WO2015090116A1 - Procédé de connexion et dispositif de gestion de bureaux - Google Patents

Procédé de connexion et dispositif de gestion de bureaux Download PDF

Info

Publication number
WO2015090116A1
WO2015090116A1 PCT/CN2014/089858 CN2014089858W WO2015090116A1 WO 2015090116 A1 WO2015090116 A1 WO 2015090116A1 CN 2014089858 W CN2014089858 W CN 2014089858W WO 2015090116 A1 WO2015090116 A1 WO 2015090116A1
Authority
WO
WIPO (PCT)
Prior art keywords
login
account
password
virtual machine
registered
Prior art date
Application number
PCT/CN2014/089858
Other languages
English (en)
Chinese (zh)
Inventor
张冠男
林国仁
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2015090116A1 publication Critical patent/WO2015090116A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/08Protocols specially adapted for terminal emulation, e.g. Telnet
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a login method and a desktop management device.
  • the definition of the desktop cloud is: through the thin client or any other network connected device To access cross-platform applications, as well as the entire customer desktop.
  • the desktop cloud system requires a terminal to connect through the network, so that users get the same user experience as traditional desktop systems and applications, and this user experience is not limited to specific operating systems and applications. . That is to say, the user only needs a thin client device, or any other device that can connect to the network, through a dedicated program or browser, can access the personal desktop and various applications residing on the server side, and the user experience and peacetime use the tradition
  • the personal computer is exactly the same.
  • the authentication methods are various. For example, single sign-on with domain account password, single sign-on and non-single sign-on for smart card, or domain account password combined with dynamic password login. Among them, in terms of cost and ease of use, the cheapest and most widely used access authentication method is still a single sign-on method based on domain account password.
  • AD domain control server for user management and authentication.
  • AD domain control server may have a series of security risks such as data leakage, and other non-AD management authentication servers, two sets of accounts are required to log in to the desktop management device and log in to the virtual machine. The password is more complicated.
  • the technical problem to be solved by the embodiments of the present invention is to provide a login method and a desktop management device. To improve the security of the desktop cloud system and ensure the convenience of single sign-on.
  • a first aspect of the embodiments of the present invention provides a login method, which may include:
  • the desktop management device receives the login request of the cloud terminal, and performs identity authentication on the non-AD management authentication server.
  • the authentication is passed, the login account and the login password for the single sign-on are saved, the virtual machine selected message sent by the cloud terminal is received, the login ticket is generated according to the login account and the login password, and the login ticket is sent to the login ticket.
  • the cloud terminal so that the cloud terminal sends the login ticket to a selected virtual machine, where the login account is located in a local account group of the virtual machine;
  • the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is that the cloud terminal is in the non-AD
  • the registration password registered with the registration account registered by the authentication server is managed.
  • the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is that the desktop management device is configured according to the The random password generated by the account.
  • the login account is a unique administrator account in the virtual machine local account group, and the login password is generated by the desktop management device according to the administrator account. random code.
  • the login account is the cloud terminal
  • the associated account of the registered account registered by the non-AD management authentication server, the login password is a random password generated by the desktop management device according to the associated account.
  • the desktop management device saves the login account and login When the password is used, the encryption method is used.
  • the desktop management device configures an expiration date for the login account, the login password, and the login ticket.
  • the login account is sent by the desktop management device to a local account group of the virtual machine in.
  • a second aspect of the embodiments of the present invention provides a desktop management device, which may include:
  • a receiving unit configured to receive a login request of the cloud terminal, and perform identity authentication on the non-AD management authentication server;
  • a generating unit configured to save a login account and a login password for single sign-on, receive a virtual machine selected message sent by the cloud terminal, generate a login ticket according to the login account and a login password, and if Sending the login ticket to the cloud terminal, so that the cloud terminal sends the login ticket to the selected virtual machine, where the login account is located in a local account group of the virtual machine;
  • a sending unit configured to send the login account and a login password to the virtual machine or send the login password to the virtual machine, so that the virtual machine updates a password of a login account in a local account group For the login password;
  • An authentication unit configured to receive a login ticket authentication request sent by the virtual machine, and if the authentication is passed, return the login account and the login password to the virtual machine, so that the virtual machine automatically uses the login account and login The password completes the local login.
  • the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is that the cloud terminal is in the non-AD
  • the registration password registered with the registration account registered by the authentication server is managed.
  • the login account is a registered account that is registered by the cloud terminal in the non-AD management authentication server, and the login password is the desktop The random password generated by the management device according to the registered account.
  • the login account is a unique administrator account in the virtual machine local account group, and the login password is generated by the desktop management device according to the administrator account. random code.
  • the login account is an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server, and the login password is the desktop management device according to the desktop management device.
  • the random password generated by the associated account is an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server.
  • the generating unit is further configured to save the login account And when the password is logged in, the encryption method is used.
  • the generating unit is further configured to configure an expiration date for the login account, the login password, and the login ticket.
  • the login account is sent by the sending unit to a local account group of the virtual machine. .
  • the device saves the login account in the local account group of the VM and updates the password of the account to the login password before logging in to the VM. The user does not need to enter another account password to log in again on the VM to ensure the desktop cloud system. The convenience of single sign-on.
  • FIG. 1 is a schematic flow chart of a first embodiment of a login method of the present invention
  • FIG. 2 is a schematic flow chart of a second embodiment of the login method of the present invention.
  • FIG. 3 is a schematic flow chart of a third embodiment of the login method of the present invention.
  • FIG. 4 is a schematic flow chart of a fourth embodiment of the login method of the present invention.
  • FIG. 5 is a schematic flowchart diagram of a fifth embodiment of the login method of the present invention.
  • FIG. 6 is a schematic structural diagram of a first embodiment of a desktop management device of the present invention.
  • FIG. 7 is a schematic diagram showing the composition of a second embodiment of the desktop management device of the present invention.
  • the cloud terminal registers with the AD domain control server and logs in to the desktop management device by using the registered account password.
  • the desktop management device finally uses the registered account password when the account password is authenticated by the AD domain control server.
  • the virtual machine selected by the cloud terminal is automatically logged in, and the virtual machine uses the account password to authenticate to the AD domain control server, thereby implementing single sign-on of the desktop cloud system.
  • the entire process requires only one set of account passwords.
  • the US AD domain controller server is used as the user management and authentication server. When logging in to the desktop management device and logging in to the VM, you need to authenticate to the AD domain controller. This may exist for some applications with high security requirements.
  • FIG. 1 is a schematic flowchart of a first embodiment of a login method according to the present invention.
  • the method includes the following steps:
  • the desktop management device receives the login request of the cloud terminal, and performs identity authentication on the non-AD management authentication server.
  • the account and password used when the cloud terminal logs in are the registered account registered with the non-AD management authentication server and the corresponding registration password.
  • the non-AD management authentication server may be a Lightweight Directory Access Protocol (LDAP) server or a database server. It only needs to complete the login authentication of the desktop management device. The login of the virtual machine can be logged in locally without having to authenticate to the non-AD management authentication server, thus improving the security of the desktop cloud system.
  • the non-AD management authentication server is an LDAP server
  • the interface that the desktop management device interacts with the non-AD management authentication server is adapted according to an interface of the LDAP server, when the non-AD management authentication server is a database server.
  • the interface that the desktop management device interacts with the non-AD management authentication server is adapted according to an interface of the database server.
  • the desktop management device saves the login account and the login password for the single sign-on, and receives the virtual machine selected message sent by the cloud terminal, according to the login account. And generating a login ticket with the login password and transmitting the login ticket to the cloud terminal, so that the cloud terminal sends the login ticket to the selected virtual machine.
  • the login account is located in a local account group of the virtual machine.
  • the desktop management device may adopt an encryption save mode when saving the login account and the login password. Thereby improving the security of the login. And the desktop management device configures an expiration date for the login account, the login password, and the login ticket. When the expiration date is reached, the login account, the login password, and the login ticket are invalidated, which further improves the security of the login.
  • the login account in the local account group of the virtual machine may be pre-sent to the local account group of the virtual machine by the desktop management device, or may be locally present in the virtual machine.
  • Local account number in the account group may be pre-sent to the local account group of the virtual machine by the desktop management device, or may be locally present in the virtual machine.
  • the login account may be a registered account registered by the cloud terminal in the non-AD management authentication server, and the login password may be registered by the cloud terminal with the non-AD management authentication server.
  • the registration password for the account matching may be a registered account registered by the cloud terminal in the non-AD management authentication server.
  • the login account may be a registered account registered by the cloud terminal in the non-AD management authentication server, and the login password may be the desktop management device according to the registration account.
  • the random password generated by the number may also be a registration password that is registered by the cloud terminal with the registered account in the non-AD management authentication server.
  • the login account may be a unique administrator account in the virtual machine local account group, and the login password may be a random password generated by the desktop management device according to the administrator account.
  • the login password may also be a registration password that is registered by the cloud terminal with the registered account in the non-AD management authentication server.
  • the login account may be an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server, and the login password may be a random password generated by the desktop management device according to the associated account.
  • the login password may also be a registration password that is registered by the cloud terminal with the registered account in the non-AD management authentication server.
  • the desktop management device may be sent to the local account group of the virtual machine.
  • the security of the desktop cloud system can be further improved. Because the login password is a random password, the user cannot know the specific password composition, and therefore cannot be accessed by other methods such as remote access and virtual machine. You can log in to the VM directly, and you must log in to the desktop management device before the VM can obtain the generated random password and log in with a random password.
  • the desktop management device sends the login account and a login password to the virtual machine or sends the login password to the virtual machine, so that the virtual machine sets a login account in a local account group.
  • the password is updated to the login password.
  • the registration password on the non-AD management authentication server is changed, and on the virtual machine side, the password can still be changed.
  • Single sign-on is achieved by matching the login password with the login account.
  • the desktop management device receives a login ticket authentication request sent by the virtual machine, and if the desktop management device passes the verification, returns the login account and the login password to the virtual machine, so that the virtual machine is automatically Use the login account and login password to complete the local login.
  • the user can log in to the virtual machine to perform local login without the need to authenticate to the non-AD management authentication server, thereby improving the security of the desktop cloud system.
  • Sex and saved by virtual desktop management device Log in to the account in the local account group, and update the password of the account to be the login password before logging in to the VM.
  • the user does not need to enter another account password to log in again on the VM, thus ensuring single sign-on of the desktop cloud system. Convenience.
  • FIG. 2 is a schematic flowchart of a second embodiment of a login method according to the present invention.
  • the method includes the following steps:
  • the desktop management device joins the registered account registered in the non-AD management authentication server to the virtual machine local account group.
  • the cloud terminal sends the login request to the desktop management device by using the registration account and the registration password registered by the non-AD management authentication server.
  • the desktop management device performs identity authentication on the non-AD server.
  • the desktop management device sends the virtual machine list to the cloud terminal.
  • the cloud terminal sends a virtual machine selected message to the desktop management device.
  • the desktop management device generates a login ticket according to the registered account and the registration password, and sends the login ticket to the cloud terminal.
  • S208 The desktop management device sends the registration account and the registration password to the virtual machine.
  • the virtual machine updates the password of the registered account in the local account group as the registration password.
  • the cloud terminal sends the login ticket to the virtual machine.
  • the virtual machine sends a login ticket authentication request to the desktop management device.
  • the virtual machine automatically completes the local login by using the registered account and the registered password.
  • the registration account registered with the non-AD management authentication server and the registration password are used to complete the single login of the virtual machine and the single sign-on of the desktop cloud system, without introducing other accounts and passwords, and the changes are small. It is easy to implement and will not bring any other burdens and impacts on the system.
  • FIG. 3 is a schematic flowchart of a third embodiment of a login method according to the present invention.
  • the method includes the following steps:
  • the desktop management device joins the registered account registered in the non-AD management authentication server to the virtual machine local account group.
  • the cloud terminal sends a login request by using a registration account and a registration password registered by the non-AD management authentication server.
  • the desktop management device performs identity authentication on the non-AD management authentication server.
  • S304 The authentication is passed, and the desktop management device saves the registered account and the generated random password.
  • the desktop management device sends the virtual machine list to the cloud terminal.
  • the cloud terminal sends a virtual machine selected message to the desktop management device.
  • the desktop management device generates a login ticket according to the registered account and the random password, and sends the login ticket to the cloud terminal.
  • the desktop management device sends the registered account and the random password to the virtual machine.
  • the password of the registered account in the virtual machine update local account group is a random password.
  • the cloud terminal sends the login ticket to the virtual machine.
  • S311 The virtual machine sends a login ticket authentication request to the desktop management device.
  • S313 The virtual machine automatically completes the local login by using the registered account and the random password.
  • the matching of the generated random password and the registered account is used to ensure that the user cannot log in to the virtual machine by other means, thereby further improving the security of the login, and when the password on the non-AD authentication server is changed, as long as the user A successfully logged-in desktop management device can still log in locally to the virtual machine.
  • FIG. 4 it is a schematic flowchart of a fourth embodiment of a login method according to the present invention.
  • the method includes the following steps:
  • the cloud terminal sends a login request by using a registered account and a registration password registered by the non-AD management authentication server.
  • the desktop management device performs identity authentication on the non-AD management authentication server.
  • the desktop management device After the authentication is passed, the desktop management device saves the unique administrator account of the virtual machine and the generated random password.
  • the desktop management device sends the virtual machine list to the cloud terminal.
  • the cloud terminal sends a virtual machine selected message to the desktop management device.
  • the desktop management device generates a login ticket according to an administrator account and a random password, and sends the login ticket to the cloud terminal.
  • the desktop management device sends a random password to the virtual machine.
  • the password of the virtual machine update administrator account is a random password.
  • the cloud terminal sends the login ticket to the virtual machine.
  • the virtual machine sends a login ticket authentication request to the desktop management device.
  • the virtual machine automatically completes the local login by using an administrator account and a random password.
  • the administrator account in the virtual machine is directly used as the login account, and the login account is not required to be sent to the local account group of the virtual machine, which simplifies the process and improves the efficiency.
  • FIG. 5 is a schematic flowchart of a fifth embodiment of a login method according to the present invention.
  • the method includes the following steps:
  • the desktop management device adds the associated account of the registered account registered by the non-AD management authentication server to the virtual machine local account group.
  • the cloud terminal sends a login request by using a registration account and a registration password registered by the non-AD management authentication server.
  • the desktop management device performs identity authentication on the non-AD management authentication server.
  • S504 The authentication is passed, and the desktop management device saves the associated account and the generated random password.
  • the desktop management device sends the virtual machine list to the cloud terminal.
  • the cloud terminal sends a virtual machine selected message to the desktop management device.
  • the desktop management device generates a login ticket according to the associated account and the random password, and sends the login ticket to the cloud terminal.
  • the desktop management device sends the associated account and the random password to the virtual machine.
  • S509 The virtual machine updates the password of the associated account in the local account group to a random password.
  • S510 The cloud terminal sends the login ticket to the virtual machine.
  • the virtual machine sends a login ticket authentication request to the desktop management device.
  • the virtual machine automatically completes the local login by using the associated account and a random password.
  • the virtual account is implemented by using the associated account of the registered account and the random password.
  • Local login, login account and login password are not available to the general user, which further improves the security and privacy of the login.
  • the desktop management device includes:
  • the receiving unit 100 is configured to receive a login request of the cloud terminal, and perform identity authentication on the non-AD management authentication server.
  • the generating unit 200 is configured to: if the authentication is passed, save the login account and the login password for the single sign-on, receive the virtual machine selected message sent by the cloud terminal, generate the login ticket according to the login account and the login password, and Sending the login ticket to the cloud terminal, so that the cloud terminal sends the login ticket to the selected virtual machine, where the login account is located in a local account group of the virtual machine;
  • the sending unit 300 is configured to send the login account and the login password to the virtual machine or send the login password to the virtual machine, so that the virtual machine sets a password of the login account in the local account group. Updated to the login password;
  • the authentication unit 400 is configured to receive a login ticket authentication request sent by the virtual machine, and if the authentication is passed, return the login account and the login password to the virtual machine, so that the virtual machine automatically uses the login account and Login password to complete local login.
  • the login account is a registered account registered by the cloud terminal in the non-AD management authentication server
  • the login password is a registration password that the cloud terminal registers with the non-AD management authentication server and matches the registered account.
  • the login account is a registered account registered by the cloud terminal in the non-AD management authentication server, and the login password is a random password generated by the desktop management device according to the registered account.
  • the login account is a unique administrator account in the virtual machine local account group, and the login password is a random password generated by the desktop management device according to the administrator account.
  • the login account is an associated account of the registered account registered by the cloud terminal in the non-AD management authentication server, and the login password is a random password generated by the desktop management device according to the associated account.
  • the generating unit 200 is further configured to use adding when the login account and the login password are saved. Secret storage method.
  • the generating unit 200 is further configured to configure an expiration date for the login account, the login password, and the login ticket.
  • the login account is the associated account of the registered account or the registered account
  • the login account is sent by the sending unit 300 to the local account group of the virtual machine.
  • the desktop management device may be configured with a virtual desktop management system for saving account passwords, generating and sending virtual machine lists, generating and sending login tickets, and additionally configuring an operation and maintenance management system. Used to manage the account password and add the account to be used to the virtual account's local account group.
  • the foregoing generating unit may be formed by the storage subunit and the generating subunit, or may exist independently, and the generating unit and/or the authentication unit in the foregoing desktop management device embodiment may be independent of the desktop management in the form of hardware.
  • the processor of the device is separately set and can be in the form of a microprocessor; it can also be embedded in the processor of the desktop management device in hardware, or can be stored in the memory of the desktop management device in software, so as to facilitate The processor of the desktop management device invokes the operations corresponding to the above generating unit or the authentication unit.
  • the generating unit 200 and/or the authentication unit 400 may be a processor of the desktop management device, and the receiving unit 100 and the transmitting unit 300
  • the functionality can be embedded in the processor.
  • the receiving unit 100 and the sending unit 300 may be integrated or set independently.
  • the receiving unit 100 and the sending unit 300 may be used as an interface circuit of the desktop management device, or may be integrated with the generating unit 200 or the authentication unit 400, or may be independently configured.
  • the embodiment of the invention does not impose any limitation.
  • the above processor may be a central processing unit (CPU), a microprocessor, a single chip microcomputer, or the like.
  • the desktop management device includes: an interface circuit 500, a memory 600, and the interface circuit 500 and the memory 600.
  • Connected processor 700 The memory 600 is used to store a set of program codes, and the processor 700 is configured to call the program code stored in the memory 600 to perform the operations described in any one of the first to fifth embodiments of the login method of the present invention.
  • the present invention has the following advantages:
  • the device saves the login account in the local account group of the VM and updates the password of the account to the login password before logging in to the VM. The user does not need to enter another account password to log in again on the VM to ensure the desktop cloud system. The convenience of single sign-on.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Abstract

L'invention concerne un procédé de connexion, comportant les étapes suivantes: un dispositif de gestion de bureaux reçoit une demande de connexion d'un terminal en nuage et procède à une authentification d'identité sur un serveur d'authentification de gestion non AD; un numéro de compte de connexion et un mot de passe de connexion sont sauvegardés et, en fonction du numéro de compte de connexion et du mot de passe de connexion, un ticket de connexion est généré et envoyé au terminal en nuage, de telle sorte que le terminal en nuage envoie le ticket de connexion à une machine virtuelle, le numéro de compte de connexion figurant dans un groupe local de numéros de compte de la machine virtuelle; le numéro de compte de connexion et le mot de passe de connexion sont envoyés à la machine virtuelle, ou le mot de passe de connexion est envoyé à la machine virtuelle, de telle sorte que la machine virtuelle actualise le mot de passe du numéro de compte de connexion dans le groupe local de numéros de compte d'après le mot de passe de connexion; et une demande d'authentification du ticket de connexion émise par la machine virtuelle est reçue, et le numéro de compte de connexion et le mot de passe de connexion sont renvoyés à la machine virtuelle, de telle sorte que la machine virtuelle achève automatiquement la connexion locale. L'invention concerne également un dispositif de gestion de bureaux. Au moyen de la présente invention, la sécurité d'un système en nuage de bureaux peut être améliorée, et la commodité d'une connexion unique peut être garantie.
PCT/CN2014/089858 2013-12-17 2014-10-30 Procédé de connexion et dispositif de gestion de bureaux WO2015090116A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310690626.5 2013-12-17
CN201310690626.5A CN104717261B (zh) 2013-12-17 2013-12-17 一种登录方法和桌面管理设备

Publications (1)

Publication Number Publication Date
WO2015090116A1 true WO2015090116A1 (fr) 2015-06-25

Family

ID=53402079

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/089858 WO2015090116A1 (fr) 2013-12-17 2014-10-30 Procédé de connexion et dispositif de gestion de bureaux

Country Status (2)

Country Link
CN (1) CN104717261B (fr)
WO (1) WO2015090116A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107846414A (zh) * 2017-12-04 2018-03-27 山东浪潮通软信息科技有限公司 一种单点登录方法及系统、统一认证系统
CN111756808A (zh) * 2020-05-28 2020-10-09 西安万像电子科技有限公司 数据处理方法及系统
CN112099888A (zh) * 2020-08-26 2020-12-18 西安万像电子科技有限公司 画面显示方法、系统和零终端
CN112115436A (zh) * 2020-09-04 2020-12-22 上海上讯信息技术股份有限公司 一种ad域账号密码修改的方法及设备
CN112784256A (zh) * 2021-01-28 2021-05-11 北京明略昭辉科技有限公司 一种账号密码管理方法和系统
CN114500002A (zh) * 2021-12-31 2022-05-13 济南超级计算技术研究院 一种基于ldap的集群账号分配方法及系统
CN117407861A (zh) * 2023-12-14 2024-01-16 北京亿赛通科技发展有限责任公司 一种数据库的登录管理方法及装置

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763532B (zh) * 2016-01-05 2019-05-07 新华三技术有限公司 一种登录虚拟桌面的方法及装置
CN106209816B (zh) * 2016-07-01 2019-10-18 浙江宇视科技有限公司 一种网络摄像机登录方法及系统
CN106648797A (zh) * 2016-12-30 2017-05-10 郑州云海信息技术有限公司 安装测试软件的方法、系统、测试服务器及共享服务器
CN106534219A (zh) * 2016-12-31 2017-03-22 中国移动通信集团江苏有限公司 用于桌面云门户的安全认证方法和装置
CN107026860B (zh) * 2017-04-01 2020-10-16 成都灵跃云创科技有限公司 登录认证方法、装置及系统
CN107318100B (zh) * 2017-06-02 2020-01-14 Oppo广东移动通信有限公司 用于绑定手机号码的方法、装置及系统
CN110781481A (zh) * 2018-07-30 2020-02-11 中兴通讯股份有限公司 单点登录方法、客户端、服务器以及存储介质
CN110032414B (zh) * 2019-03-06 2023-06-06 联想企业解决方案(新加坡)有限公司 远程控制台模式下安全的用户认证的装置和方法
CN110430280B (zh) * 2019-08-15 2022-06-07 上海达龙信息科技有限公司 账号自动登录方法及系统、存储介质及云桌面服务器
CN113595968B (zh) * 2020-04-30 2023-02-03 华为云计算技术有限公司 一种基于云应用实例的登录方法、系统及相关设备
CN113507375B (zh) * 2021-07-05 2024-03-01 国铁吉讯科技有限公司 一种基于时间序列密码的远程登录方法、装置及存储介质
CN115840937B (zh) * 2023-02-21 2023-05-23 中科方德软件有限公司 控制方法、装置及电子设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102291452A (zh) * 2011-08-09 2011-12-21 北京星网锐捷网络技术有限公司 基于云策略的虚拟机管理方法、云管理服务器及云系统
US20120331521A1 (en) * 2011-06-27 2012-12-27 Samsung Electronics Co., Ltd. System and method for application centric cloud management
CN103259663A (zh) * 2013-05-07 2013-08-21 南京邮电大学 一种云计算环境下的用户统一认证方法
CN103377330A (zh) * 2012-04-23 2013-10-30 佛山市智慧岛信息技术有限公司 一种虚拟资源分配方法及虚拟资源分配系统

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102333065A (zh) * 2010-07-12 2012-01-25 戴元顺 云交互协议设计
CN102457376B (zh) * 2010-10-29 2016-02-10 中兴通讯股份有限公司 一种云计算服务统一认证的方法和系统
US8756665B2 (en) * 2011-07-08 2014-06-17 International Business Machines Corporation Authenticating a rich client from within an existing browser session
CN102739658B (zh) * 2012-06-16 2015-09-30 华南师范大学 一种单点登录的离线验证方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120331521A1 (en) * 2011-06-27 2012-12-27 Samsung Electronics Co., Ltd. System and method for application centric cloud management
CN102291452A (zh) * 2011-08-09 2011-12-21 北京星网锐捷网络技术有限公司 基于云策略的虚拟机管理方法、云管理服务器及云系统
CN103377330A (zh) * 2012-04-23 2013-10-30 佛山市智慧岛信息技术有限公司 一种虚拟资源分配方法及虚拟资源分配系统
CN103259663A (zh) * 2013-05-07 2013-08-21 南京邮电大学 一种云计算环境下的用户统一认证方法

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107846414A (zh) * 2017-12-04 2018-03-27 山东浪潮通软信息科技有限公司 一种单点登录方法及系统、统一认证系统
CN111756808A (zh) * 2020-05-28 2020-10-09 西安万像电子科技有限公司 数据处理方法及系统
CN112099888A (zh) * 2020-08-26 2020-12-18 西安万像电子科技有限公司 画面显示方法、系统和零终端
CN112115436A (zh) * 2020-09-04 2020-12-22 上海上讯信息技术股份有限公司 一种ad域账号密码修改的方法及设备
CN112115436B (zh) * 2020-09-04 2023-05-30 上海上讯信息技术股份有限公司 一种ad域账号密码修改的方法及设备
CN112784256A (zh) * 2021-01-28 2021-05-11 北京明略昭辉科技有限公司 一种账号密码管理方法和系统
CN114500002A (zh) * 2021-12-31 2022-05-13 济南超级计算技术研究院 一种基于ldap的集群账号分配方法及系统
CN114500002B (zh) * 2021-12-31 2023-11-10 济南超级计算技术研究院 一种基于ldap的集群账号分配方法及系统
CN117407861A (zh) * 2023-12-14 2024-01-16 北京亿赛通科技发展有限责任公司 一种数据库的登录管理方法及装置

Also Published As

Publication number Publication date
CN104717261B (zh) 2018-05-29
CN104717261A (zh) 2015-06-17

Similar Documents

Publication Publication Date Title
WO2015090116A1 (fr) Procédé de connexion et dispositif de gestion de bureaux
US11695744B2 (en) Using credentials stored in different directories to access a common endpoint
CN108293045B (zh) 本地和远程系统之间的单点登录身份管理
KR102117584B1 (ko) 로컬 디바이스 인증
US8627409B2 (en) Framework for automated dissemination of security metadata for distributed trust establishment
US8782757B2 (en) Session sharing in secure web service conversations
JP5375976B2 (ja) 認証方法、認証システムおよび認証プログラム
US9485246B2 (en) Distributed authentication with data cloud
US20160080358A1 (en) Hosted application sandbox model
CN115021991A (zh) 未经管理的移动设备的单点登录
US20170279798A1 (en) Multi-factor authentication system and method
US9219762B2 (en) Techniques for desktop migration
US11245681B2 (en) Authentication in a multi-tenant environment
KR20160012546A (ko) 이동단말기의 원격제어시스템
JP2023553136A (ja) パーベイシブ・リソース識別
JP2018106515A (ja) サーバ、ログイン処理方法、及び、ログイン処理プログラム
US10015286B1 (en) System and method for proxying HTTP single sign on across network domains
TW201203115A (en) Method and system for deployment of software applications to mobile computing devices
US11477189B2 (en) Primary domain and secondary domain authentication
Prasad et al. Ensuring data storage in cloud computing for distributed using high security password

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14870826

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14870826

Country of ref document: EP

Kind code of ref document: A1