WO2022042504A1 - Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur - Google Patents

Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur Download PDF

Info

Publication number
WO2022042504A1
WO2022042504A1 PCT/CN2021/114159 CN2021114159W WO2022042504A1 WO 2022042504 A1 WO2022042504 A1 WO 2022042504A1 CN 2021114159 W CN2021114159 W CN 2021114159W WO 2022042504 A1 WO2022042504 A1 WO 2022042504A1
Authority
WO
WIPO (PCT)
Prior art keywords
dynamic password
terminal
cloud desktop
user
password
Prior art date
Application number
PCT/CN2021/114159
Other languages
English (en)
Chinese (zh)
Inventor
谢迪
管天云
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2022042504A1 publication Critical patent/WO2022042504A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • G06F21/1078Logging; Metering
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/451Execution arrangements for user interfaces
    • G06F9/452Remote windowing, e.g. X-Window System, desktop virtualisation

Definitions

  • the present application relates to the technical field of cloud terminals, and in particular to a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
  • Embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
  • an embodiment of the present application provides a cloud desktop access authentication method, which is applied to an authentication auxiliary terminal.
  • the method includes: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request is carried by the client terminal.
  • User authentication information obtained from the USB-Key; generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal Verifying the user authentication information and saving the first dynamic password; receiving the verification information sent by the cloud service terminal according to the user authentication information; in the case that the verification information indicates that the user authentication information has passed the verification , sending the first dynamic password to a preset password receiving device, so that the client terminal obtains access to the cloud from the cloud service terminal according to the first dynamic password received by the preset password receiving device desktop permissions.
  • an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a cloud service terminal.
  • the method includes: receiving user authentication information and a first dynamic password sent by an authentication assistant terminal; Carry out verification, and in the case that the verification of the user authentication information is passed, send verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; save the first dynamic password; receive the second dynamic password sent by the client terminal password, match the second dynamic password sent by the client terminal with the stored first dynamic password, and when the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the right to access the cloud desktop.
  • an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a client terminal, where the client terminal is connected with a USB-Key, and the method includes: obtaining user authentication information from the USB-Key; The authentication assistant terminal sends a cloud desktop access request, wherein the cloud desktop access request carries the user authentication information; according to the preset password, the first dynamic password received by the device and sent by the authentication assistant terminal is sent to the cloud service The terminal sends the second dynamic password to obtain the permission to access the cloud desktop from the cloud service terminal.
  • an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implements the above-mentioned program when the processor executes the program The steps of the cloud desktop access authentication method.
  • an embodiment of the present application provides a computer-readable storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the steps of the cloud desktop access authentication method as described above.
  • FIG. 1 is a system architecture diagram of applying the cloud desktop access authentication method provided by an embodiment of the present application
  • FIG. 2 is a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application
  • FIG. 3 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application.
  • FIG. 4 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application.
  • FIG. 5 is a flowchart of a cloud desktop access authentication method according to the present application.
  • FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
  • a, b, and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, where a, b, c may be single, or Can be multiple.
  • a cloud desktop refers to a cloud service terminal that generates resources such as operating systems and applications running on a virtual computer through virtualization technology, and can remotely provide a user interface to a client terminal. After adopting the cloud desktop, users can log in to the cloud desktop through the network at any place and at any time through different terminal devices to access the resources stored in the cloud.
  • the process for a user to log in to the cloud desktop is roughly as follows: First, the user enters the URL of the cloud service terminal (ie, the cloud server) in the browser of the client terminal, and opens the login page of the cloud server; The account and password registered in the server, and the cloud server will authenticate the account and password entered by the user, and after the authentication is passed, send the main page of the cloud server to the terminal where the user is located; among them, the main page of the above cloud server There is a login link of the cloud desktop; when the user clicks the login link of the cloud desktop, the cloud server will send the login page of the cloud desktop to the user's terminal; and the user enters the registered cloud desktop in the login page of the cloud desktop When the account and password are entered, the cloud desktop performs authority authentication for the account and password; after the authentication is passed, the cloud server generates a cloud desktop that the user has the authority to, and sends it to the user's client terminal.
  • the bearing method of user identity information is too simple, and it
  • embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium, which are used to improve the security of cloud desktop access authentication.
  • FIG. 1 shows a system architecture diagram of applying the cloud desktop access authentication method provided by the embodiment of the present application.
  • the system architecture includes a client terminal, an authentication assistant terminal and a cloud service terminal, and communication and interaction can be performed between the client terminal, the authentication assistant terminal and the cloud service terminal.
  • the authentication auxiliary terminal and the cloud service terminal may be set in the cloud, and the authentication auxiliary terminal and the cloud service terminal may be mutually independent server devices, or may be two virtual machines set on the same server device.
  • the device form of the client terminal can be an ordinary computer, a tablet computer, a smart phone, etc., and the client terminal can be connected to a USB-Key device.
  • FIG. 2 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
  • the method is applied to the authentication auxiliary terminal, as shown in FIG. 2 , the method includes the following steps:
  • S110 Receive a cloud desktop access request from the client terminal, where the cloud desktop access request carries the user authentication information obtained by the client terminal from the USB-Key.
  • the client terminal when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal.
  • the client terminal obtains the user from the USB-Key.
  • authentication information encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and Send the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
  • the user authentication information in step S110 includes a user identification code, which may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
  • S120 Generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password.
  • the authentication assistant terminal After receiving the cloud desktop access request from the client, the authentication assistant terminal generates a first dynamic password, extracts user authentication information from the cloud desktop access request, and sends the above-mentioned first dynamic password and user authentication information together.
  • Cloud service terminal After receiving the first dynamic password and user authentication information from the authentication auxiliary terminal, the cloud service terminal saves and verifies the user authentication information, and returns the verification information indicating the verification result to the authentication auxiliary terminal. In addition, the cloud service terminal stores the above-mentioned first dynamic password.
  • the first dynamic password may be a character string randomly generated by the authentication assistant terminal, and the character string may include one or more of numbers, letters, and symbols.
  • S130 Receive verification information sent by the cloud service terminal according to the user authentication information.
  • the authentication assistance terminal receives the verification information sent by the cloud service terminal, where the verification information is used to indicate the verification result of the user authentication information by the cloud service terminal.
  • S140 in the case that the verification information indicates that the verification of the user authentication information is passed, send the first dynamic password to the preset password receiving device, so that the client terminal receives the first dynamic password received by the device according to the preset password from the cloud service The terminal obtains the permission to access the cloud desktop.
  • the above-mentioned first dynamic password is sent to the preset password receiving device.
  • the password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
  • the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal.
  • a dynamic password and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
  • the method of this embodiment of the present application further includes: receiving the user name and access password sent by the client terminal, and matching the user name and the access password;
  • the cloud desktop access request generates a first dynamic password.
  • the user when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user.
  • the password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password.
  • the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request
  • the prompt information is sent to the client terminal.
  • the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box.
  • Desktop login link button the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the
  • the user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal.
  • the authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
  • the method of this embodiment of the present application further includes: when the first dynamic password is sent to the client terminal, canceling the first dynamic password to avoid the first dynamic password from being stolen or repeated use.
  • FIG. 3 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
  • the method is applied to a cloud service terminal, as shown in Figure 3, the method includes the following steps:
  • S210 Receive user authentication information and a first dynamic password sent by the authentication assistant terminal.
  • the client terminal when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal.
  • the client terminal obtains the user from the USB-Key.
  • authentication information encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and
  • the authentication assistant terminal sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
  • S220 Verify the user authentication information, and send verification information indicating that the user authentication information is verified to be passed to the authentication assistant terminal in the case that the user authentication information is verified successfully.
  • the cloud service terminal After receiving the user authentication information sent by the authentication assistance terminal, the cloud service terminal searches locally for pre-stored user authentication information that matches the user authentication information; if it finds matching pre-stored user authentication information, it means that the user authentication information sent by the authentication assistance terminal If the verification of the authentication information is passed, the cloud service terminal returns the verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; if no matching pre-stored user authentication information is found, it means that the verification of the user authentication information sent by the authentication auxiliary terminal fails, and the cloud service terminal sends the verification information to the auxiliary terminal.
  • the authentication assistant terminal returns verification information indicating that the verification of the user authentication information fails to the authentication assistant terminal.
  • the cloud service terminal determines that the verification of the user authentication information is passed, the cloud service terminal saves the first dynamic password sent by the authentication assistant terminal for verifying the second dynamic password sent by the client terminal in the subsequent steps.
  • S240 Receive the second dynamic password sent by the client terminal, and match the second dynamic password sent by the client terminal with the stored first dynamic password.
  • the second dynamic password sent by the client terminal matches the stored first dynamic password, Grant the client terminal the permission to access the cloud desktop.
  • the authentication assistant terminal after receiving the verification information from the cloud service terminal indicating that the verification of the user authentication information is passed, the authentication assistant terminal sends the first dynamic password to the preset password receiving device.
  • the password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user.
  • the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
  • the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal.
  • a dynamic password and then input a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password input by the user to the cloud service terminal.
  • the cloud service terminal After receiving the second dynamic password sent by the client terminal, the cloud service terminal matches and compares the second dynamic password with the previously saved first dynamic password. If the second dynamic password matches the previously saved first dynamic password, The client terminal is granted the permission to access the cloud desktop; if the second dynamic password fails to match the previously saved first dynamic password, an indication message indicating that the authentication of the permission to access the cloud desktop fails is returned to the client terminal.
  • FIG. 4 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
  • the method is applied to a client terminal, and the client terminal is linked with a USB-Key, as shown in FIG. 4 , the method includes the following steps:
  • USB-Key As an example, when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal. When the user clicks the login link of the cloud desktop, the client terminal obtains the user from the USB-Key. Certification Information.
  • S320 Send a cloud desktop access request to the authentication assistant terminal, where the cloud desktop access request carries user authentication information.
  • the client terminal when the user clicks the login link of the cloud desktop, the client terminal generates a cloud desktop access request message, and encapsulates the user authentication information obtained from the USB-Key into the cloud desktop access request message; the client terminal will carry the user authentication information
  • the cloud desktop access request message of the information is sent to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
  • S330 Send a second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device, so as to obtain the permission to access the cloud desktop from the cloud service terminal.
  • the authentication assistant terminal will generate a first dynamic password according to the cloud desktop access request of the client terminal, and send the first dynamic password and the user authentication information to the cloud service terminal; the cloud service terminal verifies the user authentication information, if the verification Pass, save the first dynamic password, and return the verification information indicating that the user authentication information has passed the verification to the authentication assistant terminal; after the verification assistant terminal determines that the user authentication information has passed the verification according to the verification information, it sends the previously generated first dynamic password to the authentication assistant terminal.
  • User preset password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
  • the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal. a dynamic password, and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
  • the method of this embodiment of the present application further includes: acquiring a user name and an access password input by a user, and sending the user name and access password to the authentication assistant terminal, so that the authentication assistant terminal can match the user name and the access password when the user name and the access password match.
  • a first dynamic password is generated according to the cloud desktop access request.
  • the user when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user.
  • the password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password.
  • the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request
  • the prompt information is sent to the client terminal.
  • the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box.
  • Desktop login link button the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the
  • the user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal.
  • the authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
  • the user authentication information includes a user identification code
  • the user identification code may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
  • the client terminal obtains user authentication information from the USB-Key
  • the client terminal sends a cloud desktop access request to the authentication assistant terminal, wherein the cloud desktop access request carries user authentication information;
  • the authentication assistant terminal receives the cloud desktop access request from the client terminal, generates a first dynamic password according to the cloud desktop access request, and sends the user authentication information and the first dynamic password to the cloud service terminal;
  • the cloud service terminal receives the user authentication information and the first dynamic password sent by the authentication assistant terminal, verifies the user authentication information, and sends verification information indicating that the user authentication information has passed the verification to the authentication assistant if the user authentication information is verified successfully. terminal;
  • the authentication auxiliary terminal receives the verification information sent by the cloud service terminal according to the user authentication information, and sends the first dynamic password to a preset password receiving device in the case that the verification information indicates that the user authentication information is verified successfully;
  • the client terminal sends the second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device;
  • the cloud service terminal receives the second dynamic password sent by the client terminal, and matches the second dynamic password sent by the client terminal with the stored first dynamic password. When the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the permission to access the cloud desktop.
  • the solution of the embodiment of the present application verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts
  • the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
  • FIG. 6 shows an electronic device 600 provided by an embodiment of the present application. As shown in FIG. 6 , the electronic device 600 includes but is not limited to:
  • the processor 602 is configured to execute the program stored in the memory 601.
  • the processor 602 executes the program stored in the memory 601
  • the processor 602 is configured to execute the above-mentioned cloud desktop access authentication method.
  • the processor 602 and the memory 601 may be connected by a bus or otherwise.
  • the memory 601 can be used to store non-transitory software programs and non-transitory computer-executable programs, such as the cloud desktop access authentication method described in any embodiment of this application.
  • the processor 602 implements the above-mentioned cloud desktop access authentication method by running the non-transitory software programs and instructions stored in the memory 601 .
  • the memory 601 may include a stored program area and a stored data area, wherein the stored program area may store an operating system and an application program required by at least one function; the storage data area may store and execute the above-mentioned cloud desktop access authentication method. Additionally, memory 601 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 601 may include memory located remotely from processor 602, which may be connected to processor 602 through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
  • the non-transitory software programs and instructions required to implement the above-mentioned cloud desktop access authentication method are stored in the memory 601, and when executed by one or more processors 602, execute the cloud desktop access authentication method provided by any embodiment of the present application.
  • Embodiments of the present application further provide a storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the above-mentioned cloud desktop access authentication method.
  • the storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more control processors 602, for example, by a processor 602 in the electronic device 600 described above, so that the above One or more processors 602 execute the cloud desktop access authentication method provided by any embodiment of the present application.
  • the embodiments of the present application include: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request carries user authentication information obtained by the client terminal from a USB-Key; generating a first dynamic password according to the cloud desktop access request, Send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password; receives the cloud service terminal The verification information sent according to the user authentication information; if the verification information indicates that the verification of the user authentication information is passed, the first dynamic password is sent to a preset password receiving device, so that the client terminal The permission to access the cloud desktop is acquired from the cloud service terminal according to the first dynamic password received by the preset password receiving device.
  • the solution of the embodiment of the present application verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts
  • the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
  • Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
  • communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé d'authentification d'accès à un bureau en nuage, un dispositif électronique et un support de stockage lisible par ordinateur. Le procédé comprend les étapes consistant à : recevoir une demande d'accès au bureau en nuage d'un terminal client, la demande d'accès au bureau en nuage transportant des informations d'authentification d'utilisateur obtenues par le terminal client à partir d'une clé USB (S110) ; générer un premier mot de passe dynamique selon la demande d'accès au bureau en nuage et envoyer les informations d'authentification d'utilisateur et le premier mot de passe dynamique à un terminal de service en nuage pour que le terminal de service en nuage vérifie les informations d'authentification d'utilisateur et sauvegarde le premier mot de passe dynamique (S120) ; recevoir des informations de vérification envoyées par le terminal de service en nuage selon les informations d'authentification d'utilisateur (S130) ; et envoyer le premier mot de passe dynamique à un dispositif prédéfini de réception de mots de passe, pour que le terminal client obtienne, selon le premier mot de passe dynamique reçu par le dispositif prédéfini de réception de mots de passe, l'autorisation d'accéder au bureau en nuage à partir du terminal de service en nuage (S140).
PCT/CN2021/114159 2020-08-24 2021-08-23 Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur WO2022042504A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010856614.5 2020-08-24
CN202010856614.5A CN114091002A (zh) 2020-08-24 2020-08-24 云桌面访问认证方法、电子设备和计算机可读存储介质

Publications (1)

Publication Number Publication Date
WO2022042504A1 true WO2022042504A1 (fr) 2022-03-03

Family

ID=80295457

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/114159 WO2022042504A1 (fr) 2020-08-24 2021-08-23 Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur

Country Status (2)

Country Link
CN (1) CN114091002A (fr)
WO (1) WO2022042504A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187362A (zh) * 2014-06-23 2015-12-23 中兴通讯股份有限公司 一种桌面云客户端和服务端之间连接认证的方法及装置
CN106331003A (zh) * 2015-06-23 2017-01-11 中国移动通信集团重庆有限公司 一种云桌面上应用门户系统的访问方法及装置
CN107332808A (zh) * 2016-04-29 2017-11-07 中兴通讯股份有限公司 一种云桌面认证的方法、服务器及终端
CN111177686A (zh) * 2019-12-31 2020-05-19 华为技术有限公司 一种身份认证方法、装置及相关设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105187362A (zh) * 2014-06-23 2015-12-23 中兴通讯股份有限公司 一种桌面云客户端和服务端之间连接认证的方法及装置
CN106331003A (zh) * 2015-06-23 2017-01-11 中国移动通信集团重庆有限公司 一种云桌面上应用门户系统的访问方法及装置
CN107332808A (zh) * 2016-04-29 2017-11-07 中兴通讯股份有限公司 一种云桌面认证的方法、服务器及终端
CN111177686A (zh) * 2019-12-31 2020-05-19 华为技术有限公司 一种身份认证方法、装置及相关设备

Also Published As

Publication number Publication date
CN114091002A (zh) 2022-02-25

Similar Documents

Publication Publication Date Title
US9954855B2 (en) Login method and apparatus, and open platform system
CN106375270B (zh) 令牌生成并认证的方法及认证服务器
US20180324170A1 (en) Method and apparatus for allocating device identifiers
CN106779716B (zh) 基于区块链账户地址的认证方法、装置及系统
US9369286B2 (en) System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications
JP6468013B2 (ja) 認証システム、サービス提供装置、認証装置、認証方法及びプログラム
CN111935094A (zh) 数据库访问方法、装置、系统及计算机可读存储介质
WO2015143855A1 (fr) Procédé, appareil et système pour accéder à des ressources de données
TW201543254A (zh) 用戶帳戶管理方法及裝置
KR960035299A (ko) 원격 사용자와 응용 서버간의 통신 관리 방법, 원격 사용자의 주체 인증 방법, 분산 컴퓨터 환경을 제공하는 네트워크 및 프로그램 저장 장치
US8650405B1 (en) Authentication using dynamic, client information based PIN
US10038685B2 (en) Service request authentication method and apparatus
US11218464B2 (en) Information registration and authentication method and device
CN109005142B (zh) 网站安全检测方法、装置、系统、计算机设备和存储介质
WO2020181809A1 (fr) Procédé et système de traitement de données basés sur une vérification d'interface, et dispositif informatique
CN109684873B (zh) 数据访问控制方法、装置、计算机设备和存储介质
WO2019140790A1 (fr) Procédé et appareil de suivi de service, dispositif terminal et support de stockage
US20140137227A1 (en) Systems and Methods for Enhancement of Single Sign-On Protection
CN113132402A (zh) 单点登录方法和系统
CN114157434A (zh) 登录验证方法、装置、电子设备及存储介质
US20150101059A1 (en) Application License Verification
CN109829321B (zh) 一种认证身份的方法、装置、设备及存储介质
CN112929388B (zh) 网络身份跨设备应用快速认证方法和系统、用户代理设备
CN116996305A (zh) 一种多层次安全认证方法、系统、设备、存储介质及入口网关
WO2022042504A1 (fr) Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21860339

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21860339

Country of ref document: EP

Kind code of ref document: A1