WO2015090116A1 - Procédé de connexion et dispositif de gestion de bureaux - Google Patents
Procédé de connexion et dispositif de gestion de bureaux Download PDFInfo
- Publication number
- WO2015090116A1 WO2015090116A1 PCT/CN2014/089858 CN2014089858W WO2015090116A1 WO 2015090116 A1 WO2015090116 A1 WO 2015090116A1 CN 2014089858 W CN2014089858 W CN 2014089858W WO 2015090116 A1 WO2015090116 A1 WO 2015090116A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- login
- account
- password
- virtual machine
- registered
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Definitions
- the present invention relates to the field of communications technologies, and in particular, to a login method and a desktop management device.
- the definition of the desktop cloud is: through the thin client or any other network connected device To access cross-platform applications, as well as the entire customer desktop.
- the desktop cloud system requires a terminal to connect through the network, so that users get the same user experience as traditional desktop systems and applications, and this user experience is not limited to specific operating systems and applications. . That is to say, the user only needs a thin client device, or any other device that can connect to the network, through a dedicated program or browser, can access the personal desktop and various applications residing on the server side, and the user experience and peacetime use the tradition
- the personal computer is exactly the same.
- the authentication methods are various. For example, single sign-on with domain account password, single sign-on and non-single sign-on for smart card, or domain account password combined with dynamic password login. Among them, in terms of cost and ease of use, the cheapest and most widely used access authentication method is still a single sign-on method based on domain account password.
- AD domain control server for user management and authentication.
- AD domain control server may have a series of security risks such as data leakage, and other non-AD management authentication servers, two sets of accounts are required to log in to the desktop management device and log in to the virtual machine. The password is more complicated.
- the technical problem to be solved by the embodiments of the present invention is to provide a login method and a desktop management device. To improve the security of the desktop cloud system and ensure the convenience of single sign-on.
- a first aspect of the embodiments of the present invention provides a login method, which may include:
- the desktop management device receives the login request of the cloud terminal, and performs identity authentication on the non-AD management authentication server.
- the authentication is passed, the login account and the login password for the single sign-on are saved, the virtual machine selected message sent by the cloud terminal is received, the login ticket is generated according to the login account and the login password, and the login ticket is sent to the login ticket.
- the cloud terminal so that the cloud terminal sends the login ticket to a selected virtual machine, where the login account is located in a local account group of the virtual machine;
- the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is that the cloud terminal is in the non-AD
- the registration password registered with the registration account registered by the authentication server is managed.
- the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is that the desktop management device is configured according to the The random password generated by the account.
- the login account is a unique administrator account in the virtual machine local account group, and the login password is generated by the desktop management device according to the administrator account. random code.
- the login account is the cloud terminal
- the associated account of the registered account registered by the non-AD management authentication server, the login password is a random password generated by the desktop management device according to the associated account.
- the desktop management device saves the login account and login When the password is used, the encryption method is used.
- the desktop management device configures an expiration date for the login account, the login password, and the login ticket.
- the login account is sent by the desktop management device to a local account group of the virtual machine in.
- a second aspect of the embodiments of the present invention provides a desktop management device, which may include:
- a receiving unit configured to receive a login request of the cloud terminal, and perform identity authentication on the non-AD management authentication server;
- a generating unit configured to save a login account and a login password for single sign-on, receive a virtual machine selected message sent by the cloud terminal, generate a login ticket according to the login account and a login password, and if Sending the login ticket to the cloud terminal, so that the cloud terminal sends the login ticket to the selected virtual machine, where the login account is located in a local account group of the virtual machine;
- a sending unit configured to send the login account and a login password to the virtual machine or send the login password to the virtual machine, so that the virtual machine updates a password of a login account in a local account group For the login password;
- An authentication unit configured to receive a login ticket authentication request sent by the virtual machine, and if the authentication is passed, return the login account and the login password to the virtual machine, so that the virtual machine automatically uses the login account and login The password completes the local login.
- the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is that the cloud terminal is in the non-AD
- the registration password registered with the registration account registered by the authentication server is managed.
- the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is the desktop The random password generated by the management device according to the registered account.
- the login account is a unique administrator account in the virtual machine local account group, and the login password is generated by the desktop management device according to the administrator account. random code.
- the login account is an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server, and the login password is the desktop management device according to the desktop management device.
- the random password generated by the associated account is an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server.
- the generating unit is further configured to save the login account And when the password is logged in, the encryption method is used.
- the generating unit is further configured to configure an expiration date for the login account, the login password, and the login ticket.
- the login account is sent by the sending unit to a local account group of the virtual machine. .
- the device saves the login account in the local account group of the VM and updates the password of the account to the login password before logging in to the VM. The user does not need to enter another account password to log in again on the VM to ensure the desktop cloud system. The convenience of single sign-on.
- FIG. 1 is a schematic flow chart of a first embodiment of a login method of the present invention
- FIG. 2 is a schematic flow chart of a second embodiment of the login method of the present invention.
- FIG. 3 is a schematic flow chart of a third embodiment of the login method of the present invention.
- FIG. 4 is a schematic flow chart of a fourth embodiment of the login method of the present invention.
- FIG. 5 is a schematic flowchart diagram of a fifth embodiment of the login method of the present invention.
- FIG. 6 is a schematic structural diagram of a first embodiment of a desktop management device of the present invention.
- FIG. 7 is a schematic diagram showing the composition of a second embodiment of the desktop management device of the present invention.
- the cloud terminal registers with the AD domain control server and logs in to the desktop management device by using the registered account password.
- the desktop management device finally uses the registered account password when the account password is authenticated by the AD domain control server.
- the virtual machine selected by the cloud terminal is automatically logged in, and the virtual machine uses the account password to authenticate to the AD domain control server, thereby implementing single sign-on of the desktop cloud system.
- the entire process requires only one set of account passwords.
- the US AD domain controller server is used as the user management and authentication server. When logging in to the desktop management device and logging in to the VM, you need to authenticate to the AD domain controller. This may exist for some applications with high security requirements.
- FIG. 1 is a schematic flowchart of a first embodiment of a login method according to the present invention.
- the method includes the following steps:
- the desktop management device receives the login request of the cloud terminal, and performs identity authentication on the non-AD management authentication server.
- the account and password used when the cloud terminal logs in are the registered account registered with the non-AD management authentication server and the corresponding registration password.
- the non-AD management authentication server may be a Lightweight Directory Access Protocol (LDAP) server or a database server. It only needs to complete the login authentication of the desktop management device. The login of the virtual machine can be logged in locally without having to authenticate to the non-AD management authentication server, thus improving the security of the desktop cloud system.
- the non-AD management authentication server is an LDAP server
- the interface that the desktop management device interacts with the non-AD management authentication server is adapted according to an interface of the LDAP server, when the non-AD management authentication server is a database server.
- the interface that the desktop management device interacts with the non-AD management authentication server is adapted according to an interface of the database server.
- the desktop management device saves the login account and the login password for the single sign-on, and receives the virtual machine selected message sent by the cloud terminal, according to the login account. And generating a login ticket with the login password and transmitting the login ticket to the cloud terminal, so that the cloud terminal sends the login ticket to the selected virtual machine.
- the login account is located in a local account group of the virtual machine.
- the desktop management device may adopt an encryption save mode when saving the login account and the login password. Thereby improving the security of the login. And the desktop management device configures an expiration date for the login account, the login password, and the login ticket. When the expiration date is reached, the login account, the login password, and the login ticket are invalidated, which further improves the security of the login.
- the login account in the local account group of the virtual machine may be pre-sent to the local account group of the virtual machine by the desktop management device, or may be locally present in the virtual machine.
- Local account number in the account group may be pre-sent to the local account group of the virtual machine by the desktop management device, or may be locally present in the virtual machine.
- the login account may be a registered account registered by the cloud terminal in the non-AD management authentication server, and the login password may be registered by the cloud terminal with the non-AD management authentication server.
- the registration password for the account matching may be a registered account registered by the cloud terminal in the non-AD management authentication server.
- the login account may be a registered account registered by the cloud terminal in the non-AD management authentication server, and the login password may be the desktop management device according to the registration account.
- the random password generated by the number may also be a registration password that is registered by the cloud terminal with the registered account in the non-AD management authentication server.
- the login account may be a unique administrator account in the virtual machine local account group, and the login password may be a random password generated by the desktop management device according to the administrator account.
- the login password may also be a registration password that is registered by the cloud terminal with the registered account in the non-AD management authentication server.
- the login account may be an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server, and the login password may be a random password generated by the desktop management device according to the associated account.
- the login password may also be a registration password that is registered by the cloud terminal with the registered account in the non-AD management authentication server.
- the desktop management device may be sent to the local account group of the virtual machine.
- the security of the desktop cloud system can be further improved. Because the login password is a random password, the user cannot know the specific password composition, and therefore cannot be accessed by other methods such as remote access and virtual machine. You can log in to the VM directly, and you must log in to the desktop management device before the VM can obtain the generated random password and log in with a random password.
- the desktop management device sends the login account and a login password to the virtual machine or sends the login password to the virtual machine, so that the virtual machine sets a login account in a local account group.
- the password is updated to the login password.
- the registration password on the non-AD management authentication server is changed, and on the virtual machine side, the password can still be changed.
- Single sign-on is achieved by matching the login password with the login account.
- the desktop management device receives a login ticket authentication request sent by the virtual machine, and if the desktop management device passes the verification, returns the login account and the login password to the virtual machine, so that the virtual machine is automatically Use the login account and login password to complete the local login.
- the user can log in to the virtual machine to perform local login without the need to authenticate to the non-AD management authentication server, thereby improving the security of the desktop cloud system.
- Sex and saved by virtual desktop management device Log in to the account in the local account group, and update the password of the account to be the login password before logging in to the VM.
- the user does not need to enter another account password to log in again on the VM, thus ensuring single sign-on of the desktop cloud system. Convenience.
- FIG. 2 is a schematic flowchart of a second embodiment of a login method according to the present invention.
- the method includes the following steps:
- the desktop management device joins the registered account registered in the non-AD management authentication server to the virtual machine local account group.
- the cloud terminal sends the login request to the desktop management device by using the registration account and the registration password registered by the non-AD management authentication server.
- the desktop management device performs identity authentication on the non-AD server.
- the desktop management device sends the virtual machine list to the cloud terminal.
- the cloud terminal sends a virtual machine selected message to the desktop management device.
- the desktop management device generates a login ticket according to the registered account and the registration password, and sends the login ticket to the cloud terminal.
- S208 The desktop management device sends the registration account and the registration password to the virtual machine.
- the virtual machine updates the password of the registered account in the local account group as the registration password.
- the cloud terminal sends the login ticket to the virtual machine.
- the virtual machine sends a login ticket authentication request to the desktop management device.
- the virtual machine automatically completes the local login by using the registered account and the registered password.
- the registration account registered with the non-AD management authentication server and the registration password are used to complete the single login of the virtual machine and the single sign-on of the desktop cloud system, without introducing other accounts and passwords, and the changes are small. It is easy to implement and will not bring any other burdens and impacts on the system.
- FIG. 3 is a schematic flowchart of a third embodiment of a login method according to the present invention.
- the method includes the following steps:
- the desktop management device joins the registered account registered in the non-AD management authentication server to the virtual machine local account group.
- the cloud terminal sends a login request by using a registration account and a registration password registered by the non-AD management authentication server.
- the desktop management device performs identity authentication on the non-AD management authentication server.
- S304 The authentication is passed, and the desktop management device saves the registered account and the generated random password.
- the desktop management device sends the virtual machine list to the cloud terminal.
- the cloud terminal sends a virtual machine selected message to the desktop management device.
- the desktop management device generates a login ticket according to the registered account and the random password, and sends the login ticket to the cloud terminal.
- the desktop management device sends the registered account and the random password to the virtual machine.
- the password of the registered account in the virtual machine update local account group is a random password.
- the cloud terminal sends the login ticket to the virtual machine.
- S311 The virtual machine sends a login ticket authentication request to the desktop management device.
- S313 The virtual machine automatically completes the local login by using the registered account and the random password.
- the matching of the generated random password and the registered account is used to ensure that the user cannot log in to the virtual machine by other means, thereby further improving the security of the login, and when the password on the non-AD authentication server is changed, as long as the user A successfully logged-in desktop management device can still log in locally to the virtual machine.
- FIG. 4 it is a schematic flowchart of a fourth embodiment of a login method according to the present invention.
- the method includes the following steps:
- the cloud terminal sends a login request by using a registered account and a registration password registered by the non-AD management authentication server.
- the desktop management device performs identity authentication on the non-AD management authentication server.
- the desktop management device After the authentication is passed, the desktop management device saves the unique administrator account of the virtual machine and the generated random password.
- the desktop management device sends the virtual machine list to the cloud terminal.
- the cloud terminal sends a virtual machine selected message to the desktop management device.
- the desktop management device generates a login ticket according to an administrator account and a random password, and sends the login ticket to the cloud terminal.
- the desktop management device sends a random password to the virtual machine.
- the password of the virtual machine update administrator account is a random password.
- the cloud terminal sends the login ticket to the virtual machine.
- the virtual machine sends a login ticket authentication request to the desktop management device.
- the virtual machine automatically completes the local login by using an administrator account and a random password.
- the administrator account in the virtual machine is directly used as the login account, and the login account is not required to be sent to the local account group of the virtual machine, which simplifies the process and improves the efficiency.
- FIG. 5 is a schematic flowchart of a fifth embodiment of a login method according to the present invention.
- the method includes the following steps:
- the desktop management device adds the associated account of the registered account registered by the non-AD management authentication server to the virtual machine local account group.
- the cloud terminal sends a login request by using a registration account and a registration password registered by the non-AD management authentication server.
- the desktop management device performs identity authentication on the non-AD management authentication server.
- S504 The authentication is passed, and the desktop management device saves the associated account and the generated random password.
- the desktop management device sends the virtual machine list to the cloud terminal.
- the cloud terminal sends a virtual machine selected message to the desktop management device.
- the desktop management device generates a login ticket according to the associated account and the random password, and sends the login ticket to the cloud terminal.
- the desktop management device sends the associated account and the random password to the virtual machine.
- S509 The virtual machine updates the password of the associated account in the local account group to a random password.
- S510 The cloud terminal sends the login ticket to the virtual machine.
- the virtual machine sends a login ticket authentication request to the desktop management device.
- the virtual machine automatically completes the local login by using the associated account and a random password.
- the virtual account is implemented by using the associated account of the registered account and the random password.
- Local login, login account and login password are not available to the general user, which further improves the security and privacy of the login.
- the desktop management device includes:
- the receiving unit 100 is configured to receive a login request of the cloud terminal, and perform identity authentication on the non-AD management authentication server.
- the generating unit 200 is configured to: if the authentication is passed, save the login account and the login password for the single sign-on, receive the virtual machine selected message sent by the cloud terminal, generate the login ticket according to the login account and the login password, and Sending the login ticket to the cloud terminal, so that the cloud terminal sends the login ticket to the selected virtual machine, where the login account is located in a local account group of the virtual machine;
- the sending unit 300 is configured to send the login account and the login password to the virtual machine or send the login password to the virtual machine, so that the virtual machine sets a password of the login account in the local account group. Updated to the login password;
- the authentication unit 400 is configured to receive a login ticket authentication request sent by the virtual machine, and if the authentication is passed, return the login account and the login password to the virtual machine, so that the virtual machine automatically uses the login account and Login password to complete local login.
- the login account is a registered account registered by the cloud terminal in the non-AD management authentication server
- the login password is a registration password that the cloud terminal registers with the non-AD management authentication server and matches the registered account.
- the login account is a registered account registered by the cloud terminal in the non-AD management authentication server, and the login password is a random password generated by the desktop management device according to the registered account.
- the login account is a unique administrator account in the virtual machine local account group, and the login password is a random password generated by the desktop management device according to the administrator account.
- the login account is an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server, and the login password is a random password generated by the desktop management device according to the associated account.
- the generating unit 200 is further configured to use adding when the login account and the login password are saved. Secret storage method.
- the generating unit 200 is further configured to configure an expiration date for the login account, the login password, and the login ticket.
- the login account is the associated account of the registered account or the registered account
- the login account is sent by the sending unit 300 to the local account group of the virtual machine.
- the desktop management device may be configured with a virtual desktop management system for saving account passwords, generating and sending virtual machine lists, generating and sending login tickets, and additionally configuring an operation and maintenance management system. Used to manage the account password and add the account to be used to the virtual account's local account group.
- the foregoing generating unit may be formed by the storage subunit and the generating subunit, or may exist independently, and the generating unit and/or the authentication unit in the foregoing desktop management device embodiment may be independent of the desktop management in the form of hardware.
- the processor of the device is separately set and can be in the form of a microprocessor; it can also be embedded in the processor of the desktop management device in hardware, or can be stored in the memory of the desktop management device in software, so as to facilitate The processor of the desktop management device invokes the operations corresponding to the above generating unit or the authentication unit.
- the generating unit 200 and/or the authentication unit 400 may be a processor of the desktop management device, and the receiving unit 100 and the transmitting unit 300
- the functionality can be embedded in the processor.
- the receiving unit 100 and the sending unit 300 may be integrated or set independently.
- the receiving unit 100 and the sending unit 300 may be used as an interface circuit of the desktop management device, or may be integrated with the generating unit 200 or the authentication unit 400, or may be independently configured.
- the embodiment of the invention does not impose any limitation.
- the above processor may be a central processing unit (CPU), a microprocessor, a single chip microcomputer, or the like.
- the desktop management device includes: an interface circuit 500, a memory 600, and the interface circuit 500 and the memory 600.
- Connected processor 700 The memory 600 is used to store a set of program codes, and the processor 700 is configured to call the program code stored in the memory 600 to perform the operations described in any one of the first to fifth embodiments of the login method of the present invention.
- the present invention has the following advantages:
- the device saves the login account in the local account group of the VM and updates the password of the account to the login password before logging in to the VM. The user does not need to enter another account password to log in again on the VM to ensure the desktop cloud system. The convenience of single sign-on.
- the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
Abstract
L'invention concerne un procédé de connexion, comportant les étapes suivantes: un dispositif de gestion de bureaux reçoit une demande de connexion d'un terminal en nuage et procède à une authentification d'identité sur un serveur d'authentification de gestion non AD; un numéro de compte de connexion et un mot de passe de connexion sont sauvegardés et, en fonction du numéro de compte de connexion et du mot de passe de connexion, un ticket de connexion est généré et envoyé au terminal en nuage, de telle sorte que le terminal en nuage envoie le ticket de connexion à une machine virtuelle, le numéro de compte de connexion figurant dans un groupe local de numéros de compte de la machine virtuelle; le numéro de compte de connexion et le mot de passe de connexion sont envoyés à la machine virtuelle, ou le mot de passe de connexion est envoyé à la machine virtuelle, de telle sorte que la machine virtuelle actualise le mot de passe du numéro de compte de connexion dans le groupe local de numéros de compte d'après le mot de passe de connexion; et une demande d'authentification du ticket de connexion émise par la machine virtuelle est reçue, et le numéro de compte de connexion et le mot de passe de connexion sont renvoyés à la machine virtuelle, de telle sorte que la machine virtuelle achève automatiquement la connexion locale. L'invention concerne également un dispositif de gestion de bureaux. Au moyen de la présente invention, la sécurité d'un système en nuage de bureaux peut être améliorée, et la commodité d'une connexion unique peut être garantie.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310690626.5 | 2013-12-17 | ||
CN201310690626.5A CN104717261B (zh) | 2013-12-17 | 2013-12-17 | 一种登录方法和桌面管理设备 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015090116A1 true WO2015090116A1 (fr) | 2015-06-25 |
Family
ID=53402079
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2014/089858 WO2015090116A1 (fr) | 2013-12-17 | 2014-10-30 | Procédé de connexion et dispositif de gestion de bureaux |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104717261B (fr) |
WO (1) | WO2015090116A1 (fr) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107846414A (zh) * | 2017-12-04 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | 一种单点登录方法及系统、统一认证系统 |
CN111756808A (zh) * | 2020-05-28 | 2020-10-09 | 西安万像电子科技有限公司 | 数据处理方法及系统 |
CN112099888A (zh) * | 2020-08-26 | 2020-12-18 | 西安万像电子科技有限公司 | 画面显示方法、系统和零终端 |
CN112115436A (zh) * | 2020-09-04 | 2020-12-22 | 上海上讯信息技术股份有限公司 | 一种ad域账号密码修改的方法及设备 |
CN112784256A (zh) * | 2021-01-28 | 2021-05-11 | 北京明略昭辉科技有限公司 | 一种账号密码管理方法和系统 |
CN114500002A (zh) * | 2021-12-31 | 2022-05-13 | 济南超级计算技术研究院 | 一种基于ldap的集群账号分配方法及系统 |
CN117407861A (zh) * | 2023-12-14 | 2024-01-16 | 北京亿赛通科技发展有限责任公司 | 一种数据库的登录管理方法及装置 |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105763532B (zh) * | 2016-01-05 | 2019-05-07 | 新华三技术有限公司 | 一种登录虚拟桌面的方法及装置 |
CN106209816B (zh) * | 2016-07-01 | 2019-10-18 | 浙江宇视科技有限公司 | 一种网络摄像机登录方法及系统 |
CN106648797A (zh) * | 2016-12-30 | 2017-05-10 | 郑州云海信息技术有限公司 | 安装测试软件的方法、系统、测试服务器及共享服务器 |
CN106534219A (zh) * | 2016-12-31 | 2017-03-22 | 中国移动通信集团江苏有限公司 | 用于桌面云门户的安全认证方法和装置 |
CN107026860B (zh) * | 2017-04-01 | 2020-10-16 | 成都灵跃云创科技有限公司 | 登录认证方法、装置及系统 |
CN107318100B (zh) * | 2017-06-02 | 2020-01-14 | Oppo广东移动通信有限公司 | 用于绑定手机号码的方法、装置及系统 |
CN110781481A (zh) * | 2018-07-30 | 2020-02-11 | 中兴通讯股份有限公司 | 单点登录方法、客户端、服务器以及存储介质 |
CN110032414B (zh) * | 2019-03-06 | 2023-06-06 | 联想企业解决方案(新加坡)有限公司 | 远程控制台模式下安全的用户认证的装置和方法 |
CN110430280B (zh) * | 2019-08-15 | 2022-06-07 | 上海达龙信息科技有限公司 | 账号自动登录方法及系统、存储介质及云桌面服务器 |
CN113595968B (zh) * | 2020-04-30 | 2023-02-03 | 华为云计算技术有限公司 | 一种基于云应用实例的登录方法、系统及相关设备 |
CN113507375B (zh) * | 2021-07-05 | 2024-03-01 | 国铁吉讯科技有限公司 | 一种基于时间序列密码的远程登录方法、装置及存储介质 |
CN115840937B (zh) * | 2023-02-21 | 2023-05-23 | 中科方德软件有限公司 | 控制方法、装置及电子设备 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102291452A (zh) * | 2011-08-09 | 2011-12-21 | 北京星网锐捷网络技术有限公司 | 基于云策略的虚拟机管理方法、云管理服务器及云系统 |
US20120331521A1 (en) * | 2011-06-27 | 2012-12-27 | Samsung Electronics Co., Ltd. | System and method for application centric cloud management |
CN103259663A (zh) * | 2013-05-07 | 2013-08-21 | 南京邮电大学 | 一种云计算环境下的用户统一认证方法 |
CN103377330A (zh) * | 2012-04-23 | 2013-10-30 | 佛山市智慧岛信息技术有限公司 | 一种虚拟资源分配方法及虚拟资源分配系统 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102333065A (zh) * | 2010-07-12 | 2012-01-25 | 戴元顺 | 云交互协议设计 |
CN102457376B (zh) * | 2010-10-29 | 2016-02-10 | 中兴通讯股份有限公司 | 一种云计算服务统一认证的方法和系统 |
US8756665B2 (en) * | 2011-07-08 | 2014-06-17 | International Business Machines Corporation | Authenticating a rich client from within an existing browser session |
CN102739658B (zh) * | 2012-06-16 | 2015-09-30 | 华南师范大学 | 一种单点登录的离线验证方法 |
-
2013
- 2013-12-17 CN CN201310690626.5A patent/CN104717261B/zh active Active
-
2014
- 2014-10-30 WO PCT/CN2014/089858 patent/WO2015090116A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120331521A1 (en) * | 2011-06-27 | 2012-12-27 | Samsung Electronics Co., Ltd. | System and method for application centric cloud management |
CN102291452A (zh) * | 2011-08-09 | 2011-12-21 | 北京星网锐捷网络技术有限公司 | 基于云策略的虚拟机管理方法、云管理服务器及云系统 |
CN103377330A (zh) * | 2012-04-23 | 2013-10-30 | 佛山市智慧岛信息技术有限公司 | 一种虚拟资源分配方法及虚拟资源分配系统 |
CN103259663A (zh) * | 2013-05-07 | 2013-08-21 | 南京邮电大学 | 一种云计算环境下的用户统一认证方法 |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107846414A (zh) * | 2017-12-04 | 2018-03-27 | 山东浪潮通软信息科技有限公司 | 一种单点登录方法及系统、统一认证系统 |
CN111756808A (zh) * | 2020-05-28 | 2020-10-09 | 西安万像电子科技有限公司 | 数据处理方法及系统 |
CN112099888A (zh) * | 2020-08-26 | 2020-12-18 | 西安万像电子科技有限公司 | 画面显示方法、系统和零终端 |
CN112115436A (zh) * | 2020-09-04 | 2020-12-22 | 上海上讯信息技术股份有限公司 | 一种ad域账号密码修改的方法及设备 |
CN112115436B (zh) * | 2020-09-04 | 2023-05-30 | 上海上讯信息技术股份有限公司 | 一种ad域账号密码修改的方法及设备 |
CN112784256A (zh) * | 2021-01-28 | 2021-05-11 | 北京明略昭辉科技有限公司 | 一种账号密码管理方法和系统 |
CN114500002A (zh) * | 2021-12-31 | 2022-05-13 | 济南超级计算技术研究院 | 一种基于ldap的集群账号分配方法及系统 |
CN114500002B (zh) * | 2021-12-31 | 2023-11-10 | 济南超级计算技术研究院 | 一种基于ldap的集群账号分配方法及系统 |
CN117407861A (zh) * | 2023-12-14 | 2024-01-16 | 北京亿赛通科技发展有限责任公司 | 一种数据库的登录管理方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN104717261B (zh) | 2018-05-29 |
CN104717261A (zh) | 2015-06-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2015090116A1 (fr) | Procédé de connexion et dispositif de gestion de bureaux | |
US11695744B2 (en) | Using credentials stored in different directories to access a common endpoint | |
CN108293045B (zh) | 本地和远程系统之间的单点登录身份管理 | |
KR102117584B1 (ko) | 로컬 디바이스 인증 | |
US8627409B2 (en) | Framework for automated dissemination of security metadata for distributed trust establishment | |
US8782757B2 (en) | Session sharing in secure web service conversations | |
JP5375976B2 (ja) | 認証方法、認証システムおよび認証プログラム | |
US9485246B2 (en) | Distributed authentication with data cloud | |
US20160080358A1 (en) | Hosted application sandbox model | |
CN115021991A (zh) | 未经管理的移动设备的单点登录 | |
US20170279798A1 (en) | Multi-factor authentication system and method | |
US9219762B2 (en) | Techniques for desktop migration | |
US11245681B2 (en) | Authentication in a multi-tenant environment | |
KR20160012546A (ko) | 이동단말기의 원격제어시스템 | |
JP2023553136A (ja) | パーベイシブ・リソース識別 | |
JP2018106515A (ja) | サーバ、ログイン処理方法、及び、ログイン処理プログラム | |
US10015286B1 (en) | System and method for proxying HTTP single sign on across network domains | |
TW201203115A (en) | Method and system for deployment of software applications to mobile computing devices | |
US11477189B2 (en) | Primary domain and secondary domain authentication | |
Prasad et al. | Ensuring data storage in cloud computing for distributed using high security password |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14870826 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14870826 Country of ref document: EP Kind code of ref document: A1 |