CN104811455B - A kind of cloud computing identity identifying method - Google Patents
A kind of cloud computing identity identifying method Download PDFInfo
- Publication number
- CN104811455B CN104811455B CN201510254039.0A CN201510254039A CN104811455B CN 104811455 B CN104811455 B CN 104811455B CN 201510254039 A CN201510254039 A CN 201510254039A CN 104811455 B CN104811455 B CN 104811455B
- Authority
- CN
- China
- Prior art keywords
- cloud
- cloud server
- cloud terminal
- encryption device
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of cloud computing identity identifying method, and the method comprising the steps of:(1) encryption device of cloud terminal-pair insertion is identified, and login request message is sent to Cloud Server after identification;(2) after cloud server message, verification message is sent to cloud terminal;(3) digital certificate of the cloud terminal in verification message extraction encryption device, and it is sent to Cloud Server after digital certificate is encrypted;(4) Cloud Server is according to digital certificate authentication user identity, and after being verified, corresponding virtual machine is directly established with cloud terminal by RDP agreements and connected in Cloud Server.The integrated encryption device of the present invention makes up the security risk that " user name+password " verification single in current cloud computing is brought, it can be achieved that strong identity authentication to virtual desktop user.
Description
Technical field
The present invention relates to a kind of cloud computing security technology area, more particularly, to a kind of cloud computing identity identifying method.
Background technology
At present, cloud computing technology is widely used, the more AD by means of Microsoft of existing cloud computing identity identifying technology
(Active Directory) domain, and realize authentication with reference to the Single Sign-On Technology Used based on agreements such as OPenID, it is this to recognize
Card mode realizes authentication by the way of " user name+password " more, and authentication strength is inadequate, such case VMware,
Generally existing in the mainstream cloud computing platform such as Citrix.In addition, in existing cloud computing platform using Remote Desktop Protocol (RDP,
SPICE when) transmission data when more using Cloud Server to the unilateral authentication of cloud terminal, this can cause " man-in-the-middle attack " occur
Security risk.
The content of the invention
It is an object of the invention to:In view of the problems of the existing technology, there is provided one kind can meet to access safety, passage peace
Entirely, using the cloud computing identity identifying method of the demands for security such as safety, it can efficiently solve existing based on AD field techniques and remote
Safety problem in the cloud computing authentication of journey desktop protocol.
The goal of the invention of the present invention is achieved through the following technical solutions:
A kind of cloud computing identity identifying method, it is characterised in that the method comprising the steps of:
(1) encryption device of cloud terminal-pair insertion is identified, and login request message is sent to Cloud Server after identification;
(2) after cloud server message, verification message is sent to cloud terminal;
(3) digital certificate of the cloud terminal in verification message extraction encryption device, and after digital certificate is encrypted
It is sent to Cloud Server;
(4) Cloud Server is according to digital certificate authentication user identity, after being verified, corresponding void in Cloud Server
Plan machine is directly established with cloud terminal by RDP agreements and connected.
As further scheme, the login request message is to carry out the account of login Cloud Server input by user
Obtained after encryption.
As further scheme, described the step of verifying user identity, is:First digital certificate is authenticated, certification is led to
Later, login request message is verified with the information in digital certificate.
As further scheme, in the Cloud Server corresponding virtual machine by RDP agreements directly with cloud terminal
Establishing the method for connection includes step:Encryption device is redirected in virtual machine by cloud terminal by RDP agreements, and virtual machine can obtain
The certificate in encryption device is taken to complete the secure log of operating system in virtual desktop, virtual machine will be obtained by RDP agreements
Image information be transferred in cloud terminal, cloud terminal similarly by RDP agreements by input information be transferred in virtual machine.
As further scheme, the RDP agreements include TCP layer, ISO layers, TLS layers, MCS layers, SEC layers and RDP layers.
As further scheme, encryption device is redirected to the side in virtual machine by RDP agreements by the cloud terminal
Method step is:
A, when the encryption device of cloud terminal transmits information to Cloud Server:
1) encryption device is transferred data in cloud terminal;
2) filter layer intercepts interruption and the data packet that driver is sent;
3) data packet and interruption are sent to Cloud Server by the filter layer by RDP agreements;
4) Cloud Server obtains data packet with interrupting, and delivers a packet to the encryption device driver fictionalized;
B, when Cloud Server transmits information to cloud terminal password equipment:
1) application layer of Cloud Server sends data packet and interruption to virtual encryption device driver;
2) data packet and interruption are sent to cloud terminal by virtual encryption device driver by RDP agreements;
3) the encryption device driver of cloud terminal responds the interruption.
Compared with prior art, the present invention has the following advantages:
1st, encryption device is integrated, the strong identity authentication to virtual desktop user is realized, makes up single in current cloud computing
The security risk that " user name+password " verification is brought;
2nd, the login of cloud terminal user safety and virtual desktop user safety certification are realized, by cloud terminal and cloud service
Device distinguishes deployment secure plug-in unit, a safely controllable passage is established between user and virtual desktop, malicious user can not be connected into
Into virtual desktop, safety officer can be advantageously carried out access control;
3rd, plug-in type framework, easy-to-use close friend can be with existing desktop cloud platform (VMware, Citrix etc.) Seamless integration-;
4th, many algorithms are supported, meet different business demand, support algorithm to include the close algorithm of state's business men and general-purpose algorithm;
5th, realize " once logging in, multiple certification ", by inputting a PIN code, end can be realized using digital certificate technique
End subscriber connects certification and authenticating user identification, and virtual desktop user debarkation authentication.
Brief description of the drawings
Fig. 1 is the illustraton of model of cloud computing identity authorization system;
Fig. 2 is the method flow diagram of cloud terminal authentication;
Fig. 3 is the method flow diagram of Cloud Server certification;
Fig. 4 is RDP diagram of protocol architecture after enhancing;
Fig. 5 redirects schematic diagram for USB.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.
Embodiment
The present invention provide it is a kind of based on USBKey and safety enhancing RDP cloud computing identity identifying method, this method be with
USBKey is encrypted as encryption device with digital certificate technique, SSL (Secure Socket Layer, security socket layer)
Technology, the enhanced Remote Desktop Protocol RDP (Remote Desktop Protocol, Remote Desktop Protocol) of safety, by
Cloud terminal, Cloud Server difference deployment secure component, realize that cloud terminal user logs in Cloud Server strong identity authentication and virtual table
Face user safety authentication.
The present invention will use USBKey in cloud terminal (TC or tradition PC terminals), utilize the mode of " USBKEY+PIN codes "
Realize " double factor " strong identity authentication, and combine digital certificate technique, safe enhancing is carried out to existing RDP agreements, by cloud terminal
USBKey equipment safeties controllably map in virtual desktop, establish virtual desktop connection escape way, realize that user logs in
Cloud Server strong identity authentication connects safety certification with virtual desktop.
The present invention is by establishing the Cloud Server secure log model based on USBKey, it is proposed that is based in cloud computing
The identity identifying method of USBKey.Cloud Server secure log model based on USBKey as shown in Figure 1, its in cloud terminal
Certificate acquisition module, USBKey monitoring modules and SSL encryption module are deployed with, USBKey is deployed with Cloud Server and monitors mould
Block, security authentication module, Union user management module, CA modules, Virtual Machine Manager module and enhancing RDP modules.It is based on
The identity identifying method of USBKey includes cloud terminal user safety access and authentication, path protection and virtual desktop user peace
Full certification.Utilize cloud terminal disposition certificate acquisition module, USBKey monitoring modules and Cloud Server deployment secure authentication module, system
One user management module, CA modules realize secure accessing and authentication of the cloud terminal user based on USBKey encryption devices.Profit
With the SSL encryption module in the security authentication module of SSL encryption module and the Cloud Server deployment of cloud terminal disposition, cloud end is realized
During the channel security between end and Cloud Server, the effectively transmission of solution digital certificate, cloud terminal and Cloud Server information exchange
Problem of data safety.Be inserted into tls protocol between the ISO layers and TCP layer of RDP agreements, with increase Cloud Server and cloud terminal it
Between two-way signature certificate verification, ensure the legitimacy of communicating pair identity by certification, it is ensured that virtual desktop user identity
Legitimacy.
The main innovation point of the method for the present invention is:Cloud terminal user is before the virtual machine in accessing Cloud Server, first
To pass through authentication, by rear, the monitoring module of Cloud Server will determine whether user has according to user's authorization conditions for certification
There is the authority of virtual desktop resource needed for accessing.Cloud Server based on USBKey logs in model and is tested by digital certificate technique
The legitimacy of user identity is demonstrate,proved, and safety data transmission passage is provided.By in RDP add TLS layer, increase Cloud Server and
Two-way signature certificate verification between cloud terminal, ensures the legitimacy of other side's identity by certification, establishes safe virtual table
Face interface channel, it is ensured that desktop application safety.
The idiographic flow of the present invention is as follows:
Step 1:After USBKey is inserted into the USB interface of cloud terminal, cloud terminal is supervised first with the USBKey disposed
USBKey is identified in control module, and login request message R is sent to Cloud Server again after being identified by.
Step 2:Cloud Server monitors the logging request of module response cloud terminal based on the USBKey disposed, and whole to cloud
End sends a checking information V;Digital certificate of the cloud terminal in received checking information V extractions USBKey, passes through
Sent after the encryption of SSL encryption module to Cloud Server and carry out authenticating user identification.
Step 3:Cloud Server authentication module safe to use verification user identity, when authentication by after, Cloud Server
Middle Virtual Machine Manager module will issue virtual desktop according to user demand and resources of virtual machine situation to cloud terminal user.
Step 4:Virtual machine directly will establish secure connection and authentication by RDP modules after enhancing with cloud terminal, complete
Virtual desktop process is logged in into cloud terminal user safety.
Below cloud end user logs Cloud Server is described in detail respectively from cloud end side, Cloud Server side, channel side
The specific implementation process of authentication.
1st, cloud end side
Cloud terminal user detects the insertion situation of USBKey first before logging request is sent to Cloud Server, when
After USBKey is inserted into the USB interface of cloud terminal, USBKey will be identified in cloud terminal, it is necessary to which user belongs to during identification
The PIN code of USBKey, then reminds user to input the account for logging in Cloud Server after being identified by, sent after encryption to Cloud Server
Request logs in.Cloud server sends checking information V to after login request message R, to cloud terminal, the USBKey in cloud terminal
Monitoring module calls certificate acquisition module to obtain digital certificate from USBKey according to checking information V, and sends it to SSL and add
Close module is encrypted, and sends it to Cloud Server after encryption again and is authenticated;Certification passes through corresponding in rear Cloud Server
Virtual machine will by RDP agreements directly with cloud terminal establish connect.The request login process of cloud terminal is as shown in Figure 2.
2nd, Cloud Server side
After USBKey in Cloud Server monitors the login request message R that module detects the transmission of cloud terminal, send it to
Connection authentication request submodule in security authentication module, connection authentication request submodule is according to the login request message received
R sends checking information V to cloud terminal;Cloud terminal sends the digital certificate got to Cloud Server according to this checking information V.
After USBKey monitorings module detects digital certificate information, the digital certificate authentication submodule in security authentication module is sent it to
Block, this module are docked received digital certificate and are authenticated, and by rear, connection authentication sub module will dock received step on for certification
Record request message R is verified with the information in digital certificate, after being verified, then calls the resources of virtual machine of user's application,
Contacting for virtual desktop and user is established by RDP agreements, and establishes virtual desktop application escape way.The identity of Cloud Server
Identifying procedure is as shown in Figure 3.
3rd, channel side
After Cloud Server is logged in, cloud terminal will directly be interacted by RDP agreements with the virtual machine in Cloud Server.
USBKey is redirected in virtual machine by cloud terminal by RDP agreements, and virtual machine can obtain the certificate in USBKey to complete void
Intend the secure log of operating system in desktop.The image information of acquisition is transferred in cloud terminal by virtual machine by RDP agreements, cloud
Terminal is similarly transferred in virtual machine by RDP agreements by information is inputted.Virtual machine is by verifying that the USBKey of terminal is provided
Application service certificate, confirm user whether have obtain certain application service authority, realize application safety.Since RDP is assisted
View security strategy used by authentication phase is connected is unilateral authentication of the Cloud Server to cloud terminal, so cloud terminal is easy to
It is subject to man-in-the-middle attack, attacker can use the Cloud Server that disguises oneself as the methods of deception to carry out data exchange with cloud terminal, from
And a false connection is established with cloud terminal, to gain the sensitive information of cloud terminal by cheating.Therefore, the improvement to agreement can be from recognizing
The angle of card carries out, directly between the ISO layers and TCP layer of RDP agreements insertion TLS (Transport Layer Security,
Secure transport layers) agreement, to increase the two-way signature certificate verification between Cloud Server and cloud terminal, ensured pair by certification
The legitimacy of square identity, so as to strengthen the security of RDP agreements.Enhanced RDP agreements are as shown in Figure 4.
The principle that USBKey is redirected in RDP agreements is as shown in Figure 5.Implementation step is as follows.
When cloud terminal USBKey transmits information to Cloud Server, step is as follows:
1) USBKey is transferred data in cloud terminal.
2) filter layer intercepts interruption and the data packet that driver is sent.
3) data packet and interruption are sent to server-side by the filter layer by RDP agreements.
4) Cloud Server obtains data packet and interrupts, and delivers a packet to the USB drivings fictionalized.
When Cloud Server transmits information to cloud terminal USBKey, step is as follows:
1) application layer of Cloud Server sends data packet and interruption to virtual USBKey drivers.
2) data packet and interruption are sent to cloud terminal by virtual USBKey drivers by RDP agreements.
3) the USBKey drivers of cloud terminal mutually respond the interruption.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, it is noted that all
All any modification, equivalent and improvement made within the spirit and principles in the present invention etc., should be included in the guarantor of the present invention
Within the scope of shield.
Claims (5)
1. a kind of cloud computing identity identifying method, it is characterised in that the method comprising the steps of:
(1) encryption device of cloud terminal-pair insertion is identified, and login request message is sent to Cloud Server after identification;
(2) after cloud server message, verification message is sent to cloud terminal;
(3) digital certificate of the cloud terminal in verification message extraction encryption device, and sent after digital certificate is encrypted
To Cloud Server;
(4) Cloud Server is according to digital certificate authentication user identity, after being verified, corresponding virtual machine in Cloud Server
Directly established and connected with cloud terminal by RDP agreements;
Certificate acquisition module, USBKey monitoring modules and SSL encryption module are deployed with cloud terminal, is deployed with Cloud Server
USBKey monitors module, security authentication module, Union user management module, CA modules, Virtual Machine Manager module and enhancing RDP moulds
Block;
Cloud Server authentication module safe to use verification user identity, when authentication by after, virtual machine pipe in Cloud Server
Reason module will issue virtual desktop according to user demand and resources of virtual machine situation to cloud terminal user;
Corresponding virtual machine directly establishes the method for connection by RDP agreements including walking with cloud terminal in the Cloud Server
Suddenly:Encryption device is redirected in virtual machine by cloud terminal by RDP agreements, and the certificate that virtual machine can be obtained in encryption device comes
The secure log of operating system in virtual desktop is completed, the image information of acquisition is transferred to cloud end by virtual machine by RDP agreements
On end, cloud terminal is similarly transferred in virtual machine by RDP agreements by information is inputted.
2. a kind of cloud computing identity identifying method according to claim 1, it is characterised in that the login request message is
Obtained after the account of login Cloud Server input by user is encrypted.
3. a kind of cloud computing identity identifying method according to claim 1, it is characterised in that the verification user identity
Step is:First digital certificate is authenticated, certification is tested by rear, by login request message with the information in digital certificate
Card.
4. a kind of cloud computing identity identifying method according to claim 1, it is characterised in that the RDP agreements include TCP
Layer, ISO layers, TLS layers, MCS layers, SEC layers and RDP layers.
5. a kind of cloud computing identity identifying method according to claim 1, it is characterised in that the cloud terminal passes through RDP
The method and step that encryption device is redirected in virtual machine by agreement is:
A, when the encryption device of cloud terminal transmits information to Cloud Server:
1) encryption device is transferred data in cloud terminal;
2) filter layer intercepts interruption and the data packet that driver is sent;
3) data packet and interruption are sent to Cloud Server by the filter layer by RDP agreements;
4) Cloud Server obtains data packet with interrupting, and delivers a packet to the encryption device driver fictionalized;
B, when Cloud Server transmits information to cloud terminal password equipment:
1) application layer of Cloud Server sends data packet and interruption to virtual encryption device driver;
2) data packet and interruption are sent to cloud terminal by virtual encryption device driver by RDP agreements;
3) the encryption device driver of cloud terminal responds the interruption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510254039.0A CN104811455B (en) | 2015-05-18 | 2015-05-18 | A kind of cloud computing identity identifying method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510254039.0A CN104811455B (en) | 2015-05-18 | 2015-05-18 | A kind of cloud computing identity identifying method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104811455A CN104811455A (en) | 2015-07-29 |
CN104811455B true CN104811455B (en) | 2018-05-04 |
Family
ID=53695948
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510254039.0A Active CN104811455B (en) | 2015-05-18 | 2015-05-18 | A kind of cloud computing identity identifying method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104811455B (en) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106603607A (en) * | 2015-10-16 | 2017-04-26 | 中兴通讯股份有限公司 | Private cloud desktop system and method and device for implementing service |
CN106936760A (en) * | 2015-12-30 | 2017-07-07 | 航天信息股份有限公司 | A kind of apparatus and method of login Openstack cloud system virtual machines |
CN105721441B (en) * | 2016-01-22 | 2020-06-02 | 华中科技大学 | Identity authentication method in virtualization environment |
CN107147609A (en) * | 2016-03-01 | 2017-09-08 | 中兴通讯股份有限公司 | A kind of method and cloud terminal, Cloud Server for lifting cloud terminal security energy-conservation |
US10142323B2 (en) * | 2016-04-11 | 2018-11-27 | Huawei Technologies Co., Ltd. | Activation of mobile devices in enterprise mobile management |
CN106231267A (en) * | 2016-08-24 | 2016-12-14 | 成都中英锐达科技有限公司 | View data managing and control system, data download method, playback of data processing method |
CN107241345B (en) * | 2017-06-30 | 2020-07-17 | 西安电子科技大学 | Cloud computing resource management method based on UKey |
CN107612913A (en) * | 2017-09-20 | 2018-01-19 | 贵州恒昊软件科技有限公司 | A kind of on-line bid system and method |
CN108011876A (en) * | 2017-11-29 | 2018-05-08 | 中国银行股份有限公司 | A kind of real name identification method, apparatus and system |
CN108269091B (en) * | 2018-01-25 | 2022-03-29 | 北京明华联盟科技有限公司 | Standby processing method, device and system and computer readable storage medium |
CN109583182B (en) * | 2018-11-29 | 2021-06-04 | 北京元心科技有限公司 | Method and device for starting remote desktop, electronic equipment and computer storage medium |
CN109639697A (en) * | 2018-12-24 | 2019-04-16 | 广州微算互联信息技术有限公司 | Cloud mobile phone safe throws method, mobile terminal and the server of screen |
CN110659471A (en) * | 2019-09-23 | 2020-01-07 | 江苏恒宝智能***技术有限公司 | Identity authentication login method in cloud environment |
CN110768993B (en) * | 2019-10-30 | 2022-03-11 | 北京天融信网络安全技术有限公司 | RDP (remote desktop protocol) -based verification method and device |
CN112272162A (en) * | 2020-09-27 | 2021-01-26 | 西安万像电子科技有限公司 | Login method, device and system |
CN112636927B (en) * | 2020-12-28 | 2022-08-16 | 郑州信大先进技术研究院 | KPI (Key performance indicator) double-certificate-based cloud platform encryption method |
CN113779539A (en) * | 2021-09-09 | 2021-12-10 | 格尔软件股份有限公司 | Linux platform login authentication method |
CN113742713A (en) * | 2021-09-09 | 2021-12-03 | 格尔软件股份有限公司 | Windows platform login authentication method |
CN113992346B (en) * | 2021-09-16 | 2024-01-26 | 深圳市证通电子股份有限公司 | Implementation method of security cloud desktop based on national security reinforcement |
CN113794729A (en) * | 2021-09-17 | 2021-12-14 | 上海仙塔智能科技有限公司 | Communication processing method and device for AVP (Audio video tape Audio video protocol) equipment, electronic equipment and medium |
CN115065493A (en) * | 2022-04-06 | 2022-09-16 | 电子科技大学中山学院 | Autonomous security VDI model based on Spice protocol and optimization method thereof |
CN114866253B (en) * | 2022-04-27 | 2024-05-28 | 北京计算机技术及应用研究所 | Reliable cloud host login system and cloud host login method implemented by same |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102420692A (en) * | 2011-12-28 | 2012-04-18 | 广州杰赛科技股份有限公司 | Safety authentication method and system of universal serial bus (USB) key of client terminal based on cloud computation |
CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
CN104318179A (en) * | 2014-10-30 | 2015-01-28 | 成都卫士通信息产业股份有限公司 | File redirection technology based virtualized security desktop |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8180905B2 (en) * | 2008-12-09 | 2012-05-15 | Microsoft Corporation | User-mode based remote desktop protocol (RDP) encoding architecture |
-
2015
- 2015-05-18 CN CN201510254039.0A patent/CN104811455B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102420692A (en) * | 2011-12-28 | 2012-04-18 | 广州杰赛科技股份有限公司 | Safety authentication method and system of universal serial bus (USB) key of client terminal based on cloud computation |
CN103532966A (en) * | 2013-10-23 | 2014-01-22 | 成都卫士通信息产业股份有限公司 | Device and method supporting USB-KEY-based SSO (single sign on) of virtual desktop |
CN104318179A (en) * | 2014-10-30 | 2015-01-28 | 成都卫士通信息产业股份有限公司 | File redirection technology based virtualized security desktop |
Non-Patent Citations (1)
Title |
---|
基于RDP协议的安全方案研究与实现;罗劢;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130115(第1期);第3.2.2节"RDP协议安全方案总体框架",第3.7节"服务器监控模块设计"、图3-2,图3-15 * |
Also Published As
Publication number | Publication date |
---|---|
CN104811455A (en) | 2015-07-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104811455B (en) | A kind of cloud computing identity identifying method | |
CN112073400B (en) | Access control method, system, device and computing equipment | |
CN106233796B (en) | Calculate the automatic subscriber registration and unlock of equipment | |
CN103747036B (en) | Trusted security enhancement method in desktop virtualization environment | |
CN105306490B (en) | Payment verifying system, method and device | |
US8769289B1 (en) | Authentication of a user accessing a protected resource using multi-channel protocol | |
CN108111473B (en) | Unified management method, device and system for hybrid cloud | |
JP2018116708A (en) | Network connection automation | |
US8719915B2 (en) | Method for improving network application security and the system thereof | |
CN106453361B (en) | A kind of security protection method and system of the network information | |
US20210105254A1 (en) | System, method and computer-accessible medium for two-factor authentication during virtual private network sessions | |
CN102420692A (en) | Safety authentication method and system of universal serial bus (USB) key of client terminal based on cloud computation | |
CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
CN110278084B (en) | eID establishing method, related device and system | |
CN114128212A (en) | Method and system for authenticating secure credential transmission to a device | |
US10250590B2 (en) | Multi-factor device registration for establishing secure communication | |
CN113596009A (en) | Zero trust access method, system, zero trust security proxy, terminal and medium | |
EP3157193A1 (en) | Remote sharing method, and vtm terminal, network side device and system | |
US20160191502A1 (en) | Dual layer transport security configuration | |
CN103036883A (en) | Secure communication method and system of secure server | |
CN102571874A (en) | On-line audit method and device in distributed system | |
CN104821951B (en) | A kind of method and apparatus of secure communication | |
CN106454833A (en) | Method and system for realizing wireless 802.1X authentication | |
CN106982214A (en) | A kind of cloud desktop security of use NFC technique logs in ID card and cloud desktop security login method | |
CN102811203B (en) | Method for identifying ID, system and user terminal in the Internet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP01 | Change in the name or title of a patent holder |
Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee after: China Electronics Technology Network Security Technology Co.,Ltd. Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041 Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc. |
|
CP01 | Change in the name or title of a patent holder |