WO2022042504A1 - Cloud desktop access authentication method, electronic device, and computer readable storage medium - Google Patents

Cloud desktop access authentication method, electronic device, and computer readable storage medium Download PDF

Info

Publication number
WO2022042504A1
WO2022042504A1 PCT/CN2021/114159 CN2021114159W WO2022042504A1 WO 2022042504 A1 WO2022042504 A1 WO 2022042504A1 CN 2021114159 W CN2021114159 W CN 2021114159W WO 2022042504 A1 WO2022042504 A1 WO 2022042504A1
Authority
WO
WIPO (PCT)
Prior art keywords
dynamic password
terminal
cloud desktop
user
password
Prior art date
Application number
PCT/CN2021/114159
Other languages
French (fr)
Chinese (zh)
Inventor
谢迪
管天云
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2022042504A1 publication Critical patent/WO2022042504A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation

Definitions

  • the present application relates to the technical field of cloud terminals, and in particular to a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
  • Embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
  • an embodiment of the present application provides a cloud desktop access authentication method, which is applied to an authentication auxiliary terminal.
  • the method includes: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request is carried by the client terminal.
  • User authentication information obtained from the USB-Key; generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal Verifying the user authentication information and saving the first dynamic password; receiving the verification information sent by the cloud service terminal according to the user authentication information; in the case that the verification information indicates that the user authentication information has passed the verification , sending the first dynamic password to a preset password receiving device, so that the client terminal obtains access to the cloud from the cloud service terminal according to the first dynamic password received by the preset password receiving device desktop permissions.
  • an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a cloud service terminal.
  • the method includes: receiving user authentication information and a first dynamic password sent by an authentication assistant terminal; Carry out verification, and in the case that the verification of the user authentication information is passed, send verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; save the first dynamic password; receive the second dynamic password sent by the client terminal password, match the second dynamic password sent by the client terminal with the stored first dynamic password, and when the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the right to access the cloud desktop.
  • an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a client terminal, where the client terminal is connected with a USB-Key, and the method includes: obtaining user authentication information from the USB-Key; The authentication assistant terminal sends a cloud desktop access request, wherein the cloud desktop access request carries the user authentication information; according to the preset password, the first dynamic password received by the device and sent by the authentication assistant terminal is sent to the cloud service The terminal sends the second dynamic password to obtain the permission to access the cloud desktop from the cloud service terminal.
  • an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implements the above-mentioned program when the processor executes the program The steps of the cloud desktop access authentication method.
  • an embodiment of the present application provides a computer-readable storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the steps of the cloud desktop access authentication method as described above.
  • FIG. 1 is a system architecture diagram of applying the cloud desktop access authentication method provided by an embodiment of the present application
  • FIG. 2 is a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application
  • FIG. 3 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application.
  • FIG. 4 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application.
  • FIG. 5 is a flowchart of a cloud desktop access authentication method according to the present application.
  • FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
  • a, b, and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, where a, b, c may be single, or Can be multiple.
  • a cloud desktop refers to a cloud service terminal that generates resources such as operating systems and applications running on a virtual computer through virtualization technology, and can remotely provide a user interface to a client terminal. After adopting the cloud desktop, users can log in to the cloud desktop through the network at any place and at any time through different terminal devices to access the resources stored in the cloud.
  • the process for a user to log in to the cloud desktop is roughly as follows: First, the user enters the URL of the cloud service terminal (ie, the cloud server) in the browser of the client terminal, and opens the login page of the cloud server; The account and password registered in the server, and the cloud server will authenticate the account and password entered by the user, and after the authentication is passed, send the main page of the cloud server to the terminal where the user is located; among them, the main page of the above cloud server There is a login link of the cloud desktop; when the user clicks the login link of the cloud desktop, the cloud server will send the login page of the cloud desktop to the user's terminal; and the user enters the registered cloud desktop in the login page of the cloud desktop When the account and password are entered, the cloud desktop performs authority authentication for the account and password; after the authentication is passed, the cloud server generates a cloud desktop that the user has the authority to, and sends it to the user's client terminal.
  • the bearing method of user identity information is too simple, and it
  • embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium, which are used to improve the security of cloud desktop access authentication.
  • FIG. 1 shows a system architecture diagram of applying the cloud desktop access authentication method provided by the embodiment of the present application.
  • the system architecture includes a client terminal, an authentication assistant terminal and a cloud service terminal, and communication and interaction can be performed between the client terminal, the authentication assistant terminal and the cloud service terminal.
  • the authentication auxiliary terminal and the cloud service terminal may be set in the cloud, and the authentication auxiliary terminal and the cloud service terminal may be mutually independent server devices, or may be two virtual machines set on the same server device.
  • the device form of the client terminal can be an ordinary computer, a tablet computer, a smart phone, etc., and the client terminal can be connected to a USB-Key device.
  • FIG. 2 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
  • the method is applied to the authentication auxiliary terminal, as shown in FIG. 2 , the method includes the following steps:
  • S110 Receive a cloud desktop access request from the client terminal, where the cloud desktop access request carries the user authentication information obtained by the client terminal from the USB-Key.
  • the client terminal when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal.
  • the client terminal obtains the user from the USB-Key.
  • authentication information encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and Send the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
  • the user authentication information in step S110 includes a user identification code, which may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
  • S120 Generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password.
  • the authentication assistant terminal After receiving the cloud desktop access request from the client, the authentication assistant terminal generates a first dynamic password, extracts user authentication information from the cloud desktop access request, and sends the above-mentioned first dynamic password and user authentication information together.
  • Cloud service terminal After receiving the first dynamic password and user authentication information from the authentication auxiliary terminal, the cloud service terminal saves and verifies the user authentication information, and returns the verification information indicating the verification result to the authentication auxiliary terminal. In addition, the cloud service terminal stores the above-mentioned first dynamic password.
  • the first dynamic password may be a character string randomly generated by the authentication assistant terminal, and the character string may include one or more of numbers, letters, and symbols.
  • S130 Receive verification information sent by the cloud service terminal according to the user authentication information.
  • the authentication assistance terminal receives the verification information sent by the cloud service terminal, where the verification information is used to indicate the verification result of the user authentication information by the cloud service terminal.
  • S140 in the case that the verification information indicates that the verification of the user authentication information is passed, send the first dynamic password to the preset password receiving device, so that the client terminal receives the first dynamic password received by the device according to the preset password from the cloud service The terminal obtains the permission to access the cloud desktop.
  • the above-mentioned first dynamic password is sent to the preset password receiving device.
  • the password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
  • the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal.
  • a dynamic password and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
  • the method of this embodiment of the present application further includes: receiving the user name and access password sent by the client terminal, and matching the user name and the access password;
  • the cloud desktop access request generates a first dynamic password.
  • the user when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user.
  • the password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password.
  • the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request
  • the prompt information is sent to the client terminal.
  • the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box.
  • Desktop login link button the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the
  • the user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal.
  • the authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
  • the method of this embodiment of the present application further includes: when the first dynamic password is sent to the client terminal, canceling the first dynamic password to avoid the first dynamic password from being stolen or repeated use.
  • FIG. 3 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
  • the method is applied to a cloud service terminal, as shown in Figure 3, the method includes the following steps:
  • S210 Receive user authentication information and a first dynamic password sent by the authentication assistant terminal.
  • the client terminal when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal.
  • the client terminal obtains the user from the USB-Key.
  • authentication information encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and
  • the authentication assistant terminal sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
  • S220 Verify the user authentication information, and send verification information indicating that the user authentication information is verified to be passed to the authentication assistant terminal in the case that the user authentication information is verified successfully.
  • the cloud service terminal After receiving the user authentication information sent by the authentication assistance terminal, the cloud service terminal searches locally for pre-stored user authentication information that matches the user authentication information; if it finds matching pre-stored user authentication information, it means that the user authentication information sent by the authentication assistance terminal If the verification of the authentication information is passed, the cloud service terminal returns the verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; if no matching pre-stored user authentication information is found, it means that the verification of the user authentication information sent by the authentication auxiliary terminal fails, and the cloud service terminal sends the verification information to the auxiliary terminal.
  • the authentication assistant terminal returns verification information indicating that the verification of the user authentication information fails to the authentication assistant terminal.
  • the cloud service terminal determines that the verification of the user authentication information is passed, the cloud service terminal saves the first dynamic password sent by the authentication assistant terminal for verifying the second dynamic password sent by the client terminal in the subsequent steps.
  • S240 Receive the second dynamic password sent by the client terminal, and match the second dynamic password sent by the client terminal with the stored first dynamic password.
  • the second dynamic password sent by the client terminal matches the stored first dynamic password, Grant the client terminal the permission to access the cloud desktop.
  • the authentication assistant terminal after receiving the verification information from the cloud service terminal indicating that the verification of the user authentication information is passed, the authentication assistant terminal sends the first dynamic password to the preset password receiving device.
  • the password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user.
  • the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
  • the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal.
  • a dynamic password and then input a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password input by the user to the cloud service terminal.
  • the cloud service terminal After receiving the second dynamic password sent by the client terminal, the cloud service terminal matches and compares the second dynamic password with the previously saved first dynamic password. If the second dynamic password matches the previously saved first dynamic password, The client terminal is granted the permission to access the cloud desktop; if the second dynamic password fails to match the previously saved first dynamic password, an indication message indicating that the authentication of the permission to access the cloud desktop fails is returned to the client terminal.
  • FIG. 4 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
  • the method is applied to a client terminal, and the client terminal is linked with a USB-Key, as shown in FIG. 4 , the method includes the following steps:
  • USB-Key As an example, when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal. When the user clicks the login link of the cloud desktop, the client terminal obtains the user from the USB-Key. Certification Information.
  • S320 Send a cloud desktop access request to the authentication assistant terminal, where the cloud desktop access request carries user authentication information.
  • the client terminal when the user clicks the login link of the cloud desktop, the client terminal generates a cloud desktop access request message, and encapsulates the user authentication information obtained from the USB-Key into the cloud desktop access request message; the client terminal will carry the user authentication information
  • the cloud desktop access request message of the information is sent to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
  • S330 Send a second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device, so as to obtain the permission to access the cloud desktop from the cloud service terminal.
  • the authentication assistant terminal will generate a first dynamic password according to the cloud desktop access request of the client terminal, and send the first dynamic password and the user authentication information to the cloud service terminal; the cloud service terminal verifies the user authentication information, if the verification Pass, save the first dynamic password, and return the verification information indicating that the user authentication information has passed the verification to the authentication assistant terminal; after the verification assistant terminal determines that the user authentication information has passed the verification according to the verification information, it sends the previously generated first dynamic password to the authentication assistant terminal.
  • User preset password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
  • the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal. a dynamic password, and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
  • the method of this embodiment of the present application further includes: acquiring a user name and an access password input by a user, and sending the user name and access password to the authentication assistant terminal, so that the authentication assistant terminal can match the user name and the access password when the user name and the access password match.
  • a first dynamic password is generated according to the cloud desktop access request.
  • the user when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user.
  • the password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password.
  • the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request
  • the prompt information is sent to the client terminal.
  • the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box.
  • Desktop login link button the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the
  • the user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal.
  • the authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
  • the user authentication information includes a user identification code
  • the user identification code may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
  • the client terminal obtains user authentication information from the USB-Key
  • the client terminal sends a cloud desktop access request to the authentication assistant terminal, wherein the cloud desktop access request carries user authentication information;
  • the authentication assistant terminal receives the cloud desktop access request from the client terminal, generates a first dynamic password according to the cloud desktop access request, and sends the user authentication information and the first dynamic password to the cloud service terminal;
  • the cloud service terminal receives the user authentication information and the first dynamic password sent by the authentication assistant terminal, verifies the user authentication information, and sends verification information indicating that the user authentication information has passed the verification to the authentication assistant if the user authentication information is verified successfully. terminal;
  • the authentication auxiliary terminal receives the verification information sent by the cloud service terminal according to the user authentication information, and sends the first dynamic password to a preset password receiving device in the case that the verification information indicates that the user authentication information is verified successfully;
  • the client terminal sends the second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device;
  • the cloud service terminal receives the second dynamic password sent by the client terminal, and matches the second dynamic password sent by the client terminal with the stored first dynamic password. When the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the permission to access the cloud desktop.
  • the solution of the embodiment of the present application verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts
  • the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
  • FIG. 6 shows an electronic device 600 provided by an embodiment of the present application. As shown in FIG. 6 , the electronic device 600 includes but is not limited to:
  • the processor 602 is configured to execute the program stored in the memory 601.
  • the processor 602 executes the program stored in the memory 601
  • the processor 602 is configured to execute the above-mentioned cloud desktop access authentication method.
  • the processor 602 and the memory 601 may be connected by a bus or otherwise.
  • the memory 601 can be used to store non-transitory software programs and non-transitory computer-executable programs, such as the cloud desktop access authentication method described in any embodiment of this application.
  • the processor 602 implements the above-mentioned cloud desktop access authentication method by running the non-transitory software programs and instructions stored in the memory 601 .
  • the memory 601 may include a stored program area and a stored data area, wherein the stored program area may store an operating system and an application program required by at least one function; the storage data area may store and execute the above-mentioned cloud desktop access authentication method. Additionally, memory 601 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 601 may include memory located remotely from processor 602, which may be connected to processor 602 through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
  • the non-transitory software programs and instructions required to implement the above-mentioned cloud desktop access authentication method are stored in the memory 601, and when executed by one or more processors 602, execute the cloud desktop access authentication method provided by any embodiment of the present application.
  • Embodiments of the present application further provide a storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the above-mentioned cloud desktop access authentication method.
  • the storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more control processors 602, for example, by a processor 602 in the electronic device 600 described above, so that the above One or more processors 602 execute the cloud desktop access authentication method provided by any embodiment of the present application.
  • the embodiments of the present application include: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request carries user authentication information obtained by the client terminal from a USB-Key; generating a first dynamic password according to the cloud desktop access request, Send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password; receives the cloud service terminal The verification information sent according to the user authentication information; if the verification information indicates that the verification of the user authentication information is passed, the first dynamic password is sent to a preset password receiving device, so that the client terminal The permission to access the cloud desktop is acquired from the cloud service terminal according to the first dynamic password received by the preset password receiving device.
  • the solution of the embodiment of the present application verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts
  • the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
  • Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
  • communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .

Abstract

A cloud desktop access authentication method, an electronic device, and a computer readable storage medium. The method comprises: receiving a cloud desktop access request of a client terminal, the cloud desktop access request carrying user authentication information obtained by the client terminal from USB-Key (S110); generating a first dynamic password according to the cloud desktop access request, and sending the user authentication information and the first dynamic password to a cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password (S120); receiving verification information sent by the cloud service terminal according to the user authentication information (S130); and sending the first dynamic password to a preset password receiving device, so that the client terminal obtains, according to the first dynamic password received by the preset password receiving device, the permission of accessing the cloud desktop from the cloud service terminal (S140).

Description

云桌面访问认证方法、电子设备和计算机可读存储介质Cloud desktop access authentication method, electronic device and computer-readable storage medium
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本申请基于申请号为202010856614.5、申请日为2020年8月24日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。This application is based on the Chinese patent application with the application number of 202010856614.5 and the application date of August 24, 2020, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is incorporated herein by reference.
技术领域technical field
本申请涉及云终端技术领域,具体涉及云桌面访问认证方法、电子设备和计算机可读存储介质。The present application relates to the technical field of cloud terminals, and in particular to a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
背景技术Background technique
目前,许多用户选择把文件资料等重要数据存储在云服务终端上,并通过登录云桌面访问存储在云服务终端中的数据。许多用户由于设置的密码强度较弱,因此很容易被入侵,一旦账号密码泄露则将带来很严重的后果。因此给云桌面的授权访问的安全性提出了更高的要求。At present, many users choose to store important data such as files and data on the cloud service terminal, and access the data stored in the cloud service terminal by logging in to the cloud desktop. Many users are easily hacked due to the weak password strength set. Once the account password is leaked, it will bring serious consequences. Therefore, higher requirements are placed on the security of authorized access to cloud desktops.
发明内容SUMMARY OF THE INVENTION
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this article. This summary is not intended to limit the scope of protection of the claims.
本申请实施例提供了一种云桌面访问认证方法、电子设备和计算机可读存储介质。Embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
第一方面,本申请实施例提供了一种云桌面访问认证方法,应用于认证辅助终端,所述方法包括:接收客户终端的云桌面访问请求,所述云桌面访问请求携带由所述客户终端从USB-Key获取的用户认证信息;根据所述云桌面访问请求生成第一动态密码,并将所述用户认证信息和所述第一动态密码发送给云服务终端,以使所述云服务终端对所述用户认证信息进行验证和保存所述第一动态密码;接收所述云服务终端根据所述用户认证信息发送的验证信息;在所述验证信息指示所述用户认证信息验证通过的情况下,将所述第一动态密码发送给预设的密码接收设备,以使所述客户终端根据所述预设的密码接收设备接收到的所述第一动态密码从所述云服务终端获取访问云桌面的权限。In a first aspect, an embodiment of the present application provides a cloud desktop access authentication method, which is applied to an authentication auxiliary terminal. The method includes: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request is carried by the client terminal. User authentication information obtained from the USB-Key; generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal Verifying the user authentication information and saving the first dynamic password; receiving the verification information sent by the cloud service terminal according to the user authentication information; in the case that the verification information indicates that the user authentication information has passed the verification , sending the first dynamic password to a preset password receiving device, so that the client terminal obtains access to the cloud from the cloud service terminal according to the first dynamic password received by the preset password receiving device desktop permissions.
第二方面,本申请实施例提供了一种云桌面访问认证方法,应用于云服务终端,所述方法包括:接收认证辅助终端发送的用户认证信息和第一动态密码;对所述用户认证信息进行验证,在所述用户认证信息验证通过的情况下,发送指示所述用户认证信息验证通过的验证信息给所述认证辅助终端;保存所述第一动态密码;接收客户终端发送的第二动态密码,对所述客户终端发送的所述第二动态密码与保存的所述第一动态密码进行匹配,当所述客户终端发送的所述第二动态密码与保存的所述第一动态密码相匹配,授予所述客户终端访问云桌面的权限。In a second aspect, an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a cloud service terminal. The method includes: receiving user authentication information and a first dynamic password sent by an authentication assistant terminal; Carry out verification, and in the case that the verification of the user authentication information is passed, send verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; save the first dynamic password; receive the second dynamic password sent by the client terminal password, match the second dynamic password sent by the client terminal with the stored first dynamic password, and when the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the right to access the cloud desktop.
第三方面,本申请实施例提供了一种云桌面访问认证方法,应用于客户终端,所述客户终端连接有USB-Key,所述方法包括:从所述USB-Key获取用户认证信息;向认证辅助终端发送云桌面访问请求,其中,所述云桌面访问请求携带所述用户认证信息;根据预设的密码接收设备接收到的由所述认证辅助终端发送的第一动态密码,向云服务终端发送第二动态密码,以从所述云服务终端获取访问云桌面的权限。In a third aspect, an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a client terminal, where the client terminal is connected with a USB-Key, and the method includes: obtaining user authentication information from the USB-Key; The authentication assistant terminal sends a cloud desktop access request, wherein the cloud desktop access request carries the user authentication information; according to the preset password, the first dynamic password received by the device and sent by the authentication assistant terminal is sent to the cloud service The terminal sends the second dynamic password to obtain the permission to access the cloud desktop from the cloud service terminal.
第四方面,本申请实施例提供了一种电子设备,包括存储器、处理器及存储在存储器 上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现如上所述的云桌面访问认证方法的步骤。In a fourth aspect, an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implements the above-mentioned program when the processor executes the program The steps of the cloud desktop access authentication method.
第五方面,本申请实施例提供了一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令用于执行如上所述的云桌面访问认证方法的步骤。In a fifth aspect, an embodiment of the present application provides a computer-readable storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the steps of the cloud desktop access authentication method as described above.
本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本申请而了解。本申请的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the present application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the description, claims and drawings.
附图说明Description of drawings
附图用来提供对本申请技术方案的进一步理解,并且构成说明书的一部分,与本申请的实施例一起用于解释本申请的技术方案,并不构成对本申请技术方案的限制。The accompanying drawings are used to provide a further understanding of the technical solutions of the present application, and constitute a part of the specification. They are used to explain the technical solutions of the present application together with the embodiments of the present application, and do not constitute a limitation on the technical solutions of the present application.
图1是一种应用本申请实施例所提供的云桌面访问认证方法的系统架构图;FIG. 1 is a system architecture diagram of applying the cloud desktop access authentication method provided by an embodiment of the present application;
图2是本申请一实施例提供的云桌面访问认证方法的流程图;2 is a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application;
图3是本申请另一实施例提供的云桌面访问认证方法的流程图;3 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application;
图4是本申请另一实施例提供的云桌面访问认证方法的流程图;4 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application;
图5是本申请的一种云桌面访问认证方法的流程图。FIG. 5 is a flowchart of a cloud desktop access authentication method according to the present application.
图6是本申请实施例提供的一种电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.
应了解,在本申请实施例的描述中,如果有描述到“第一”、“第二”等只是用于区分技术特征为目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量或者隐含指明所指示的技术特征的先后关系。“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示单独存在A、同时存在A和B、单独存在B的情况。其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项”及其类似表达,是指的这些项中的任意组合,包括单项或复数项的任意组合。例如,a,b和c中的至少一项可以表示:a,b,c,a和b,a和c,b和c或a和b和c,其中a,b,c可以是单个,也可以是多个。It should be understood that in the description of the embodiments of the present application, if there is a description of "first", "second", etc., it is only for the purpose of distinguishing technical features, and should not be understood as indicating or implying relative importance or implicitly indicating that The number of indicated technical features or implicitly indicates the order of the indicated technical features. "At least one" means one or more, and "plurality" means two or more. "And/or", which describes the association relationship of the associated objects, indicates that there can be three kinds of relationships, for example, A and/or B, which can indicate the existence of A alone, the existence of A and B at the same time, and the existence of B alone. where A and B can be singular or plural. The character "/" generally indicates that the associated objects are an "or" relationship. "At least one of the following" and similar expressions refer to any combination of these items, including any combination of single or plural items. For example, at least one of a, b, and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, where a, b, c may be single, or Can be multiple.
此外,下面所描述的本申请各个实施方式中所涉及到的技术特征只要彼此之间未构成冲突就可以相互组合。In addition, the technical features involved in the various embodiments of the present application described below can be combined with each other as long as there is no conflict with each other.
云桌面是指在云服务终端中通过虚拟化技术生成虚拟计算机运行的操作系统和应用程序等资源,并能够远程提供给客户终端的用户界面。采用云桌面后,用户可以通过不同终端设备,在任何地点和任何时间通过网络登录云桌面,以访问存储在云端的资源。A cloud desktop refers to a cloud service terminal that generates resources such as operating systems and applications running on a virtual computer through virtualization technology, and can remotely provide a user interface to a client terminal. After adopting the cloud desktop, users can log in to the cloud desktop through the network at any place and at any time through different terminal devices to access the resources stored in the cloud.
目前,用户登录云桌面的流程,大概如下:首先用户在客户终端的浏览器中输入云服务终端(即云端服务器)的网址,打开云端服务器的登录页面;然后在上述登录页面中输入用户在该服务器中所注册的账号和密码,而云端服务器会对用户所输入的账号和密码进行认证,且在认证通过后,发送云端服务器的主页面至用户所在终端;其中,在上述云端服务器的主页面中,设有云桌面的登录链接;当用户点击该云桌面的登录链接时,云端服 务器会发送云桌面的登录页面至用户所在终端;而用户在云桌面的登录页面中输入已注册的云桌面账号和密码时,云桌面对该账号和密码进行权限认证;当认证通过后,云端服务器生成该用户具有权限的云桌面,且发送至该用户的客户终端。以上技术方案,用户身份信息的承载方式过于简单,很容易被他人获取;尽管进行了两次身份验证,但每次验证的信息相同,可靠性无法得到保障。At present, the process for a user to log in to the cloud desktop is roughly as follows: First, the user enters the URL of the cloud service terminal (ie, the cloud server) in the browser of the client terminal, and opens the login page of the cloud server; The account and password registered in the server, and the cloud server will authenticate the account and password entered by the user, and after the authentication is passed, send the main page of the cloud server to the terminal where the user is located; among them, the main page of the above cloud server There is a login link of the cloud desktop; when the user clicks the login link of the cloud desktop, the cloud server will send the login page of the cloud desktop to the user's terminal; and the user enters the registered cloud desktop in the login page of the cloud desktop When the account and password are entered, the cloud desktop performs authority authentication for the account and password; after the authentication is passed, the cloud server generates a cloud desktop that the user has the authority to, and sends it to the user's client terminal. In the above technical solution, the bearing method of user identity information is too simple, and it is easy to be obtained by others; although two authentications are performed, the information for each verification is the same, and the reliability cannot be guaranteed.
基于以上分析,本申请实施例提供一种云桌面访问认证方法、电子设备和计算机可读存储介质,用于提高云桌面的访问认证的安全性。Based on the above analysis, embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium, which are used to improve the security of cloud desktop access authentication.
图1示出了一种应用本申请实施例所提供的云桌面访问认证方法的系统架构图。该系统架构中包括客户终端、认证辅助终端和云服务终端,客户终端、认证辅助终端和云服务终端之间能进行通信交互。其中,认证辅助终端和云服务终端可以设置在云端,认证辅助终端和云服务终端可以是相互独立的服务器设备,也可以是设置在同一台服务器设备上的两个虚拟机。客户终端的设备形式可以是普通计算机、平板电脑、智能手机等,并且客户终端能够连接USB-Key设备。FIG. 1 shows a system architecture diagram of applying the cloud desktop access authentication method provided by the embodiment of the present application. The system architecture includes a client terminal, an authentication assistant terminal and a cloud service terminal, and communication and interaction can be performed between the client terminal, the authentication assistant terminal and the cloud service terminal. The authentication auxiliary terminal and the cloud service terminal may be set in the cloud, and the authentication auxiliary terminal and the cloud service terminal may be mutually independent server devices, or may be two virtual machines set on the same server device. The device form of the client terminal can be an ordinary computer, a tablet computer, a smart phone, etc., and the client terminal can be connected to a USB-Key device.
图2示出了本申请一实施例提供的云桌面访问认证方法的流程图。该方法应用于认证辅助终端,如图2所示,该方法包括如下步骤:FIG. 2 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application. The method is applied to the authentication auxiliary terminal, as shown in FIG. 2 , the method includes the following steps:
S110,接收客户终端的云桌面访问请求,云桌面访问请求携带由客户终端从USB-Key获取的用户认证信息。S110: Receive a cloud desktop access request from the client terminal, where the cloud desktop access request carries the user authentication information obtained by the client terminal from the USB-Key.
作为示例,用户需要登录云桌面进行访问时,将USB-Key插入客户终端,并在客户终端上点击云桌面的登录链接,在用户点击云桌面的登录链接时,客户终端从USB-Key获取用户认证信息,并将该用户认证信息封装进云桌面访问请求消息中,将携带有该用户认证信息的云桌面访问请求消息发送给认证辅助终端,以使认证辅助终端接收该云桌面访问请求,并将云桌面访问请求中携带的来自USB-Key的用户认证信息发送给云服务终端进行验证。As an example, when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal. When the user clicks the login link of the cloud desktop, the client terminal obtains the user from the USB-Key. authentication information, encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and Send the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
作为示例,步骤S110中的用户认证信息包括用户识别码,该用户识别码可以为字符串的形式,预先存储在USB-Key和云服务终端中,以进行匹配验证。As an example, the user authentication information in step S110 includes a user identification code, which may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
S120,根据云桌面访问请求生成第一动态密码,并将用户认证信息和第一动态密码发送给云服务终端,以使云服务终端对用户认证信息进行验证和保存第一动态密码。S120: Generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password.
作为示例,认证辅助终端接收到来自客户端的云桌面访问请求后,生成第一动态密码,并从云桌面访问请求提取出用户认证信息,将上述的第一动态密码和用户认证信息一并发送给云服务终端。云服务终端接收到来自认证辅助终端的第一动态密码和用户认证信息之后,保存对用户认证信息进行验证,并返回指示验证结果的验证信息给认证辅助终端。此外,云服务终端对上述的第一动态密码进行保存。As an example, after receiving the cloud desktop access request from the client, the authentication assistant terminal generates a first dynamic password, extracts user authentication information from the cloud desktop access request, and sends the above-mentioned first dynamic password and user authentication information together. Cloud service terminal. After receiving the first dynamic password and user authentication information from the authentication auxiliary terminal, the cloud service terminal saves and verifies the user authentication information, and returns the verification information indicating the verification result to the authentication auxiliary terminal. In addition, the cloud service terminal stores the above-mentioned first dynamic password.
应理解的是,第一动态密码可以是认证辅助终端随机生成的字符串,字符串可以包括数字、字母、符号中的一种或者多种。It should be understood that the first dynamic password may be a character string randomly generated by the authentication assistant terminal, and the character string may include one or more of numbers, letters, and symbols.
S130,接收云服务终端根据用户认证信息发送的验证信息。S130: Receive verification information sent by the cloud service terminal according to the user authentication information.
作为示例,认证辅助终端接收云服务终端发送的验证信息,该验证信息用于指示云服务终端对用户认证信息的验证结果。As an example, the authentication assistance terminal receives the verification information sent by the cloud service terminal, where the verification information is used to indicate the verification result of the user authentication information by the cloud service terminal.
S140,在验证信息指示用户认证信息验证通过的情况下,将第一动态密码发送给预设的密码接收设备,以使客户终端根据预设的密码接收设备接收到的第一动态密码从云服务终端获取访问云桌面的权限。S140, in the case that the verification information indicates that the verification of the user authentication information is passed, send the first dynamic password to the preset password receiving device, so that the client terminal receives the first dynamic password received by the device according to the preset password from the cloud service The terminal obtains the permission to access the cloud desktop.
作为示例,如果认证辅助终端接收到的来自云服务终端的验证信息指示用户认证信息验证通过,则将上述的第一动态密码发送给预设的密码接收设备。As an example, if the verification information received by the authentication assistant terminal from the cloud service terminal indicates that the verification of the user authentication information is passed, the above-mentioned first dynamic password is sent to the preset password receiving device.
其中,密码接收设备可以是用户预留的手机号对应的手机终端。例如,认证辅助终端在用户认证信息被云服务终端验证通过时,将第一动态密码发送给用户的手机终端,该手机终端的手机号码是用户注册时预留的,用户从该手机终端获取第一动态密码,然后在客户终端上输入与该第一动态密码相同的第二动态密码,客户终端将用户输入的第二动态密码发送给云服务终端,以使云服务终端将该第二动态密码与先前保存的第一动态密码进行匹配对比,若该第二动态密码与先前保存的第一动态密码相匹配,则授予客户终端访问云桌面的权限。The password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal. The mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal. a dynamic password, and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
在一些实施例中,在步骤S110之前,本申请实施例的方法还包括:接收客户终端发送的用户名和访问密码,对用户名和访问密码进行匹配;在用户名和访问密码相匹配的情况下,根据云桌面访问请求生成第一动态密码。In some embodiments, before step S110, the method of this embodiment of the present application further includes: receiving the user name and access password sent by the client terminal, and matching the user name and the access password; The cloud desktop access request generates a first dynamic password.
例如,用户在需要登录云桌面时,在客户终端的浏览器中输入云服务终端的网址,并通过已注册的用户名和访问密码登录云服务终端的访问页面;客户终端获取用户输入的用户名和访问密码,并发送给认证辅助终端,由认证辅助终端对该用户名和访问密码进行匹配,如果匹配,则允许用户登录云服务终端的访问页面;用户进入云服务终端的访问页面后点击云桌面的登录链接,以向认证辅助终端发送云桌面访问请求;认证辅助终端接收客户终端发送的云桌面访问请求,并根据云桌面访问请求生成第一动态密码;如果不匹配,可以返回指示拒绝云桌面访问请求的提示信息至客户终端。For example, when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user. The password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password. If they match, the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request The prompt information is sent to the client terminal.
当然,也可以是用户在客户终端的浏览器中输入云服务终端的网址直接进入云服务终端的访问页面,在该访问页面中设置用于输入用户名和访问密码的登录框,登录框中设置云桌面登录链接按钮,用户在登录框输入用户名和访问密码后点击登录链接按钮,以发送云桌面访问请求给认证辅助终端;客户终端获取该用户的用户名和访问密码,并将用户名、访问密码与用户认证信息一并封装至云桌面访问请求中以发送给认证辅助终端,认证辅助终端对该用户名和访问密码进行匹配,如果匹配,则根据云桌面访问请求生成第一动态密码;如果不匹配,可以返回指示拒绝云桌面访问请求的提示信息至客户终端。Of course, it is also possible that the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box. Desktop login link button, the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the The user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal. The authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
在一些实施例中,在步骤S140之后,本申请实施例的方法还包括:当将第一动态密码发送给客户终端,对第一动态密码进行注销,以避免第一动态密码被盗取或重复使用。In some embodiments, after step S140, the method of this embodiment of the present application further includes: when the first dynamic password is sent to the client terminal, canceling the first dynamic password to avoid the first dynamic password from being stolen or repeated use.
图3示出了本申请一实施例提供的云桌面访问认证方法的流程图。该方法应用于云服务终端,如图3所示,该方法包括如下步骤:FIG. 3 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application. The method is applied to a cloud service terminal, as shown in Figure 3, the method includes the following steps:
S210,接收认证辅助终端发送的用户认证信息和第一动态密码。S210: Receive user authentication information and a first dynamic password sent by the authentication assistant terminal.
作为示例,用户需要登录云桌面进行访问时,将USB-Key插入客户终端,并在客户终端上点击云桌面的登录链接,在用户点击云桌面的登录链接时,客户终端从USB-Key获取用户认证信息,并将该用户认证信息封装进云桌面访问请求消息中,将携带有该用户认证信息的云桌面访问请求消息发送给认证辅助终端,以使认证辅助终端接收该云桌面访问请求,并由认证辅助终端将云桌面访问请求中携带的来自USB-Key的用户认证信息发送给云服务终端进行验证。As an example, when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal. When the user clicks the login link of the cloud desktop, the client terminal obtains the user from the USB-Key. authentication information, encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and The authentication assistant terminal sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
S220,对用户认证信息进行验证,在用户认证信息验证通过的情况下,发送指示用户认证信息验证通过的验证信息给认证辅助终端。S220: Verify the user authentication information, and send verification information indicating that the user authentication information is verified to be passed to the authentication assistant terminal in the case that the user authentication information is verified successfully.
作为示例,云服务终端接收到认证辅助终端发送的用户认证信息后,在本地查找与该 用户认证信息匹配的预存用户认证信息;若查找到匹配的预存用户认证信息,表示认证辅助终端发送的用户认证信息验证通过,云服务终端返回指示用户认证信息验证通过的验证信息给认证辅助终端;若查找不到匹配的预存用户认证信息,表示认证辅助终端发送的用户认证信息验证失败,云服务终端向认证辅助终端返回指示用户认证信息验证失败的验证信息给认证辅助终端。As an example, after receiving the user authentication information sent by the authentication assistance terminal, the cloud service terminal searches locally for pre-stored user authentication information that matches the user authentication information; if it finds matching pre-stored user authentication information, it means that the user authentication information sent by the authentication assistance terminal If the verification of the authentication information is passed, the cloud service terminal returns the verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; if no matching pre-stored user authentication information is found, it means that the verification of the user authentication information sent by the authentication auxiliary terminal fails, and the cloud service terminal sends the verification information to the auxiliary terminal. The authentication assistant terminal returns verification information indicating that the verification of the user authentication information fails to the authentication assistant terminal.
S230,保存第一动态密码。S230, save the first dynamic password.
作为示例,云服务终端在确定用户认证信息验证通过时,保存认证辅助终端发送的第一动态密码,以用于后续步骤中对客户终端发送的第二动态密码进行验证。As an example, when the cloud service terminal determines that the verification of the user authentication information is passed, the cloud service terminal saves the first dynamic password sent by the authentication assistant terminal for verifying the second dynamic password sent by the client terminal in the subsequent steps.
S240,接收客户终端发送的第二动态密码,对客户终端发送的第二动态密码与保存的第一动态密码进行匹配,当客户终端发送的第二动态密码与保存的第一动态密码相匹配,授予客户终端访问云桌面的权限。S240: Receive the second dynamic password sent by the client terminal, and match the second dynamic password sent by the client terminal with the stored first dynamic password. When the second dynamic password sent by the client terminal matches the stored first dynamic password, Grant the client terminal the permission to access the cloud desktop.
作为示例,认证辅助终端接收到来自云服务终端的指示用户认证信息验证通过的验证信息之后,则将第一动态密码发送给预设的密码接收设备。其中,密码接收设备可以是用户预留的手机号对应的手机终端。例如,认证辅助终端在用户认证信息被云服务终端验证通过时,将第一动态密码发送给用户的手机终端,该手机终端的手机号码是用户注册时预留的,用户从该手机终端获取第一动态密码,然后在客户终端上输入与该第一动态密码相同的第二动态密码,客户终端将用户输入的第二动态密码发送给云服务终端。As an example, after receiving the verification information from the cloud service terminal indicating that the verification of the user authentication information is passed, the authentication assistant terminal sends the first dynamic password to the preset password receiving device. The password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal. The mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal. a dynamic password, and then input a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password input by the user to the cloud service terminal.
云服务终端接收到客户终端发送的第二动态密码后,将该第二动态密码与先前保存的第一动态密码进行匹配对比,如果该第二动态密码与先前保存的第一动态密码相匹配,则授予客户终端访问云桌面的权限;如果该第二动态密码与先前保存的第一动态密码匹配失败,则返回访问云桌面权限认证失败的指示信息给客户终端。After receiving the second dynamic password sent by the client terminal, the cloud service terminal matches and compares the second dynamic password with the previously saved first dynamic password. If the second dynamic password matches the previously saved first dynamic password, The client terminal is granted the permission to access the cloud desktop; if the second dynamic password fails to match the previously saved first dynamic password, an indication message indicating that the authentication of the permission to access the cloud desktop fails is returned to the client terminal.
图4示出了本申请一实施例提供的云桌面访问认证方法的流程图。该方法应用于客户终端,该客户终端链接有USB-Key,如图4所示,该方法包括如下步骤:FIG. 4 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application. The method is applied to a client terminal, and the client terminal is linked with a USB-Key, as shown in FIG. 4 , the method includes the following steps:
S310,从USB-Key获取用户认证信息。S310, obtain user authentication information from the USB-Key.
作为示例,用户需要登录云桌面进行访问时,将USB-Key插入客户终端,并在客户终端上点击云桌面的登录链接,在用户点击云桌面的登录链接时,客户终端从USB-Key获取用户认证信息。As an example, when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal. When the user clicks the login link of the cloud desktop, the client terminal obtains the user from the USB-Key. Certification Information.
S320,向认证辅助终端发送云桌面访问请求,其中,云桌面访问请求携带用户认证信息。S320: Send a cloud desktop access request to the authentication assistant terminal, where the cloud desktop access request carries user authentication information.
作为示例,在用户点击云桌面的登录链接时,客户终端生成云桌面访问请求消息,并将从USB-Key获取的用户认证信息封装进云桌面访问请求消息中;客户终端将携带有该用户认证信息的云桌面访问请求消息发送给认证辅助终端,以使认证辅助终端接收该云桌面访问请求,并将云桌面访问请求中携带的来自USB-Key的用户认证信息发送给云服务终端进行验证。As an example, when the user clicks the login link of the cloud desktop, the client terminal generates a cloud desktop access request message, and encapsulates the user authentication information obtained from the USB-Key into the cloud desktop access request message; the client terminal will carry the user authentication information The cloud desktop access request message of the information is sent to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
S330,根据预设的密码接收设备接收到的由认证辅助终端发送的第一动态密码,向云服务终端发送第二动态密码,以从云服务终端获取访问云桌面的权限。S330: Send a second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device, so as to obtain the permission to access the cloud desktop from the cloud service terminal.
作为示例,认证辅助终端会根据客户终端的云桌面访问请求,生成第一动态密码,并将第一动态密码以及用户认证信息发送给云服务终端;云服务终端对用户认证信息进行验证,若验证通过,保存该第一动态密码,并返回指示用户认证信息验证通过的验证信息给认证辅助终端;认证辅助终端根据该验证信息确定用户认证信息验证通过后,将之前生成 的第一动态密码发送给用户预设的密码接收设备。其中,密码接收设备可以是用户预留的手机号对应的手机终端。例如,认证辅助终端在用户认证信息被云服务终端验证通过时,将第一动态密码发送给用户的手机终端,该手机终端的手机号码是用户注册时预留的,用户从该手机终端获取第一动态密码,然后在客户终端上输入与该第一动态密码相同的第二动态密码,客户终端将用户输入的第二动态密码发送给云服务终端,以使云服务终端将该第二动态密码与先前保存的第一动态密码进行匹配对比,若该第二动态密码与先前保存的第一动态密码相匹配,则授予客户终端访问云桌面的权限。As an example, the authentication assistant terminal will generate a first dynamic password according to the cloud desktop access request of the client terminal, and send the first dynamic password and the user authentication information to the cloud service terminal; the cloud service terminal verifies the user authentication information, if the verification Pass, save the first dynamic password, and return the verification information indicating that the user authentication information has passed the verification to the authentication assistant terminal; after the verification assistant terminal determines that the user authentication information has passed the verification according to the verification information, it sends the previously generated first dynamic password to the authentication assistant terminal. User preset password receiving device. The password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal. The mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal. a dynamic password, and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
在一些实施例中,本申请实施例的方法还包括:获取用户输入的用户名和访问密码,将用户名和访问密码发送给认证辅助终端,以使认证辅助终端在用户名和访问密码相匹配的情况下根据云桌面访问请求生成第一动态密码。In some embodiments, the method of this embodiment of the present application further includes: acquiring a user name and an access password input by a user, and sending the user name and access password to the authentication assistant terminal, so that the authentication assistant terminal can match the user name and the access password when the user name and the access password match. A first dynamic password is generated according to the cloud desktop access request.
例如,用户在需要登录云桌面时,在客户终端的浏览器中输入云服务终端的网址,并通过已注册的用户名和访问密码登录云服务终端的访问页面;客户终端获取用户输入的用户名和访问密码,并发送给认证辅助终端,由认证辅助终端对该用户名和访问密码进行匹配,如果匹配,则允许用户登录云服务终端的访问页面;用户进入云服务终端的访问页面后点击云桌面的登录链接,以向认证辅助终端发送云桌面访问请求;认证辅助终端接收客户终端发送的云桌面访问请求,并根据云桌面访问请求生成第一动态密码;如果不匹配,可以返回指示拒绝云桌面访问请求的提示信息至客户终端。For example, when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user. The password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password. If they match, the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request The prompt information is sent to the client terminal.
当然,也可以是用户在客户终端的浏览器中输入云服务终端的网址直接进入云服务终端的访问页面,在该访问页面中设置用于输入用户名和访问密码的登录框,登录框中设置云桌面登录链接按钮,用户在登录框输入用户名和访问密码后点击登录链接按钮,以发送云桌面访问请求给认证辅助终端;客户终端获取该用户的用户名和访问密码,并将用户名、访问密码与用户认证信息一并封装至云桌面访问请求中以发送给认证辅助终端,认证辅助终端对该用户名和访问密码进行匹配,如果匹配,则根据云桌面访问请求生成第一动态密码;如果不匹配,可以返回指示拒绝云桌面访问请求的提示信息至客户终端。Of course, it is also possible that the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box. Desktop login link button, the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the The user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal. The authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
在一些实施例中,用户认证信息包括用户识别码,该用户识别码可以为字符串的形式,预先存储在USB-Key和云服务终端中,以进行匹配验证。In some embodiments, the user authentication information includes a user identification code, and the user identification code may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
如图5所示,为了便于理解本申请实施例的方法,以下通过具体的示例进一步介绍本申请实施例提供的云桌面访问认证方法。As shown in FIG. 5 , in order to facilitate understanding of the method of the embodiment of the present application, the following describes the cloud desktop access authentication method provided by the embodiment of the present application through a specific example.
S410,客户终端从USB-Key获取用户认证信息;S410, the client terminal obtains user authentication information from the USB-Key;
S420,客户终端向认证辅助终端发送云桌面访问请求,其中,云桌面访问请求携带用户认证信息;S420, the client terminal sends a cloud desktop access request to the authentication assistant terminal, wherein the cloud desktop access request carries user authentication information;
S430,认证辅助终端接收客户终端的云桌面访问请求,根据云桌面访问请求生成第一动态密码,并将用户认证信息和第一动态密码发送给云服务终端;S430, the authentication assistant terminal receives the cloud desktop access request from the client terminal, generates a first dynamic password according to the cloud desktop access request, and sends the user authentication information and the first dynamic password to the cloud service terminal;
S440,云服务终端接收认证辅助终端发送的用户认证信息和第一动态密码,对用户认证信息进行验证,在用户认证信息验证通过的情况下,发送指示用户认证信息验证通过的验证信息给认证辅助终端;S440: The cloud service terminal receives the user authentication information and the first dynamic password sent by the authentication assistant terminal, verifies the user authentication information, and sends verification information indicating that the user authentication information has passed the verification to the authentication assistant if the user authentication information is verified successfully. terminal;
S450,认证辅助终端接收云服务终端根据用户认证信息发送的验证信息,在验证信息指示用户认证信息验证通过的情况下,将第一动态密码发送给预设的密码接收设备;S450, the authentication auxiliary terminal receives the verification information sent by the cloud service terminal according to the user authentication information, and sends the first dynamic password to a preset password receiving device in the case that the verification information indicates that the user authentication information is verified successfully;
S460,客户终端根据预设的密码接收设备接收到的由认证辅助终端发送的第一动态密码,向云服务终端发送第二动态密码;S460, the client terminal sends the second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device;
S470,云服务终端接收客户终端发送的第二动态密码,对客户终端发送的第二动态密码与保存的第一动态密码进行匹配,当客户终端发送的第二动态密码与保存的第一动态密码相匹配,授予客户终端访问云桌面的权限。S470: The cloud service terminal receives the second dynamic password sent by the client terminal, and matches the second dynamic password sent by the client terminal with the stored first dynamic password. When the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the permission to access the cloud desktop.
本申请实施例的方案,一方面,基于安全性极高的USB-Key用户认证信息来验证当前操作客户端的操作用户的身份,进而确定操作用户是否具有访问云桌面的权限,有效地避免用户账号被盗的情况发生;另一方面,在USB-Key的用户认证信息通过验证的情况下,发送动态密码至预设的密码接收设备,以通过动态密码进一步验证操作用户的身份,如此通过双重验证的方式大大提高了云桌面访问认证的安全性。The solution of the embodiment of the present application, on the one hand, verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts On the other hand, when the user authentication information of the USB-Key is verified, the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
进一步可以理解的是,在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。It can be further understood that, in the foregoing embodiments, the description of each embodiment has its own emphasis, and for parts that are not described or described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
图6示出了本申请实施例提供的电子设备600。如图6所示,该电子设备600包括但不限于:FIG. 6 shows an electronic device 600 provided by an embodiment of the present application. As shown in FIG. 6 , the electronic device 600 includes but is not limited to:
存储器601,用于存储程序;a memory 601 for storing programs;
处理器602,用于执行存储器601存储的程序,当处理器602执行存储器601存储的程序时,处理器602用于执行上述的云桌面访问认证方法。The processor 602 is configured to execute the program stored in the memory 601. When the processor 602 executes the program stored in the memory 601, the processor 602 is configured to execute the above-mentioned cloud desktop access authentication method.
处理器602和存储器601可以通过总线或者其他方式连接。The processor 602 and the memory 601 may be connected by a bus or otherwise.
存储器601作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序以及非暂态性计算机可执行程序,如本申请任意实施例描述的云桌面访问认证方法。处理器602通过运行存储在存储器601中的非暂态软件程序以及指令,从而实现上述的云桌面访问认证方法。As a non-transitory computer-readable storage medium, the memory 601 can be used to store non-transitory software programs and non-transitory computer-executable programs, such as the cloud desktop access authentication method described in any embodiment of this application. The processor 602 implements the above-mentioned cloud desktop access authentication method by running the non-transitory software programs and instructions stored in the memory 601 .
存储器601可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储执行上述的云桌面访问认证方法。此外,存储器601可以包括高速随机存取存储器,还可以包括非暂态存储器,比如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施方式中,存储器601可包括相对于处理器602远程设置的存储器,这些远程存储器可以通过网络连接至该处理器602。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 601 may include a stored program area and a stored data area, wherein the stored program area may store an operating system and an application program required by at least one function; the storage data area may store and execute the above-mentioned cloud desktop access authentication method. Additionally, memory 601 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 601 may include memory located remotely from processor 602, which may be connected to processor 602 through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
实现上述的云桌面访问认证方法所需的非暂态软件程序以及指令存储在存储器601中,当被一个或者多个处理器602执行时,执行本申请任意实施例提供的云桌面访问认证方法。The non-transitory software programs and instructions required to implement the above-mentioned cloud desktop access authentication method are stored in the memory 601, and when executed by one or more processors 602, execute the cloud desktop access authentication method provided by any embodiment of the present application.
本申请实施例还提供了一种存储介质,存储有计算机可执行指令,计算机可执行指令用于执行上述的云桌面访问认证方法。Embodiments of the present application further provide a storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the above-mentioned cloud desktop access authentication method.
在一实施例中,该存储介质存储有计算机可执行指令,该计算机可执行指令被一个或多个控制处理器602执行,比如,被上述电子设备600中的一个处理器602执行,可使得上述一个或多个处理器602执行本申请任意实施例提供的云桌面访问认证方法。In one embodiment, the storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more control processors 602, for example, by a processor 602 in the electronic device 600 described above, so that the above One or more processors 602 execute the cloud desktop access authentication method provided by any embodiment of the present application.
本申请实施例包括:接收客户终端的云桌面访问请求,所述云桌面访问请求携带由所述客户终端从USB-Key获取的用户认证信息;根据所述云桌面访问请求生成第一动态密码,并将所述用户认证信息和所述第一动态密码发送给云服务终端,以使所述云服务终端对所述用户认证信息进行验证和保存所述第一动态密码;接收所述云服务终端根据所述用户认证信息发送的验证信息;在所述验证信息指示所述用户认证信息验证通过的情况下,将所述第一动态密码发送给预设的密码接收设备,以使所述客户终端根据所述预设的密码接收 设备接收到的所述第一动态密码从所述云服务终端获取访问云桌面的权限。本申请实施例的方案,一方面,基于安全性极高的USB-Key用户认证信息来验证当前操作客户端的操作用户的身份,进而确定操作用户是否具有访问云桌面的权限,有效地避免用户账号被盗的情况发生;另一方面,在USB-Key的用户认证信息通过验证的情况下,发送动态密码至预设的密码接收设备,以通过动态密码进一步验证操作用户的身份,如此通过双重验证的方式大大提高了云桌面访问认证的安全性。The embodiments of the present application include: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request carries user authentication information obtained by the client terminal from a USB-Key; generating a first dynamic password according to the cloud desktop access request, Send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password; receives the cloud service terminal The verification information sent according to the user authentication information; if the verification information indicates that the verification of the user authentication information is passed, the first dynamic password is sent to a preset password receiving device, so that the client terminal The permission to access the cloud desktop is acquired from the cloud service terminal according to the first dynamic password received by the preset password receiving device. The solution of the embodiment of the present application, on the one hand, verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts On the other hand, when the user authentication information of the USB-Key is verified, the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
以上所描述的实施例仅仅是示意性的,其中作为分离部件说明的单元可以是或者也可以不是物理上分开的,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The above-described embodiments are only illustrative, and the units described as separate components may or may not be physically separated, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统可以被实施为软件、固件、硬件及其适当的组合。某些物理组件或所有物理组件可以被实施为由处理器,如中央处理器、数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包括计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。Those of ordinary skill in the art can understand that all or some of the steps and systems in the methods disclosed above can be implemented as software, firmware, hardware, and appropriate combinations thereof. Some or all physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit . Such software may be distributed on computer-readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules or other data flexible, removable and non-removable media. Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer. In addition, communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .
以上是对本申请的一些实施进行了具体说明,但本申请并不局限于上述实施方式,熟悉本领域的技术人员在不违背本申请精神的。共享条件下还可作出种种等同的变形或替换,这些等同的变形或替换均包括在本申请权利要求所限定的范围内。The above is a specific description of some implementations of the present application, but the present application is not limited to the above-mentioned embodiments, and those skilled in the art will not violate the spirit of the present application. Various equivalent modifications or substitutions can also be made under the shared conditions, and these equivalent modifications or substitutions are all included within the scope defined by the claims of the present application.

Claims (10)

  1. 一种云桌面访问认证方法,应用于认证辅助终端,所述方法包括:A cloud desktop access authentication method, applied to an authentication auxiliary terminal, the method comprising:
    接收客户终端的云桌面访问请求,所述云桌面访问请求携带由所述客户终端从USB-Key获取的用户认证信息;receiving a cloud desktop access request from a client terminal, where the cloud desktop access request carries the user authentication information obtained by the client terminal from the USB-Key;
    根据所述云桌面访问请求生成第一动态密码,并将所述用户认证信息和所述第一动态密码发送给云服务终端,以使所述云服务终端对所述用户认证信息进行验证和保存所述第一动态密码;Generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies and saves the user authentication information the first dynamic password;
    接收所述云服务终端根据所述用户认证信息发送的验证信息;receiving the verification information sent by the cloud service terminal according to the user authentication information;
    在所述验证信息指示所述用户认证信息验证通过的情况下,将所述第一动态密码发送给预设的密码接收设备,以使所述客户终端根据所述预设的密码接收设备接收到的所述第一动态密码从所述云服务终端获取访问云桌面的权限。In the case that the verification information indicates that the verification of the user authentication information is passed, the first dynamic password is sent to a preset password receiving device, so that the client terminal receives the password according to the preset password receiving device. The first dynamic password obtains the permission to access the cloud desktop from the cloud service terminal.
  2. 根据权利要求1所述的方法,还包括:The method of claim 1, further comprising:
    接收所述客户终端发送的用户名和访问密码,对所述用户名和所述访问密码进行匹配;Receive the user name and the access password sent by the client terminal, and match the user name and the access password;
    在所述用户名和所述访问密码相匹配的情况下,根据所述云桌面访问请求生成所述第一动态密码。In the case that the user name and the access password match, the first dynamic password is generated according to the cloud desktop access request.
  3. 根据权利要求1所述的方法,还包括:当将所述第一动态密码发送给所述客户终端,对所述第一动态密码进行注销。The method according to claim 1, further comprising: when the first dynamic password is sent to the client terminal, logging out the first dynamic password.
  4. 根据权利要求1所述的方法,其中,所述用户认证信息包括存储在所述USB-Key中的用户识别码。The method of claim 1, wherein the user authentication information includes a user identification code stored in the USB-Key.
  5. 一种云桌面访问认证方法,应用于云服务终端,所述方法包括:A cloud desktop access authentication method, applied to a cloud service terminal, the method comprising:
    接收认证辅助终端发送的用户认证信息和第一动态密码;receiving the user authentication information and the first dynamic password sent by the authentication assistant terminal;
    对所述用户认证信息进行验证,在所述用户认证信息验证通过的情况下,发送指示所述用户认证信息验证通过的验证信息给所述认证辅助终端;Verifying the user authentication information, and sending verification information indicating that the user authentication information has passed the verification to the authentication assistant terminal in the case that the user authentication information is verified successfully;
    保存所述第一动态密码;save the first dynamic password;
    接收客户终端发送的第二动态密码,对所述客户终端发送的所述第二动态密码与保存的所述第一动态密码进行匹配,当所述客户终端发送的所述第二动态密码与保存的所述第一动态密码相匹配,授予所述客户终端访问云桌面的权限。Receive the second dynamic password sent by the client terminal, and match the second dynamic password sent by the client terminal with the stored first dynamic password, and when the second dynamic password sent by the client terminal matches the stored first dynamic password The first dynamic password of the client terminal is matched, and the client terminal is granted the permission to access the cloud desktop.
  6. 一种云桌面访问认证方法,应用于客户终端,所述客户终端连接有USB-Key,所述方法包括:A cloud desktop access authentication method is applied to a client terminal, wherein the client terminal is connected with a USB-Key, and the method includes:
    从所述USB-Key获取用户认证信息;Obtain user authentication information from the USB-Key;
    向认证辅助终端发送云桌面访问请求,其中,所述云桌面访问请求携带所述用户认证信息;sending a cloud desktop access request to the authentication assistant terminal, wherein the cloud desktop access request carries the user authentication information;
    根据预设的密码接收设备接收到的由所述认证辅助终端发送的第一动态密码,向云服务终端发送第二动态密码,以从所述云服务终端获取访问云桌面的权限。According to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device, the second dynamic password is sent to the cloud service terminal, so as to obtain the permission to access the cloud desktop from the cloud service terminal.
  7. 根据权利要求6所述的云桌面访问认证方法,其中,还包括:The cloud desktop access authentication method according to claim 6, further comprising:
    获取用户输入的用户名和访问密码,将所述用户名和所述访问密码发送给所述认证辅助终端,以使所述认证辅助终端在所述用户名和所述访问密码相匹配的情况下根据所述云桌面访问请求生成所述第一动态密码。Obtain the user name and access password input by the user, and send the user name and the access password to the authentication auxiliary terminal, so that the authentication auxiliary terminal can perform the authentication according to the The cloud desktop access request generates the first dynamic password.
  8. 根据权利要求6所述的云桌面访问认证方法,其中,所述用户认证信息包括存储在所述USB-Key中的用户识别码。The cloud desktop access authentication method according to claim 6, wherein the user authentication information includes a user identification code stored in the USB-Key.
  9. 一种电子设备,包括:存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其中,所述处理器执行所述计算机程序时实现如权利要求1至8中任一项所述的方法。An electronic device, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements any one of claims 1 to 8 when the processor executes the computer program the method described.
  10. 一种计算机可读存储介质,存储有计算机可执行指令,其中,所述计算机可执行指令用于执行如权利要求1至8中任一项所述的方法。A computer-readable storage medium storing computer-executable instructions for performing the method of any one of claims 1 to 8.
PCT/CN2021/114159 2020-08-24 2021-08-23 Cloud desktop access authentication method, electronic device, and computer readable storage medium WO2022042504A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010856614.5A CN114091002A (en) 2020-08-24 2020-08-24 Cloud desktop access authentication method, electronic device and computer-readable storage medium
CN202010856614.5 2020-08-24

Publications (1)

Publication Number Publication Date
WO2022042504A1 true WO2022042504A1 (en) 2022-03-03

Family

ID=80295457

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/114159 WO2022042504A1 (en) 2020-08-24 2021-08-23 Cloud desktop access authentication method, electronic device, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN114091002A (en)
WO (1) WO2022042504A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187362A (en) * 2014-06-23 2015-12-23 中兴通讯股份有限公司 Method and device for connection authentication between desktop cloud client and server-side
CN106331003A (en) * 2015-06-23 2017-01-11 中国移动通信集团重庆有限公司 Method and device for accessing application portal system on cloud desktop
CN107332808A (en) * 2016-04-29 2017-11-07 中兴通讯股份有限公司 A kind of method, server and the terminal of the certification of cloud desktop
CN111177686A (en) * 2019-12-31 2020-05-19 华为技术有限公司 Identity authentication method, device and related equipment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187362A (en) * 2014-06-23 2015-12-23 中兴通讯股份有限公司 Method and device for connection authentication between desktop cloud client and server-side
CN106331003A (en) * 2015-06-23 2017-01-11 中国移动通信集团重庆有限公司 Method and device for accessing application portal system on cloud desktop
CN107332808A (en) * 2016-04-29 2017-11-07 中兴通讯股份有限公司 A kind of method, server and the terminal of the certification of cloud desktop
CN111177686A (en) * 2019-12-31 2020-05-19 华为技术有限公司 Identity authentication method, device and related equipment

Also Published As

Publication number Publication date
CN114091002A (en) 2022-02-25

Similar Documents

Publication Publication Date Title
US9954855B2 (en) Login method and apparatus, and open platform system
CN106375270B (en) Token generation and authentication method and authentication server
US20180324170A1 (en) Method and apparatus for allocating device identifiers
CN106779716B (en) Authentication method, device and system based on block chain account address
JP6468013B2 (en) Authentication system, service providing apparatus, authentication apparatus, authentication method, and program
WO2015143855A1 (en) Method, apparatus and system for accessing data resources
TW201543254A (en) Method, apparatus, and system for managing user accounts in the event of conflicting login names
KR960035299A (en) A method for managing communication between a remote user and an application server, a subject authentication method for a remote user, a network and a program storage device providing a distributed computer environment
US8650405B1 (en) Authentication using dynamic, client information based PIN
US20150149766A1 (en) System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications
US10038685B2 (en) Service request authentication method and apparatus
CN109257321B (en) Secure login method and device
CN109005142B (en) Website security detection method, device, system, computer equipment and storage medium
WO2020181809A1 (en) Data processing method and system based on interface checking, and computer device
US20180212954A1 (en) Information registration and authentication method and device
CN109684873B (en) Data access control method and device, computer equipment and storage medium
WO2019140790A1 (en) Service tracking method and apparatus, terminal device, and storage medium
JP2007280393A (en) Device and method for controlling computer login
US20180218133A1 (en) Electronic document access validation
CN113132402A (en) Single sign-on method and system
CN114157434A (en) Login verification method and device, electronic equipment and storage medium
CN109829321B (en) Method, device, equipment and storage medium for authenticating identity
US20150101059A1 (en) Application License Verification
US11075922B2 (en) Decentralized method of tracking user login status
CN116996305A (en) Multi-level security authentication method, system, equipment, storage medium and entry gateway

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21860339

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21860339

Country of ref document: EP

Kind code of ref document: A1