WO2017167019A1

WO2017167019A1 - Cloud desktop-based processing method and apparatus, and computer storage medium

Info

Publication number: WO2017167019A1
Application number: PCT/CN2017/076847
Authority: WO
Inventors: 李锴; 沈松; 胡丹; 邱海军; 王兰; 宋伊漠
Original assignee: 中兴通讯股份有限公司
Priority date: 2016-04-01
Filing date: 2017-03-15
Publication date: 2017-10-05
Also published as: CN107291432A

Abstract

A cloud desktop management and control method and apparatus, a cloud desktop access method and apparatus, and a computer storage medium. The method comprises: in a fingerprint login mode of a cloud desktop, obtaining an authentication request sent by a terminal, and authenticating the authentication request according to a preconfigured cloud database (S10); if the authentication on the authentication request is passed, matching the cloud desktop with a permission set according to the authentication request (S20); and controlling, according to the permission set, access of the terminal to the cloud desktop (S30).

Description

Cloud desktop processing method, device and computer storage medium

Technical field

The present invention relates to the field of virtual cloud desktop technologies, and in particular, to a cloud desktop management method, device, and cloud desktop access method, device, and computer storage medium.

Background technique

In the current desktop virtualization technology, Virtual Desktop Infrastructure (VDI) becomes a mainstream desktop virtualization technology because of its flexible configuration, convenient use, and unified management. Today, with the increasing demand for cloud computing technology, many enterprises have already applied VDI. VDI technology uses virtualized technology to virtualize the powerful hardware resources of the server, and allocates these resources to the corresponding virtual desktop users as needed to realize virtual machine usage and management.

With the wide application of VDI, information security has become an important issue that manufacturers and users need to pay attention to. Virtual desktops and PCs (Personal Computer) have essential differences in security management. For example, traditional PCs can implement secure management of PCs through traditional methods such as computer room control and USB port blocking. With the flexibility of cloud desktops, multiple terminals can access and access desktop servers anytime and anywhere, and obtain cloud desktop services. Traditional security management methods can no longer meet the diversified and flexible requirements of cloud desktop security management.

Summary of the invention

To solve the existing technical problems, the embodiments of the present invention provide a cloud desktop management method, device, and cloud desktop access method, device, and computer storage medium.

The embodiment of the invention provides a cloud desktop management method, and the cloud desktop management method includes the following steps:

Acquiring an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticating the authentication request according to the pre-configured cloud database;

If the authentication request passes the authentication, matching the cloud desktop and the permission set according to the authentication request Combined

Controlling access by the terminal to the cloud desktop according to the permission set.

In an embodiment, the acquiring the authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticating the authentication request according to the pre-configured cloud database includes:

Obtaining an authentication request sent by the terminal in a cloud desktop fingerprint login mode, where the authentication request carries login fingerprint information and terminal information of the terminal;

Authorizing the terminal and the login fingerprint according to the login fingerprint information, the terminal information of the terminal, and a pre-configured cloud database;

If the terminal and the login fingerprint pass the authentication, it is determined that the authentication request passes the authentication.

In an embodiment, the step of authenticating the rights of the terminal and the login fingerprint according to the login fingerprint information, the terminal information of the terminal, and the cloud database includes:

Determining, according to the cloud database and the terminal information, whether the terminal has access rights;

Determining, according to the cloud database and the login fingerprint information, whether the login fingerprint information has login authority;

If the terminal has access rights, and the login fingerprint information has login authority, it is determined that the terminal and the login fingerprint pass authentication.

In an embodiment, if the terminal and the login fingerprint pass the authentication, the step of determining that the authentication request passes the authentication comprises:

If the terminal and the login fingerprint information are authenticated, determining whether the terminal is a pre-configured login terminal corresponding to the login fingerprint information;

And if the terminal is the login terminal corresponding to the login fingerprint information, determining that the authentication request passes the authentication.

In an embodiment, if the authentication request is authenticated, the step of matching the cloud desktop and the permission set according to the authentication request includes:

If the authentication request is authenticated, matching the pre-configured cloud desktops according to the authentication request to obtain a cloud desktop list;

Returning the cloud desktop list to the terminal, and acquiring a target cloud desktop selected based on the cloud desktop list;

And configuring a permission set according to the target cloud desktop, the login fingerprint information, and terminal information of the terminal;

The step of controlling the access of the terminal to the cloud desktop according to the permission set includes:

Controlling access by the terminal to the target cloud desktop according to the permission set.

In an embodiment, the step of controlling access by the terminal to the target cloud desktop according to the permission set includes:

Returning the permission set to the terminal, and the terminal accesses the target cloud desktop according to the permission set.

In an embodiment, after the step of controlling the access of the terminal to the cloud desktop according to the permission set, the method further includes:

Obtaining a hardware invocation request of the cloud desktop to the terminal;

Redirecting the terminal hardware to the cloud desktop according to the hardware call request, and calling the terminal hardware.

In addition, the embodiment of the present invention further provides a cloud desktop access method, where the cloud desktop access method includes the following steps:

In the cloud desktop fingerprint login mode, the terminal sends an authentication request to the cloud desktop server according to the input login fingerprint information;

If the authentication request passes the authentication, the cloud desktop is accessed under the authority of the cloud desktop server.

In an embodiment, if the authentication request is authenticated, the step of accessing the cloud desktop under the permission of the cloud desktop server includes:

If the authentication request is authenticated, obtaining a returned cloud desktop list of the cloud desktop server;

Obtaining a target cloud desktop selected based on the cloud desktop list, and returning the target cloud desktop to the cloud desktop server;

Obtaining a permission set returned by the cloud desktop server, and accessing the target cloud desktop according to the permission set.

In an embodiment, in the cloud desktop fingerprint login mode, the step of the terminal sending an authentication request to the cloud desktop server according to the input login fingerprint information includes:

In the cloud desktop fingerprint login mode, the terminal obtains the input login fingerprint information;

Determining whether the terminal has entered the unlock fingerprint information;

If the terminal has entered the unlock fingerprint information, matching the unlock fingerprint information and the login fingerprint information;

If the login fingerprint information is successfully matched with the unlocked fingerprint information, the authentication request is sent to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.

In an embodiment, after the step of matching the unlocking fingerprint information and the login fingerprint information, if the terminal has entered the unlocking fingerprint information, the method further includes:

If the matching of the login fingerprint information and the unlocking fingerprint information fails, determining whether the terminal is a private terminal according to the attribute information pre-configured by the terminal;

If the terminal is not a private terminal, the process proceeds to: performing an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.

In an embodiment, the step of sending an authentication request to the cloud desktop server according to the input login fingerprint information in the cloud desktop fingerprint login mode includes:

Obtaining the entered fingerprint information, and sending the entered fingerprint information and the terminal information of the terminal to the cloud desktop server, where the cloud desktop server configures the cloud database for authentication.

In addition, an embodiment of the present invention further provides a cloud desktop management device, where the cloud desktop management device includes:

The authentication module is configured to obtain an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticate the authentication request according to the pre-configured cloud database;

a matching module, configured to: if the authentication request passes the authentication, match the cloud desktop and the permission set according to the authentication request;

The control module is configured to control access of the terminal to the cloud desktop according to the permission set.

In an embodiment, the authentication module comprises:

The first obtaining unit is configured to acquire, in the cloud desktop fingerprint login mode, an authentication request sent by the terminal, where the authentication request carries the login fingerprint information and the terminal information of the terminal;

The authentication unit is configured to authenticate the rights of the terminal and the login fingerprint according to the login fingerprint information, terminal information of the terminal, and a pre-configured cloud database;

The determining unit is configured to determine that the authentication request passes the authentication if the terminal and the login fingerprint pass the authentication.

In an embodiment, the authentication unit is further configured to determine, according to the cloud database and the terminal information, whether the terminal has access rights;

In an embodiment, the determining unit is further configured to

In an embodiment, the matching module comprises:

a list unit, configured to: if the authentication request passes the authentication, match the pre-configured cloud desktops according to the authentication request to obtain a cloud desktop list;

a target unit configured to return the cloud desktop list to the terminal, and obtain The target cloud desktop selected by the cloud desktop list;

a permission unit, configured to configure a permission set according to the target cloud desktop, the login fingerprint information, and terminal information of the terminal;

The control module is further configured to

In an embodiment, the management module is further configured to:

In an embodiment, the cloud desktop control device further includes:

The calling module is configured to acquire a hardware invocation request of the cloud desktop to the terminal; and according to the hardware invocation request, redirect the terminal hardware to the cloud desktop, and invoke the terminal hardware.

In addition, the embodiment of the present invention further provides a cloud desktop access device, where the cloud desktop access device includes:

The requesting module is configured to send an authentication request to the cloud desktop server according to the input login fingerprint information in the cloud desktop fingerprint login mode;

The access module is configured to access the cloud desktop under the authority of the cloud desktop server if the authentication request passes the authentication.

In an embodiment, the access module comprises:

a second acquiring unit, configured to acquire a returned cloud desktop list of the cloud desktop server if the authentication request is authenticated;

a selecting unit, configured to obtain a target cloud desktop selected based on the cloud desktop list, and return the target cloud desktop to the cloud desktop server;

The access unit is configured to obtain a permission set returned by the cloud desktop server, and access the target cloud desktop according to the permission set.

In one embodiment, the request module includes:

The third obtaining unit is configured to obtain the input login fingerprint information in the cloud desktop fingerprint login mode;

The determining unit is configured to determine whether the currently logged in terminal has entered the unlocking fingerprint information;

a matching unit, configured to match the unlocking fingerprint information and the login fingerprint information if the terminal has entered the unlocking fingerprint information;

And the requesting unit is configured to send an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal, if the login fingerprint information matches the unlock fingerprint information.

In one embodiment, the requesting module is further configured to

And if the terminal is not a private terminal, sending an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.

In an embodiment, the cloud desktop access device further includes:

The input module is configured to obtain the entered fingerprint information, and send the entered fingerprint information and the terminal information of the terminal to the cloud desktop server, where the cloud desktop server configures the cloud database for authentication.

In addition, an embodiment of the present invention further provides a computer storage medium, where the computer storage medium includes a set of instructions, when executed, causing at least one processor to execute the cloud desktop management method, or execute the cloud desktop Access method.

The cloud desktop management method and device, the cloud desktop access method, the device and the computer storage medium are provided in the cloud desktop fingerprint login mode, and the authentication request sent by the terminal is obtained according to the pre-configured cloud database The right request is authenticated; if the authentication request passes the authentication, the cloud desktop and the permission set are matched according to the authentication request; and the access of the terminal to the cloud desktop is controlled according to the permission set. The embodiment of the present invention is directed to the unique flexibility of the mobile terminal when accessing the cloud desktop. Personal data and security risks and management problems brought by the cloud desktop system. The fingerprint identification technology is connected with various virtualization core technologies to enable users to access the cloud by fingerprint identification, and matching fingerprints to determine whether the current user can access the cloud desktop. Authorize the permission of the cloud desktop through the user fingerprint, so that the fingerprint becomes the unique certificate for the user to access the desktop cloud system through the mobile terminal, thereby ensuring information security. The embodiment of the invention realizes the identification of the fingerprint, configures the permissions of the cloud desktop according to the fingerprint information, enhances the control and flexibility of the security of the cloud desktop, and improves the user experience.

DRAWINGS

1 is a schematic flowchart of a first embodiment of a cloud desktop management method according to the present invention;

2 is a schematic flowchart of a second embodiment of a cloud desktop management method according to the present invention;

3 is a schematic flowchart of a third embodiment of a cloud desktop management method according to the present invention;

4 is a schematic flowchart of a fourth embodiment of a cloud desktop management method according to the present invention;

5 is a schematic flowchart of a fifth embodiment of a cloud desktop management method according to the present invention;

6 is a schematic flowchart of a sixth embodiment of a cloud desktop management method according to the present invention;

7 is a schematic flowchart of a seventh embodiment of a cloud desktop management method according to the present invention;

8 is a schematic flowchart of a first embodiment of a cloud desktop access method according to the present invention;

9 is a schematic flowchart of a second embodiment of a cloud desktop access method according to the present invention;

10 is a schematic flowchart of a third embodiment of a cloud desktop access method according to the present invention;

FIG. 11 is a schematic flowchart diagram of a fourth embodiment of a cloud desktop access method according to the present invention;

FIG. 12 is a schematic flowchart diagram of a fifth embodiment of a cloud desktop access method according to the present invention;

13 is a schematic diagram of functional modules of a first embodiment of a cloud desktop control device according to the present invention;

14 is a schematic diagram of functional modules of a second embodiment, a third embodiment, and a fourth embodiment of a cloud desktop control device according to the present invention;

15 is a schematic diagram of functional modules of a fifth embodiment and a sixth embodiment of a cloud desktop management device according to the present invention;

16 is a schematic diagram of functional modules of a seventh embodiment of a cloud desktop management device according to the present invention;

17 is a schematic diagram of functional modules of a first embodiment of a cloud desktop access device according to the present invention;

18 is a schematic diagram of functional modules of a second embodiment of a cloud desktop access device according to the present invention;

19 is a functional block diagram of a third embodiment and a fourth embodiment of a cloud desktop control device according to the present invention; intention;

20 is a schematic diagram of functional modules of a fifth embodiment of a cloud desktop access device according to the present invention;

FIG. 21 is a schematic diagram of a terminal hardware redirection application scenario according to an embodiment of the present invention;

FIG. 22 is a schematic diagram of an application scenario of a user logging in to a cloud desktop using a mobile terminal according to an embodiment of the present disclosure;

FIG. 23 is a schematic diagram of a fingerprint input application scenario according to an embodiment of the present invention.

detailed description

The implementation, functional features, and advantages of the present invention will be further described in conjunction with the embodiments.

It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In various embodiments of the present invention, in the cloud desktop fingerprint login mode, the authentication request sent by the terminal is obtained, and the authentication request is authenticated according to the pre-configured cloud database; if the authentication request is And authenticating, the pre-configured cloud desktop and the permission set are matched according to the authentication request; and the access of the terminal to the cloud desktop is controlled according to the permission set.

Due to the flexibility of accessing the cloud desktop through the user terminal, the existing technology does not have flexible adaptability and adjustability in the cloud desktop security management and control, and cannot meet the security management and control requirements of the cloud desktop.

The embodiment of the invention provides a solution for the fingerprint identification technology to be connected to a plurality of virtualized core technologies, so that the user can access the cloud in the manner of fingerprint identification, and the fingerprint is matched to determine whether the current user can access the cloud desktop, and the user fingerprint is authorized. The permission of the cloud desktop makes the fingerprint become the only certificate for the user to access the desktop cloud system through the mobile terminal, thereby ensuring information security.

Referring to FIG. 1 , a first embodiment of the cloud desktop management method of the present invention provides a cloud desktop management method, where the cloud desktop management method includes:

Step S10: Acquire an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticate the authentication request according to the pre-configured cloud database.

Based on the security problems faced by the current desktop cloud system, the embodiment of the present invention combines the biometric identification technology with the cloud system security management and control process, and fully integrates the fingerprint identification technology into the management of the desktop cloud system. It can guarantee the security of the virtual desktop environment as well as the fingerprint. Don't provide users with more personalized customized services, and provide a security management solution for desktop cloud systems to make up for the security shortcomings of cloud desktop products in the rapid development process.

Specifically, as an implementation manner, the embodiment of the present invention performs security management and control of the cloud desktop through the cloud desktop server.

Cloud desktop servers include Virtualization Management Center (VMC), Virtualization Environment (VE, Virtual Environment), Cloud Desktop Virtual Machine and Cloud Desktop Agent. The VMC is configured as the security control of the cloud desktop, the VE provides the running environment for the cloud desktop virtual machine, and the cloud desktop virtual machine provides the cloud desktop service to the user. The cloud desktop agent can feed back the running status of the cloud desktop virtual machine to the VMC.

After the desktop cloud server is deployed, enter the user fingerprint information and configure the user attributes corresponding to the fingerprint information for cloud desktop configuration and authority management.

In the cloud desktop fingerprint login mode, the terminal enters the login fingerprint of the current user to log in to the cloud desktop, and obtains the signature of the login fingerprint as the login fingerprint information. In the embodiment of the present invention, the terminal may be a PC, a mobile terminal, or the like.

Then, the terminal generates an authentication request according to the login fingerprint information, the login time of the current user, and the like. The terminal encrypts the authentication request and sends it to the VMC.

After receiving the encrypted authentication request sent by the terminal, the VMC decrypts and obtains an authentication request. The VMC obtains login fingerprint information of the current user login to the cloud desktop according to the authentication request.

The VMC then matches the login fingerprint information with the fingerprint information in the pre-configured cloud database.

It should be noted that, in the pre-configured cloud database, each fingerprint information having the login authority and the corresponding user attribute recorded in advance are recorded. It should be noted that the user attribute includes the account information corresponding to the fingerprint information, the terminal information, the matching cloud desktop, and the like. The fingerprint information includes the fingerprint feature code extracted when the fingerprint is entered.

If the fingerprint feature code matching the fingerprint feature code of the current login fingerprint information is found in the cloud database, it is determined that the current login fingerprint information has the login authority.

If the current login fingerprint information has login authority, the VMC determines that the current authentication request passes the authentication.

Step S20: If the authentication request passes the authentication, the cloud desktop and the permission set are matched according to the authentication request.

If the authentication request sent by the current terminal passes the authentication, the VMC matches the cloud desktop and the permission set according to the authentication request.

Specifically, as an implementation manner, the VMC obtains the current user attribute according to the login fingerprint information carried by the current authentication request, and matches the pre-configured cloud desktop according to the user attribute.

It should be noted that the personalized and differentiated cloud desktops can be flexibly configured according to different login fingerprints, for example, the operating system, data, and application software of the cloud desktop can be flexibly configured.

The cloud desktops obtained by VMC matching can be one or more.

The VMC matches the pre-configured permission set of the current login fingerprint information according to the user attribute of the current login fingerprint information. The permission set contains the permissions of the current user to access the cloud desktop, including the peripheral permission call permission, network permission, file operation authority, etc. For example, whether the account corresponding to the current login fingerprint information has the right to call the terminal camera, and whether the terminal is called. Universal Serial Bus (USB), the authority of data transfer (OTG, On-The-Go) devices between devices and devices.

Thus, the VMC gets the set of permissions for the current login fingerprint.

Step S30: Control access of the terminal to the cloud desktop according to the permission set.

After the configuration of the cloud desktop and the permission set is completed according to the authentication request, the terminal accesses the cloud desktop according to the permission set.

Specifically, as an implementation manner, the VMC notifies the terminal that the current authentication request passes the authentication, and the terminal sends a link request to the VE. The VE responds to the link request of the terminal, starts the cloud desktop virtual machine according to the link request, and starts the corresponding cloud desktop. At the same time, the VE returns a response message to the terminal.

After receiving the response message from the VE, the terminal connects to the cloud desktop VM and accesses the cloud desktop. The user can perform various operations on the cloud desktop based on the terminal.

In the process of using the cloud desktop, the VMC controls the permissions of the user on the cloud desktop access process according to the permission set, and performs security control, for example, controlling the user's permission to invoke the camera when accessing the cloud desktop.

In this embodiment, in the cloud desktop fingerprint login mode, the authentication request sent by the terminal is acquired, and the authentication request is authenticated according to the pre-configured cloud database; if the authentication request passes the authentication, according to the The authentication request matches the cloud desktop and the permission set; and the terminal controls the access of the terminal to the cloud desktop according to the permission set. This embodiment is specific to the flexibility of the mobile terminal when accessing the cloud desktop. The data and the security risks and management problems brought by the cloud desktop system connect the fingerprint identification technology with various virtualization core technologies to enable the user to access the cloud in the manner of fingerprint identification, and match the fingerprint to determine whether the current user can access the cloud desktop. The user's fingerprint is used to authorize the permissions of the cloud desktop, so that the fingerprint becomes the only credential for the user to access the desktop cloud system through the mobile terminal, thereby ensuring information security. The embodiment of the invention realizes the identification of the fingerprint, configures the permissions of the cloud desktop according to the fingerprint information, enhances the control and flexibility of the security of the cloud desktop, and improves the user experience.

Further, referring to FIG. 2, the second embodiment of the cloud desktop management method of the present invention provides a cloud desktop management method. Based on the foregoing embodiment shown in FIG. 1, the step S10 includes:

Step S11: Acquire an authentication request sent by the terminal in a cloud desktop fingerprint login mode, where the authentication request carries login fingerprint information and terminal information of the terminal.

In the cloud desktop fingerprint login mode, the terminal enters the current login fingerprint of the user through the fingerprint identification device, extracts the fingerprint feature code according to the login fingerprint, and uses the obtained fingerprint feature code as the fingerprint information of the current login fingerprint.

Then, the terminal generates an authentication request by using information such as the login fingerprint information, the terminal information of the current terminal, and the login time of the current user. The terminal information is unique identification information of the current terminal, and may be information that can uniquely identify the current terminal, such as hardware information. The terminal encrypts the authentication request and sends it to the VMC.

After receiving the encrypted authentication request sent by the terminal, the VMC decrypts and obtains the login fingerprint information and the terminal information carried in the authentication request.

Step S12: Authenticate the terminal and the login fingerprint according to the login fingerprint information, the terminal information of the terminal, and a pre-configured cloud database.

After obtaining the login fingerprint information and the terminal information of the terminal, the terminal and the login fingerprint are authenticated according to the pre-configured cloud database.

The cloud fingerprint database records terminal information and fingerprint information that have permission to access the cloud desktop. If the terminal information of the current terminal is found in the cloud database and the fingerprint information of the login fingerprint is matched, it is determined that the current terminal and the login fingerprint have the right to access the cloud desktop and pass the authentication.

If the terminal information of the current terminal is not found, or the fingerprint information of the login fingerprint is not matched, it is determined that the current terminal and the login fingerprint do not have permission to access the cloud desktop, and the authentication is not passed.

Thereby, the authentication result of the current terminal and the login fingerprint is obtained.

Step S13: If the terminal and the login fingerprint pass the authentication, determine that the authentication request passes the authentication.

After obtaining the authentication result of the current terminal and the login fingerprint, if the current terminal and the login fingerprint pass the authentication, the VMC determines that the current authentication request passes the authentication.

If the current terminal and the login fingerprint do not have access to the cloud desktop and fail to pass the authentication, the VMC determines that the current authentication request has not passed the authentication and does not have the login permission. At this time, the VMC returns a notification message of the login failure to the terminal. The terminal prompts the user to fail to log in and asks the user to input the fingerprint again.

If the authentication fails three times in a preset time, the terminal may remind the user to switch the login mode and log in to the cloud desktop using the account mode.

In this embodiment, in the cloud desktop fingerprint login mode, the authentication request sent by the terminal is acquired, and the authentication request carries the login fingerprint information and the terminal information of the terminal; according to the login fingerprint information, the terminal information of the terminal, and the pre-configured cloud. The database authenticates the authority of the terminal and the login fingerprint; if the current terminal and the login fingerprint pass the authentication, it determines that the authentication request passes the authentication. In the cloud desktop fingerprint login mode, the login terminal and the fingerprint are simultaneously authenticated, and the cloud desktop is allowed to be logged in only when the terminal and the login fingerprint pass the authentication at the same time, thereby improving the security of the cloud desktop control. .

Further, referring to FIG. 3, the third embodiment of the cloud desktop management method of the present invention provides a cloud desktop management method. Based on the embodiment shown in FIG. 2, the step S12 includes:

Step S121: Determine, according to the cloud database and the terminal information, whether the terminal has access rights.

After obtaining the authentication request, the VMC determines, according to the terminal information in the authentication request, whether the current terminal has the access right.

Specifically, as an implementation manner, the VMC is pre-configured with a terminal device that allows access to the cloud desktop, and terminal identification information with access rights is recorded in the cloud database. The terminal identification information recorded by the VMC may be a terminal device type, device information of the terminal device, or the like.

For example, the access security of the cloud desktop is guaranteed. For example, the VMC pre-configured the public PC does not allow access to the cloud desktop, and only allows the internal PC to access the cloud desktop; or the VMC pre-records the mobile terminal that allows access to the cloud desktop, and records the mobile terminal. Terminal information, does not allow unregistered mobile terminals to access the cloud desktop. Of course, VMC can also be flexibly set according to other security principles. Access rights to the terminal.

In this embodiment, the VMC only allows the recorded terminal device to access the cloud desktop, and records the terminal information with the access authority in the cloud database for example.

The VMC searches the cloud database according to the terminal information of the current terminal, and determines whether the current terminal has access rights.

If the terminal information of the current terminal is found in the cloud database, it is determined that the current terminal has the access right; if the terminal information of the current terminal is not found in the cloud database, it is determined that the current terminal does not have the access right.

As an implementation manner, if the current terminal does not have the access right, the VMC returns a notification message of the login failure to the terminal, notifying that the current terminal does not have the access right, and rejecting the login request of the current terminal. The terminal may notify the user that the current terminal does not have access rights according to the notification message.

Thereby, the VMC obtains the access authority judgment result of the current terminal.

Step S122: Determine, according to the cloud database and the login fingerprint information, whether the login fingerprint information has login authority.

The VMC determines whether the current login fingerprint information has login authority according to the pre-configured cloud database.

In the pre-configured cloud database, pre-recorded fingerprint information with access rights is recorded. Based on the fingerprint information entered in the cloud database, the VMC matches the current login fingerprint information to find the fingerprint information that matches the current login fingerprint information.

If the fingerprint information matching the current login fingerprint information is successfully found in the cloud database, it is determined that the current login fingerprint information has the login authority; if the fingerprint information matching the current login fingerprint information is not found in the cloud database, the current login is determined. Fingerprint information does not have login privileges.

Thereby, it is determined whether or not the current login fingerprint information has the login authority.

Step S123: If the terminal has an access right, and the login fingerprint information has a login authority, determine that the terminal and the login fingerprint pass the authentication.

If the current terminal has access rights, and the current login fingerprint information has login authority, the VMC determines that the current authentication request passes the authentication and has the login authority.

In this embodiment, determining whether the current terminal has access rights according to the cloud database and the terminal information; determining whether the current login fingerprint information has login authority according to the cloud database and the login fingerprint information; if the current terminal has access rights, and the login fingerprint information is Login permission, determine the current The authentication request is authenticated. In this embodiment, the terminal and the fingerprint information are simultaneously authenticated, and only the fingerprint having the login authority is allowed to access the cloud desktop through the terminal having the access authority, thereby realizing the simultaneous control of the terminal device and the fingerprint, thereby greatly improving the cloud desktop. Security management capabilities and flexibility.

Further, referring to FIG. 4, the fourth embodiment of the cloud desktop management method of the present invention provides a cloud desktop management method. Based on the embodiment shown in FIG. 3, the step S13 includes:

Step S131: If the terminal and the login fingerprint information pass the authentication, determine whether the terminal is a pre-configured login terminal corresponding to the login fingerprint information.

In this embodiment, the pre-configured fingerprint information is bound with a corresponding login terminal. For example, a private user can bind his or her personal fingerprint and personal terminal, and not allow others to log in to the cloud desktop through their own terminal; or preset the public terminal to bind the fingerprint information of multiple specific users, so as to prevent users with lower permissions from using the fingerprint. This public terminal logs in to the cloud desktop.

Specifically, as an implementation manner, when the user first uses the cloud desktop account and logs in to the cloud desktop on the terminal. If the cloud desktop account is authenticated by the VMC and is a legitimate user, the terminal prompts the user whether to enter the fingerprint information and log in using the fingerprint.

If the user selects to enter the fingerprint information, the fingerprint of the current user is entered, and the fingerprint feature code is extracted to obtain the fingerprint information.

Then, the terminal encrypts and transmits the fingerprint information and the terminal information of the current terminal to the VMC.

After receiving the fingerprint information and the terminal information, the VMC binds the current terminal as the current fingerprint information to the current fingerprint information, and binds the fingerprint information to the corresponding login terminal. It should be noted that one terminal can bind multiple different fingerprint information.

The VMC stores the terminal information bound by the current fingerprint information in the cloud database as a user attribute corresponding to the fingerprint information.

In the fingerprint login mode, if the login fingerprint information is authenticated by login, the user attribute of the login fingerprint information is obtained, and the login terminal information corresponding to the current login fingerprint information is obtained.

Then, the VMC matches the login terminal information according to the terminal information of the current terminal, and determines whether the current terminal is the login terminal, that is, determines whether the current login fingerprint information has permission to log in to the cloud desktop using the current terminal.

If the terminal information of the current terminal is successfully matched with the login terminal information, it is determined that the current terminal is the login terminal corresponding to the current login fingerprint information; if the terminal information of the current terminal fails to match the login terminal information, it is determined that the current terminal is not the current login fingerprint. The login terminal corresponding to the information.

Thereby, the determination result is obtained.

Step S132: If the terminal is the login terminal corresponding to the login fingerprint information, determine that the authentication request passes the authentication.

If the current terminal is the login terminal corresponding to the current login fingerprint information, the VMC determines that the current fingerprint information can log in to the cloud desktop system through the current terminal, and determines that the current authentication request passes the authentication.

As an implementation manner, if the current terminal is not the login terminal corresponding to the current login fingerprint information, the VMC determines that the current authentication request authentication fails, and rejects the current login fingerprint information to log in to the cloud desktop through the current terminal.

The VMC can also pre-configure the abnormal reminder mode, pre-configure the corresponding user's mobile phone number, email address, etc. according to the login fingerprint information, and notify the user by SMS, email, etc. when the fingerprint information is abnormally logged in. For example, the VMC records the record that the user accesses the cloud desktop through fingerprint authentication, including terminal information, time, duration, etc., and can be configured to send the cloud desktop access record to the user only when the abnormal login record occurs, to ensure that the user fingerprint is stolen. I will be able to know at the first time.

It should be noted that the fingerprint information abnormal login includes the fingerprint information corresponding to the user account password continuously input multiple times, the fingerprint information is registered in the cloud desktop after the terminal device that is not pre-bound, and the fingerprint information is successfully accessed after the cloud desktop is successfully operated, etc., according to Actually requires flexible configuration.

In this embodiment, if the current terminal and the login fingerprint information are authenticated, it is determined whether the current terminal is a pre-configured login terminal corresponding to the current login fingerprint information; if the current terminal is the login terminal corresponding to the current login fingerprint information, determining The current authentication request is authenticated, allowing access to the cloud desktop. In this embodiment, the fingerprint information and the login terminal are bound, and after multiple authentication, the biometric identification information and the terminal information are combined, and the fingerprint and the terminal are matched, and the user's exclusive terminal configuration is realized, so that others can log in to the cloud through the user's personal exclusive terminal. The desktop enhances the security management and control of the cloud desktop and ensures information security.

Further, referring to FIG. 5, a fourth embodiment of the cloud desktop management method of the present invention provides a cloud desktop management method based on the foregoing embodiment shown in FIG. 1, FIG. 2, FIG. 3 or FIG. 4 (this embodiment uses FIG. 1 is an example), and the step S20 includes:

In step S21, if the authentication request is authenticated, the pre-configured cloud desktops are matched according to the authentication request to obtain a cloud desktop list.

After the current authentication request is authenticated, the VMC obtains the current user attribute according to the current authentication request, and matches each pre-configured cloud desktop according to the user attribute.

Pre-configured cloud desktops can be used by multiple users for different application scenarios or needs.

Then, the VMC creates a cloud desktop list according to each cloud desktop obtained by the matching.

Step S22: Return the cloud desktop list to the terminal, and obtain a target cloud desktop selected based on the cloud desktop list.

After obtaining the cloud desktop list, the VMC returns the cloud desktop list to the terminal for the user to select.

Then, the VMC obtains the cloud desktop selected by the user returned by the terminal, and uses the cloud desktop as the target cloud desktop.

As another implementation manner, after obtaining the cloud desktops matched by the current user, the VMC may also return the attribute information of each cloud desktop to the terminal, and the terminal configures the cloud desktop list according to the attribute information of each cloud desktop for the user to select. . After obtaining the target cloud desktop selected by the user, the terminal returns the attribute information of the target cloud desktop to the VMC, and the VMC obtains the target cloud desktop selected by the user.

Step S23: Configure a permission set according to the target cloud desktop, the login fingerprint information, and the terminal information of the terminal.

After obtaining the target cloud desktop, the VMC configures the permission set according to the target cloud desktop, the current login fingerprint information, and the terminal information.

As an implementation manner, the VMC is configured with the rights corresponding to each fingerprint information, the rights of each cloud desktop, and the rights corresponding to each login terminal. Pre-configured permissions include peripheral call permissions, etc., which can be flexibly set as needed. Different fingerprint information, cloud desktops, and terminal permissions may be different.

After the authentication request is passed, the VMC obtains the corresponding rights, the rights of the target cloud desktop, and the rights corresponding to the current terminal, and obtains the rights of the current user and configures the permission set. For example, the current login fingerprint information and the target cloud desktop have the right to invoke the terminal camera, and the current terminal does not have the right to invoke the terminal camera, then the current user cannot call the camera. The permission is added to the permission set; the current login fingerprint information, the target cloud desktop, and the current terminal all have the right to invoke the USB peripheral, and the current user can invoke the permission of the USB peripheral to join the permission set.

Thus, a set of permissions is obtained.

Correspondingly, the step S30 includes:

Step S31, controlling access of the terminal to the target cloud desktop according to the permission set.

Specifically, as an implementation manner, after acquiring the target cloud desktop selected by the user, the terminal simultaneously sends a connection request to the VE according to the target cloud desktop. The VE starts the cloud desktop virtual machine according to the link request of the terminal, and starts the target cloud desktop for the terminal to access. or,

After obtaining the target cloud desktop and the permission set, the VE starts the cloud desktop virtual machine according to the target desktop acquired by the VMC, and starts the target cloud desktop for the terminal to access.

During the process of the terminal accessing the target cloud desktop, the VMC controls the access rights of the terminal according to the permission set.

In this embodiment, if the authentication request is authenticated, the pre-configured cloud desktops are matched according to the authentication request to obtain a cloud desktop list; the cloud desktop list is returned to the terminal, and the target cloud desktop selected based on the cloud desktop list is obtained. Configuring a permission set according to the target cloud desktop, the login fingerprint information, and the terminal information of the terminal; and then controlling the terminal access to the target cloud desktop according to the permission set. In this embodiment, the cloud desktop list is configured for the user to select, and the user provides more choices according to different application scenarios; according to the target cloud desktop selected by the user, the terminal currently accessing the cloud desktop, and the fingerprint of the currently logged in cloud desktop, the comprehensive configuration The collection of permissions realizes the comprehensive configuration of the permissions according to the current access to the cloud desktop, ensures the control of the terminal, the cloud desktop and the user's multi-party permissions, controls the access to the cloud desktop, and realizes the control of the cloud desktop security, and Greatly improved the control.

Further, referring to FIG. 6, the sixth embodiment of the cloud desktop management method of the present invention provides a cloud desktop management method. Based on the embodiment shown in FIG. 5, the step S31 includes:

Step S32: Return the permission set to the terminal, and the terminal accesses the target cloud desktop according to the permission set.

After obtaining the target cloud desktop and permission set, the VMC returns the permission set to the current terminal.

After receiving the permission set returned by the VMC, the terminal controls the operation rights of the current user when accessing the target cloud desktop according to the permission set.

Therefore, when a large number of terminal users access the cloud desktop system at the same time, the rights control of each terminal is performed, the burden of the authority of the VMC is reduced, and the access speed and the operating efficiency of the VMC are improved.

Further, after obtaining the target cloud desktop and the permission set, the VMC may further match the data disk information and the virtualization application according to the login fingerprint information of the current user, and return the data disk information and the virtualization application to the terminal.

Specifically, the VMC obtains data disk information and a virtual application (VAPP, Virtual Application) of the current user according to the current login fingerprint information.

The data disk information may be a virtual operating system (VOI, Virtual OS Infrastructure) data disk information, and records current user data, such as office files; the virtualized application is a personalized application software configured for the current user. For example, the financial personnel's application software can be configured as a financial application software, and the human resources staff application software can be configured as a recruitment software.

After the target cloud desktop, the permission set, the data disk information, and the virtualized application are obtained, the VMC delivers the permission set, the data disk information, and the virtualized application to the terminal side.

The terminal sends a cloud desktop link request to the VE according to the target cloud desktop. After receiving the cloud desktop link request, the VE starts the cloud desktop virtual machine and feeds back a response message to the terminal.

After receiving the response message from the VE, the terminal connects to the cloud desktop VM to access the cloud desktop and limits the operation requirements of the current user or terminal according to the permission set.

After accessing the cloud desktop, the user can invoke the current data disk information through the terminal to perform operations; the user can also invoke the current virtualization application and select the desired application to operate. The terminal is configured to cache the data of the user to log in to the cloud desktop according to the received data disk information and the virtualized application. When the current user subsequently passes the current terminal again, the terminal can directly use the cached data for use. Avoid reloading each time to reduce the efficiency of cloud desktop access. It should be noted that the data disk information and the data of the virtualization application that are sent locally in the terminal can be updated synchronously with the data information of the remote cloud desktop to avoid data loss.

In this embodiment, the permission set is returned to the terminal, and the terminal accesses the target cloud desktop according to the permission set. In this embodiment, by returning the permission set to the terminal, the terminal performs the permission control, which reduces the burden on the cloud desktop server and improves the efficiency of the cloud desktop.

Further, referring to FIG. 7, a fifth embodiment of the cloud desktop management method of the present invention provides a cloud table. The surface control method is based on the embodiment shown in any of the above-mentioned FIG. 1 to FIG. 6 (the embodiment is illustrated by using FIG. 1). After the step S30, the method further includes:

Step S40: Acquire a hardware invocation request of the cloud desktop to the terminal.

After the user successfully enters the cloud desktop, the user faces a large number of cloud resources, including multiple operating systems and multiple software clients. Some software clients or system services need to call the hardware of the terminal. In this embodiment, the hardware of the terminal includes the hardware resources owned by the terminal and the hardware resources accessed by the terminal through the USB peripheral.

For example, a software client of a part of the operation and maintenance or management system requires the user to access the fingerprint authentication under the requirements of a certain security policy. At this time, when the user runs the software client, a fingerprint input prompt is popped up.

The cloud desktop virtual machine obtains a hardware invocation request according to the requirements of the cloud desktop client.

Step S50: Redirect the terminal hardware to the cloud desktop according to the hardware call request, and invoke the terminal hardware.

The cloud desktop agent redirects the hardware corresponding to the terminal to the peripheral hardware list of the cloud desktop virtual machine according to the hardware invocation request of the cloud desktop virtual machine, so that the terminal hardware points to the cloud desktop, and then calls the terminal hardware.

For example, the application software in the current cloud desktop needs to be accessed by the user through fingerprint authentication.

Referring to FIG. 21, the user inputs a fingerprint through the terminal, and the terminal extracts the feature code of the user fingerprint to obtain the login fingerprint information. Then, the terminal sends an authentication request to the VMC according to the terminal information and the login fingerprint information.

The VMC performs authentication according to the fingerprint information and the terminal information in the authentication request. After the authentication is passed, the VMC matches the cloud desktop according to the authentication request, and returns the cloud desktop list to the terminal for the user to select.

After the user selects the target cloud desktop through the terminal, the user sends a link request to the VE. The VE starts the corresponding cloud desktop virtual machine according to the link request, and returns a response message to the terminal. After receiving the response, the terminal connects to the cloud desktop VM and accesses the cloud desktop.

If the application software of the cloud desktop needs to input the user fingerprint, the cloud desktop virtual machine sends a fingerprint recording request to the cloud desktop proxy.

Then, the cloud desktop agent redirects the fingerprint identifier of the terminal to the cloud desktop peripheral list according to the fingerprint recording request, and the fingerprint identification device is hung on the cloud desktop virtual machine.

Then, the cloud desktop application software calls the fingerprint identifier of the terminal to record the fingerprint, and the user can pass the The fingerprint identifier of the terminal directly scans the fingerprint of the terminal, and the terminal sends the fingerprint information of the user to the cloud desktop agent.

Then, the cloud desktop agent returns the obtained fingerprint information to the current cloud desktop application.

In this embodiment, after obtaining the hardware invocation request of the cloud desktop to the terminal, the terminal hardware is redirected to the cloud desktop according to the hardware call request, and the terminal hardware is invoked. After the user connects the cloud desktop through the terminal, the embodiment redirects the hardware of the mobile terminal to the cloud desktop, realizes the call of the internal running program of the cloud desktop to the terminal hardware, and supports the fingerprint identification and authentication function of the internal program of the cloud desktop, thereby The rights management of running programs inside the cloud desktop can be performed, which enhances the security of the cloud desktop operation and improves the user experience.

Referring to FIG. 8 , a first embodiment of the cloud desktop access method of the present invention provides a cloud desktop access method, where the cloud desktop access method includes:

Step S60: In the cloud desktop fingerprint login mode, the terminal sends an authentication request to the cloud desktop server according to the input login fingerprint information.

When the user accesses the cloud desktop through the terminal, the embodiment of the present invention performs authentication according to the fingerprint of the user. This embodiment is exemplified by a mobile terminal.

Specifically, as an implementation manner, a cloud desktop application (APP, Application) may be deployed in the terminal, the user opens the cloud desktop APP, selects a cloud desktop fingerprint login mode, and the cloud desktop APP prompts the user to input a fingerprint to log in to the cloud desktop.

Then, the terminal acquires the fingerprint input by the user, and extracts the fingerprint feature code to obtain the current login fingerprint information.

Then, the terminal generates an authentication request according to the login fingerprint information, the login time of the current user, and the like. After the authentication request is encrypted, it is sent to the VMC in the cloud desktop server.

Step S70: If the authentication request passes the authentication, access the cloud desktop under the authority of the cloud desktop server.

If the current authentication request passes the authentication, the terminal sends a link request to the cloud desktop server.

The cloud desktop server responds to the terminal's link request, starts the cloud desktop virtual machine according to the link request, and starts the cloud desktop. Then, a response message is returned to the terminal.

After receiving the response message, the terminal connects to the cloud desktop to access and operate. In the process of accessing the cloud desktop by the terminal, if the operation of the permission restriction is involved, for example, calling the USB interface of the terminal, the cloud The desktop server determines the authority of the current user according to the permission set matched with the current authentication request, and controls the usage authority of the terminal according to the determination result.

In this embodiment, in the cloud desktop fingerprint login mode, the terminal sends an authentication request to the cloud desktop server according to the input login fingerprint information; if the authentication request passes the authentication, accesses the cloud under the permission of the cloud desktop server. desktop. In this embodiment, the fingerprint information is authenticated by the terminal, so that when the user accesses the cloud desktop through the terminal, fingerprint authentication is performed, thereby ensuring information security.

Further, referring to FIG. 9, the second embodiment of the cloud desktop access method of the present invention provides a cloud desktop access method. Based on the foregoing embodiment shown in FIG. 8, the step S70 includes:

Step S71: If the authentication request is authenticated, obtain a returned cloud desktop list of the cloud desktop server.

In this embodiment, if the authentication request is authenticated, the terminal obtains the cloud desktop list returned by the cloud desktop server, and the cloud desktop list includes the pre-configured cloud desktops matched by the cloud desktop server according to the current login fingerprint information, for the user. Make selection based on usage scenarios.

Step S72: Acquire a target cloud desktop selected based on the cloud desktop list, and return the target cloud desktop to the cloud desktop server.

After obtaining the cloud desktop list, the terminal feeds back the cloud desktop list to the user, obtains the target cloud desktop selected by the user based on the cloud desktop list, and returns the target cloud desktop to the cloud desktop server.

Step S73: Acquire a permission set returned by the cloud desktop server, and access the target cloud desktop according to the permission set.

After the user selects the target cloud desktop through the terminal, the terminal sends a link request to the cloud desktop server according to the target cloud desktop. The cloud desktop server responds to the link request of the terminal, starts the cloud desktop virtual machine according to the link request, and returns the corresponding cloud desktop to the terminal. At the same time, the cloud desktop server returns the configured permission set to the terminal. The permission set of the cloud desktop configuration includes the permissions of the configured current login fingerprint.

Then, the user can access the cloud desktop through the terminal, use the software client in the cloud desktop, the network, and the like. During the process of the user accessing the cloud desktop through the terminal, the terminal performs only the authorized operation according to the permission set, and disables the unauthorized operation. Thereby, the uniqueness of the user right matching is ensured according to the fingerprint information, and the high authority is prevented from being misplaced due to the account information error or the like.

In this embodiment, if the authentication request is authenticated, the returned cloud of the cloud desktop server is obtained. A list of desktops; obtaining a target cloud desktop selected based on the cloud desktop list, and returning the target cloud desktop to the cloud desktop server; obtaining a permission set returned by the cloud desktop server, and accessing the target cloud desktop according to the permission set. The embodiment of the invention realizes that the user selects the required target cloud desktop according to the cloud desktop list, and increases the user's selectivity; the cloud desktop server returns the permission set to the terminal, and when the cloud desktop is accessed, the terminal performs the rights management and mitigates The burden of the cloud desktop server enhances the control and flexibility of cloud desktop security and enhances the user experience.

Further, referring to FIG. 10, a third embodiment of the cloud desktop access method of the present invention provides a cloud desktop access method, which is based on the embodiment shown in FIG. 8 or FIG. 9 (the embodiment is illustrated by using FIG. 8). Step S60 includes:

Step S61: In the cloud desktop fingerprint login mode, the terminal acquires the input login fingerprint information.

As an implementation manner, in the cloud desktop fingerprint login mode, the terminal acquires the fingerprint input by the user through the fingerprint identifier.

Then, the terminal extracts the feature code of the fingerprint, and uses the obtained fingerprint feature code as the login fingerprint information of the current user.

Step S62: Determine whether the terminal has entered the unlock fingerprint information.

After obtaining the login fingerprint information, the terminal determines whether the current terminal has entered the unlock fingerprint information for unlocking the current terminal.

Step S63: If the terminal has entered the unlocking fingerprint information, the unlocking fingerprint information and the login fingerprint information are matched.

If the current terminal has entered the unlocking fingerprint information of the terminal, that is, the current terminal may be a private terminal, the terminal matches the unlocked fingerprint information that has been entered by the current terminal with the login fingerprint information of the current user.

Step S64: If the login fingerprint information and the unlocking fingerprint information are successfully matched, send the authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.

If the unlocking fingerprint information of the current terminal is successfully matched with the login fingerprint information of the current user, it is determined that the user currently logging in to the cloud desktop is the owner of the current terminal, and the terminal according to the login fingerprint information, the terminal information of the current terminal, and the login time of the current user. Such information generates an authentication request. After the authentication request is encrypted, it is sent to the VMC in the cloud desktop server for authentication. Need to explain The terminal information of the current terminal is the unique identification information of the current terminal.

In this embodiment, in the cloud desktop fingerprint login mode, the terminal acquires the input login fingerprint information; then, determines whether the current terminal has entered the unlock fingerprint information; if the current terminal has entered the unlock fingerprint information, the matching unlock fingerprint information and login Fingerprint information; if the login fingerprint information matches the unlock fingerprint information, the authentication request is sent to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal. In this embodiment, it is determined whether the user currently logging in to the cloud desktop is the current terminal owner by determining whether the current terminal has the unlocked fingerprint information, thereby ensuring the security of the personal terminal logging in to the cloud desktop.

Further, referring to FIG. 11, the fourth embodiment of the cloud desktop access method of the present invention provides a cloud desktop access method. After the step S63, the method further includes:

Step S65: If the login fingerprint information fails to match the unlock fingerprint information, determine whether the terminal is a private terminal according to the attribute information pre-configured by the terminal.

In this embodiment, the attributes of the terminal may be pre-configured, for example, the configuration terminal is a private terminal or a shared terminal, and the private terminal only allows a specific pre-configured partial user fingerprint information to log in to the cloud desktop through the current terminal, and the public terminal allows all users to The fingerprint information is logged in to the cloud desktop through the current terminal.

Specifically, as an implementation manner, a configuration item may be added to the cloud desktop APP of the terminal, and the object that the current terminal authorizes to log in to the cloud desktop is configured as “owner” or “owner”, thereby configuring the current terminal to be a private terminal or a public terminal. , get the attribute information of the terminal.

If the current login fingerprint information fails to match the unlocked fingerprint information of the terminal, that is, the user currently logging in to the cloud terminal may not be the user of the terminal, at this time, it is determined whether the terminal is a private terminal.

The terminal determines the attribute information of the cloud desktop APP side, and authorizes whether the object that the terminal logs in to the cloud desktop is “I” or “Everyone”. If the current terminal only authorizes "owner" to log in to the cloud desktop through the terminal, it determines that the current terminal is a private terminal; if the current terminal authorizes "owner" to log in to the cloud desktop through the terminal, it determines that the current terminal is a shared terminal.

Thereby, the determination result is obtained.

As an implementation manner, if the terminal is not a private terminal, the process proceeds to step S64.

If the current terminal is not a private terminal, that is, the owner of the terminal allows other users to be at the terminal. After logging in to the cloud desktop, the terminal sends an authentication request to the cloud desktop server according to the login fingerprint information, the terminal information, and the login time of the current user.

If the current terminal is a private terminal, that is, the owner of the terminal does not allow other users to log in to the cloud desktop on the terminal, the terminal prompts the user that the user does not have permission to log in to the cloud desktop.

Referring to FIG. 22, an example is illustrated in which the current user logs in to the cloud desktop using the mobile terminal.

The user opens the cloud desktop APP in the mobile terminal, and selects to use the fingerprint to log in to the cloud desktop to enter the fingerprint login mode.

Then, the mobile terminal scans the fingerprint of the user to obtain login fingerprint information. Then, the mobile terminal determines whether the current device has entered the unlocking fingerprint information, that is, whether the current mobile terminal has the unlocking fingerprint for the unlocking of the mobile terminal and the like.

If the current mobile terminal does not enter the unlocking fingerprint information, the authentication request is generated according to the login fingerprint information, and the authentication request is encrypted and sent to the VMC; if the current mobile terminal has entered the unlocking fingerprint information, the currently entered login fingerprint information and the storage are matched. The unlocking fingerprint information determines whether the currently entered login fingerprint information is consistent with the stored unlocked fingerprint information.

If the currently entered login fingerprint information is consistent with the stored unlock fingerprint information, the authentication request is generated according to the login fingerprint information, and the authentication request is encrypted and sent to the VMC; if the currently entered login fingerprint information is inconsistent with the stored unlocked fingerprint information, Then, it is judged whether the current mobile terminal is set as a private terminal.

If the current mobile terminal is not a private terminal, the authentication request is generated according to the login fingerprint information, and the authentication request is encrypted and sent to the VMC; if the current mobile terminal is a private terminal, the user is prompted not to access the cloud desktop at the current terminal, and Send SMS, email, etc. to notify the owner of the current terminal device to log in.

After receiving the encrypted authentication request sent by the mobile terminal, the VMC decrypts, obtains an authentication request, and parses the login fingerprint information.

The VMC then matches the current fingerprint information according to each fingerprint information stored in the cloud database. If the current login fingerprint information is successfully matched, the current authentication request is authenticated; if the current login fingerprint information fails to match, the VMC returns a login alarm message to the mobile terminal, and the mobile terminal prompts the user to input the fingerprint again.

If all the login fingerprints entered by the current user three times fail, the VMC returns a login alarm message to the mobile terminal, and the mobile terminal prompts the user to log in using the account password.

In this embodiment, if the matching of the login fingerprint information and the unlocking fingerprint information fails, it is determined whether the terminal is a private terminal; if the current terminal is not a private terminal, the authentication request is sent to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal. . In this embodiment, by configuring the private attribute of the terminal, if the current terminal is a non-private terminal, multiple users can log in to the cloud desktop through the same terminal. In this embodiment, the private attribute information and the user fingerprint information of the terminal are combined to comprehensively manage the access security of the cloud desktop.

Further, referring to FIG. 12, the ninth embodiment of the cloud desktop access method of the present invention provides a cloud desktop access method, and based on the foregoing embodiment shown in FIG. 11, before the step S60, the method further includes:

Step S80: Acquire the entered fingerprint information, and send the entered fingerprint information and the terminal information of the terminal to the cloud desktop server, where the cloud desktop server configures the cloud database for authentication.

In this embodiment, after the user's account is authenticated or the login fingerprint information is authenticated, the user can enter new fingerprint information for fingerprint authentication.

Specifically, the current user logs in to the cloud desktop through the terminal for the first time login.

Referring to FIG. 23, the user opens the terminal, runs the cloud desktop APP deployed in the terminal, and then enters the username and password to log in.

If the verification fails, the terminal prompts the user that the current authentication fails. If the verification succeeds, the terminal prompts the user whether to enter the fingerprint information and log in using the fingerprint.

If the user does not need to enter the fingerprint information, the user enters the normal login process to obtain the cloud desktop and permission set configured by the cloud desktop server. If the user selects the fingerprint information, the fingerprint of the current user is entered, and the fingerprint feature code is extracted to obtain the fingerprint information.

Then, the terminal encrypts the fingerprint information and the terminal information of the current terminal and sends the fingerprint information to the cloud desktop server.

After receiving the encrypted information sent by the terminal, the cloud desktop server parses and obtains the current user fingerprint information and terminal information.

Then, the cloud desktop server stores the current fingerprint information as the fingerprint information bound by the current account user, and stores it in the cloud database. or,

The cloud desktop server stores the current fingerprint information as the fingerprint information bound by the current account user in the cloud database, and stores the terminal information of the current terminal, and uses the current terminal as the prepared Terminal equipment. or,

The cloud desktop server stores the current fingerprint information as the fingerprint information bound by the current account user, and stores the current terminal as the login terminal of the current fingerprint information, and uses the current terminal information as the terminal corresponding to the current fingerprint information. Information is stored.

Then, the cloud desktop server updates the cloud database to notify the terminal that the current fingerprint information has been successfully recorded.

As an implementation manner, the VMC may also pre-configure the abnormal reminding mode, and pre-configure the corresponding user mobile phone number, email address, and the like according to the user information, and notify the user by SMS, email, etc. when the user logs in abnormally. For example, the VMC records the user's access to the cloud desktop through account number and password authentication, including terminal information, time, duration, etc., and can be configured to send the cloud desktop access record to the user only when the abnormal login record occurs, to ensure that the user's fingerprint is stolen. When the user himself will be able to know at the first time.

It should be noted that the account information abnormal login includes the account password incorrect input, etc., and can be flexibly configured according to actual needs.

In this embodiment, the fingerprint information is obtained, and the fingerprint information and the terminal information of the terminal are sent to the cloud desktop server for the cloud desktop server to configure the cloud database for authentication. In this embodiment, the fingerprint information is used for the cloud desktop server to configure the cloud database, so that when the user logs in to the cloud desktop, the fingerprint authentication is obtained, the corresponding cloud desktop and each permission are acquired, and the fingerprint identification is integrated at all levels of the cloud desktop. Under management.

Referring to FIG. 13 , a first embodiment of the cloud desktop control device of the present invention provides a cloud desktop control device, where the cloud desktop control device includes:

The authentication module 10 is configured to obtain an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticate the authentication request according to the pre-configured cloud database.

Based on the security problems faced by the current desktop cloud system, the present invention combines the biometric identification technology with the cloud system security management and control process, and fully integrates the fingerprint identification technology into the management of the desktop cloud system. It can not only guarantee the security of the virtual desktop environment, but also provide users with more personalized customized services through fingerprint recognition, and provide a security management solution unique to the desktop cloud system to make up for the security of cloud desktop products in the rapid development process. Short board.

Specifically, as an implementation manner, the embodiment of the present invention is implemented by a cloud desktop control device. Security control of cloud desktops. The cloud desktop control device can be deployed in a cloud desktop server.

After the cloud desktop control device is deployed, the user fingerprint information is entered and the user attributes corresponding to the fingerprint information are configured for cloud desktop configuration and authority management.

In the cloud desktop fingerprint login mode, the terminal enters the login fingerprint of the current user to log in to the cloud desktop, and obtains the signature of the login fingerprint as the login fingerprint information. In the embodiment of the present invention, the terminal may be a PC end, a mobile terminal, or the like.

Then, the terminal generates an authentication request according to the login fingerprint information, the login time of the current user, and the like. The terminal encrypts the authentication request and sends it to the authentication module 10.

After receiving the encrypted authentication request sent by the terminal, the authentication module 10 decrypts and obtains an authentication request. The authentication module 10 obtains the login fingerprint information of the current user login to the cloud desktop according to the authentication request.

Then, the authentication module 10 matches the login fingerprint information with the fingerprint information in the pre-configured cloud database.

If the fingerprint feature code matching the fingerprint feature code of the current login fingerprint information is found in the cloud database, the authentication module 10 determines that the current login fingerprint information has the login authority.

If the current login fingerprint information has login authority, the authentication module 10 determines that the current authentication request passes the authentication.

The matching module 20 is configured to match the cloud desktop and the permission set according to the authentication request if the authentication request passes the authentication.

If the authentication request sent by the current terminal passes the authentication, the matching module 20 matches the cloud desktop and the permission set according to the authentication request.

Specifically, as an implementation manner, the matching module 20 acquires the current user attribute according to the login fingerprint information carried in the current authentication request, and matches the pre-configured cloud desktop according to the user attribute.

The cloud desktops matched by the matching module 20 may be one or more.

The matching module 20 matches the pre-configured permission set of the current login fingerprint information according to the user attribute of the current login fingerprint information. The permission set contains the permissions of the current user to access the cloud desktop, including the peripheral permission call permission, network permission, file operation authority, etc. For example, whether the account corresponding to the current login fingerprint information has the right to call the terminal camera, and whether the terminal is called. USB peripherals, permissions of OTG devices, etc.

Thus, the matching module 20 obtains the rights of the current login fingerprint, and obtains the permission set according to each permission configuration.

The control module 30 is configured to control access of the terminal to the cloud desktop according to the permission set.

After the configuration of the cloud desktop and the permission set is completed according to the authentication request, the management module 30 controls the terminal's access to the cloud desktop according to the permission set.

Specifically, as an implementation manner, the management module 30 notifies the terminal that the current authentication request passes the authentication, and the terminal sends a link request to the management module 30. The control module 30 responds to the link request of the terminal, configures the corresponding cloud desktop according to the link request, starts the cloud desktop virtual machine, and starts the cloud desktop. At the same time, the control module 30 returns a response message to the terminal.

After receiving the response message from the control module 30, the terminal connects to the cloud desktop virtual machine and accesses the cloud desktop. The user can perform various operations on the cloud desktop based on the terminal.

In the process of the user using the cloud desktop, the management module 30 controls the permissions of the user on the cloud desktop access process according to the permission set, and performs security control, for example, controlling the user's permission to invoke the camera when accessing the cloud desktop.

In this embodiment, in the cloud desktop fingerprint login mode, the authentication module 10 obtains the authentication request sent by the terminal, and authenticates the authentication request according to the pre-configured cloud database; if the authentication request passes the authentication, the matching is performed. The module 20 matches the cloud desktop and the permission set according to the authentication request; the management module 30 controls the terminal access to the cloud desktop according to the permission set. The present embodiment is directed to the security risks and management problems brought by the unique flexibility of the mobile terminal when accessing the cloud desktop to the personal data and the cloud desktop system, and the fingerprint identification technology and various virtualization core technologies are connected to realize the fingerprint identification by the user. The method is to access the cloud, match the fingerprint to determine whether the current user can access the cloud desktop, authorize the permission of the cloud desktop through the user fingerprint, and make the fingerprint become the unique credential for the user to access the desktop cloud system through the mobile terminal, thereby ensuring information security. The embodiment of the invention realizes the authentication of the fingerprint, configures the permissions of the cloud desktop according to the fingerprint information, and enhances the management of the security of the cloud desktop. Control and flexibility to enhance the user experience.

Further, referring to FIG. 14, the second embodiment of the cloud desktop management device of the present invention provides a cloud desktop management device. Based on the embodiment shown in FIG. 13, the authentication module 10 includes:

The first obtaining unit 11 is configured to acquire an authentication request sent by the terminal in a cloud desktop fingerprint login mode, where the authentication request carries login fingerprint information and terminal information of the terminal.

Then, the terminal generates an authentication request by using information such as the login fingerprint information, the terminal information of the current terminal, and the login time of the current user. The terminal information is unique identification information of the current terminal, and may be information that can uniquely identify the current terminal, such as hardware information. The terminal encrypts the authentication request and sends it to the first obtaining unit 11.

After receiving the encrypted authentication request sent by the terminal, the first obtaining unit 11 performs decryption, and obtains the login fingerprint information and the terminal information carried in the authentication request.

The authentication unit 12 is configured to authenticate the rights of the terminal and the login fingerprint according to the login fingerprint information, the terminal information of the terminal, and a pre-configured cloud database.

After obtaining the login fingerprint information and the terminal information of the terminal, the authentication unit 12 authenticates the authority of the terminal and the login fingerprint according to the pre-configured cloud database.

Thereby, the authentication unit 12 obtains the authentication result of the current terminal and the login fingerprint.

The determining unit 13 is configured to determine that the authentication request passes the authentication if the terminal and the login fingerprint pass the authentication.

After obtaining the authentication result of the current terminal and the login fingerprint, if the current terminal and the login fingerprint pass the authentication, the determining unit 13 determines that the current authentication request passes the authentication.

If the current terminal and the login fingerprint do not have access to the cloud desktop and fail to pass the authentication, the determination unit 13 determines that the current authentication request fails the authentication and does not have the login permission. At this time, the determination unit 13 returns a notification message of the login failure to the terminal. The terminal prompts the user to fail to log in and asks the user to input the fingerprint again.

In this embodiment, in the cloud desktop fingerprint login mode, the first obtaining unit 11 acquires an authentication request sent by the terminal, where the authentication request carries the login fingerprint information and the terminal information of the terminal; the authentication unit 12 according to the login fingerprint information, The terminal information of the terminal and the pre-configured cloud database authenticate the authority of the terminal and the login fingerprint; if the current terminal and the login fingerprint pass the authentication, the determining unit 13 determines that the authentication request passes the authentication. In the cloud desktop fingerprint login mode, the login terminal and the fingerprint are simultaneously authenticated, and the cloud desktop is allowed to be logged in only when the terminal and the login fingerprint pass the authentication at the same time, thereby improving the security of the cloud desktop control. .

Further, referring to FIG. 14, the third embodiment of the cloud desktop management device of the present invention provides a cloud desktop management device. Based on the second embodiment of the cloud desktop management device of the present invention shown in FIG. 14, the authentication unit 12 further Configured as,

After obtaining the authentication request, the authentication unit 12 determines, according to the terminal information in the authentication request, whether the current terminal has the access right.

Specifically, as an implementation manner, the authentication unit 12 is preconfigured with a terminal device that allows access to the cloud desktop, and the terminal identification information with the access authority is recorded in the cloud database. The terminal identification information recorded by the authentication unit 12 may be a terminal device type, device information of the terminal device, or the like.

As an example, the access security of the cloud desktop is ensured. For example, the authentication unit 12 pre-configures that the public PC does not allow access to the cloud desktop, and only allows the PC inside the enterprise to access the cloud desktop; or the authentication unit 12 pre-empts the mobile terminal that allows access to the cloud desktop. Recording, recording the terminal information of the mobile terminal, and not allowing the unregistered mobile terminal to access the cloud desktop. Of course, the authentication unit 12 can also be based on His security principle flexibly sets the access rights of the terminal.

In this embodiment, the authentication unit 12 only allows the recorded terminal device to access the cloud desktop, and records the terminal information with the access authority in the cloud database for example.

The authentication unit 12 searches the cloud database according to the terminal information of the current terminal, and determines whether the current terminal has access rights.

As an implementation manner, if the current terminal does not have the access right, the authentication unit 12 returns a notification message of the login failure to the terminal, notifying that the current terminal does not have the access right, and rejecting the login request of the current terminal. The terminal may notify the user that the current terminal does not have access rights according to the notification message.

Thereby, the authentication unit 12 obtains the access authority judgment result of the current terminal.

Then, the authentication unit 12 determines whether the current login fingerprint information has login authority according to the pre-configured cloud database.

In the pre-configured cloud database, pre-recorded fingerprint information with access rights is recorded. The authentication unit 12 matches the current login fingerprint information according to the fingerprint information entered in the cloud database, and searches for fingerprint information that matches the current login fingerprint information.

Thereby, the authentication unit 12 obtains a determination result of whether or not the current login fingerprint information has the login authority.

If the current terminal has the access right, and the current login fingerprint information has the login authority, the authentication unit 12 determines that the current authentication request passes the authentication and has the login authority.

In this embodiment, the authentication unit 12 determines whether the current terminal has the access authority according to the cloud database and the terminal information; the authentication unit 12 identifies whether the current login fingerprint information has the login authority according to the cloud database and the login fingerprint information; The access authority, and the login fingerprint information has login authority, the authentication unit 12 determines that the current authentication request passes the authentication. In this embodiment, by authenticating the terminal and the fingerprint information at the same time, only the fingerprint having the login permission is allowed to have access rights. The terminal accesses the cloud desktop and realizes the simultaneous control of the terminal device and the fingerprint, which greatly improves the security management and control capability and flexibility of the cloud desktop.

Further, referring to FIG. 14, the fourth embodiment of the cloud desktop control device of the present invention provides a cloud desktop control device. Based on the third embodiment of the cloud desktop control device of the present invention shown in FIG. 13, the determining unit 13 is further configured. for,

If the terminal and the login fingerprint information are authenticated, determining whether the terminal is a pre-configured login terminal corresponding to the login fingerprint information; if the terminal is a login terminal corresponding to the login fingerprint information, The authentication request is determined to pass the authentication.

Specifically, as an implementation manner, when the user first uses the cloud desktop account and logs in to the cloud desktop on the terminal. If the cloud desktop account is authenticated and is a legitimate user, the terminal prompts the user whether to enter the fingerprint information and log in using the fingerprint.

Then, the terminal encrypts the fingerprint information and the terminal information of the current terminal to the determination unit 13.

After receiving the fingerprint information and the terminal information, the determining unit 13 binds the current terminal as the current fingerprint information to the current fingerprint information, and binds the fingerprint information to the corresponding login terminal. set. It should be noted that one terminal can bind multiple different fingerprint information.

The determining unit 13 stores the terminal information bound by the current fingerprint information into the cloud database as a user attribute corresponding to the fingerprint information.

In the fingerprint registration mode, if the login fingerprint information passes the login authentication, the determining unit 13 acquires the user attribute of the login fingerprint information, and obtains the login terminal information corresponding to the current login fingerprint information.

Then, the determining unit 13 matches the login terminal information according to the terminal information of the current terminal, and determines whether the current terminal is the login terminal, that is, determines whether the current login fingerprint information has permission to log in to the cloud desktop using the current terminal.

Thereby, the determination unit 13 obtains the determination result.

If the current terminal is the login terminal corresponding to the current login fingerprint information, the determining unit 13 determines that the current fingerprint information can log in to the cloud desktop system through the current terminal, and determines that the current authentication request passes the authentication.

As an implementation manner, if the current terminal is not the login terminal corresponding to the current login fingerprint information, the determining unit 13 determines that the current authentication request authentication fails, and rejects the current login fingerprint information to log in to the cloud desktop through the current terminal.

The determining unit 13 may also pre-configure the abnormal reminding mode, and pre-configure the corresponding user mobile phone number, email address and other contact manners according to the login fingerprint information, and notify the user by SMS, email, etc. when the fingerprint information is abnormally registered. For example, the determining unit 13 records the record of the user accessing the cloud desktop through fingerprint authentication, including terminal information, time, duration, etc., and can be configured to send the access record of the cloud desktop to the user only when the abnormal login record occurs, to ensure that the user fingerprint is stolen. When the user himself will be able to know at the first time.

In this embodiment, if the current terminal and the login fingerprint information are authenticated, the determining unit 13 determines, according to the current terminal information, whether the current terminal is a pre-configured login terminal corresponding to the current login fingerprint information; if the current terminal is currently logged in, The authentication terminal corresponds to the login terminal, and the authentication unit 12 determines that the current authentication request passes the authentication and allows access to the cloud desktop. In this embodiment, the fingerprint information and the login terminal are bound, and after multiple authentication, the biometric identification information and the terminal information are combined, and the fingerprint and the terminal are matched, and the user's exclusive terminal configuration is realized, so that others can log in to the cloud through the user's personal exclusive terminal. The desktop enhances the security management and control of the cloud desktop and ensures information security.

Further, referring to FIG. 15, a fifth embodiment of the cloud desktop control device of the present invention provides a cloud desktop control device, which is based on any of the embodiments shown in FIG. 13 or FIG. 13 is an example), the matching module 20 includes:

The list unit 21 is configured to: if the authentication request passes the authentication, match the pre-configured cloud desktops according to the authentication request to obtain a cloud desktop list.

After the current authentication request is authenticated, the list unit 21 acquires the current user attribute according to the current authentication request, and matches each pre-configured cloud desktop according to the user attribute.

Then, the list unit 21 creates a cloud desktop list according to each cloud desktop obtained by the matching.

The target unit 22 is configured to return the cloud desktop list to the terminal, and obtain a target cloud desktop selected based on the cloud desktop list.

After obtaining the cloud desktop list, the target unit 22 returns the cloud desktop list to the terminal for the user to select.

Then, the target unit 22 acquires the cloud desktop selected by the user returned by the terminal, and uses the cloud desktop as the target cloud desktop.

As another embodiment, the list unit 21 may also return the attribute information of each cloud desktop to the terminal after obtaining the cloud desktops matched by the current user, and the terminal configures the cloud desktop list according to the attribute information of each cloud desktop. User selection. After obtaining the target cloud desktop selected by the user, the terminal returns the attribute information of the target cloud desktop to the target unit 22, whereby the target unit 22 acquires the target cloud desktop selected by the user.

The authority unit 23 is configured to configure the permission set according to the target cloud desktop, the login fingerprint information, and the terminal information of the terminal.

After obtaining the target cloud desktop, the rights unit 23 configures the permission set according to the target cloud desktop, the current login fingerprint information, and the terminal information.

As an implementation manner, the authority unit 23 pre-configures the rights corresponding to the fingerprint information, the rights of each cloud desktop, and the rights corresponding to each login terminal. Pre-configured permissions include peripheral call permissions, etc., which can be flexibly set as needed. Different fingerprint information, cloud desktops, and terminal permissions may be different.

After the authentication request is passed, the privilege unit 23 obtains the corresponding privilege, the privilege of the target cloud desktop and the privilege corresponding to the current terminal, and obtains the privilege of the current user, and configures the privilege set. For example, the current login fingerprint information and the target cloud desktop have a call to the terminal camera. Permission, and the current terminal does not have the right to call the terminal camera, the current user can not call the permission of the camera to join the permission set; the current login fingerprint information, the target cloud desktop and the current terminal have the right to call the USB peripheral, then the current user can The permission to call the USB peripheral is added to the permission set.

Thereby, the authority unit 23 obtains the permission set.

Correspondingly, the management module 30 is further configured to

Specifically, as an implementation manner, after acquiring the target cloud desktop selected by the user, the terminal sends a connection request to the management module 30 according to the target cloud desktop. The control module 30 starts the cloud desktop virtual machine according to the link request of the terminal, and starts the target cloud desktop for the terminal to access. or,

After obtaining the target cloud desktop and the permission set, the control module 30 starts the cloud desktop virtual machine according to the target desktop acquired by the matching module 20, and starts the target cloud desktop for the terminal to access.

During the process of the terminal accessing the target cloud desktop, the management module 30 controls the access rights of the terminal according to the permission set.

In this embodiment, if the authentication request is authenticated, the list unit 21 matches the pre-configured cloud desktops according to the authentication request to obtain a cloud desktop list; the target unit 22 returns the cloud desktop list to the terminal to obtain the cloud-based desktop. The target cloud desktop is selected by the list; the authority unit 23 configures the permission set according to the target cloud desktop, the login fingerprint information, and the terminal information of the terminal; then, the management module 30 controls the terminal to access the target cloud desktop according to the permission set. In this embodiment, the cloud desktop list is configured for the user to select, and the user provides more choices according to different application scenarios; according to the target cloud desktop selected by the user, the terminal currently accessing the cloud desktop, and the fingerprint of the currently logged in cloud desktop, the comprehensive configuration The collection of permissions realizes the comprehensive configuration of the permissions according to the current access to the cloud desktop, ensures the control of the terminal, the cloud desktop and the user's multi-party permissions, controls the access to the cloud desktop, and realizes the control of the cloud desktop security, and Greatly improved the control.

Further, referring to FIG. 15, a sixth embodiment of the cloud desktop control device of the present invention provides a cloud desktop control device. The fifth embodiment of the cloud desktop control device of the present invention shown in FIG. 15 is further configured. for,

After obtaining the target cloud desktop and the permission set, the management module 30 returns the permission set to the current terminal.

Therefore, when a large number of terminal users access the cloud desktop system at the same time, the rights control of each terminal is performed, the authority of the management and control module 30 is reduced, and the access speed and the operation efficiency of the control module 30 are improved.

Further, after obtaining the target cloud desktop and the permission set, the management module 30 can also match the corresponding data disk information and the virtualization application according to the login fingerprint information of the current user, and return the data disk information and the virtualization application to the terminal.

Specifically, the matching module 20 acquires the data disk information and the VAPP of the current user according to the current login fingerprint information.

The data disk information may be VOI data disk information, and records various data of the current user, such as office files, etc.; the virtualization application is a personalized application software configured for the current user, for example, the application software of the financial personnel may be configured. For financial applications, the HR staff application software is configured as a recruiting software.

After obtaining the target cloud desktop, the permission set, the data disk information, and the virtualization application, the management module 30 sends the permission set, the data disk information, and the virtualization application to the sending terminal side.

The terminal sends a cloud desktop link request to the management module 30 according to the target cloud desktop. After receiving the cloud desktop link request, the control module 30 starts the cloud desktop virtual machine and feeds back a response message to the terminal.

After receiving the response message from the management module 30, the terminal connects to the cloud desktop virtual machine to access the cloud desktop, and limits the operation requirements of the current user or the terminal according to the permission set.

In this embodiment, the management module 30 returns the permission set to the terminal for the terminal according to the permission set. Access to the target cloud desktop. In this embodiment, by returning the permission set to the terminal, the terminal performs the permission control, which reduces the burden on the cloud desktop server and improves the efficiency of the cloud desktop.

Further, referring to FIG. 16, a seventh embodiment of the cloud desktop control device of the present invention provides a cloud desktop control device, which is based on the embodiment shown in any of the foregoing FIG. 13, FIG. 14, FIG. 15, or FIG. As shown in FIG. 13 , the cloud desktop control device further includes:

The calling module 40 is configured to acquire a hardware invocation request of the cloud desktop to the terminal; and according to the hardware invocation request, redirect the terminal hardware to the cloud desktop, and invoke the terminal hardware.

The calling module 40 obtains a hardware call request according to the requirements of the cloud desktop client.

The calling module 40 redirects the hardware corresponding to the terminal to the peripheral hardware list of the cloud desktop according to the hardware invocation request of the cloud desktop virtual machine, so that the terminal hardware points to the cloud desktop, and then calls the terminal hardware.

For example, if the application software of the cloud desktop needs to input the user fingerprint, the cloud desktop agent redirects the fingerprint identifier of the terminal to the cloud desktop peripheral list, and the fingerprint identification device is attached to the cloud desktop virtual machine.

Then, the cloud desktop application software invokes the fingerprint identification device, and the user can directly scan the fingerprint of the terminal through the fingerprint identifier of the terminal, and send the fingerprint information to the current cloud desktop application software.

In this embodiment, after the calling module 40 obtains the hardware invocation request of the cloud desktop to the terminal, the calling module 40 redirects the terminal hardware to the cloud desktop according to the hardware invocation request, and invokes the terminal hardware. After the user connects the cloud desktop through the terminal, the embodiment redirects the hardware of the mobile terminal to the cloud desktop, realizes the call of the internal running program of the cloud desktop to the terminal hardware, and supports the fingerprint identification and authentication function of the internal program of the cloud desktop, thereby It can strengthen the authority management of running programs inside the cloud desktop, etc. The security of the cloud desktop operation improves the user experience.

In an actual application, the authentication module 10, the control module 30, the target unit 22, and the calling module 40 may be implemented by a processor in a cloud desktop control device in combination with a communication interface; the matching module 20, the authentication unit 12, and the determining unit 13 The list unit 21 and the rights unit 23 can be implemented by a processor in the cloud desktop control device; the first obtaining unit 11 can be implemented by a communication interface in the cloud desktop control device.

Referring to FIG. 17, a first embodiment of the cloud desktop access device of the present invention provides a cloud desktop access device, where the cloud desktop access device includes:

The requesting module 60 is configured to send an authentication request to the cloud desktop server according to the input login fingerprint information in the cloud desktop fingerprint login mode.

When the user accesses the cloud desktop through the terminal, the embodiment of the present invention performs authentication according to the fingerprint of the user. This embodiment is exemplified by a mobile terminal. The cloud desktop access device is deployed in the mobile terminal.

Specifically, as an implementation manner, in the cloud desktop fingerprint login mode, the requesting module 60 prompts the user to input a fingerprint for cloud desktop login.

Then, the requesting module 60 acquires the fingerprint input by the user, and extracts the fingerprint feature code to obtain the current login fingerprint information.

Then, the requesting module 60 generates an authentication request according to the login fingerprint information, the login time of the current user, and the like. After the authentication request is encrypted, it is sent to the VMC in the cloud desktop server.

The accessing module 70 is configured to access the cloud desktop under the authority of the cloud desktop server if the authentication request passes the authentication.

If the current authentication request passes the authentication, the access module 70 sends a link request to the cloud desktop server.

The cloud desktop server responds to the terminal's link request, starts the cloud desktop virtual machine according to the link request, and starts the cloud desktop. A response message is then returned to the access module 70.

After receiving the response message, the access module 70 connects to the cloud desktop to perform access and operation. In the process of accessing the cloud desktop by the access module 70, if the operation of the permission restriction is involved, for example, calling the USB interface of the terminal, the cloud desktop server determines the authority of the current user according to the permission set matched with the current authentication request, and according to the determination The result controls the usage rights of the access module 70.

In this embodiment, in the cloud desktop fingerprint login mode, the request module 60 is based on the input The fingerprint information is recorded, and the authentication request is sent to the cloud desktop server; if the authentication request is authenticated, the access module 70 accesses the cloud desktop under the authority of the cloud desktop server. In this embodiment, the fingerprint information is authenticated by the terminal, so that when the user accesses the cloud desktop through the terminal, fingerprint authentication is performed, thereby ensuring information security.

Further, referring to FIG. 18, the second embodiment of the cloud desktop access device provides a cloud desktop access device. Based on the embodiment shown in FIG. 17, the access module 70 includes:

The second obtaining unit 71 is configured to acquire the returned cloud desktop list of the cloud desktop server if the authentication request is authenticated.

In this embodiment, if the authentication request is authenticated, the second obtaining unit 71 obtains the cloud desktop list returned by the cloud desktop server, and the cloud desktop list includes the pre-configured clouds that the cloud desktop server matches according to the current login fingerprint information. Desktop for users to choose based on usage scenarios.

The selecting unit 72 is configured to obtain a target cloud desktop selected based on the cloud desktop list, and return the target cloud desktop to the cloud desktop server.

After obtaining the cloud desktop list, the selecting unit 72 feeds back the cloud desktop list to the user, obtains the target cloud desktop selected by the user based on the cloud desktop list, and returns the target cloud desktop to the cloud desktop server.

The access unit 73 is configured to acquire a permission set returned by the cloud desktop server, and access the target cloud desktop according to the permission set.

After the user selects the target cloud desktop through the terminal, the access unit 73 sends a link request to the cloud desktop server according to the target cloud desktop. The cloud desktop server responds to the link request of the access unit 73, starts the cloud desktop virtual machine according to the link request, and returns the corresponding cloud desktop to the access unit 73. At the same time, the cloud desktop server returns the configured permission set to the access unit 73. The permission set of the cloud desktop configuration includes the permissions of the configured current login fingerprint.

Then, the user can access the cloud desktop through the access unit 73, use the software client, the network, and the like in the cloud desktop. In the process of the user accessing the cloud desktop through the access unit 73, the access unit 73 performs only the privileged operation according to the permission set, and disables the unauthorized operation. Thereby, the uniqueness of the user right matching is ensured according to the fingerprint information, and the high authority is prevented from being misplaced due to the account information error or the like.

In this embodiment, if the authentication request is authenticated, the second obtaining unit 71 obtains the cloud desktop service. The returned cloud desktop list of the server; the selecting unit 72 obtains the target cloud desktop selected based on the cloud desktop list, and returns the target cloud desktop to the cloud desktop server; the access unit 73 obtains the permission set returned by the cloud desktop server, and accesses the target according to the permission set Cloud desktop. The embodiment of the invention realizes that the user selects the required target cloud desktop according to the cloud desktop list, and increases the user's selectivity; the cloud desktop server returns the permission set to the terminal, and when the cloud desktop is accessed, the terminal performs the rights management and mitigates The burden of the cloud desktop server enhances the control and flexibility of cloud desktop security and enhances the user experience.

Further, referring to FIG. 19, a third embodiment of the cloud desktop access device of the present invention provides a cloud desktop access device. The request is based on the embodiment shown in FIG. 17 or 18 (the embodiment is illustrated in FIG. 17). Module 60 includes:

The third obtaining unit 61 is configured to obtain the input login fingerprint information in the cloud desktop fingerprint login mode.

As an implementation manner, in the cloud desktop fingerprint login mode, the third obtaining unit 61 acquires the fingerprint input by the user through the fingerprint identifier.

Then, the third obtaining unit 61 extracts the feature code of the fingerprint, and uses the obtained fingerprint feature code as the login fingerprint information of the current user.

The determining unit 62 is configured to determine whether the unlocking fingerprint information has been entered in the currently logged-in terminal.

Due to the privacy of the terminal, after obtaining the login fingerprint information, the determining unit 62 determines whether the current terminal has entered the unlocking fingerprint information for unlocking the current terminal.

The matching unit 63 is configured to match the unlock fingerprint information and the login fingerprint information if the terminal has entered the unlock fingerprint information.

If the current terminal has entered the unlocking fingerprint information of the terminal, that is, the current terminal may be a private terminal, the matching unit 63 matches the unlocking fingerprint information that has been entered by the current terminal with the login fingerprint information of the current user.

The requesting unit 64 is configured to send an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal, if the login fingerprint information and the unlocking fingerprint information are successfully matched.

If the unlocking fingerprint information of the current terminal is successfully matched with the login fingerprint information of the current user, the requesting unit 64 determines that the user currently logging in to the cloud desktop is the owner of the current terminal, and the terminal according to the terminal The authentication request is generated by the information such as the login fingerprint information, the terminal information of the current terminal, and the login time of the current user. After the authentication request is encrypted, it is sent to the VMC in the cloud desktop server for authentication. It should be noted that the terminal information of the current terminal is the unique identification information of the current terminal.

In this embodiment, in the cloud desktop fingerprint login mode, the third obtaining unit 61 acquires the input login fingerprint information; then, the determining unit 62 determines whether the current terminal has entered the unlocked fingerprint information; if the current terminal has entered the unlocked fingerprint information, Then, the matching unit 63 matches the unlocking fingerprint information and the login fingerprint information; if the login fingerprint information matches the unlocking fingerprint information, the requesting unit 64 sends the authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal. In this embodiment, it is determined whether the user currently logging in to the cloud desktop is the current terminal owner by determining whether the current terminal has the unlocked fingerprint information, thereby ensuring the security of the personal terminal logging in to the cloud desktop.

Further, referring to FIG. 19, a fourth embodiment of the cloud desktop access device of the present invention provides a cloud desktop access device. The request module 60 is further configured based on the third embodiment of the cloud desktop access device of the present invention shown in FIG. for,

If the matching of the login fingerprint information and the unlocking fingerprint information fails, determining whether the terminal is a private terminal according to the attribute information pre-configured by the terminal; if the terminal is not a private terminal, according to the login fingerprint information and The terminal information of the terminal sends an authentication request to the cloud desktop server.

Specifically, as an implementation manner, the attribute information of the terminal may be pre-configured, and the object that the current terminal authorizes to log in to the cloud desktop is configured as “owner” or “owner”, so that the current terminal is configured as a private terminal or a public terminal.

If the current login fingerprint information fails to match the unlocking fingerprint information of the terminal, that is, the user currently logging in to the cloud terminal may not be the user of the terminal, at this time, the requesting module 60 determines whether the terminal is a private terminal.

The requesting module 60 determines, according to the attribute information of the current terminal, whether the object currently authorizing the terminal to log in to the cloud desktop is “I” or “Everyone”. If the current terminal only authorizes "I" through the terminal The requesting module 60 determines that the current terminal is a private terminal. If the current terminal authorizes the “owner” to log in to the cloud desktop through the terminal, the requesting module 60 determines that the current terminal is a shared terminal.

Thus, the request module 60 obtains the determination result.

If the current terminal is not a private terminal, that is, the owner of the terminal allows other users to log in to the cloud desktop on the terminal, the requesting module 60 sends an authentication request to the cloud desktop server according to the login fingerprint information, the terminal information, and the login time of the current user. .

If the current terminal is a private terminal, that is, the owner of the terminal does not allow other users to log in to the cloud desktop on the terminal, the requesting module 60 prompts the user that the user does not have permission to log in to the cloud desktop at the current terminal.

In this embodiment, if the matching of the login fingerprint information and the unlocking fingerprint information fails, the requesting module 60 determines whether the terminal is a private terminal; if the current terminal is not a private terminal, the requesting module 60 uses the login fingerprint information and the terminal information of the terminal to the cloud. The desktop server sends an authentication request. In this embodiment, by configuring the private attribute of the terminal, if the current terminal is a non-private terminal, multiple users can log in to the cloud desktop through the same terminal. In this embodiment, the private attribute information and the user fingerprint information of the terminal are combined to comprehensively manage the access security of the cloud desktop.

Further, referring to FIG. 20, a fifth embodiment of the cloud desktop access device of the present invention provides a cloud desktop access device, which is based on the fourth embodiment of the cloud desktop access device of the present invention shown in FIG. include:

The entry module 80 is configured to obtain the entered fingerprint information, and send the entered fingerprint information and the terminal information of the terminal to the cloud desktop server, where the cloud desktop server configures the cloud database for authentication.

Referring to Fig. 23, the user opens the terminal and enters the user name and password through the entry module 80 to log in.

If the verification fails, the entry module 80 prompts the user to fail the current authentication; if the verification passes, the entry module 80 prompts the user whether to enter the fingerprint information and log in using the fingerprint.

If the user chooses not to enter the fingerprint information, the user enters the normal login process to obtain the cloud desktop and permission set configured by the cloud desktop server; if the user chooses to input the fingerprint information, the input module is entered. 80 Enter the fingerprint of the current user, extract the fingerprint feature code, and obtain the fingerprint information.

Then, the entry module 80 encrypts the fingerprint information and the terminal information of the current terminal and sends the fingerprint information to the cloud desktop server.

The cloud desktop server stores the current fingerprint information as the fingerprint information bound by the current account user in the cloud database, and stores the terminal information of the current terminal, and uses the current terminal as the recorded terminal device. or,

Then, the cloud desktop server updates the cloud database, and notifies the input module 80 that the current fingerprint information has been successfully recorded.

In this embodiment, the entered fingerprint information is obtained by the entry module 80, and the fingerprint information and the terminal information of the terminal are sent to the cloud desktop server for the cloud desktop server to configure the cloud database for authentication. In this embodiment, the fingerprint information is used for the cloud desktop server to configure the cloud database, so that when the user logs in to the cloud desktop, the fingerprint authentication is obtained, the corresponding cloud desktop and each permission are acquired, and the fingerprint identification is integrated at all levels of the cloud desktop. Under management.

In actual application, the request module 60, the access module 70, the second obtaining unit 71, the selecting unit 72, the access unit 73, and the entry module 80 may be combined by a processor in the cloud desktop access device. The communication interface is implemented; the third obtaining unit 61, the determining unit 62, and the matching unit 63 can be implemented by a processor in the cloud desktop access device; the request unit 64 can be implemented by a communication interface in the cloud desktop access device.

Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.

The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Based on this, an embodiment of the present invention further provides a computer storage medium, where the computer storage medium includes a set of instructions, when executed, causing at least one processor to execute the cloud desktop management method, or perform the foregoing Cloud desktop access method.

The above is only an alternative embodiment of the present invention, and thus does not limit the scope of the invention, and the equivalent structure or equivalent process transformation made by using the specification and the drawings of the present invention, or directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.

Industrial applicability

The solution provided by the embodiment of the present invention obtains an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticates the authentication request according to the pre-configured cloud database; if the authentication request passes the authentication, the authentication is performed according to the authentication The request matches the cloud desktop and the permission set; and the terminal controls the access of the terminal to the cloud desktop according to the permission set. In the embodiment of the present invention, the fingerprint identification technology and various virtualization core technologies are connected to each other, so that the user accesses the cloud in the manner of fingerprint identification, and the fingerprint is matched to determine whether the current user can access the cloud desktop, and the user's fingerprint is authorized to authorize the cloud desktop. The fingerprint becomes the unique credential for the user to access the desktop cloud system through the mobile terminal, thereby ensuring information security. The embodiment of the invention realizes the identification of the fingerprint, configures the permissions of the cloud desktop according to the fingerprint information, enhances the control and flexibility of the security of the cloud desktop, and improves the user experience.

Claims

A cloud desktop management method includes the following steps:

Acquiring an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticating the authentication request according to the pre-configured cloud database;

If the authentication request passes the authentication, matching the cloud desktop and the permission set according to the authentication request;

Controlling access by the terminal to the cloud desktop according to the permission set.
The cloud desktop management method according to claim 1, wherein in the cloud desktop fingerprint login mode, the obtaining an authentication request sent by the terminal, and authenticating the authentication request according to the pre-configured cloud database comprises:

Obtaining an authentication request sent by the terminal in a cloud desktop fingerprint login mode, where the authentication request carries login fingerprint information and terminal information of the terminal;

Authorizing the terminal and the login fingerprint according to the login fingerprint information, the terminal information of the terminal, and a pre-configured cloud database;

If the terminal and the login fingerprint pass the authentication, it is determined that the authentication request passes the authentication.
The cloud desktop management method according to claim 2, wherein the step of authenticating the rights of the terminal and the login fingerprint according to the login fingerprint information, the terminal information of the terminal, and the cloud database comprises:

Determining, according to the cloud database and the terminal information, whether the terminal has access rights;

Determining, according to the cloud database and the login fingerprint information, whether the login fingerprint information has login authority;

If the terminal has access rights, and the login fingerprint information has login authority, it is determined that the terminal and the login fingerprint pass authentication.
The cloud desktop management method according to claim 3, wherein if the terminal and the login fingerprint pass the authentication, the step of determining that the authentication request passes the authentication comprises:

If the terminal and the login fingerprint information pass the authentication, determine whether the terminal is a pre-configured login terminal corresponding to the login fingerprint information;

And if the terminal is the login terminal corresponding to the login fingerprint information, determining that the authentication request passes the authentication.
The cloud desktop management method according to any one of claims 1 to 4, wherein, if the authentication request is authenticated, the step of matching the cloud desktop and the permission set according to the authentication request comprises:

If the authentication request is authenticated, matching the pre-configured cloud desktops according to the authentication request to obtain a cloud desktop list;

Returning the cloud desktop list to the terminal, and acquiring a target cloud desktop selected based on the cloud desktop list;

And configuring a permission set according to the target cloud desktop, the login fingerprint information, and terminal information of the terminal;

The step of controlling the access of the terminal to the cloud desktop according to the permission set includes:

Controlling access by the terminal to the target cloud desktop according to the permission set.
The cloud desktop management method according to claim 5, wherein the step of controlling the access of the terminal to the target cloud desktop according to the permission set comprises:

Returning the permission set to the terminal, and the terminal accesses the target cloud desktop according to the permission set.
The cloud desktop management method according to any one of claims 1 to 4, further comprising: after the step of controlling the access of the terminal to the cloud desktop according to the permission set, further comprising:

Obtaining a hardware invocation request of the cloud desktop to the terminal;

Redirecting the terminal hardware to the cloud desktop according to the hardware call request, and calling the terminal hardware.
A cloud desktop access method includes the following steps:

In the cloud desktop fingerprint login mode, the terminal sends the cloud fingerprint to the cloud desktop according to the input login fingerprint information. The server sends an authentication request;

If the authentication request passes the authentication, the cloud desktop is accessed under the authority of the cloud desktop server.
The cloud desktop access method of claim 8, wherein if the authentication request is authenticated, the step of accessing the cloud desktop under the permission of the cloud desktop server comprises:

If the authentication request is authenticated, obtaining a returned cloud desktop list of the cloud desktop server;

Obtaining a target cloud desktop selected based on the cloud desktop list, and returning the target cloud desktop to the cloud desktop server;

Obtaining a permission set returned by the cloud desktop server, and accessing the target cloud desktop according to the permission set.
The cloud desktop access method according to claim 8 or 9, wherein in the cloud desktop fingerprint login mode, the step of the terminal sending an authentication request to the cloud desktop server according to the input login fingerprint information comprises:

In the cloud desktop fingerprint login mode, the terminal obtains the input login fingerprint information;

Determining whether the terminal has entered the unlock fingerprint information;

If the terminal has entered the unlock fingerprint information, matching the unlock fingerprint information and the login fingerprint information;

If the login fingerprint information is successfully matched with the unlocked fingerprint information, the authentication request is sent to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.
The cloud desktop access method of claim 10, wherein the step of matching the unlocking fingerprint information and the login fingerprint information if the terminal has entered the unlocking fingerprint information further comprises:

If the matching of the login fingerprint information and the unlocking fingerprint information fails, determining whether the terminal is a private terminal according to the attribute information pre-configured by the terminal;

If the terminal is not a private terminal, the process proceeds to: performing an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.
The cloud desktop access method of claim 11, wherein before the step of sending an authentication request to the cloud desktop server according to the input login fingerprint information, the method further includes:

Obtaining the entered fingerprint information, and sending the entered fingerprint information and the terminal information of the terminal to the cloud desktop server, where the cloud desktop server configures the cloud database for authentication.
A cloud desktop management device includes:

The authentication module is configured to obtain an authentication request sent by the terminal in the cloud desktop fingerprint login mode, and authenticate the authentication request according to the pre-configured cloud database;

a matching module, configured to: if the authentication request passes the authentication, match the cloud desktop and the permission set according to the authentication request;

The control module is configured to control access of the terminal to the cloud desktop according to the permission set.
The cloud desktop management device of claim 13, wherein the authentication module comprises:

The first obtaining unit is configured to acquire, in the cloud desktop fingerprint login mode, an authentication request sent by the terminal, where the authentication request carries the login fingerprint information and the terminal information of the terminal;

The authentication unit is configured to authenticate the rights of the terminal and the login fingerprint according to the login fingerprint information, terminal information of the terminal, and a pre-configured cloud database;

The determining unit is configured to determine that the authentication request passes the authentication if the terminal and the login fingerprint pass the authentication.
The cloud desktop management device of claim 14, wherein the authentication unit is further configured to determine, according to the cloud database and the terminal information, whether the terminal has access rights;

Determining, according to the cloud database and the login fingerprint information, whether the login fingerprint information has login authority;

If the terminal has access rights, and the login fingerprint information has login authority, it is determined that the terminal and the login fingerprint pass authentication.
The cloud desktop management device according to claim 15, wherein the determining unit is further configured to:

If the terminal and the login fingerprint information are authenticated, determining whether the terminal is a pre-configured login terminal corresponding to the login fingerprint information;

And if the terminal is the login terminal corresponding to the login fingerprint information, determining that the authentication request passes the authentication.
The cloud desktop management device according to any one of claims 13 to 16, wherein the matching module comprises:

a list unit, configured to: if the authentication request passes the authentication, match the pre-configured cloud desktops according to the authentication request to obtain a cloud desktop list;

a target unit, configured to return the cloud desktop list to the terminal, and obtain a target cloud desktop selected based on the cloud desktop list;

a permission unit, configured to configure a permission set according to the target cloud desktop, the login fingerprint information, and terminal information of the terminal;

The control module is further configured to

Controlling access by the terminal to the target cloud desktop according to the permission set.
The cloud desktop management device according to claim 17, wherein the management module is further configured to:

Returning the permission set to the terminal, and the terminal accesses the target cloud desktop according to the permission set.
The cloud desktop control device according to any one of claims 13 to 16, wherein the cloud desktop control device further comprises:

The calling module is configured to acquire a hardware invocation request of the cloud desktop to the terminal; and according to the hardware invocation request, redirect the terminal hardware to the cloud desktop, and invoke the terminal hardware.
A cloud desktop access device, the cloud desktop access device includes:

The requesting module is configured to send an authentication request to the cloud desktop server according to the input login fingerprint information in the cloud desktop fingerprint login mode;

The access module is configured to access the cloud desktop under the authority of the cloud desktop server if the authentication request passes the authentication.
The cloud desktop access device of claim 20, wherein the access module comprises:

a second acquiring unit, configured to acquire a returned cloud desktop list of the cloud desktop server if the authentication request is authenticated;

a selecting unit, configured to obtain a target cloud desktop selected based on the cloud desktop list, and return the target cloud desktop to the cloud desktop server;

The access unit is configured to obtain a permission set returned by the cloud desktop server, and access the target cloud desktop according to the permission set.
The cloud desktop access device of claim 20 or 21, wherein the request module comprises:

The third obtaining unit is configured to obtain the input login fingerprint information in the cloud desktop fingerprint login mode;

The determining unit is configured to determine whether the currently logged in terminal has entered the unlocking fingerprint information;

a matching unit, configured to match the unlocking fingerprint information and the login fingerprint information if the terminal has entered the unlocking fingerprint information;

And the requesting unit is configured to send an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal, if the login fingerprint information matches the unlock fingerprint information.
The cloud desktop access device of claim 22, wherein the requesting module is further configured to

If the matching of the login fingerprint information and the unlocking fingerprint information fails, determining whether the terminal is a private terminal according to the attribute information pre-configured by the terminal;

And if the terminal is not a private terminal, sending an authentication request to the cloud desktop server according to the login fingerprint information and the terminal information of the terminal.
The cloud desktop access device of claim 23, wherein the cloud desktop access device further comprises:

The input module is configured to obtain the entered fingerprint information, and send the entered fingerprint information and the terminal information of the terminal to the cloud desktop server, where the cloud desktop server configures the cloud database for authentication.
A computer storage medium comprising a set of instructions that, when executed, cause at least one processor to perform the cloud desktop management method of any one of claims 1 to 7, or perform the right The cloud desktop access method of any one of 8 to 12 is required.