WO2022042504A1 - Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur - Google Patents
Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur Download PDFInfo
- Publication number
- WO2022042504A1 WO2022042504A1 PCT/CN2021/114159 CN2021114159W WO2022042504A1 WO 2022042504 A1 WO2022042504 A1 WO 2022042504A1 CN 2021114159 W CN2021114159 W CN 2021114159W WO 2022042504 A1 WO2022042504 A1 WO 2022042504A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- dynamic password
- terminal
- cloud desktop
- user
- password
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012795 verification Methods 0.000 claims abstract description 53
- 238000004590 computer program Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
Definitions
- the present application relates to the technical field of cloud terminals, and in particular to a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
- Embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium.
- an embodiment of the present application provides a cloud desktop access authentication method, which is applied to an authentication auxiliary terminal.
- the method includes: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request is carried by the client terminal.
- User authentication information obtained from the USB-Key; generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal Verifying the user authentication information and saving the first dynamic password; receiving the verification information sent by the cloud service terminal according to the user authentication information; in the case that the verification information indicates that the user authentication information has passed the verification , sending the first dynamic password to a preset password receiving device, so that the client terminal obtains access to the cloud from the cloud service terminal according to the first dynamic password received by the preset password receiving device desktop permissions.
- an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a cloud service terminal.
- the method includes: receiving user authentication information and a first dynamic password sent by an authentication assistant terminal; Carry out verification, and in the case that the verification of the user authentication information is passed, send verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; save the first dynamic password; receive the second dynamic password sent by the client terminal password, match the second dynamic password sent by the client terminal with the stored first dynamic password, and when the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the right to access the cloud desktop.
- an embodiment of the present application provides a cloud desktop access authentication method, which is applied to a client terminal, where the client terminal is connected with a USB-Key, and the method includes: obtaining user authentication information from the USB-Key; The authentication assistant terminal sends a cloud desktop access request, wherein the cloud desktop access request carries the user authentication information; according to the preset password, the first dynamic password received by the device and sent by the authentication assistant terminal is sent to the cloud service The terminal sends the second dynamic password to obtain the permission to access the cloud desktop from the cloud service terminal.
- an embodiment of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processor implements the above-mentioned program when the processor executes the program The steps of the cloud desktop access authentication method.
- an embodiment of the present application provides a computer-readable storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the steps of the cloud desktop access authentication method as described above.
- FIG. 1 is a system architecture diagram of applying the cloud desktop access authentication method provided by an embodiment of the present application
- FIG. 2 is a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application
- FIG. 3 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application.
- FIG. 4 is a flowchart of a cloud desktop access authentication method provided by another embodiment of the present application.
- FIG. 5 is a flowchart of a cloud desktop access authentication method according to the present application.
- FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.
- a, b, and c may represent: a, b, c, a and b, a and c, b and c or a and b and c, where a, b, c may be single, or Can be multiple.
- a cloud desktop refers to a cloud service terminal that generates resources such as operating systems and applications running on a virtual computer through virtualization technology, and can remotely provide a user interface to a client terminal. After adopting the cloud desktop, users can log in to the cloud desktop through the network at any place and at any time through different terminal devices to access the resources stored in the cloud.
- the process for a user to log in to the cloud desktop is roughly as follows: First, the user enters the URL of the cloud service terminal (ie, the cloud server) in the browser of the client terminal, and opens the login page of the cloud server; The account and password registered in the server, and the cloud server will authenticate the account and password entered by the user, and after the authentication is passed, send the main page of the cloud server to the terminal where the user is located; among them, the main page of the above cloud server There is a login link of the cloud desktop; when the user clicks the login link of the cloud desktop, the cloud server will send the login page of the cloud desktop to the user's terminal; and the user enters the registered cloud desktop in the login page of the cloud desktop When the account and password are entered, the cloud desktop performs authority authentication for the account and password; after the authentication is passed, the cloud server generates a cloud desktop that the user has the authority to, and sends it to the user's client terminal.
- the bearing method of user identity information is too simple, and it
- embodiments of the present application provide a cloud desktop access authentication method, an electronic device, and a computer-readable storage medium, which are used to improve the security of cloud desktop access authentication.
- FIG. 1 shows a system architecture diagram of applying the cloud desktop access authentication method provided by the embodiment of the present application.
- the system architecture includes a client terminal, an authentication assistant terminal and a cloud service terminal, and communication and interaction can be performed between the client terminal, the authentication assistant terminal and the cloud service terminal.
- the authentication auxiliary terminal and the cloud service terminal may be set in the cloud, and the authentication auxiliary terminal and the cloud service terminal may be mutually independent server devices, or may be two virtual machines set on the same server device.
- the device form of the client terminal can be an ordinary computer, a tablet computer, a smart phone, etc., and the client terminal can be connected to a USB-Key device.
- FIG. 2 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
- the method is applied to the authentication auxiliary terminal, as shown in FIG. 2 , the method includes the following steps:
- S110 Receive a cloud desktop access request from the client terminal, where the cloud desktop access request carries the user authentication information obtained by the client terminal from the USB-Key.
- the client terminal when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal.
- the client terminal obtains the user from the USB-Key.
- authentication information encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and Send the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
- the user authentication information in step S110 includes a user identification code, which may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
- S120 Generate a first dynamic password according to the cloud desktop access request, and send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password.
- the authentication assistant terminal After receiving the cloud desktop access request from the client, the authentication assistant terminal generates a first dynamic password, extracts user authentication information from the cloud desktop access request, and sends the above-mentioned first dynamic password and user authentication information together.
- Cloud service terminal After receiving the first dynamic password and user authentication information from the authentication auxiliary terminal, the cloud service terminal saves and verifies the user authentication information, and returns the verification information indicating the verification result to the authentication auxiliary terminal. In addition, the cloud service terminal stores the above-mentioned first dynamic password.
- the first dynamic password may be a character string randomly generated by the authentication assistant terminal, and the character string may include one or more of numbers, letters, and symbols.
- S130 Receive verification information sent by the cloud service terminal according to the user authentication information.
- the authentication assistance terminal receives the verification information sent by the cloud service terminal, where the verification information is used to indicate the verification result of the user authentication information by the cloud service terminal.
- S140 in the case that the verification information indicates that the verification of the user authentication information is passed, send the first dynamic password to the preset password receiving device, so that the client terminal receives the first dynamic password received by the device according to the preset password from the cloud service The terminal obtains the permission to access the cloud desktop.
- the above-mentioned first dynamic password is sent to the preset password receiving device.
- the password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
- the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal.
- a dynamic password and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
- the method of this embodiment of the present application further includes: receiving the user name and access password sent by the client terminal, and matching the user name and the access password;
- the cloud desktop access request generates a first dynamic password.
- the user when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user.
- the password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password.
- the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request
- the prompt information is sent to the client terminal.
- the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box.
- Desktop login link button the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the
- the user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal.
- the authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
- the method of this embodiment of the present application further includes: when the first dynamic password is sent to the client terminal, canceling the first dynamic password to avoid the first dynamic password from being stolen or repeated use.
- FIG. 3 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
- the method is applied to a cloud service terminal, as shown in Figure 3, the method includes the following steps:
- S210 Receive user authentication information and a first dynamic password sent by the authentication assistant terminal.
- the client terminal when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal.
- the client terminal obtains the user from the USB-Key.
- authentication information encapsulate the user authentication information into the cloud desktop access request message, and send the cloud desktop access request message carrying the user authentication information to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and
- the authentication assistant terminal sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
- S220 Verify the user authentication information, and send verification information indicating that the user authentication information is verified to be passed to the authentication assistant terminal in the case that the user authentication information is verified successfully.
- the cloud service terminal After receiving the user authentication information sent by the authentication assistance terminal, the cloud service terminal searches locally for pre-stored user authentication information that matches the user authentication information; if it finds matching pre-stored user authentication information, it means that the user authentication information sent by the authentication assistance terminal If the verification of the authentication information is passed, the cloud service terminal returns the verification information indicating that the verification of the user authentication information is passed to the authentication auxiliary terminal; if no matching pre-stored user authentication information is found, it means that the verification of the user authentication information sent by the authentication auxiliary terminal fails, and the cloud service terminal sends the verification information to the auxiliary terminal.
- the authentication assistant terminal returns verification information indicating that the verification of the user authentication information fails to the authentication assistant terminal.
- the cloud service terminal determines that the verification of the user authentication information is passed, the cloud service terminal saves the first dynamic password sent by the authentication assistant terminal for verifying the second dynamic password sent by the client terminal in the subsequent steps.
- S240 Receive the second dynamic password sent by the client terminal, and match the second dynamic password sent by the client terminal with the stored first dynamic password.
- the second dynamic password sent by the client terminal matches the stored first dynamic password, Grant the client terminal the permission to access the cloud desktop.
- the authentication assistant terminal after receiving the verification information from the cloud service terminal indicating that the verification of the user authentication information is passed, the authentication assistant terminal sends the first dynamic password to the preset password receiving device.
- the password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user.
- the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
- the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal.
- a dynamic password and then input a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password input by the user to the cloud service terminal.
- the cloud service terminal After receiving the second dynamic password sent by the client terminal, the cloud service terminal matches and compares the second dynamic password with the previously saved first dynamic password. If the second dynamic password matches the previously saved first dynamic password, The client terminal is granted the permission to access the cloud desktop; if the second dynamic password fails to match the previously saved first dynamic password, an indication message indicating that the authentication of the permission to access the cloud desktop fails is returned to the client terminal.
- FIG. 4 shows a flowchart of a cloud desktop access authentication method provided by an embodiment of the present application.
- the method is applied to a client terminal, and the client terminal is linked with a USB-Key, as shown in FIG. 4 , the method includes the following steps:
- USB-Key As an example, when the user needs to log in to the cloud desktop for access, insert the USB-Key into the client terminal, and click the login link of the cloud desktop on the client terminal. When the user clicks the login link of the cloud desktop, the client terminal obtains the user from the USB-Key. Certification Information.
- S320 Send a cloud desktop access request to the authentication assistant terminal, where the cloud desktop access request carries user authentication information.
- the client terminal when the user clicks the login link of the cloud desktop, the client terminal generates a cloud desktop access request message, and encapsulates the user authentication information obtained from the USB-Key into the cloud desktop access request message; the client terminal will carry the user authentication information
- the cloud desktop access request message of the information is sent to the authentication assistant terminal, so that the authentication assistant terminal receives the cloud desktop access request, and sends the user authentication information from the USB-Key carried in the cloud desktop access request to the cloud service terminal for verification.
- S330 Send a second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device, so as to obtain the permission to access the cloud desktop from the cloud service terminal.
- the authentication assistant terminal will generate a first dynamic password according to the cloud desktop access request of the client terminal, and send the first dynamic password and the user authentication information to the cloud service terminal; the cloud service terminal verifies the user authentication information, if the verification Pass, save the first dynamic password, and return the verification information indicating that the user authentication information has passed the verification to the authentication assistant terminal; after the verification assistant terminal determines that the user authentication information has passed the verification according to the verification information, it sends the previously generated first dynamic password to the authentication assistant terminal.
- User preset password receiving device may be a mobile phone terminal corresponding to the mobile phone number reserved by the user. For example, when the user authentication information is verified by the cloud service terminal, the authentication assistant terminal sends the first dynamic password to the user's mobile phone terminal.
- the mobile phone number of the mobile phone terminal is reserved when the user registers, and the user obtains the first dynamic password from the mobile phone terminal. a dynamic password, and then enter a second dynamic password that is the same as the first dynamic password on the client terminal, and the client terminal sends the second dynamic password entered by the user to the cloud service terminal, so that the cloud service terminal uses the second dynamic password Comparing with the previously saved first dynamic password, if the second dynamic password matches the previously saved first dynamic password, the client terminal is granted the right to access the cloud desktop.
- the method of this embodiment of the present application further includes: acquiring a user name and an access password input by a user, and sending the user name and access password to the authentication assistant terminal, so that the authentication assistant terminal can match the user name and the access password when the user name and the access password match.
- a first dynamic password is generated according to the cloud desktop access request.
- the user when the user needs to log in to the cloud desktop, the user enters the URL of the cloud service terminal in the browser of the client terminal, and logs in to the access page of the cloud service terminal through the registered user name and access password; the client terminal obtains the user name and access page entered by the user.
- the password is sent to the authentication assistant terminal, and the authentication assistant terminal matches the user name with the access password.
- the user is allowed to log in to the access page of the cloud service terminal; after the user enters the access page of the cloud service terminal, click the login of the cloud desktop link to send the cloud desktop access request to the authentication auxiliary terminal; the authentication auxiliary terminal receives the cloud desktop access request sent by the client terminal, and generates the first dynamic password according to the cloud desktop access request; if it does not match, it can return an instruction to reject the cloud desktop access request
- the prompt information is sent to the client terminal.
- the user directly enters the access page of the cloud service terminal by entering the website address of the cloud service terminal in the browser of the client terminal, and a login box for inputting the user name and access password is set on the access page, and the cloud service terminal is set in the login box.
- Desktop login link button the user clicks the login link button after entering the user name and access password in the login box to send a cloud desktop access request to the authentication assistant terminal; the client terminal obtains the user's user name and access password, and associates the user name and access password with the
- the user authentication information is encapsulated into the cloud desktop access request and sent to the authentication assistant terminal.
- the authentication assistant terminal matches the user name and the access password. If they match, the first dynamic password is generated according to the cloud desktop access request; A prompt message indicating that the cloud desktop access request is rejected can be returned to the client terminal.
- the user authentication information includes a user identification code
- the user identification code may be in the form of a string and is pre-stored in the USB-Key and the cloud service terminal for matching verification.
- the client terminal obtains user authentication information from the USB-Key
- the client terminal sends a cloud desktop access request to the authentication assistant terminal, wherein the cloud desktop access request carries user authentication information;
- the authentication assistant terminal receives the cloud desktop access request from the client terminal, generates a first dynamic password according to the cloud desktop access request, and sends the user authentication information and the first dynamic password to the cloud service terminal;
- the cloud service terminal receives the user authentication information and the first dynamic password sent by the authentication assistant terminal, verifies the user authentication information, and sends verification information indicating that the user authentication information has passed the verification to the authentication assistant if the user authentication information is verified successfully. terminal;
- the authentication auxiliary terminal receives the verification information sent by the cloud service terminal according to the user authentication information, and sends the first dynamic password to a preset password receiving device in the case that the verification information indicates that the user authentication information is verified successfully;
- the client terminal sends the second dynamic password to the cloud service terminal according to the first dynamic password sent by the authentication assistant terminal and received by the preset password receiving device;
- the cloud service terminal receives the second dynamic password sent by the client terminal, and matches the second dynamic password sent by the client terminal with the stored first dynamic password. When the second dynamic password sent by the client terminal matches the stored first dynamic password If it matches, grant the client terminal the permission to access the cloud desktop.
- the solution of the embodiment of the present application verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts
- the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
- FIG. 6 shows an electronic device 600 provided by an embodiment of the present application. As shown in FIG. 6 , the electronic device 600 includes but is not limited to:
- the processor 602 is configured to execute the program stored in the memory 601.
- the processor 602 executes the program stored in the memory 601
- the processor 602 is configured to execute the above-mentioned cloud desktop access authentication method.
- the processor 602 and the memory 601 may be connected by a bus or otherwise.
- the memory 601 can be used to store non-transitory software programs and non-transitory computer-executable programs, such as the cloud desktop access authentication method described in any embodiment of this application.
- the processor 602 implements the above-mentioned cloud desktop access authentication method by running the non-transitory software programs and instructions stored in the memory 601 .
- the memory 601 may include a stored program area and a stored data area, wherein the stored program area may store an operating system and an application program required by at least one function; the storage data area may store and execute the above-mentioned cloud desktop access authentication method. Additionally, memory 601 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid-state storage device. In some embodiments, memory 601 may include memory located remotely from processor 602, which may be connected to processor 602 through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
- the non-transitory software programs and instructions required to implement the above-mentioned cloud desktop access authentication method are stored in the memory 601, and when executed by one or more processors 602, execute the cloud desktop access authentication method provided by any embodiment of the present application.
- Embodiments of the present application further provide a storage medium storing computer-executable instructions, where the computer-executable instructions are used to execute the above-mentioned cloud desktop access authentication method.
- the storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more control processors 602, for example, by a processor 602 in the electronic device 600 described above, so that the above One or more processors 602 execute the cloud desktop access authentication method provided by any embodiment of the present application.
- the embodiments of the present application include: receiving a cloud desktop access request from a client terminal, where the cloud desktop access request carries user authentication information obtained by the client terminal from a USB-Key; generating a first dynamic password according to the cloud desktop access request, Send the user authentication information and the first dynamic password to the cloud service terminal, so that the cloud service terminal verifies the user authentication information and saves the first dynamic password; receives the cloud service terminal The verification information sent according to the user authentication information; if the verification information indicates that the verification of the user authentication information is passed, the first dynamic password is sent to a preset password receiving device, so that the client terminal The permission to access the cloud desktop is acquired from the cloud service terminal according to the first dynamic password received by the preset password receiving device.
- the solution of the embodiment of the present application verifies the identity of the operating user currently operating the client based on the highly secure USB-Key user authentication information, and then determines whether the operating user has the right to access the cloud desktop, effectively avoiding user accounts
- the dynamic password is sent to the preset password receiving device to further verify the identity of the operating user through the dynamic password. The method greatly improves the security of cloud desktop access authentication.
- Computer storage media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices, or may Any other medium used to store desired information and which can be accessed by a computer.
- communication media typically include computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and can include any information delivery media, as is well known to those of ordinary skill in the art .
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Information Transfer Between Computers (AREA)
Abstract
L'invention concerne un procédé d'authentification d'accès à un bureau en nuage, un dispositif électronique et un support de stockage lisible par ordinateur. Le procédé comprend les étapes consistant à : recevoir une demande d'accès au bureau en nuage d'un terminal client, la demande d'accès au bureau en nuage transportant des informations d'authentification d'utilisateur obtenues par le terminal client à partir d'une clé USB (S110) ; générer un premier mot de passe dynamique selon la demande d'accès au bureau en nuage et envoyer les informations d'authentification d'utilisateur et le premier mot de passe dynamique à un terminal de service en nuage pour que le terminal de service en nuage vérifie les informations d'authentification d'utilisateur et sauvegarde le premier mot de passe dynamique (S120) ; recevoir des informations de vérification envoyées par le terminal de service en nuage selon les informations d'authentification d'utilisateur (S130) ; et envoyer le premier mot de passe dynamique à un dispositif prédéfini de réception de mots de passe, pour que le terminal client obtienne, selon le premier mot de passe dynamique reçu par le dispositif prédéfini de réception de mots de passe, l'autorisation d'accéder au bureau en nuage à partir du terminal de service en nuage (S140).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010856614.5 | 2020-08-24 | ||
CN202010856614.5A CN114091002A (zh) | 2020-08-24 | 2020-08-24 | 云桌面访问认证方法、电子设备和计算机可读存储介质 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2022042504A1 true WO2022042504A1 (fr) | 2022-03-03 |
Family
ID=80295457
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2021/114159 WO2022042504A1 (fr) | 2020-08-24 | 2021-08-23 | Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114091002A (fr) |
WO (1) | WO2022042504A1 (fr) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187362A (zh) * | 2014-06-23 | 2015-12-23 | 中兴通讯股份有限公司 | 一种桌面云客户端和服务端之间连接认证的方法及装置 |
CN106331003A (zh) * | 2015-06-23 | 2017-01-11 | 中国移动通信集团重庆有限公司 | 一种云桌面上应用门户系统的访问方法及装置 |
CN107332808A (zh) * | 2016-04-29 | 2017-11-07 | 中兴通讯股份有限公司 | 一种云桌面认证的方法、服务器及终端 |
CN111177686A (zh) * | 2019-12-31 | 2020-05-19 | 华为技术有限公司 | 一种身份认证方法、装置及相关设备 |
-
2020
- 2020-08-24 CN CN202010856614.5A patent/CN114091002A/zh active Pending
-
2021
- 2021-08-23 WO PCT/CN2021/114159 patent/WO2022042504A1/fr active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105187362A (zh) * | 2014-06-23 | 2015-12-23 | 中兴通讯股份有限公司 | 一种桌面云客户端和服务端之间连接认证的方法及装置 |
CN106331003A (zh) * | 2015-06-23 | 2017-01-11 | 中国移动通信集团重庆有限公司 | 一种云桌面上应用门户系统的访问方法及装置 |
CN107332808A (zh) * | 2016-04-29 | 2017-11-07 | 中兴通讯股份有限公司 | 一种云桌面认证的方法、服务器及终端 |
CN111177686A (zh) * | 2019-12-31 | 2020-05-19 | 华为技术有限公司 | 一种身份认证方法、装置及相关设备 |
Also Published As
Publication number | Publication date |
---|---|
CN114091002A (zh) | 2022-02-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9954855B2 (en) | Login method and apparatus, and open platform system | |
CN106375270B (zh) | 令牌生成并认证的方法及认证服务器 | |
US20180324170A1 (en) | Method and apparatus for allocating device identifiers | |
CN106779716B (zh) | 基于区块链账户地址的认证方法、装置及系统 | |
US9369286B2 (en) | System and methods for facilitating authentication of an electronic device accessing plurality of mobile applications | |
JP6468013B2 (ja) | 認証システム、サービス提供装置、認証装置、認証方法及びプログラム | |
CN111935094A (zh) | 数据库访问方法、装置、系统及计算机可读存储介质 | |
WO2015143855A1 (fr) | Procédé, appareil et système pour accéder à des ressources de données | |
TW201543254A (zh) | 用戶帳戶管理方法及裝置 | |
KR960035299A (ko) | 원격 사용자와 응용 서버간의 통신 관리 방법, 원격 사용자의 주체 인증 방법, 분산 컴퓨터 환경을 제공하는 네트워크 및 프로그램 저장 장치 | |
US8650405B1 (en) | Authentication using dynamic, client information based PIN | |
US10038685B2 (en) | Service request authentication method and apparatus | |
US11218464B2 (en) | Information registration and authentication method and device | |
CN109005142B (zh) | 网站安全检测方法、装置、系统、计算机设备和存储介质 | |
WO2020181809A1 (fr) | Procédé et système de traitement de données basés sur une vérification d'interface, et dispositif informatique | |
CN109684873B (zh) | 数据访问控制方法、装置、计算机设备和存储介质 | |
WO2019140790A1 (fr) | Procédé et appareil de suivi de service, dispositif terminal et support de stockage | |
US20140137227A1 (en) | Systems and Methods for Enhancement of Single Sign-On Protection | |
CN113132402A (zh) | 单点登录方法和系统 | |
CN114157434A (zh) | 登录验证方法、装置、电子设备及存储介质 | |
US20150101059A1 (en) | Application License Verification | |
CN109829321B (zh) | 一种认证身份的方法、装置、设备及存储介质 | |
CN112929388B (zh) | 网络身份跨设备应用快速认证方法和系统、用户代理设备 | |
CN116996305A (zh) | 一种多层次安全认证方法、系统、设备、存储介质及入口网关 | |
WO2022042504A1 (fr) | Procédé d'authentification d'accès à un bureau en nuage, dispositif électronique et support de stockage lisible par ordinateur |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21860339 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 21860339 Country of ref document: EP Kind code of ref document: A1 |