CN113505355A - Cloud desktop security access method and device - Google Patents

Cloud desktop security access method and device Download PDF

Info

Publication number
CN113505355A
CN113505355A CN202110690721.XA CN202110690721A CN113505355A CN 113505355 A CN113505355 A CN 113505355A CN 202110690721 A CN202110690721 A CN 202110690721A CN 113505355 A CN113505355 A CN 113505355A
Authority
CN
China
Prior art keywords
fingerprint
cloud desktop
characteristic information
user
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110690721.XA
Other languages
Chinese (zh)
Inventor
余泽喜
蒋华平
刘宇新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Big Data Technologies Co Ltd
Original Assignee
New H3C Big Data Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Big Data Technologies Co Ltd filed Critical New H3C Big Data Technologies Co Ltd
Priority to CN202110690721.XA priority Critical patent/CN113505355A/en
Publication of CN113505355A publication Critical patent/CN113505355A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation

Abstract

The invention provides a cloud desktop security access method and device, which are used for solving the technical problem of low security of cloud desktop access. According to the technical scheme, the server binds the user with the fingerprint feature information in the fingerprint registration process, and generates a public key and a private key based on the fingerprint feature information, wherein the public key is used for encrypting cloud desktop data, and the private key is used for verifying the identity of the user. According to the cloud desktop data encryption method and device, the public key generated by the fingerprint feature information of the authorized user is used for encrypting the cloud desktop data, so that the cloud desktop data can be accessed only by authorized people, and the safety of the cloud desktop data can be improved.

Description

Cloud desktop security access method and device
Technical Field
The disclosure relates to the technical field of cloud computing, in particular to a cloud desktop security access method and device.
Background
The cloud desktop is more and more widely applied to the office environment of the enterprise, the operation and maintenance convenience and high efficiency are brought to the enterprise, and meanwhile, the requirement of the enterprise on the safety of the cloud desktop is higher and higher.
For a scene with low safety requirements, the cloud desktop terminal can obtain the authentication of the server side as long as knowing the address, the login account and the password of the cloud desktop server, and the server side can authorize the user to use the cloud desktop after the authentication of the user input account and the password passes.
For a scene with relatively high safety requirements, fingerprint characteristic information can be introduced, user fingerprint registration is carried out before authentication login of the cloud desktop, a server generates a fingerprint ID and binds the fingerprint ID with a user name according to the fingerprint information, and an administrator authorizes and allocates the cloud desktop. In the login process, firstly, the fingerprint of the user is collected, the fingerprint is uploaded to the server to check the validity of the fingerprint, and the authorized desktop can be obtained after the fingerprint is successfully matched.
At present, a common method is that fixed keys are used for encrypting cloud desktop data, the encryption mode of the cloud desktop data is simple, but after an authorization relationship is tampered, a security risk exists in a cloud desktop encrypted by using a common character string key, and the cloud desktop can be used by others after being authorized by others. In addition, after the cloud desktop data is captured by the network, the cloud desktop data is easy to crack by means of a tool under the condition that a secret key or a root certificate is known.
Disclosure of Invention
In view of this, the present disclosure provides a cloud desktop security access method and apparatus, which are used to solve the technical problem that the security of cloud desktop access is not high.
Based on the embodiment of the disclosure, the disclosure provides a cloud desktop security access method, which is applied to a server side and comprises the following steps:
receiving a fingerprint registration message sent by a cloud desktop client, wherein the fingerprint registration message carries fingerprint characteristic information of a user;
binding the fingerprint characteristic information with a user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm;
after login authentication is successful through a user name and a password, a fingerprint acquisition request is sent to a cloud desktop client;
after a fingerprint verification request sent by the cloud desktop client is received, comparing fingerprint characteristic information carried in the fingerprint verification request with fingerprint characteristic information of a user stored in an authentication database, and when the fingerprint characteristic information is judged to be consistent, sending a fingerprint authentication success response message to the cloud desktop client, wherein a cloud desktop list authorized to the user is carried in the fingerprint authentication success response message.
Further, the method further comprises:
after receiving the connection request of the selected cloud desktop, the server encrypts the cloud desktop data by using a public key generated through the fingerprint feature information of the user in the registration process, and sends the encrypted cloud desktop data to the cloud desktop client.
Further, when the user name, the password and the fingerprint characteristic information are transmitted between the cloud desktop client and the server, encryption and decryption are performed by adopting a national encryption algorithm.
On the other hand, the present disclosure provides a cloud desktop security access method, which is applied to a cloud desktop client, and includes:
the fingerprint registration information is sent to the server side so that the server side can bind the fingerprint characteristic information with the user name, and a public key and a private key are generated based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm; wherein, the fingerprint registration message carries the fingerprint characteristic information of the user;
after login authentication is successful through a user name and a password, when a fingerprint acquisition request sent by a server is received, fingerprint characteristic information of a user is collected, the collected fingerprint characteristic information is sent to the server through a fingerprint verification request, so that the server verifies whether the fingerprint characteristic information in the fingerprint verification request is consistent with the fingerprint characteristic information of the user stored in an authentication database, and sends a cloud desktop list authorized for the user to a cloud desktop client under the condition of consistency.
Further, the method further comprises: after receiving a cloud desktop list which is sent by a server and authorized for a user, sending a connection request of a selected cloud desktop to the server;
and after receiving the cloud desktop data sent by the server, decrypting the cloud desktop data sent by the server by using a private key calculated based on the fingerprint characteristic information of the user.
On the other hand, the present disclosure provides a cloud desktop security access device, which is applied to a server, and the device includes:
the first fingerprint registration module receives a fingerprint registration message sent by the cloud desktop client, wherein the fingerprint registration message carries fingerprint characteristic information of a user; binding the fingerprint characteristic information with a user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm;
the first login authentication module is used for processing login authentication of the cloud desktop client based on a user name and a password; after login authentication is successful, a fingerprint acquisition request is sent to the cloud desktop client;
the first fingerprint verification module is used for comparing fingerprint characteristic information carried in the fingerprint verification request with fingerprint characteristic information of the user stored in the authentication database after receiving the fingerprint verification request sent by the cloud desktop client, and sending a fingerprint authentication success response message to the cloud desktop client when the fingerprint characteristic information is judged to be consistent with the fingerprint characteristic information of the user, wherein the fingerprint authentication success response message carries a cloud desktop list authorized for the user.
Further, the apparatus further comprises: the first desktop data processing module is used for encrypting the cloud desktop data by using a public key generated through the fingerprint feature information of the user in the registration process after receiving the connection request of the selected cloud desktop, and sending the encrypted cloud desktop data to the cloud desktop client.
Further, fingerprint registration information sent by the cloud desktop client, a user name and a password carried in login information and fingerprint characteristic information are encrypted by adopting a national encryption algorithm, and the server side decrypts by adopting the same encryption algorithm.
On the other hand, the present disclosure provides a cloud desktop security access device, which is applied to a cloud desktop client, where the device includes:
the second fingerprint registration module is used for sending a fingerprint registration message to the server so that the server binds the fingerprint characteristic information with the user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm; wherein, the fingerprint registration message carries the fingerprint characteristic information of the user;
the second login authentication module is used for initiating login authentication based on a user name and a password to the server;
and the second fingerprint verification module is used for acquiring fingerprint characteristic information of the user when a fingerprint acquisition request sent by the server is received after login authentication is successful through the user name and the password, and sending the acquired fingerprint characteristic information to the server through the fingerprint verification request, so that the server verifies whether the fingerprint characteristic information in the fingerprint verification request is consistent with the fingerprint characteristic information of the user stored in the authentication database, and sends a cloud desktop list authorized to the user to the cloud desktop client under the condition of consistency.
Further, the apparatus further comprises: the second desktop data processing module is used for sending a connection request of the selected cloud desktop to the server after receiving a cloud desktop list which is sent by the server and authorized to the user; and after receiving the cloud desktop data sent by the server, decrypting the cloud desktop data sent by the server by using a private key calculated based on the fingerprint characteristic information of the user.
According to the technical scheme, the server binds the user with the fingerprint feature information in the fingerprint registration process, and generates a public key and a private key based on the fingerprint feature information, wherein the public key is used for encrypting cloud desktop data, and the private key is used for verifying the identity of the user. The terminal equipment where the cloud desktop client is located does not need to store user fingerprint information, fingerprint data does not fall to the ground, and data safety is guaranteed. According to the cloud desktop data encryption method and device, the public key generated by the fingerprint feature information of the authorized user is used for encrypting the cloud desktop data, so that the cloud desktop data can be accessed only by authorized people, and the safety of the cloud desktop data can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present disclosure or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present disclosure.
Fig. 1 is a flowchart of a secure access method for a cloud desktop according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a cloud desktop security access device of a server according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of a cloud desktop security access device of a client terminal according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the present disclosure. As used in the embodiments of the present disclosure, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The term "and/or" as used in this disclosure is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information in the embodiments of the present disclosure, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of embodiments of the present disclosure. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
The present disclosure is directed to a cloud desktop security access method for improving security of a cloud desktop system. According to the method and the device, fingerprint encryption is performed on the cloud desktop data by using the fingerprint of the authorized user, so that the cloud desktop data can be accessed only by authorized people, and the security of the desktop data is protected to the greatest extent.
Fig. 1 is a flowchart illustrating steps of a secure access method for a cloud desktop according to an embodiment of the present disclosure, where the method includes:
step 100, the cloud desktop client acquires a user fingerprint through fingerprint equipment to obtain fingerprint characteristic information, and sends a fingerprint registration message to the server, wherein the fingerprint registration message carries the fingerprint characteristic information of the user;
in the case where the user has registered a username and password, the fingerprint registration message may be sent separately through the cloud desktop client. If the user is not registered, the user name and the password can be carried in the fingerprint registration message at the same time, and the binding of the user and the fingerprint information is completed at the same time.
The user name, the password and the fingerprint feature information of the cloud desktop user can be sent to the server side through the encryption channel and the security network channel.
Step 101, the server binds the fingerprint characteristic information with the user name, generates a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm, and stores the fingerprint characteristic information, the user name, the public key and the private key into an authentication database;
the administrator can assign the cloud desktop for the user authorization according to the fingerprint feature information and/or the user name. The management platform may configure whether fingerprint verification is enabled.
After the steps are completed, the user and the user fingerprint registration are completed.
102, the cloud desktop client sends a login authentication request to the server, wherein the login authentication request carries a user name and a password;
when a user requests to use the cloud desktop, the cloud desktop client requires the user to input a user name and a password for login authentication, and after the user inputs the user name and the password, the cloud desktop client sends the user name and the password to the server through a login authentication request message and the server performs authentication. The username and password in the login authentication request may be transmitted in an encrypted manner.
103, after receiving a login authentication request sent by the cloud desktop client, the server authenticates the user name and the password in the login authentication request based on the user name and the password registered in the authentication database;
if the authentication fails, the server side feeds authentication failure information back to the cloud desktop client side.
104, after the user name and the password pass authentication, the server side sends a fingerprint acquisition request to the cloud desktop client side;
step 105, after receiving the fingerprint acquisition request, the cloud desktop client acquires user fingerprint characteristic information through the fingerprint equipment, and encrypts and sends the acquired fingerprint characteristic information to the server through the fingerprint verification request;
step 106, after receiving the fingerprint verification request, the server decrypts the fingerprint characteristic information of the user from the request, compares the fingerprint characteristic information carried in the request with the fingerprint characteristic information of the user stored in the authentication database, and sends a fingerprint authentication success response message to the cloud desktop client when the fingerprint characteristic information is judged to be consistent with the fingerprint characteristic information of the user, wherein the cloud desktop list authorized to the user is carried in the fingerprint authentication success response message; and when the authentication information is inconsistent, feeding authentication failure information back to the cloud desktop client.
When the user name, the password and the fingerprint characteristic information are transmitted between the cloud desktop client and the server, a national secret encryption algorithm (such as a national secret SM 4) can be adopted to encrypt and decrypt the key information so as to ensure the security in the authentication stage.
Further, after the cloud desktop client obtains the cloud desktop list fed back by the server, the following interaction processing steps of the cloud desktop data are also included:
step 107, after the cloud desktop client receives the cloud desktop list which is sent by the server and authorized to the user, selecting a cloud desktop to be used from the cloud desktop list, and initiating a connection request of the selected cloud desktop through the cloud desktop client;
step 108, after receiving the connection request of the selected cloud desktop, the server encrypts cloud desktop data by using a public key generated by the fingerprint characteristic information of the user in the registration process, and sends the encrypted cloud desktop data to the cloud desktop client;
and step 109, after the cloud desktop client receives the cloud desktop data sent by the server, the cloud desktop data sent by the server is decrypted by using a private key calculated based on the fingerprint characteristic information of the user, and the image/audio/video data of the cloud desktop is displayed on the cloud desktop terminal equipment.
After successful login authentication through the user name and the password, the cloud desktop client generates a public key and a private key based on the fingerprint characteristic information of the local user by using the same encryption algorithm as that of the server, and decrypts the cloud desktop data sent by the server by using the private key. When the cloud desktop client sends the interactive data of the cloud desktop to the server, the public key can be used for encryption, and the server uses the private key for decryption, so that the identity of the user can be verified.
In the step of collecting the user fingerprint through the fingerprint device, a method of collecting and comparing for multiple times can be adopted to ensure that the collected fingerprint is accurate, for example, after fingerprint information obtained by continuous 3-time collection is consistent, corresponding fingerprint characteristic information is sent to a server side for fingerprint verification.
If the fingerprint registration information of the user needs to be cancelled, the server can be informed to delete the fingerprint characteristic information of the user bound at the server by sending a fingerprint deletion message to the server after the login authentication is passed. Before the fingerprint is deleted, account password information bound with the fingerprint information needs to be input, and the identity of the deleted fingerprint is confirmed.
And after fingerprint information is collected, the cloud desktop client can generate a private key by using an openssl tool for decrypting cloud desktop data.
According to the cloud desktop security access method, a server side generates a secret key (a public key and a private key) according to fingerprint information registered by a user, the public key is used for encrypting cloud desktop data, and the private key is used for verifying the identity of the user and decrypting the cloud desktop data. The terminal equipment where the cloud desktop client is located does not need to store user fingerprint information, fingerprint data does not fall to the ground, and data safety is guaranteed. The cloud desktop client can decrypt the cloud desktop data only after the fingerprint authentication is passed, and the security of the cloud desktop data can be improved.
Fig. 2 is a schematic structural diagram of a cloud desktop security access apparatus located at a server according to an embodiment of the present disclosure, and each functional module in the apparatus 200 may be implemented by software, hardware, or a combination of software and hardware. The apparatus 200 comprises:
the first fingerprint registration module 201 receives a fingerprint registration message sent by a cloud desktop client, wherein the fingerprint registration message carries fingerprint feature information of a user; binding the fingerprint characteristic information with a user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm;
the first login authentication module 202 is configured to process login authentication of the cloud desktop client based on a user name and a password; after login authentication is successful, a fingerprint acquisition request is sent to the cloud desktop client;
the first fingerprint verification module 203 is configured to compare fingerprint feature information carried in a fingerprint verification request with fingerprint feature information of a user stored in an authentication database after receiving the fingerprint verification request sent by the cloud desktop client, and send a fingerprint authentication success response message to the cloud desktop client when the fingerprint feature information is determined to be consistent with the fingerprint feature information of the user, where the fingerprint authentication success response message carries a cloud desktop list authorized for the user.
Further, the apparatus 200 further comprises: the first desktop data processing module 204 is configured to encrypt the cloud desktop data by using a public key generated through the fingerprint feature information of the user in the registration process after receiving the connection request of the selected cloud desktop, and send the encrypted cloud desktop data to the cloud desktop client.
Fingerprint registration information sent by the cloud desktop client, a user name and a password carried in login information and fingerprint characteristic information are encrypted by adopting a national encryption algorithm, and the server side decrypts by adopting the same encryption algorithm.
Fig. 3 is a schematic structural diagram of a cloud desktop security access apparatus located at a terminal device side cloud desktop client according to an embodiment of the present disclosure, and each functional module in the apparatus 300 may be implemented in a software, hardware, or a combination of software and hardware. The apparatus 300 comprises:
the second fingerprint registration module 301 is configured to send a fingerprint registration message to the server, so that the server binds the fingerprint feature information with the user name, and generates a public key and a private key based on the fingerprint feature information by using an asymmetric encryption algorithm; wherein, the fingerprint registration message carries the fingerprint characteristic information of the user;
a second login authentication module 302, configured to initiate login authentication based on a user name and a password to a server;
the second fingerprint verification module 303 is configured to, after login authentication is successful through a user name and a password, acquire fingerprint feature information of a user when a fingerprint acquisition request sent by a server is received, and send the acquired fingerprint feature information to the server through the fingerprint verification request, so that the server verifies whether the fingerprint feature information in the fingerprint verification request is consistent with the fingerprint feature information of the user stored in the authentication database, and sends a cloud desktop list authorized for the user to the cloud desktop client under the consistent condition.
Further, the apparatus 300 further comprises: the second desktop data processing module 304 is configured to send a connection request of a selected cloud desktop to the server after receiving a cloud desktop list which is sent by the server and authorized for the user; and after receiving the cloud desktop data sent by the server, decrypting the cloud desktop data sent by the server by using a private key calculated based on the fingerprint characteristic information of the user.
Fig. 4 is a schematic structural diagram of an electronic device capable of implementing the secure access method of the cloud desktop provided by the present disclosure, where the device 400 includes: a processor 410 such as a Central Processing Unit (CPU), a communication bus 420, a communication interface 440, and a storage medium 430. Wherein the processor 410 and the storage medium 430 can communicate with each other through a communication bus 420. The storage medium 430 stores therein a computer program, and when the computer program is executed by the processor 410, the functions of the steps of the cloud desktop security access method of the server or the cloud desktop security access method of the cloud desktop client according to the present disclosure may be implemented.
The storage medium may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. In addition, the storage medium may be at least one memory device located remotely from the processor. The Processor may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), etc.; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It should be recognized that embodiments of the present disclosure can be realized and implemented by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory memory. The method may be implemented in a computer program using standard programming techniques, including a non-transitory storage medium configured with the computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose. Further, operations of processes described by the present disclosure may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described in this disclosure (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) executing collectively on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the disclosure may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described in this disclosure includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The disclosure also includes the computer itself when programmed according to the methods and techniques described in this disclosure.
The above description is only an example of the present disclosure and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (10)

1. A cloud desktop security access method is applied to a server side and comprises the following steps:
receiving a fingerprint registration message sent by a cloud desktop client, wherein the fingerprint registration message carries fingerprint characteristic information of a user;
binding the fingerprint characteristic information with a user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm;
after login authentication is successful through a user name and a password, a fingerprint acquisition request is sent to a cloud desktop client;
after a fingerprint verification request sent by the cloud desktop client is received, comparing fingerprint characteristic information carried in the fingerprint verification request with fingerprint characteristic information of a user stored in an authentication database, and when the fingerprint characteristic information is judged to be consistent, sending a fingerprint authentication success response message to the cloud desktop client, wherein a cloud desktop list authorized to the user is carried in the fingerprint authentication success response message.
2. The method of claim 1, further comprising:
after receiving the connection request of the selected cloud desktop, the server encrypts the cloud desktop data by using a public key generated through the fingerprint feature information of the user in the registration process, and sends the encrypted cloud desktop data to the cloud desktop client.
3. The method of claim 1,
and when the user name, the password and the fingerprint characteristic information are transmitted between the cloud desktop client and the server, encryption and decryption are performed by adopting a national secret encryption algorithm.
4. A cloud desktop security access method is applied to a cloud desktop client, and comprises the following steps:
the fingerprint registration information is sent to the server side so that the server side can bind the fingerprint characteristic information with the user name, and a public key and a private key are generated based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm; wherein, the fingerprint registration message carries the fingerprint characteristic information of the user;
after login authentication is successful through a user name and a password, when a fingerprint acquisition request sent by a server is received, fingerprint characteristic information of a user is collected, the collected fingerprint characteristic information is sent to the server through a fingerprint verification request, so that the server verifies whether the fingerprint characteristic information in the fingerprint verification request is consistent with the fingerprint characteristic information of the user stored in an authentication database, and sends a cloud desktop list authorized for the user to a cloud desktop client under the condition of consistency.
5. The method of claim 4, further comprising:
after receiving a cloud desktop list which is sent by a server and authorized for a user, sending a connection request of a selected cloud desktop to the server;
and after receiving the cloud desktop data sent by the server, decrypting the cloud desktop data sent by the server by using a private key calculated based on the fingerprint characteristic information of the user.
6. A cloud desktop security access device is applied to a server side, and comprises:
the first fingerprint registration module receives a fingerprint registration message sent by the cloud desktop client, wherein the fingerprint registration message carries fingerprint characteristic information of a user; binding the fingerprint characteristic information with a user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm;
the first login authentication module is used for processing login authentication of the cloud desktop client based on a user name and a password; after login authentication is successful, a fingerprint acquisition request is sent to the cloud desktop client;
the first fingerprint verification module is used for comparing fingerprint characteristic information carried in the fingerprint verification request with fingerprint characteristic information of the user stored in the authentication database after receiving the fingerprint verification request sent by the cloud desktop client, and sending a fingerprint authentication success response message to the cloud desktop client when the fingerprint characteristic information is judged to be consistent with the fingerprint characteristic information of the user, wherein the fingerprint authentication success response message carries a cloud desktop list authorized for the user.
7. The apparatus of claim 6, further comprising:
the first desktop data processing module is used for encrypting the cloud desktop data by using a public key generated through the fingerprint feature information of the user in the registration process after receiving the connection request of the selected cloud desktop, and sending the encrypted cloud desktop data to the cloud desktop client.
8. The apparatus of claim 6,
fingerprint registration information sent by the cloud desktop client, a user name and a password carried in login information and fingerprint characteristic information are encrypted by adopting a national encryption algorithm, and the server side decrypts by adopting the same encryption algorithm.
9. A cloud desktop security access device is applied to a cloud desktop client, and comprises:
the second fingerprint registration module is used for sending a fingerprint registration message to the server so that the server binds the fingerprint characteristic information with the user name, and generating a public key and a private key based on the fingerprint characteristic information by adopting an asymmetric encryption algorithm; wherein, the fingerprint registration message carries the fingerprint characteristic information of the user;
the second login authentication module is used for initiating login authentication based on a user name and a password to the server;
and the second fingerprint verification module is used for acquiring fingerprint characteristic information of the user when a fingerprint acquisition request sent by the server is received after login authentication is successful through the user name and the password, and sending the acquired fingerprint characteristic information to the server through the fingerprint verification request, so that the server verifies whether the fingerprint characteristic information in the fingerprint verification request is consistent with the fingerprint characteristic information of the user stored in the authentication database, and sends a cloud desktop list authorized to the user to the cloud desktop client under the condition of consistency.
10. The apparatus of claim 9, further comprising:
the second desktop data processing module is used for sending a connection request of the selected cloud desktop to the server after receiving a cloud desktop list which is sent by the server and authorized to the user; and after receiving the cloud desktop data sent by the server, decrypting the cloud desktop data sent by the server by using a private key calculated based on the fingerprint characteristic information of the user.
CN202110690721.XA 2021-06-22 2021-06-22 Cloud desktop security access method and device Pending CN113505355A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110690721.XA CN113505355A (en) 2021-06-22 2021-06-22 Cloud desktop security access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110690721.XA CN113505355A (en) 2021-06-22 2021-06-22 Cloud desktop security access method and device

Publications (1)

Publication Number Publication Date
CN113505355A true CN113505355A (en) 2021-10-15

Family

ID=78010305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110690721.XA Pending CN113505355A (en) 2021-06-22 2021-06-22 Cloud desktop security access method and device

Country Status (1)

Country Link
CN (1) CN113505355A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640526A (en) * 2022-03-21 2022-06-17 重庆市规划和自然资源信息中心 Commercial cipher algorithm-based web application data encryption technology implementation method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640526A (en) * 2022-03-21 2022-06-17 重庆市规划和自然资源信息中心 Commercial cipher algorithm-based web application data encryption technology implementation method

Similar Documents

Publication Publication Date Title
JP6941146B2 (en) Data security service
CN107251035B (en) Account recovery protocol
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user
CN102479304B (en) Method, client and system for software access control
CN109005155B (en) Identity authentication method and device
JP6911122B2 (en) Permission method and system to acquire terminal attack warning message log
CN107483495B (en) Big data cluster host management method, management system and server
CN109922027B (en) Credible identity authentication method, terminal and storage medium
EP1886204B1 (en) Transaction method and verification method
CN111031047A (en) Device communication method, device, computer device and storage medium
US20220311767A1 (en) Method and system for granting remote access to an electronic device
CN101771680B (en) Method for writing data to smart card, system and remote writing-card terminal
CN113886771A (en) Software authorization authentication method
CN112887340B (en) Password resetting method and device, service management terminal and storage medium
TW201531080A (en) Device certificate provision apparatus, device certificate provision system, and device certificate provision program
US20100031045A1 (en) Methods and system and computer medium for loading a set of keys
CN109462572B (en) Multi-factor authentication method, system, storage medium and security gateway based on encryption card and UsbKey
CN110659471A (en) Identity authentication login method in cloud environment
CN113505355A (en) Cloud desktop security access method and device
CN108234126B (en) System and method for remote account opening
CN112351043A (en) Vehicle navigation factory setting password management method and system
JP2009199147A (en) Communication control method and communication control program
CN110807210A (en) Information processing method, platform, system and computer storage medium
CN112118209A (en) Account number operation method and device of vehicle equipment
CN115941328A (en) Sharable user data encryption processing method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination