 20, which takes over computing tasks. On the other hand, the service processor 23 is a processor different from the main processor, and provides functions such as autonomous monitoring and recovery directly implemented into the server management system. For example, the service processor 23 may be a Baseband Management Controller (BMC). Memory 25 is hardware that stores permanent or temporary data for running server 20, including firmware 27. Examples of firmware 27 include a Unified Extensible Firmware Interface (UEFI), which further includes a UEFI setup module for changing settings of the information handling device, and a UEFI keyboard/mouse driver.
Turning now to fig. 2-4, another embodiment of the present invention is a secure user authentication method for a remote console mode server. This method can be applied to the servers in fig. 1a-1 b. Starting from fig. 4, the method starts when the user tries/requests to change the settings of the server. Note that there are three possible types of users making such change requests and they are shown in steps 60 to 62, respectively. For each specific request from the user, only one of the three steps 60 to 62 will be applied. It will be appreciated that different types of user may use different types of user input devices, such as local user input devices or remote user input devices similar to those mentioned above. Specifically, in step 60, the remote user attempts to change the settings through a standard (non-secure) virtual user input device. In step 61, the remote secure user attempts to change the settings through the secure virtual user input device. In step 62, the local user attempts to change the settings via the local user input device. Both the non-secure user input device and the secure user input device are types of remote user input devices. Note that the user input device may include a keyboard, mouse, and/or other type of user input device, whether remote or local. In this embodiment, the server contains BMC 54 as the service processor and UEFI as firmware. The BMC 54 prior to steps 60 and 61 above must assign a secure or non-secure virtual user input device to a remote user account, as will be described in more detail later.
The next step after any of steps 60 through 62 will be the same, namely, the UEFI keyboard/mouse driver 48, as part of the UEFI acting as firmware for the information processing apparatus, checking the location of the request to change the settings. This is done in two steps. First, in step 63, the UEFI keyboard/mouse driver 48 determines whether the modification is from a local keyboard/mouse based on information obtained from the motherboard of the server. The physically connected local keyboard/mouse may be detected by the motherboard of the information processing apparatus. If the request to change the settings is from a local keyboard/mouse, the user is a local user and the method proceeds directly to step 66, where the UEFI keyboard/mouse driver 48 creates a security flag for the local user operating on the local physical keyboard/mouse (i.e., an operation to change the settings of the server) for the intended change. The server always provides the highest access rights for the local user with a local client account, because as described above, a local user that is able to physically touch the server is considered eligible to change all settings of the server. Thus, the local user is a secure user.
However, if in step 63 the UEFI keyboard/mouse driver 48 determines that the request to change the settings is not from a local physical keyboard/mouse, the user is a remote user and the method proceeds to step 65. In step 65, the UEFI keyboard/mouse driver 48 further determines whether the change is from a secure virtual keyboard/mouse. A secure virtual keyboard/mouse means that the following user is a secure user 52, which has higher access rights to alter the security settings of the server. An unsecure virtual keyboard/mouse means that the latter user is an unsecure user 50 without secure access. The UEFI keyboard/mouse driver 48 determines in steps 63 and 65 based on the device ID of the keyboard/mouse because the device ID of the local keyboard/mouse is different from the device ID of the virtual keyboard/mouse created by the BMC and the secure virtual keyboard/mouse will have a different device ID from the non-secure virtual keyboard/mouse.
Whether from step 63 or the branch from step 65, the method further proceeds to step 66, wherein the UEFI keyboard/mouse driver 48 creates a user-initiated security flag for the intended change of settings for the local user (not shown) and the secure remote user 52. However, from the other branch of step 65, no security flag is created for the intended change of settings initiated by the non-secure user 50. In any event, the method then proceeds to step 68, where the UEFI settings module classifies the settings as safe types (e.g., settings that are critical and should not be changed by an average user) or unsafe types. If the setting is a security setting determined by the UEFI setting module, the method proceeds to step 72 to check if the above-described flag can be found for an intended change in the setting. If the flag is present, it indicates that the intended change is initiated by the local user or a secure remote user, who has sufficient access to the server, including making the intended change. The method then proceeds to step 76 to apply the change in the server settings, and the method then ends. However, if no flag is found in step 72, the UEFI setup module will not apply the change (i.e., "skip") to the setup in step 74, and the method will end thereafter.
If it is determined in step 68 that the setting is not a secure setting, but is simply a normal setting that can be securely changed by all users, the method proceeds directly to step 76 to apply the change in the setting of the server, and the method will then end.
As described above, the BMC 54 provides different roles/access rights for different remote client accounts by assigning non-secure (standard) virtual keyboards/mice or secure virtual keyboards/mice to remote client accounts. The BMC 54 allocates the virtual keyboard/mouse only once and when a new remote user account is created. The allocation of virtual keyboards/mice is shown in more detail in fig. 3 and this is done as a pre-configuration step prior to the method shown in fig. 4. In FIG. 3, the BMC 54 takes no action with the local user, so the local user will do any operation with the server using only the local physical keyboard/mouse at step 86. However, if the user is a remote user, the BMC 54 creates a remote user account for the remote user in step 78. The BMC 54 then further determines whether the remote user account is a secure user account in step 80. This determination is based on the fact whether the remote user belongs to a trusted group. The trusted group contains all secure users. If the BMC 54 determines that the remote user account is a secure user account, the method proceeds to step 84, wherein the BMC 54 assigns a secure virtual keyboard/mouse to the remote user account. Alternatively, if the BMC 54 determines that the remote user account is an unsecure user account (i.e., a normal user), the method proceeds to step 82, wherein the BMC 54 assigns an unsecure virtual keyboard/mouse to the remote user. Note that in either case, the remote user always uses the same remote keyboard/mouse, so only the definition and properties of the virtual keyboard/mouse in the server are changed depending on whether the user is secure.
Fig. 2 shows how different types of remote keyboards may be categorized by UEFI keyboard/mouse drivers 48 (e.g., secure virtual keyboard 44 as determined by the BMC) and non-secure virtual keyboard 42. For local physical keyboards 46 that are directly connected to the motherboard/chassis of the server, they are directly identified and loaded using UEFI keyboard/mouse drivers 48. The UEFI keyboard/mouse driver 48 also provides support for their operation for different types of remote keyboards. A screen 58 containing the security settings to be altered is provided to the local physical keyboard 46 and the secure virtual keyboard 44 as they have flags set by the UEFI keyboard/mouse driver 48. Screen 56 is provided to unsecure remote user 50. In screen 56, no security settings can be altered because remote user 50 does not have secure access rights but only has non-secure virtual keyboard 42.
Thus, exemplary embodiments of the present invention are fully described. Although the description refers to particular embodiments, it will be apparent to one skilled in the art that the present invention may be practiced by modification of these specific details. Thus, the present invention should not be construed as limited to the embodiments set forth herein.
While the invention has been illustrated and described in detail in the drawings and foregoing description, the same is to be considered as illustrative and not restrictive in character, it being understood that only the illustrative embodiments have been shown and described and that no limitation on the scope of the invention is thereby intended. It is to be understood that any of the features described herein may be used with any of the embodiments. The illustrative embodiments do not exclude each other or other embodiments not listed herein. Thus, the invention also provides embodiments that include a combination of one or more of the illustrative embodiments described above. Modifications and variations may be made to the invention described herein without departing from the spirit and scope of the invention, and therefore, these limitations should be imposed only as indicated by the appended claims.
For example, in the above-described embodiments, the server is used as an example of the information processing apparatus to describe. However, those skilled in the art will recognize that other types of information processing devices may be used with the present invention, such as personal desktop computers, notebook computers, cell phones, tablet computers, and the like.
Further, UEFI is used as an example of firmware of an information processing apparatus for authenticating different types of users. However, other types of firmware in various information processing apparatuses may be used for the purposes of the present invention if they can provide drivers to remote user input devices and add the required flags for the intended operation.
In addition, in the above embodiments, the keyboard and mouse are described as local or remote user input devices. It should be appreciated that other types of user input devices may similarly be used to alter settings of the information handling device, such as a touch pad, track ball, etc.
It should also be noted that variations of the present invention may provide the same or different user interfaces for different types of users. For example, for both secure and non-secure users, the screen presented to them may be the same, but without any user input by the non-secure user to alter the security settings. Alternatively, a different screen may be provided to the unsafe user with some screen elements disabled so that the unsafe user cannot actuate them to alter the safety settings. Further alternatively, a simplified screen may be presented to the non-secure user compared to the secure user, and the simplified screen displays only the general/non-secure settings.
In addition, the above-described embodiments refer to a UEFI keyboard/mouse driver that refers to a device ID of a keyboard/mouse to identify whether the keyboard/mouse is secure. The device ID is an identifier of the keyboard/mouse. However, those skilled in the art will recognize that other types of recognition handshakes/methods that rely on identifiers of a keyboard/mouse may also be used between the service processor (e.g., BMC) and the firmware (e.g., UEFI) without departing from the spirit of the present invention. For example, the sub-device ID or device path of the keyboard/mouse may be used as an identifier and may be obtained by the UEFI keyboard/mouse driver to determine whether the keyboard/mouse is secure.
Claims (13)
1. A method for authenticating a user of an information processing apparatus before making a change to a setting of the information processing apparatus, the user initiating the change, the method comprising the steps of:
detecting whether a change request from the user originates from a local user input device or a remote user input device, thereby determining whether the user is secure; wherein, the liquid crystal display device comprises a liquid crystal display device,
if the request for the change originates from the local user input device, then the user is deemed secure;
if the request for the change originates from a secure virtual user input device, then the user is considered secure;
if the request for the change originates from an unsecure virtual user input device, then the user is deemed unsecure;
creating a flag for the change prior to applying the change if the user is secure; and
if the changed flag is found, the change is applied to the setting of the information processing apparatus.
2. The method of claim 1, further comprising: a step of assigning the secure virtual user input device or the non-secure virtual user input device to a remote user account prior to the determining step.
3. The method of claim 1, wherein an identifier for the remote user input device is obtained as a basis for determining whether the remote user input device is the secure virtual user input device or the non-secure virtual user input device.
4. The method of claim 1, further comprising: the steps before the application step:
classifying the setting as a secure type or a non-secure type;
if the setting is of a non-secure type, effecting a change to the setting of the information processing apparatus and simultaneously bypassing the applying step;
if the setting is of a secure type, the applying step is entered.
5. The method of claim 1, wherein the creating step is performed by a device driver of an information processing apparatus of the local user input device or the remote user input device.
6. The method of claim 5, wherein the device driver is provided by a Unified Extensible Firmware Interface (UEFI) of the information processing apparatus.
7. The method of claim 2, wherein the assigning step is performed by a service processor of the information processing apparatus.
8. An information processing apparatus comprising:
a main processor;
a main board on which the processor is mounted; the main board also comprises firmware; the firmware providing settings suitable for manual modification; the firmware is further adapted to determine whether the user is secure or non-secure based on whether a change request from the user originates from a local user input device or a remote user input device, wherein:
if the request for the change originates from the local user input device, the firmware is adapted to determine the user as secure;
if the request for the change originates from a secure virtual user input device, the firmware is adapted to determine the user as secure;
if the request for the change originates from an unsecure virtual user input device, determining the user as unsecure;
wherein, if the user is secure, the firmware is adapted to create a flag for the change before applying the change; the firmware is further adapted to subsequently apply the change to the settings of the information processing apparatus if a flag for the change can be found.
9. The information processing apparatus according to claim 8, further comprising a service processor connected to the main board; the service processor is adapted to assign a secure virtual user input device or a non-secure virtual user input device to a remote user account.
10. The information processing apparatus of claim 8, wherein the firmware is adapted to obtain an identifier for the remote user input device as a basis for determining whether the remote user input device is the secure virtual user input device or the non-secure virtual user input device.
11. The information processing apparatus according to claim 9, wherein the firmware further includes a device driver for the local user input device or the remote user input device.
12. The information processing apparatus of claim 11, wherein the service processor is a Baseband Management Controller (BMC) and the device driver is provided by a Unified Extensible Firmware Interface (UEFI) of the information processing apparatus.
13. The information processing apparatus of claim 9, wherein the service processor is further adapted to classify the setting as a secure type or a non-secure type; the firmware is further adapted to directly influence the change of the setting of the information processing apparatus irrespective of the flag if the setting is of a non-secure type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910169027.6A CN110032414B (en) | 2019-03-06 | 2019-03-06 | Apparatus and method for secure user authentication in remote console mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910169027.6A CN110032414B (en) | 2019-03-06 | 2019-03-06 | Apparatus and method for secure user authentication in remote console mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110032414A CN110032414A (en) | 2019-07-19 |
| CN110032414B true CN110032414B (en) | 2023-06-06 |
Family
ID=67235075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910169027.6A Active CN110032414B (en) | 2019-03-06 | 2019-03-06 | Apparatus and method for secure user authentication in remote console mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110032414B (en) |
Citations (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102819427A (en) * | 2005-09-09 | 2012-12-12 | 微软公司 | Plug and play device redirection method and system for remote systems |
| CN103716160A (en) * | 2012-09-28 | 2014-04-09 | 哈曼贝克自动系统股份有限公司 | Method and apparatus for authenticated access to automotive telematic services |
| CN103944913A (en) * | 2014-04-28 | 2014-07-23 | 浪潮电子信息产业股份有限公司 | Server-oriented safe firmware designing method |
| CN104012132A (en) * | 2011-10-25 | 2014-08-27 | 拓普合公司 | Two-factor authentication systems and methods |
| CN104717261A (en) * | 2013-12-17 | 2015-06-17 | 华为技术有限公司 | Login method and desktop management device |
| CN105227314A (en) * | 2015-08-28 | 2016-01-06 | 飞天诚信科技股份有限公司 | A kind of login enters method and the device of system desktop |
| CN105554098A (en) * | 2015-12-14 | 2016-05-04 | 瑞斯康达科技发展股份有限公司 | Device configuration method, server and system |
| CN105975824A (en) * | 2016-07-21 | 2016-09-28 | 深圳市金立通信设备有限公司 | Method for switching screen unlocking modes and terminal |
| CN106209847A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric data transmission method and device |
| CN106375384A (en) * | 2016-08-28 | 2017-02-01 | 北京瑞和云图科技有限公司 | Management system of mirror network flow in virtual network environment and control method |
| CN106453384A (en) * | 2016-11-09 | 2017-02-22 | 鹤荣育 | Security cloud disk system and security encryption method thereof |
| CN106549976A (en) * | 2016-12-09 | 2017-03-29 | 中南大学 | A kind of method for authenticating user identity and ' In System Reconfiguration Method suitable for transparent computing system |
| CN106873772A (en) * | 2017-01-04 | 2017-06-20 | 乐视控股(北京)有限公司 | A kind of VR virtual units encryption method and equipment |
| CN106982117A (en) * | 2016-01-19 | 2017-07-25 | 阿里巴巴集团控股有限公司 | The implementation method and device of safety input |
| CN107113319A (en) * | 2016-07-14 | 2017-08-29 | 华为技术有限公司 | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification |
| EP2237814A4 (en) * | 2007-11-29 | 2017-10-11 | Fresenius Medical Care Holdings, Inc. | System and method for conducting hemodialysis and hemofiltration |
| CN107292152A (en) * | 2017-05-24 | 2017-10-24 | 舒翔 | A kind of biological characteristic authentication system and biometric authentication method |
| EP3276878A1 (en) * | 2016-07-28 | 2018-01-31 | INFOCERT S.p.A. | Method for the safe authentication of a request made to a remote provider and generated in a personal device with bifurcation of the transmission of an authentication means |
| CN107766118A (en) * | 2016-08-16 | 2018-03-06 | 北京神州泰岳软件股份有限公司 | A kind of method and apparatus of establishment KVM virtual machines |
| CN107846381A (en) * | 2016-09-18 | 2018-03-27 | 阿里巴巴集团控股有限公司 | Network security processing method and equipment |
| CN107911644A (en) * | 2017-12-04 | 2018-04-13 | 吕庆祥 | The method and device of video calling is carried out based on conjecture face expression |
| CN108062846A (en) * | 2016-11-08 | 2018-05-22 | 英业达科技有限公司 | Safety alarm device and the object wearing device with safety alarm device |
| CN108418808A (en) * | 2018-02-07 | 2018-08-17 | 平安科技(深圳)有限公司 | Identity information changes method, apparatus, terminal device and storage medium |
| CN108490964A (en) * | 2018-03-21 | 2018-09-04 | 深圳臻迪信息技术有限公司 | Control method, device and the intelligent terminal of unmanned plane |
| CN108632367A (en) * | 2018-04-18 | 2018-10-09 | 家园网络科技有限公司 | Account correlating method and information-pushing method |
| CN108632452A (en) * | 2018-03-27 | 2018-10-09 | 珠海格力电器股份有限公司 | A kind of schedule update method, apparatus and system |
| CN108845681A (en) * | 2018-06-20 | 2018-11-20 | 武汉科技大学 | A kind of switch key mapping layout method of input equipment |
| CN109040068A (en) * | 2018-08-02 | 2018-12-18 | 中国联合网络通信集团有限公司 | Strange land authentication method, authentication server and the block chain of broadband user |
| CN109150800A (en) * | 2017-06-16 | 2019-01-04 | 中兴通讯股份有限公司 | Login access method, system and storage medium |
| CN109189043A (en) * | 2018-08-30 | 2019-01-11 | 百度在线网络技术(北京)有限公司 | Pilotless automobile condition detection method, device, equipment and storage medium |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100426719C (en) * | 2003-09-01 | 2008-10-15 | 台均科技(深圳)有限公司 | Method of identification between user device and local client use or remote-network service |
| KR100797508B1 (en) * | 2005-08-18 | 2008-01-24 | 엘지전자 주식회사 | Apparatus and method for authentication of a telematics terminal within a mobile vehicle |
| US7930554B2 (en) * | 2007-05-31 | 2011-04-19 | Vasco Data Security,Inc. | Remote authentication and transaction signatures |
| US8105487B2 (en) * | 2007-09-25 | 2012-01-31 | Fresenius Medical Care Holdings, Inc. | Manifolds for use in conducting dialysis |
| JP2014518597A (en) * | 2011-03-31 | 2014-07-31 | ソニーモバイルコミュニケーションズ, エービー | System and method for establishing a communication session associated with an application |
| US10097993B2 (en) * | 2011-07-25 | 2018-10-09 | Ford Global Technologies, Llc | Method and apparatus for remote authentication |
| CN109684813A (en) * | 2012-04-17 | 2019-04-26 | 英特尔公司 | Trust server interaction |
| CN103647766A (en) * | 2013-12-05 | 2014-03-19 | 青岛海尔软件有限公司 | High-security remote access system |
| CN103701608A (en) * | 2013-12-25 | 2014-04-02 | 金蝶软件(中国)有限公司 | Enterprise resource planning (ERP) system-based user right authentication method and system |
| CN105956426A (en) * | 2016-04-26 | 2016-09-21 | 上海斐讯数据通信技术有限公司 | Application program authority authentication and authorization method and intelligent equipment |
| US10681024B2 (en) * | 2017-05-31 | 2020-06-09 | Konica Minolta Laboratory U.S.A., Inc. | Self-adaptive secure authentication system |
-
2019
- 2019-03-06 CN CN201910169027.6A patent/CN110032414B/en active Active
Patent Citations (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102819427A (en) * | 2005-09-09 | 2012-12-12 | 微软公司 | Plug and play device redirection method and system for remote systems |
| EP2237814A4 (en) * | 2007-11-29 | 2017-10-11 | Fresenius Medical Care Holdings, Inc. | System and method for conducting hemodialysis and hemofiltration |
| CN104012132A (en) * | 2011-10-25 | 2014-08-27 | 拓普合公司 | Two-factor authentication systems and methods |
| CN103716160A (en) * | 2012-09-28 | 2014-04-09 | 哈曼贝克自动系统股份有限公司 | Method and apparatus for authenticated access to automotive telematic services |
| CN104717261A (en) * | 2013-12-17 | 2015-06-17 | 华为技术有限公司 | Login method and desktop management device |
| CN103944913A (en) * | 2014-04-28 | 2014-07-23 | 浪潮电子信息产业股份有限公司 | Server-oriented safe firmware designing method |
| CN105227314A (en) * | 2015-08-28 | 2016-01-06 | 飞天诚信科技股份有限公司 | A kind of login enters method and the device of system desktop |
| CN105554098A (en) * | 2015-12-14 | 2016-05-04 | 瑞斯康达科技发展股份有限公司 | Device configuration method, server and system |
| CN106982117A (en) * | 2016-01-19 | 2017-07-25 | 阿里巴巴集团控股有限公司 | The implementation method and device of safety input |
| CN106209847A (en) * | 2016-07-13 | 2016-12-07 | 国网河南省电力公司南阳供电公司 | Electric data transmission method and device |
| CN107113319A (en) * | 2016-07-14 | 2017-08-29 | 华为技术有限公司 | Method, device, system and the proxy server of response in a kind of Virtual Networking Computing certification |
| CN105975824A (en) * | 2016-07-21 | 2016-09-28 | 深圳市金立通信设备有限公司 | Method for switching screen unlocking modes and terminal |
| EP3276878A1 (en) * | 2016-07-28 | 2018-01-31 | INFOCERT S.p.A. | Method for the safe authentication of a request made to a remote provider and generated in a personal device with bifurcation of the transmission of an authentication means |
| CN107766118A (en) * | 2016-08-16 | 2018-03-06 | 北京神州泰岳软件股份有限公司 | A kind of method and apparatus of establishment KVM virtual machines |
| CN106375384A (en) * | 2016-08-28 | 2017-02-01 | 北京瑞和云图科技有限公司 | Management system of mirror network flow in virtual network environment and control method |
| CN107846381A (en) * | 2016-09-18 | 2018-03-27 | 阿里巴巴集团控股有限公司 | Network security processing method and equipment |
| CN108062846A (en) * | 2016-11-08 | 2018-05-22 | 英业达科技有限公司 | Safety alarm device and the object wearing device with safety alarm device |
| CN106453384A (en) * | 2016-11-09 | 2017-02-22 | 鹤荣育 | Security cloud disk system and security encryption method thereof |
| CN106549976A (en) * | 2016-12-09 | 2017-03-29 | 中南大学 | A kind of method for authenticating user identity and ' In System Reconfiguration Method suitable for transparent computing system |
| CN106873772A (en) * | 2017-01-04 | 2017-06-20 | 乐视控股(北京)有限公司 | A kind of VR virtual units encryption method and equipment |
| CN107292152A (en) * | 2017-05-24 | 2017-10-24 | 舒翔 | A kind of biological characteristic authentication system and biometric authentication method |
| CN109150800A (en) * | 2017-06-16 | 2019-01-04 | 中兴通讯股份有限公司 | Login access method, system and storage medium |
| CN107911644A (en) * | 2017-12-04 | 2018-04-13 | 吕庆祥 | The method and device of video calling is carried out based on conjecture face expression |
| CN108418808A (en) * | 2018-02-07 | 2018-08-17 | 平安科技(深圳)有限公司 | Identity information changes method, apparatus, terminal device and storage medium |
| CN108490964A (en) * | 2018-03-21 | 2018-09-04 | 深圳臻迪信息技术有限公司 | Control method, device and the intelligent terminal of unmanned plane |
| CN108632452A (en) * | 2018-03-27 | 2018-10-09 | 珠海格力电器股份有限公司 | A kind of schedule update method, apparatus and system |
| CN108632367A (en) * | 2018-04-18 | 2018-10-09 | 家园网络科技有限公司 | Account correlating method and information-pushing method |
| CN108845681A (en) * | 2018-06-20 | 2018-11-20 | 武汉科技大学 | A kind of switch key mapping layout method of input equipment |
| CN109040068A (en) * | 2018-08-02 | 2018-12-18 | 中国联合网络通信集团有限公司 | Strange land authentication method, authentication server and the block chain of broadband user |
| CN109189043A (en) * | 2018-08-30 | 2019-01-11 | 百度在线网络技术(北京)有限公司 | Pilotless automobile condition detection method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110032414A (en) | 2019-07-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10075532B2 (en) | Method and system for controlling remote session on computer systems | |
| US11509603B2 (en) | Systems and methods for dynamic adjustment of workspaces based on available local hardware | |
| US11316902B2 (en) | Systems and methods for securing a dynamic workspace in an enterprise productivity ecosystem | |
| US10757079B2 (en) | Method and system for controlling remote session on computer systems using a virtual channel | |
| US11843509B2 (en) | Systems and methods for workspace continuity and remediation | |
| US20120089833A1 (en) | Secure deployment of provable identity for dynamic application environments | |
| US10938743B1 (en) | Systems and methods for continuous evaluation of workspace definitions using endpoint context | |
| US11657126B2 (en) | Systems and methods for dynamic workspace targeting with crowdsourced user context | |
| US9444912B1 (en) | Virtual mobile infrastructure for mobile devices | |
| US11334675B2 (en) | Systems and methods for supporting secure transfer of data between workspaces | |
| CN108205619B (en) | Multi-user management method and device based on android system | |
| CN111433770A (en) | User-selected key authentication | |
| US20230325522A1 (en) | Systems and methods for securely deploying a collective workspace across multiple local management agents | |
| US11762750B2 (en) | Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem | |
| US11659005B2 (en) | Systems and methods for self-protecting and self-refreshing workspaces | |
| CN116615714A (en) | Creating and handling workspace intrusion Indicators (IOCs) based on configuration drift | |
| US20060053277A1 (en) | System and method for remote security enablement | |
| CN110138798B (en) | Cloud desktop management method, device and equipment and readable storage medium | |
| CN110032414B (en) | Apparatus and method for secure user authentication in remote console mode | |
| US20210136082A1 (en) | Multilevel authorization of workspaces using certificates | |
| US20190356655A1 (en) | Techniques of using facial recognition to authenticate kvm users at service processor | |
| US20230229458A1 (en) | Systems and methods for configuring settings of an ihs (information handling system) | |
| WO2023132997A1 (en) | Quorum-based authorization | |
| US10162986B2 (en) | Techniques of improving KVM security under KVM sharing | |
| CN112437123B (en) | Resource management method, device, computer system and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |