+

WO2017186005A1 - Method, server, and terminal for cloud desktop authentication - Google Patents

Method, server, and terminal for cloud desktop authentication Download PDF

Info

Publication number
WO2017186005A1
WO2017186005A1 PCT/CN2017/080697 CN2017080697W WO2017186005A1 WO 2017186005 A1 WO2017186005 A1 WO 2017186005A1 CN 2017080697 W CN2017080697 W CN 2017080697W WO 2017186005 A1 WO2017186005 A1 WO 2017186005A1
Authority
WO
WIPO (PCT)
Prior art keywords
login
information
user
terminal
authentication server
Prior art date
Application number
PCT/CN2017/080697
Other languages
French (fr)
Chinese (zh)
Inventor
仝森太
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017186005A1 publication Critical patent/WO2017186005A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9554Retrieval from the web using information identifiers, e.g. uniform resource locators [URL] by using bar codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the present application relates to, but is not limited to, the field of communications, for example, to a method, server and terminal for cloud desktop authentication.
  • cloud desktop technology Due to the significant reduction in maintenance costs and ease of management, cloud desktop technology has been widely used in many fields.
  • the login system of the cloud desktop can be simply described as the combination mode of the terminal and the host. The full desktop is then pushed to the terminal for display by the display protocol.
  • Cloud desktop technology relies on Internet technology to provide users with a wealth of applications in the Internet field.
  • the technology of cloud desktop has a strong advantage, the current cloud desktop login mainly adopts password interactive login mode, and its security will naturally attract great attention.
  • cloud desktops are mainly based on thin terminal login. Although they can log in to their desktops remotely, they are not really mobile.
  • the related art provides a cloud terminal identity authentication method, which generates a first ciphertext by using a preset cryptographic algorithm based on a user's account and password, and generates a two-dimensional corresponding to the first ciphertext by using a two-dimensional code tool.
  • the code image which is fixed and has a security risk.
  • the related technology also provides a virtual desktop cloud connection method based on out-of-band authentication.
  • the solution needs to log in a virtual desktop to generate a two-dimensional code, and then switch to out-of-band operation, and the two-dimensional code is based on user information and device information. And permission generation, is fixed, there is a security risk.
  • the embodiments of the present disclosure provide a method, a server, and a terminal for cloud desktop authentication to improve the security of cloud desktop login authentication.
  • the embodiment of the present disclosure provides a method for cloud desktop authentication, including:
  • the authentication server verifies the user information in response to the user login request
  • the virtual desktop connection parameter information is obtained from the login server.
  • the verifying, by the authentication server, the user information in response to the user login request includes: after the authentication server receives the user login request message sent by the terminal, verifying the user information;
  • the method further includes: sending a login page of the two-dimensional code to the terminal.
  • the verifying the user information includes:
  • the user login request message carries the user login information.
  • the user login information includes user login time information and/or user login location information.
  • An authentication server that includes:
  • a verification module configured to verify user information in response to a user login request
  • An obtaining module configured to obtain a virtual desktop connection parameter from the login server after the verification module passes the verification
  • the generating module is configured to generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter.
  • the verification module is configured to: after receiving the user login request message sent by the terminal, verify the user information;
  • the generating module is further configured to send a login page of the two-dimensional code to the terminal.
  • the authentication server of this embodiment further includes a storage module.
  • the verification module when verifying the user information, includes: when the user is a registered user, returning a first token having a validity period to the terminal, and sending the first token to the login server; Determining whether the second token is valid by using the user login information and the second token sent by the terminal;
  • the storage module is configured to store the user login information when the verification module verifies that the second token is valid, and the user login information includes user login time information and/or user login location information.
  • a method for cloud desktop authentication including:
  • the terminal initiates a user login request to the authentication server according to the login cloud desktop application.
  • the terminal acquires a login page of the two-dimensional code of the authentication server.
  • the terminal initiating a user login request to the authentication server according to the login cloud desktop application includes: after the terminal starts to log in to the cloud desktop application, sending, by the terminal, a user login request message to the authentication server;
  • the obtaining, by the terminal, the login page of the two-dimensional code of the authentication server includes: the terminal receiving a login page of the two-dimensional code sent by the authentication server.
  • the user login request message carries pre-stored registered user information.
  • the user login request message carries user login information.
  • the method further includes:
  • the authentication server Receiving, by the terminal, the authentication server to send a verification message, if the verification is successful, acquiring a first token with a validity period carried in the verification message;
  • the user login information is encrypted by using the first token, and the encrypted user login information and the second token are sent to the authentication server.
  • the terminal after receiving the login page of the two-dimensional code sent by the authentication server, the terminal further includes:
  • the terminal After receiving the parsing instruction, the terminal parses time information and/or location information in the two-dimensional code;
  • the login cloud desktop request message is sent to the login server.
  • a terminal comprising:
  • the startup module is configured to initiate a user login request to the authentication server according to the login cloud desktop application
  • the receiving module is configured to acquire a login page of the two-dimensional code of the authentication server.
  • the startup module is configured to send a user login request message to the authentication server after the login to the cloud desktop application is started;
  • the receiving module is configured to receive a login page of the two-dimensional code sent by the authentication server.
  • the startup module carries the user login request message sent to the authentication server. Pre-stored registered user information.
  • an encryption module is further included,
  • the receiving module is further configured to receive the verification message sent by the authentication server, and if the verification is successful, obtain the first token with the validity period carried in the verification message;
  • the encryption module is configured to encrypt the user login information by using the first token, and send the encrypted user login information and the second token to the authentication server.
  • it also includes:
  • the parsing module is configured to parse the time information and/or the location information in the two-dimensional code after receiving the parsing instruction;
  • the sending module is configured to send a login cloud desktop request message to the login server when the parsed time information and/or location information meets the specified condition.
  • a method for cloud desktop authentication including:
  • the login server receives the virtual desktop connection parameter request message of the authentication server
  • the virtual desktop connection parameter information is sent to the authentication server.
  • the method further includes:
  • the login server compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and sends the virtual desktop connection parameter information to the authentication server.
  • the method further includes:
  • the login server After receiving the login cloud desktop request message of the terminal, the login server pushes the virtual desktop to the terminal.
  • a login server that includes:
  • a receiving module configured to receive a virtual desktop connection parameter request message of the authentication server
  • the sending module is configured to send the virtual desktop connection parameter information to the authentication server.
  • it also includes:
  • the comparison module compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and if the same, triggers the sending module to send the virtual desktop connection parameter information to the authentication server. .
  • it also includes:
  • the push module is configured to: after receiving the login cloud desktop request message of the terminal, push the virtual desktop to the terminal.
  • a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the above method.
  • An electronic device comprising:
  • At least one processor At least one processor
  • the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method described above.
  • the embodiments of the present disclosure provide a cloud desktop authentication method, a server, and a terminal, which can improve the security performance of the cloud terminal identity authentication, and greatly reduce the risk of user information leakage.
  • FIG. 1 is a flowchart of a method for authenticating a cloud desktop authentication on a server side according to an embodiment of the present disclosure
  • FIG. 2 is a flowchart of a method for cloud desktop authentication on a terminal side according to an embodiment of the present disclosure
  • FIG. 3 is a flowchart of a method for logging in to a cloud desktop authentication on a server side according to an embodiment of the present disclosure
  • FIG. 5 is a flowchart of an intranet login according to an embodiment of the present disclosure.
  • FIG. 6 is a flowchart of an external network login according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram of an authentication server according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic diagram of a terminal according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic diagram of a login server according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
  • FIG. 1 is a flowchart of a method for authenticating a cloud desktop authentication on an authentication server side according to an embodiment of the present disclosure. As shown in FIG. 1 , the method in this embodiment includes:
  • Step 11 After receiving the user login request message sent by the terminal, the authentication server verifies the user information.
  • Step 12 After the verification is passed, obtain virtual desktop connection parameter information from the login server.
  • Step 13 Generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter information, and send the login page of the two-dimensional code to the terminal.
  • verifying the user information in step 11 includes:
  • the user login request message may also carry user login information.
  • the user login information includes user login time information and/or user login location information.
  • the embodiment of the present disclosure provides a method for cloud desktop authentication, which can improve the security and convenience of cloud desktop authentication.
  • FIG. 2 is a flowchart of a method for cloud desktop authentication on a terminal side according to an embodiment of the present disclosure. As shown in FIG. 2, the method in this embodiment includes:
  • Step 21 After the terminal starts to log in to the cloud desktop application, the terminal sends a user login request message to the authentication server.
  • Step 22 The terminal receives a login page of the two-dimensional code sent by the authentication server.
  • the user login request message carries pre-stored registered user information.
  • the user login request message may carry user login information.
  • the method may further include:
  • the authentication server Receiving, by the terminal, the authentication server to send a verification message, if the verification is successful, acquiring a first token with a validity period carried in the verification message;
  • the user login information is encrypted by using the first token, and the encrypted user login information and the second token are sent to the authentication server.
  • the method may further include:
  • the terminal After receiving the parsing instruction, the terminal parses time information and/or location information in the two-dimensional code;
  • the login cloud desktop request message is sent to the login server.
  • FIG. 3 is a flowchart of a method for logging in to the cloud desktop authentication on the server side according to an embodiment of the present disclosure. As shown in FIG. 3, the method in this embodiment includes:
  • Step 31 The login server receives the virtual desktop connection parameter request message of the authentication server.
  • Step 32 Send virtual desktop connection parameter information to the authentication server.
  • the method may further include:
  • the login server compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and sends the virtual desktop connection parameter information to the authentication server.
  • the method further includes:
  • the login server After receiving the login cloud desktop request message of the terminal, the login server pushes the virtual desktop to the terminal.
  • Embodiments of the present disclosure may include two processes of registration and login authentication.
  • the registration process of the embodiment of the present disclosure includes the following steps as shown in FIG. 4:
  • the administrator assigns the virtual desktop to the designated user through the management platform, and the user account and the virtual table The face information is associated so that the user has access to the desktop.
  • step Z1 the user performs remote registration through the mobile terminal.
  • the IP address of the authentication server needs to be input, and the user name and password of the corresponding user need to be input.
  • the authentication server determines whether to allow registration according to the password of the user. Return to allow registration to the mobile terminal; if registration is not allowed, refuse registration, return the rejection registration information to the mobile terminal;
  • Step Z2 After receiving the information that allows the registration, the mobile terminal encrypts the successfully registered user name information into the mobile terminal, and at the same time, the authentication server end simultaneously puts information in the registration request, such as the user name and the mobile terminal.
  • the device number is stored in the specified database; when receiving the information rejecting the user registration, the user is prompted, the authentication server rejects the user registration, and prompts the reason for the rejected registration.
  • Step D1 The user opens the cloud desktop login application software on the mobile terminal. At this time, the cloud desktop login application software can automatically bring the encrypted storage user name and the device number of the device, and actively send the requested two-dimensional display to the authentication server S1.
  • Step D2 After receiving the request of the user, the authentication server S1 decrypts the device number of the user according to the previously agreed encryption and decryption algorithm, and finds the specified device number in the database, and finds the specified device number to determine whether it corresponds to the specified user. If the matching is successful, the token (token) 1 that randomly generates the validity period is returned to the mobile terminal, and the authentication server S1 saves the token1 and transmits the value of the token1 to the login server S2. If the specified device number is not found, the information for rejecting the login is returned to the mobile terminal.
  • Step D3 After receiving the token1, the mobile terminal encrypts the time and location of the login according to the specified encryption algorithm according to the specified encryption algorithm, and transmits the time and location of the login to the authentication server S1; when receiving the information for rejecting the login, the mobile terminal may prompt the login authentication to fail. Information.
  • Step D4 The authentication server S1 receives the time and place information transmitted by the terminal, first checks whether the value of token1 is valid, and if valid, saves the time location to the corresponding account, and sends the uploaded token1 to the login server S2. Get the connection parameter request; if token1 is invalid, return the login failure information to the mobile terminal, prompting the login failure.
  • Step D5 The login server S2 receives the request sent by the authentication server S1, and verifies whether the passed token1 is the same as the saved token1, and returns the string of the virtual desktop connection to the authentication server S1; if the verification is different, the acquisition fails. The information is given to the authentication server S1.
  • Step D6 When the authentication server S1 receives the information transmitted by the login server S2, it determines whether the connection parameter of the virtual desktop is successfully obtained. If it fails, the failure information returned by the login server S2 is directly returned to the mobile terminal, and the terminal prompts to log in. If the connection parameter of the virtual desktop is successfully obtained, the authentication server S1 generates a QR code page by uploading the desktop connection parameter information, the pre-stored time, the location, and the token1, and returns the page to the mobile terminal.
  • Step D7 The mobile terminal receives the two-dimensional code page transmitted by the authentication server S1.
  • the user can long-press the two-dimensional code to scan, and solve the time and place information in the two-dimensional code, and determine whether the time is within the specified validity period. And if the location is within the range of change, if yes, the request is sent to the login server S2 with the solved string; if it is not at the valid time or a valid place, the user is prompted to invalidate the login session, please log in again.
  • Step D8 After receiving the request of the mobile terminal, the login server S2 pushes the virtual desktop to the mobile terminal through the display protocol, and the user can experience the operation of the virtual desktop.
  • the security of the user's login cloud desktop is ensured, which saves the user's trouble of inputting the user name and password, and uses the mobile terminal to log in to the cloud desktop, thereby saving not only the method described in the embodiment of the present disclosure. Resource costs and increased work efficiency.
  • a cloud desktop authentication method is provided in an internal network environment, and the mobile client has a function of acquiring a two-dimensional code.
  • the main modules can be divided into: a mobile client, an authentication server, and a desktop login server.
  • the operation process of this embodiment is as shown in FIG. 5, and includes the following steps:
  • Step 101 The login server allocates a virtual desktop to the user usr1, and the virtual desktop name is win7-1;
  • the administrator uses the administrative user account to log in to the management platform, and assigns a virtual desktop to the user usr1 in the background.
  • the virtual desktop name is win7-1, and the password of the user usr1 is set to passwd.
  • Step 102 The mobile terminal starts the cloud desktop login application software, and receives the user name usr1 and the password passwd input by the user to register the device and register the device, and send the user registration information to the authentication server S1.
  • Step 103 The authentication server S1 receives the user registration information transmitted by the mobile terminal, compares the user name and the device number in the user registration information, and if the device information has been bound to the user name, prompts the user “the device has been registered”. If the device is not registered, the username is usr1 and the device name is device1. The data is stored in the database, and a registration success message (OK) is returned to the mobile terminal, and the mobile terminal stores the user name locally.
  • Step 104 When the mobile terminal switches to the login interface, it automatically sends an HTTP (Hyper Text Transfer Protocol) request to the authentication server S1 to obtain a two-dimensional code display page, where the HTTP request includes the user name usr1 and the device information device1.
  • HTTP Hyper Text Transfer Protocol
  • Step 105 After receiving the HTTP request, the authentication server S1 decrypts the user name usr1 and the device name device1, and performs matching between the device and the user name in the registered database. If the matching fails, the user returns no device registration and refuses. The login information is displayed to the mobile terminal. If the matching is successful, the success information and the token (key) value key1 are returned to the mobile terminal, and the key1 transmission value is registered to the server S2 for storage.
  • Step 106 After receiving the key1 value, the mobile terminal encrypts and transmits the current device time t1 and/or the location latitude and longitude p1 to the authentication server S1 according to the key1.
  • Step 107 After receiving the token request, the authentication server decrypts the corresponding key1 and compares it with the previously stored key1. If the key1 is invalid, the login request of the user usr1 is rejected, and the “usr1 login failure” message is returned to the mobile terminal for display; key1 is valid. Then, the key1 is sent to the login server S2 to send a request to obtain the desktop connection parameter.
  • Step 108 After receiving the HTTP request of the authentication server, the login server S2 compares whether the previously stored key1 is valid. If it is invalid, returns a message “Failed to obtain the desktop connection parameter” to the authentication server S1, and the authentication server S1 transmits the message. Display to the mobile terminal. If the authentication is successful, the desktop connection parameter is transmitted to the authentication server S1, such as a string: --192.168.11.11 1021 key1.
  • Step 109 After receiving the desktop connection parameter sent by the login server S2, the authentication server S1 generates a two-dimensional code by using the string 192.168.11.11 1021 key1 and the pre-stored time t1, the location p1, and the key1. The page is returned to the mobile terminal for display.
  • Step 110 After receiving the instruction of the user to press and hold the two-dimensional code page to perform the scanning of the two-dimensional code, the mobile terminal extracts the string connecting the desktop--192.168.11.11 1021 key1, time t2, location p2, and t2. T1 is compared with p2 and p1. If the time difference exceeds the allowable range or the location exceeds the allowable range, the message “Session is invalid, please log in again”; if the time difference does not exceed the allowable range and the location does not exceed the allowable range, it will be directly A cloud desktop request is initiated to the login server S2.
  • Step 111 After receiving the cloud desktop request, the login server transmits the virtual desktop to the mobile terminal. display.
  • a cloud desktop authentication method is provided in an external network environment, and the mobile client has a function of acquiring a two-dimensional code.
  • the main module functions can be divided into: mobile client, gateway server, authentication server and desktop login server.
  • Step 201 The login server allocates a virtual desktop to the user usr2, and the virtual desktop name is win7-2.
  • the administrator uses the administrative user account to log in to the management platform, and assigns a virtual desktop to the user usr2 in the background.
  • the virtual desktop name is win7-2, and the password of the user usr2 is set to passwd2.
  • Step 202 The mobile terminal starts the cloud desktop login application software, and receives the user input user name usr2 and password passwd2 to register the device and register the device, and send the user registration information to the gateway server.
  • the gateway server receives the user registration information transmitted by the mobile terminal, and forwards the user registration information to the authentication server S1 for authentication.
  • Step 203 The authentication server S1 receives the user registration information transmitted by the mobile terminal, compares the user name and the device number in the user registration information, and if the device information has been bound to the user name, prompts the user “the device has been registered”. If the device is not registered, the user name usr2 and the device name device2 are stored in the database, and OK is returned to the mobile terminal, and the mobile terminal stores the user name locally.
  • Step 204 When the mobile terminal switches to the login interface, it automatically sends an HTTP request to the gateway server, and forwards the request to the authentication server S1 for authentication.
  • Step 205 The authentication server S1 receives the HTTP request to obtain a two-dimensional code display page, where the HTTP request includes the user name usr2 and the device information device2.
  • the verification server S1 After receiving the HTTP request, the verification server S1 decrypts the user name usr2 and the device name device2, and matches the device and the user name in the registered database. If the matching fails, the system returns "The user has not registered the device and refuses to log in”. The information is sent to the gateway server and forwarded to the mobile terminal for display. If the matching is successful, the success information and the token2 value key2 are returned to the gateway server, and forwarded to the mobile terminal, and the key2 transmission value is also logged into the server S2 for storage.
  • Step 206 After receiving the key2 value, the mobile terminal encrypts and transmits the current device time t1 and the location latitude and longitude p1 to the gateway server according to the key2.
  • Step 207 The gateway server forwards the request to the authentication server. After receiving the HTTP request, the authentication server decrypts the corresponding key2 and compares it with the pre-stored key2. If the key2 is invalid, the login request of the user usr2 is rejected, and the “usr2 login failure” is returned. The information is sent to the gateway server and forwarded to the mobile terminal for display; if key2 is valid, the key2 is sent to the login server S2 to send a request to obtain the desktop connection parameter.
  • Step 208 After receiving the http request of the authentication server, the login server S2 compares whether the pre-stored key2 is valid. If it is invalid, returns a message “Failed to obtain the desktop connection parameter” to the authentication server S1, and the authentication server S1 transmits the message. To the gateway server, the network management server forwards it to the mobile terminal for display. If the authentication is successful, the string information is transmitted to the authentication server S1, such as a string: --192.168.11.11 1022 key2.
  • Step 209 After receiving the login string transmitted by the login server S2, the authentication server S1 generates a two-dimensional code page by using the string 192.168.11.11 1022 key2 and the pre-stored time t1, the location p1, and the key2, and the page is generated. Return to the gateway server and forward it to the mobile terminal for display.
  • Step 210 The mobile terminal receives an instruction of the user to press and hold the two-dimensional code page to scan the two-dimensional code, and extracts a string connecting the desktop--192.168.11.11 1022 key2, time t2, location p2, t2, t1 Compare with p2 and p1. If the time difference exceeds the allowable range or the location exceeds the allowable range, the message “Session is invalid, please log in again”; if the time difference does not exceed the allowable range and the location does not exceed the allowable range, it will directly The login server initiates a request for a desktop request.
  • Step 211 After receiving the desktop request forwarded by the gateway server, the login server transmits the desktop to the mobile terminal for display.
  • FIG. 7 is a schematic diagram of an authentication server according to an embodiment of the present disclosure. As shown in FIG. 7, the authentication server in this embodiment includes:
  • the verification module is configured to: after receiving the user login request message sent by the terminal, verify the user information
  • An obtaining module configured to obtain a virtual desktop connection parameter from the login server after the verification module passes the verification
  • the generating module is configured to generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter, and send the login page of the two-dimensional code to the terminal.
  • the authentication server in this embodiment may further include: a storage module,
  • the verification module when verifying the user information, includes: when the user is a registered user, returning a first token having a validity period to the terminal, and sending the first token to the login server; Determining whether the second token is valid by using the user login information and the second token sent by the terminal;
  • the storage module is configured to store the user login information when the verification module verifies that the second token is valid, and the user login information includes user login time information and/or user login location information.
  • FIG. 8 is a schematic diagram of a terminal according to an embodiment of the present disclosure. As shown in FIG. 8, the terminal in this embodiment includes:
  • the startup module is configured to send a user login request message to the authentication server after the login to the cloud desktop application is started;
  • the receiving module is configured to receive a login page of the two-dimensional code sent by the authentication server.
  • the startup module sends the pre-stored registered user information to the user login request message sent to the authentication server.
  • the terminal in this embodiment may further include: an encryption module,
  • the receiving module is further configured to receive the verification message sent by the authentication server, and if the verification is successful, obtain the first token with the validity period carried in the verification message;
  • the encryption module is configured to encrypt the user login information by using the first token, and send the encrypted user login information and the second token to the authentication server.
  • the terminal in this embodiment may further include:
  • the parsing module is configured to parse the time information and/or the location information in the two-dimensional code after receiving the parsing instruction;
  • the sending module is configured to send a login cloud desktop request message to the login server when the parsed time information and/or location information meets the specified condition.
  • FIG. 9 is a schematic diagram of a login server according to an embodiment of the present disclosure. As shown in FIG. 9, the login server of this embodiment includes:
  • a receiving module configured to receive a virtual desktop connection parameter request message of the authentication server
  • the sending module is configured to send the virtual desktop connection parameter information to the authentication server.
  • the login server of this embodiment may further include:
  • the comparison module compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and if the same, triggers the sending module to send the virtual desktop connection parameter information to the authentication server. .
  • the login server of this embodiment may further include:
  • the push module is configured to: after receiving the login cloud desktop request message of the terminal, push the virtual desktop to the terminal.
  • Embodiments of the present disclosure also provide a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of the above embodiments.
  • the embodiment of the present disclosure further provides a schematic structural diagram of an electronic device.
  • the electronic device includes:
  • At least one processor 100 which is exemplified by a processor 100 in FIG. 11; and a memory 101, may further include a communication interface 102 and a bus 103.
  • the processor 100, the communication interface 102, and the memory 101 can complete communication with each other through the bus 103.
  • Communication interface 102 can be configured for information transfer.
  • the processor 100 can call logic instructions in the memory 101 to perform the methods of the above-described embodiments.
  • logic instructions in the memory 101 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.
  • the memory 101 is a computer readable storage medium that can be configured to store a software program, a computer executable program, a program instruction/module corresponding to a method in an embodiment of the present disclosure.
  • the processor 100 executes the function application and the data processing by executing the software program, the instruction and the module stored in the memory 101, that is, the method for implementing the cloud desktop authentication in the above method embodiment.
  • the memory 101 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal device, and the like.
  • the memory 101 may include a high speed random access memory, and may also Includes non-volatile memory.
  • the technical solution of the embodiments of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network) The device or the like) performs all or part of the steps of the method described in the embodiments of the present disclosure.
  • the foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like.
  • the method, the server and the terminal for cloud desktop authentication provided by the embodiments of the present disclosure can improve the security performance of the cloud terminal identity authentication, and greatly reduce the risk of leakage of user information.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

Provided in embodiments of the present disclosure are a method, server, and terminal for cloud desktop authentication. The method comprises: an authentication server authenticates user information in response to a user login request; upon successful authentication, virtual desktop connection parameter information is acquired from a login server; and a two-dimensional code login page is generated on the basis of the user login information and of the virtual desktop connection parameter information. The solution increases the security performance of cloud terminal identity authentication and greatly reduces risks of the user information being leaked.

Description

一种云桌面认证的方法、服务器及终端Method, server and terminal for cloud desktop authentication 技术领域Technical field

本申请涉及但不限于通信领域,例如涉及一种云桌面认证的方法、服务器及终端。The present application relates to, but is not limited to, the field of communications, for example, to a method, server and terminal for cloud desktop authentication.

背景技术Background technique

由于维护费用的大幅度减少和管理方便等优势,云桌面技术已经在多个领域有广泛的应用。云桌面的登录系统可以简单的描述为,终端和主机的组合模式。然后通过显示协议将完整的桌面推送至终端供用户使用。云桌面技术依托于互联网技术,为用户提供互联网领域丰富的应用。虽然云桌面的技术有很强大的优势,但是目前云桌面登录主要采用密码交互式登录方式,其安全性自然会引起极大的关注。目前云桌面主要是基于瘦终端方式登录,虽然可以实现异地登录自己的桌面,但是并不是真正意义的移动办公。Due to the significant reduction in maintenance costs and ease of management, cloud desktop technology has been widely used in many fields. The login system of the cloud desktop can be simply described as the combination mode of the terminal and the host. The full desktop is then pushed to the terminal for display by the display protocol. Cloud desktop technology relies on Internet technology to provide users with a wealth of applications in the Internet field. Although the technology of cloud desktop has a strong advantage, the current cloud desktop login mainly adopts password interactive login mode, and its security will naturally attract great attention. Currently, cloud desktops are mainly based on thin terminal login. Although they can log in to their desktops remotely, they are not really mobile.

相关技术提供一种云终端身份认证方法,该方案是基于用户的账号和密码通过预设的密码算法生成第一密文,再通过二维码工具生成与所述第一密文对应的二维码图像,该二维码图像是固定不变的,存在安全风险。The related art provides a cloud terminal identity authentication method, which generates a first ciphertext by using a preset cryptographic algorithm based on a user's account and password, and generates a two-dimensional corresponding to the first ciphertext by using a two-dimensional code tool. The code image, which is fixed and has a security risk.

相关技术还提供一种基于带外认证的虚拟桌面云连接方法,该方案需要在带内登录虚拟桌面生成二维码,再切换至带外进行操作,且二维码是根据用户信息,设备信息和权限生成,是固定不变的,存在安全风险。The related technology also provides a virtual desktop cloud connection method based on out-of-band authentication. The solution needs to log in a virtual desktop to generate a two-dimensional code, and then switch to out-of-band operation, and the two-dimensional code is based on user information and device information. And permission generation, is fixed, there is a security risk.

发明内容Summary of the invention

本公开实施例提供一种云桌面认证的方法、服务器及终端,以提高云桌面登录认证的安全性。The embodiments of the present disclosure provide a method, a server, and a terminal for cloud desktop authentication to improve the security of cloud desktop login authentication.

本公开实施例提供了一种云桌面认证的方法,包括:The embodiment of the present disclosure provides a method for cloud desktop authentication, including:

认证服务器响应用户登录请求对用户信息进行验证;The authentication server verifies the user information in response to the user login request;

验证通过后,向登录服务器获取虚拟桌面连接参数信息;After the verification is passed, the virtual desktop connection parameter information is obtained from the login server.

根据用户登录信息和所述虚拟桌面连接参数信息生成二维码的登录页面。 Generating a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter information.

可选地,所述认证服务器响应用户登录请求对用户信息进行验证包括:认证服务器接收到终端发送的用户登录请求消息后,对用户信息进行验证;Optionally, the verifying, by the authentication server, the user information in response to the user login request includes: after the authentication server receives the user login request message sent by the terminal, verifying the user information;

生成所述二维码的登录页面后,还包括:将所述二维码的登录页面发送给所述终端。After the login page of the two-dimensional code is generated, the method further includes: sending a login page of the two-dimensional code to the terminal.

可选地,所述对用户信息进行验证包括:Optionally, the verifying the user information includes:

验证用户为已注册用户时,向所述终端返回具有有效期的第一令牌,并将所述第一令牌发送给所述登录服务器;When the user is a registered user, returning a first token with a validity period to the terminal, and sending the first token to the login server;

接收所述终端发送的用户登录信息和第二令牌,验证所述第二令牌有效时,存储所述用户登录信息。Receiving the user login information and the second token sent by the terminal, and verifying that the second token is valid, storing the user login information.

可选地,所述用户登录请求消息携带所述用户登录信息。Optionally, the user login request message carries the user login information.

可选地,所述用户登录信息包括用户登录时间信息和/或用户登录地点信息。Optionally, the user login information includes user login time information and/or user login location information.

一种认证服务器,包括:An authentication server that includes:

验证模块,被配置为响应用户登录请求对用户信息进行验证;a verification module configured to verify user information in response to a user login request;

获取模块,被配置为在所述验证模块验证通过后,向登录服务器获取虚拟桌面连接参数;An obtaining module, configured to obtain a virtual desktop connection parameter from the login server after the verification module passes the verification;

生成模块,被配置为根据用户登录信息和所述虚拟桌面连接参数生成二维码的登录页面。The generating module is configured to generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter.

可选地,所述验证模块,被配置为接收到终端发送的用户登录请求消息后,对用户信息进行验证;Optionally, the verification module is configured to: after receiving the user login request message sent by the terminal, verify the user information;

所述生成模块,还被配置为将所述二维码的登录页面发送给所述终端。The generating module is further configured to send a login page of the two-dimensional code to the terminal.

可选地,本实施例的认证服务器还包括存储模块,Optionally, the authentication server of this embodiment further includes a storage module.

所述验证模块,对用户信息进行验证包括:验证用户为已注册用户时,向所述终端返回具有有效期的第一令牌,并将所述第一令牌发送给所述登录服务器;接收所述终端发送的用户登录信息和第二令牌,验证所述第二令牌是否有效;The verification module, when verifying the user information, includes: when the user is a registered user, returning a first token having a validity period to the terminal, and sending the first token to the login server; Determining whether the second token is valid by using the user login information and the second token sent by the terminal;

所述存储模块,被配置为在所述验证模块,验证所述第二令牌有效时存储所述用户登录信息,所述用户登录信息包括用户登录时间信息和/或用户登录地点信息。 The storage module is configured to store the user login information when the verification module verifies that the second token is valid, and the user login information includes user login time information and/or user login location information.

一种云桌面认证的方法,包括:A method for cloud desktop authentication, including:

终端根据登录云桌面应用向认证服务器发起用户登录请求;The terminal initiates a user login request to the authentication server according to the login cloud desktop application.

所述终端获取所述认证服务器的二维码的登录页面。The terminal acquires a login page of the two-dimensional code of the authentication server.

可选地,所述终端根据登录云桌面应用向认证服务器发起用户登录请求包括:终端启动登录云桌面应用后,向认证服务器发送用户登录请求消息;Optionally, the terminal initiating a user login request to the authentication server according to the login cloud desktop application includes: after the terminal starts to log in to the cloud desktop application, sending, by the terminal, a user login request message to the authentication server;

所述终端获取所述认证服务器的二维码的登录页面包括:所述终端接收所述认证服务器发送的二维码的登录页面。The obtaining, by the terminal, the login page of the two-dimensional code of the authentication server includes: the terminal receiving a login page of the two-dimensional code sent by the authentication server.

可选地,所述用户登录请求消息携带预存的已注册的用户信息。Optionally, the user login request message carries pre-stored registered user information.

可选地,所述用户登录请求消息携带用户登录信息。Optionally, the user login request message carries user login information.

可选地,所述方法还包括:Optionally, the method further includes:

所述终端接收所述认证服务器发送验证消息,如验证成功,则获取所述验证消息中携带的具有有效期的第一令牌;Receiving, by the terminal, the authentication server to send a verification message, if the verification is successful, acquiring a first token with a validity period carried in the verification message;

利用所述第一令牌对用户登录信息进行加密,将加密后的用户登录信息和第二令牌发送给所述认证服务器。The user login information is encrypted by using the first token, and the encrypted user login information and the second token are sent to the authentication server.

可选地,所述终端接收所述认证服务器发送的二维码的登录页面之后,还包括:Optionally, after receiving the login page of the two-dimensional code sent by the authentication server, the terminal further includes:

所述终端接收到解析指令后,解析出所述二维码中的时间信息和/或地点信息;After receiving the parsing instruction, the terminal parses time information and/or location information in the two-dimensional code;

当所述时间信息和/或地点信息满足指定条件时,向登录服务器发送登录云桌面请求消息。When the time information and/or the location information meets the specified condition, the login cloud desktop request message is sent to the login server.

一种终端,包括:A terminal comprising:

启动模块,被配置为根据登录云桌面应用向认证服务器发起用户登录请求;The startup module is configured to initiate a user login request to the authentication server according to the login cloud desktop application;

接收模块,被配置为获取所述认证服务器的二维码的登录页面。The receiving module is configured to acquire a login page of the two-dimensional code of the authentication server.

可选地,所述启动模块,被配置为启动登录云桌面应用后,向认证服务器发送用户登录请求消息;Optionally, the startup module is configured to send a user login request message to the authentication server after the login to the cloud desktop application is started;

所述接收模块,被配置为接收所述认证服务器发送的二维码的登录页面。The receiving module is configured to receive a login page of the two-dimensional code sent by the authentication server.

可选地,所述启动模块,向认证服务器发送的所述用户登录请求消息携带 预存的已注册的用户信息。Optionally, the startup module carries the user login request message sent to the authentication server. Pre-stored registered user information.

可选地,还包括加密模块,Optionally, an encryption module is further included,

所述接收模块,还被配置为接收所述认证服务器发送验证消息,如验证成功,则获取所述验证消息中携带的具有有效期的第一令牌;The receiving module is further configured to receive the verification message sent by the authentication server, and if the verification is successful, obtain the first token with the validity period carried in the verification message;

所述加密模块,被配置为利用所述第一令牌对用户登录信息进行加密,将加密后的用户登录信息和第二令牌发送给所述认证服务器。The encryption module is configured to encrypt the user login information by using the first token, and send the encrypted user login information and the second token to the authentication server.

可选地,还包括:Optionally, it also includes:

解析模块,被配置为接收到解析指令后,解析出所述二维码中的时间信息和/或地点信息;The parsing module is configured to parse the time information and/or the location information in the two-dimensional code after receiving the parsing instruction;

发送模块,被配置为当解析出的所述时间信息和/或地点信息满足指定条件时,向登录服务器发送登录云桌面请求消息。The sending module is configured to send a login cloud desktop request message to the login server when the parsed time information and/or location information meets the specified condition.

一种云桌面认证的方法,包括:A method for cloud desktop authentication, including:

登录服务器接收认证服务器的获取虚拟桌面连接参数请求消息;The login server receives the virtual desktop connection parameter request message of the authentication server;

将虚拟桌面连接参数信息发送给所述认证服务器。The virtual desktop connection parameter information is sent to the authentication server.

可选地,所述登录服务器将虚拟桌面连接参数信息发送给所述认证服务器之前,还包括:Optionally, before the login server sends the virtual desktop connection parameter information to the authentication server, the method further includes:

所述登录服务器将所述获取虚拟桌面连接参数请求消息携带的第二令牌与预存的第一令牌进行对比,如相同,再将虚拟桌面连接参数信息发送给所述认证服务器。The login server compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and sends the virtual desktop connection parameter information to the authentication server.

可选地,所述登录服务器将虚拟桌面连接参数信息发送给所述认证服务器之后,还包括:Optionally, after the login server sends the virtual desktop connection parameter information to the authentication server, the method further includes:

所述登录服务器接收到终端的登录云桌面请求消息后,将虚拟桌面推送给所述终端。After receiving the login cloud desktop request message of the terminal, the login server pushes the virtual desktop to the terminal.

一种登录服务器,包括:A login server that includes:

接收模块,被配置为接收认证服务器的获取虚拟桌面连接参数请求消息;a receiving module, configured to receive a virtual desktop connection parameter request message of the authentication server;

发送模块,被配置为将虚拟桌面连接参数信息发送给所述认证服务器。The sending module is configured to send the virtual desktop connection parameter information to the authentication server.

可选地,还包括: Optionally, it also includes:

对比模块,将所述获取虚拟桌面连接参数请求消息携带的第二令牌与预存的第一令牌进行对比,如相同,再触发所述发送模块将虚拟桌面连接参数信息发送给所述认证服务器。The comparison module compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and if the same, triggers the sending module to send the virtual desktop connection parameter information to the authentication server. .

可选地,还包括:Optionally, it also includes:

推送模块,被配置为接收到终端的登录云桌面请求消息后,将虚拟桌面推送给所述终端。The push module is configured to: after receiving the login cloud desktop request message of the terminal, push the virtual desktop to the terminal.

一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述方法。A non-transitory computer readable storage medium storing computer executable instructions arranged to perform the above method.

一种电子设备,包括:An electronic device comprising:

至少一个处理器;以及At least one processor;

与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein

所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器执行上述的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to cause the at least one processor to perform the method described above.

综上,本公开实施例提供一种云桌面认证的方法、服务器及终端,能够提高云终端身份认证的安全性能,极大地降低了用户信息的泄漏风险。In summary, the embodiments of the present disclosure provide a cloud desktop authentication method, a server, and a terminal, which can improve the security performance of the cloud terminal identity authentication, and greatly reduce the risk of user information leakage.

附图概述BRIEF abstract

图1为本公开实施例的认证服务器侧的云桌面认证的方法的流程图;1 is a flowchart of a method for authenticating a cloud desktop authentication on a server side according to an embodiment of the present disclosure;

图2为本公开实施例的终端侧的云桌面认证的方法的流程图;2 is a flowchart of a method for cloud desktop authentication on a terminal side according to an embodiment of the present disclosure;

图3为本公开实施例的登录服务器侧的云桌面认证的方法的流程图;FIG. 3 is a flowchart of a method for logging in to a cloud desktop authentication on a server side according to an embodiment of the present disclosure;

图4为本公开实施例的用户注册的流程图;4 is a flowchart of user registration according to an embodiment of the present disclosure;

图5为本公开实施例的内网登录的流程图;FIG. 5 is a flowchart of an intranet login according to an embodiment of the present disclosure;

图6为本公开实施例的外网登录的流程图;6 is a flowchart of an external network login according to an embodiment of the present disclosure;

图7为本公开实施例的一种认证服务器的示意图;FIG. 7 is a schematic diagram of an authentication server according to an embodiment of the present disclosure;

图8为本公开实施例的终端的示意图;FIG. 8 is a schematic diagram of a terminal according to an embodiment of the present disclosure; FIG.

图9为本公开实施例的登录服务器的示意图;以及 9 is a schematic diagram of a login server according to an embodiment of the present disclosure;

图10为本公开实施例的电子设备的结构示意图。FIG. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.

具体实施方式detailed description

为使本公开的技术方案和优点更加清楚明白,下文中将结合附图对本公开的实施例进行详细说明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the technical solutions and advantages of the present disclosure more apparent, the embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments in the present application may be arbitrarily combined with each other.

图1为本公开实施例的认证服务器侧的云桌面认证的方法的流程图,如图1所示,本实施例的方法包括:FIG. 1 is a flowchart of a method for authenticating a cloud desktop authentication on an authentication server side according to an embodiment of the present disclosure. As shown in FIG. 1 , the method in this embodiment includes:

步骤11、认证服务器接收到终端发送的用户登录请求消息后,对用户信息进行验证;Step 11: After receiving the user login request message sent by the terminal, the authentication server verifies the user information.

步骤12、验证通过后,向登录服务器获取虚拟桌面连接参数信息;Step 12: After the verification is passed, obtain virtual desktop connection parameter information from the login server.

步骤13、根据用户登录信息和所述虚拟桌面连接参数信息生成二维码的登录页面,将所述二维码的登录页面发送给所述终端。Step 13: Generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter information, and send the login page of the two-dimensional code to the terminal.

可选地,步骤11中对用户信息进行验证包括:Optionally, verifying the user information in step 11 includes:

验证用户为已注册用户时,向所述终端返回具有有效期的第一令牌,并将所述第一令牌发送给所述登录服务器;When the user is a registered user, returning a first token with a validity period to the terminal, and sending the first token to the login server;

接收所述终端发送的用户登录信息和第二令牌,验证所述第二令牌有效时,存储所述用户登录信息。Receiving the user login information and the second token sent by the terminal, and verifying that the second token is valid, storing the user login information.

可选地,所述用户登录请求消息也可以携带用户登录信息。Optionally, the user login request message may also carry user login information.

其中,所述用户登录信息包括用户登录时间信息和/或用户登录地点信息。The user login information includes user login time information and/or user login location information.

本公开实施例提供一种的云桌面认证的方法,能提高云桌面认证的安全性和方便性。The embodiment of the present disclosure provides a method for cloud desktop authentication, which can improve the security and convenience of cloud desktop authentication.

图2为本公开实施例的终端侧的云桌面认证的方法的流程图,如图2所示,本实施例的方法包括:2 is a flowchart of a method for cloud desktop authentication on a terminal side according to an embodiment of the present disclosure. As shown in FIG. 2, the method in this embodiment includes:

步骤21、终端启动登录云桌面应用后,向认证服务器发送用户登录请求消息;Step 21: After the terminal starts to log in to the cloud desktop application, the terminal sends a user login request message to the authentication server.

步骤22、所述终端接收所述认证服务器发送的二维码的登录页面。 Step 22: The terminal receives a login page of the two-dimensional code sent by the authentication server.

可选地,所述用户登录请求消息携带预存的已注册的用户信息。Optionally, the user login request message carries pre-stored registered user information.

可选地,所述用户登录请求消息可以携带用户登录信息。Optionally, the user login request message may carry user login information.

可选地,步骤21之后,还可以包括:Optionally, after step 21, the method may further include:

所述终端接收所述认证服务器发送验证消息,如验证成功,则获取所述验证消息中携带的具有有效期的第一令牌;Receiving, by the terminal, the authentication server to send a verification message, if the verification is successful, acquiring a first token with a validity period carried in the verification message;

利用所述第一令牌对用户登录信息进行加密,将加密后的用户登录信息和第二令牌发送给所述认证服务器。The user login information is encrypted by using the first token, and the encrypted user login information and the second token are sent to the authentication server.

可选地,步骤22之后,还可以包括:Optionally, after step 22, the method may further include:

所述终端接收到解析指令后,解析出所述二维码中的时间信息和/或地点信息;After receiving the parsing instruction, the terminal parses time information and/or location information in the two-dimensional code;

当所述时间信息和/或地点信息满足指定条件时,向登录服务器发送登录云桌面请求消息。When the time information and/or the location information meets the specified condition, the login cloud desktop request message is sent to the login server.

图3为本公开实施例的登录服务器侧的云桌面认证的方法的流程图,如图3所示,本实施例的方法包括:FIG. 3 is a flowchart of a method for logging in to the cloud desktop authentication on the server side according to an embodiment of the present disclosure. As shown in FIG. 3, the method in this embodiment includes:

步骤31、登录服务器接收认证服务器的获取虚拟桌面连接参数请求消息;Step 31: The login server receives the virtual desktop connection parameter request message of the authentication server.

步骤32、将虚拟桌面连接参数信息发送给所述认证服务器。Step 32: Send virtual desktop connection parameter information to the authentication server.

可选地,步骤32之前还可以包括:Optionally, before step 32, the method may further include:

所述登录服务器将所述获取虚拟桌面连接参数请求消息携带的第二令牌与预存的第一令牌进行对比,如相同,再将虚拟桌面连接参数信息发送给所述认证服务器。The login server compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and sends the virtual desktop connection parameter information to the authentication server.

可选地,步骤32之后还可以包括:Optionally, after step 32, the method further includes:

所述登录服务器接收到终端的登录云桌面请求消息后,将虚拟桌面推送给所述终端。After receiving the login cloud desktop request message of the terminal, the login server pushes the virtual desktop to the terminal.

以下对本公开实施例的方法进行详细的说明。本公开实施例可以包括注册和登录认证两个过程。The method of the embodiment of the present disclosure will be described in detail below. Embodiments of the present disclosure may include two processes of registration and login authentication.

本公开实施例的注册过程如图4所示包括以下步骤:The registration process of the embodiment of the present disclosure includes the following steps as shown in FIG. 4:

管理员通过管理平台将虚拟桌面分配给指定的用户,将用户账号与虚拟桌 面信息进行关联,使用户具有访问桌面的权限。The administrator assigns the virtual desktop to the designated user through the management platform, and the user account and the virtual table The face information is associated so that the user has access to the desktop.

步骤Z1,用户通过移动终端进行远程注册,此时需要输入认证服务器的IP地址,且需要输入对应用户的用户名和密码,认证服务器接收到请求后根据用户的密码判断是否允许注册,如果允许注册,返回允许注册给移动终端;如果不允许注册,拒绝注册,返回拒绝注册信息给移动终端;In step Z1, the user performs remote registration through the mobile terminal. In this case, the IP address of the authentication server needs to be input, and the user name and password of the corresponding user need to be input. After receiving the request, the authentication server determines whether to allow registration according to the password of the user. Return to allow registration to the mobile terminal; if registration is not allowed, refuse registration, return the rejection registration information to the mobile terminal;

步骤Z2,移动终端接收到允许注册的信息之后,则将注册成功的用户名信息加密存入到移动终端,与此同时,认证服务器端将同时把注册请求里面的信息,如用户名、移动终端的设备号存入指定的数据库;接收到拒绝用户注册的信息时,提示用户,认证服务端决拒绝该用户注册,并且提示拒绝的注册的原因。Step Z2: After receiving the information that allows the registration, the mobile terminal encrypts the successfully registered user name information into the mobile terminal, and at the same time, the authentication server end simultaneously puts information in the registration request, such as the user name and the mobile terminal. The device number is stored in the specified database; when receiving the information rejecting the user registration, the user is prompted, the authentication server rejects the user registration, and prompts the reason for the rejected registration.

本公开实施例的登录认证过程包括以下步骤:The login authentication process of the embodiment of the present disclosure includes the following steps:

步骤D1、用户打开移动终端上的云桌面登录应用软件,此时,云桌面登录应用软件可以自动带上已加密存储的用户名和该设备的设备号,主动向认证服务器S1发送请求展现的二维码页面;Step D1: The user opens the cloud desktop login application software on the mobile terminal. At this time, the cloud desktop login application software can automatically bring the encrypted storage user name and the device number of the device, and actively send the requested two-dimensional display to the authentication server S1. Code page

步骤D2、认证服务器S1接收到用户的请求后,根据之前约定的加解密算法解密出用户的设备号,并且在数据库中找到指定的设备号,找到指定的设备号之后判断是否对应指定的用户,如匹配成功则返回随机生成有效期的token(令牌)1,返回给移动终端,认证服务器S1保存token1并将token1的值传送给登录服务器S2。如未找到指定的设备号,会返回拒绝登录的信息给移动终端。Step D2: After receiving the request of the user, the authentication server S1 decrypts the device number of the user according to the previously agreed encryption and decryption algorithm, and finds the specified device number in the database, and finds the specified device number to determine whether it corresponds to the specified user. If the matching is successful, the token (token) 1 that randomly generates the validity period is returned to the mobile terminal, and the authentication server S1 saves the token1 and transmits the value of the token1 to the login server S2. If the specified device number is not found, the information for rejecting the login is returned to the mobile terminal.

步骤D3、移动终端收到token1之后,利用token1的值根据指定的加密算法将登录的时间和地点进行加密,传到认证服务器S1;收到拒绝登录的信息的时候,移动终端会提示登录认证失败的信息。Step D3: After receiving the token1, the mobile terminal encrypts the time and location of the login according to the specified encryption algorithm according to the specified encryption algorithm, and transmits the time and location of the login to the authentication server S1; when receiving the information for rejecting the login, the mobile terminal may prompt the login authentication to fail. Information.

步骤D4、认证服务器S1收到终端传过来的时间地点信息,首先校验token1的值是否有效,如果有效,则将时间地点存到对应的账户下,同时带上传过来的token1向登录服务器S2发送获取连接参数请求;token1无效则返回登录失败的信息给移动终端,提示登录失败。Step D4: The authentication server S1 receives the time and place information transmitted by the terminal, first checks whether the value of token1 is valid, and if valid, saves the time location to the corresponding account, and sends the uploaded token1 to the login server S2. Get the connection parameter request; if token1 is invalid, return the login failure information to the mobile terminal, prompting the login failure.

步骤D5、登录服务器S2接收到认证服务器S1发送的请求,验证传过来的token1与保存的token1是否相同,相同则将虚拟桌面连接的字符串返回给认证服务器S1;验证不一样,则返回获取失败的信息给认证服务器S1。 Step D5: The login server S2 receives the request sent by the authentication server S1, and verifies whether the passed token1 is the same as the saved token1, and returns the string of the virtual desktop connection to the authentication server S1; if the verification is different, the acquisition fails. The information is given to the authentication server S1.

步骤D6、认证服务器S1接收到登录服务器S2传过来的信息的时候判断是否成功获取虚拟桌面的连接参数,如果失败,则将登录服务器S2返回的失败信息直接返回给移动终端,并在终端提示登录失败;若成功获取虚拟桌面的连接参数成功,则认证服务器S1会将桌面连接参数信息,预存的时间,地点,以及token1生成二维码页面,并将该页面返回给移动终端。Step D6: When the authentication server S1 receives the information transmitted by the login server S2, it determines whether the connection parameter of the virtual desktop is successfully obtained. If it fails, the failure information returned by the login server S2 is directly returned to the mobile terminal, and the terminal prompts to log in. If the connection parameter of the virtual desktop is successfully obtained, the authentication server S1 generates a QR code page by uploading the desktop connection parameter information, the pre-stored time, the location, and the token1, and returns the page to the mobile terminal.

步骤D7、移动终端接收到认证服务器S1传过来的二维码页面,此时用户可以长按二维码进行扫描,解出二维码中的时间地点信息,并判断时间是否在指定的有效期内和地点是否在变化的范围内,若是,则带着解出的字符串向登录服务器S2发起请求;若不在有效的时间或者有效的地点,则会提示用户该次登录会话失效,请重新登录。Step D7: The mobile terminal receives the two-dimensional code page transmitted by the authentication server S1. At this time, the user can long-press the two-dimensional code to scan, and solve the time and place information in the two-dimensional code, and determine whether the time is within the specified validity period. And if the location is within the range of change, if yes, the request is sent to the login server S2 with the solved string; if it is not at the valid time or a valid place, the user is prompted to invalidate the login session, please log in again.

步骤D8、登录服务器S2收到移动终端的请求后,通过显示协议将虚拟桌面推送至移动终端,此时用户可以体验虚拟桌面的操作。Step D8: After receiving the request of the mobile terminal, the login server S2 pushes the virtual desktop to the mobile terminal through the display protocol, and the user can experience the operation of the virtual desktop.

采用本公开实施例所述方法,与相关技术相比,在用户的登录云桌面的安全性方面得到了保障,节省了用户输入用户名和密码的麻烦,同时用移动终端来登录云桌面,不仅节省了资源成本,而且提高了工作效率。Compared with the related technologies, the security of the user's login cloud desktop is ensured, which saves the user's trouble of inputting the user name and password, and uses the mobile terminal to log in to the cloud desktop, thereby saving not only the method described in the embodiment of the present disclosure. Resource costs and increased work efficiency.

下面以两个实施例对本申请的方法进行详细的说明。The method of the present application will be described in detail below in two embodiments.

实施例一Embodiment 1

本实施例中在内网环境中提供了一种云桌面认证的方法,移动客户端具有采集二维码功能。主要模块可分为:移动客户端,认证服务器和桌面登录服务器,本实施例的操作流程如图5所示,包括以下步骤:In this embodiment, a cloud desktop authentication method is provided in an internal network environment, and the mobile client has a function of acquiring a two-dimensional code. The main modules can be divided into: a mobile client, an authentication server, and a desktop login server. The operation process of this embodiment is as shown in FIG. 5, and includes the following steps:

步骤101、登录服务器给用户usr1分配虚拟桌面,虚拟桌面名称为win7-1;Step 101: The login server allocates a virtual desktop to the user usr1, and the virtual desktop name is win7-1;

管理员使用管理用户账号登录管理平台,在后台给用户usr1分配虚拟桌面,虚拟桌面名称为win7-1,并且设置用户usr1的密码为passwd。The administrator uses the administrative user account to log in to the management platform, and assigns a virtual desktop to the user usr1 in the background. The virtual desktop name is win7-1, and the password of the user usr1 is set to passwd.

步骤102、移动终端启动云桌面登录应用软件,接收用户输入的用户名usr1和密码passwd进行设备的注册和设备的登记,将用户注册信息发送给认证服务器S1。Step 102: The mobile terminal starts the cloud desktop login application software, and receives the user name usr1 and the password passwd input by the user to register the device and register the device, and send the user registration information to the authentication server S1.

步骤103、认证服务器S1接收移动终端传递过来的用户注册信息,将用户注册信息中的用户名和设备号进行比较,若设备信息已经绑定用户名,则提示用户“该设备已经注册”。若设备没有注册过,则将用户名usr1,设备名device1 存入数据库,同时返回注册成功消息(OK)给移动终端,移动终端将用户名存入本地。Step 103: The authentication server S1 receives the user registration information transmitted by the mobile terminal, compares the user name and the device number in the user registration information, and if the device information has been bound to the user name, prompts the user “the device has been registered”. If the device is not registered, the username is usr1 and the device name is device1. The data is stored in the database, and a registration success message (OK) is returned to the mobile terminal, and the mobile terminal stores the user name locally.

步骤104、移动终端切换到登录界面时,自动向认证服务器S1发送HTTP(Hyper Text Transfer Protocol,超文本传输协议)请求获取二维码显示页面,HTTP请求中包含用户名usr1和设备信息device1。Step 104: When the mobile terminal switches to the login interface, it automatically sends an HTTP (Hyper Text Transfer Protocol) request to the authentication server S1 to obtain a two-dimensional code display page, where the HTTP request includes the user name usr1 and the device information device1.

步骤105、认证服务器S1在接收到HTTP请求后,解密出用户名usr1和设备名device1,在已注册的数据库中进行设备和用户名的匹配,匹配失败则返回“该用户未进行设备注册,拒绝登录”信息给移动终端显示,匹配成功则会返回成功信息和token(令牌)值key1给移动终端,同时将key1传送值登录服务器S2进行保存。Step 105: After receiving the HTTP request, the authentication server S1 decrypts the user name usr1 and the device name device1, and performs matching between the device and the user name in the registered database. If the matching fails, the user returns no device registration and refuses. The login information is displayed to the mobile terminal. If the matching is successful, the success information and the token (key) value key1 are returned to the mobile terminal, and the key1 transmission value is registered to the server S2 for storage.

步骤106、移动终端接收到key1值后,根据key1将当前设备的时间t1和/或地点经纬度p1进行加密传送至认证服务器S1。Step 106: After receiving the key1 value, the mobile terminal encrypts and transmits the current device time t1 and/or the location latitude and longitude p1 to the authentication server S1 according to the key1.

步骤107、认证服务器收到token请求后,会解密出对应的key1,与事先存的key1进行比较,key1无效则拒绝用户usr1的登录请求,返回“usr1登录失败”信息给移动终端显示;key1有效,则将key1带上向登录服务器S2发送请求获取桌面连接参数。Step 107: After receiving the token request, the authentication server decrypts the corresponding key1 and compares it with the previously stored key1. If the key1 is invalid, the login request of the user usr1 is rejected, and the “usr1 login failure” message is returned to the mobile terminal for display; key1 is valid. Then, the key1 is sent to the login server S2 to send a request to obtain the desktop connection parameter.

步骤108、登录服务器S2接收到认证服务器的HTTP请求后,比较事先存的key1是否有效,如果无效,则返回“获取桌面连接参数失败”的消息给认证服务器S1,同时认证服务器S1将该消息传送至移动终端进行显示。若认证成功,则将桌面连接参数传送给认证服务器S1,比如字符串:--192.168.11.11 1021 key1。Step 108: After receiving the HTTP request of the authentication server, the login server S2 compares whether the previously stored key1 is valid. If it is invalid, returns a message “Failed to obtain the desktop connection parameter” to the authentication server S1, and the authentication server S1 transmits the message. Display to the mobile terminal. If the authentication is successful, the desktop connection parameter is transmitted to the authentication server S1, such as a string: --192.168.11.11 1021 key1.

步骤109、认证服务器S1收到登录服务器S2传过来的桌面连接参数后,将字符串--192.168.11.11 1021 key1后,将该字符串和预存的时间t1,地点p1,以及key1生成二维码页面,并将该页面返回给移动终端进行显示。Step 109: After receiving the desktop connection parameter sent by the login server S2, the authentication server S1 generates a two-dimensional code by using the string 192.168.11.11 1021 key1 and the pre-stored time t1, the location p1, and the key1. The page is returned to the mobile terminal for display.

步骤110、移动终端接收用户长按住二维码页面进行扫面展示的二维码的指令后,提取出连接桌面的字符串--192.168.11.11 1021 key1,时间t2,地点p2,将t2、t1和p2、p1进行比较,若时间差超过允许的范围或者地点超过允许的范围,则提示“会话失效,请重新登录”;若时间差未超过允许的范围并且地点未超过允许的范围,则将直接向登录服务器S2发起云桌面请求。Step 110: After receiving the instruction of the user to press and hold the two-dimensional code page to perform the scanning of the two-dimensional code, the mobile terminal extracts the string connecting the desktop--192.168.11.11 1021 key1, time t2, location p2, and t2. T1 is compared with p2 and p1. If the time difference exceeds the allowable range or the location exceeds the allowable range, the message “Session is invalid, please log in again”; if the time difference does not exceed the allowable range and the location does not exceed the allowable range, it will be directly A cloud desktop request is initiated to the login server S2.

步骤111、登录服务器接收到云桌面请求后,把虚拟桌面传给移动终端进行 显示。Step 111: After receiving the cloud desktop request, the login server transmits the virtual desktop to the mobile terminal. display.

实施例二Embodiment 2

本实施例中在外网环境中提供了一种云桌面认证的方法,移动客户端具有采集二维码功能。主要模块功能可分为:移动客户端,网关服务器、认证服务器和桌面登录服务器。In this embodiment, a cloud desktop authentication method is provided in an external network environment, and the mobile client has a function of acquiring a two-dimensional code. The main module functions can be divided into: mobile client, gateway server, authentication server and desktop login server.

步骤201、登录服务器给用户usr2分配虚拟桌面,虚拟桌面名称为win7-2;Step 201: The login server allocates a virtual desktop to the user usr2, and the virtual desktop name is win7-2.

管理员使用管理用户账号登录管理平台,在后台给用户usr2分配虚拟桌面,虚拟桌面名称为win7-2,并且设置用户usr2的密码为passwd2。The administrator uses the administrative user account to log in to the management platform, and assigns a virtual desktop to the user usr2 in the background. The virtual desktop name is win7-2, and the password of the user usr2 is set to passwd2.

步骤202、移动终端启动云桌面登录应用软件,接收用户输入用户名usr2和密码passwd2进行设备的注册和设备的登记,将用户注册信息发送给网关服务器。Step 202: The mobile terminal starts the cloud desktop login application software, and receives the user input user name usr2 and password passwd2 to register the device and register the device, and send the user registration information to the gateway server.

网关服务器接收到移动终端传过来的用户注册信息,转发该用户注册信息到认证服务器S1进行认证。The gateway server receives the user registration information transmitted by the mobile terminal, and forwards the user registration information to the authentication server S1 for authentication.

步骤203、认证服务器S1接收移动终端传递过来的用户注册信息,将用户注册信息中的用户名和设备号进行比较,若设备信息已经绑定用户名,则提示用户“该设备已经注册”。若设备没有注册过,则将用户名usr2,设备名device2存入数据库,同时返回OK给移动终端,移动终端将用户名存入本地。Step 203: The authentication server S1 receives the user registration information transmitted by the mobile terminal, compares the user name and the device number in the user registration information, and if the device information has been bound to the user name, prompts the user “the device has been registered”. If the device is not registered, the user name usr2 and the device name device2 are stored in the database, and OK is returned to the mobile terminal, and the mobile terminal stores the user name locally.

步骤204、移动终端切换到登录界面时,自动向网关服务器发送HTTP请求,并将此请求转发至认证服务器S1进行认证。Step 204: When the mobile terminal switches to the login interface, it automatically sends an HTTP request to the gateway server, and forwards the request to the authentication server S1 for authentication.

步骤205、认证服务器S1接收HTTP请求获取二维码显示页面,HTTP请求中包含用户名usr2和设备信息device2。Step 205: The authentication server S1 receives the HTTP request to obtain a two-dimensional code display page, where the HTTP request includes the user name usr2 and the device information device2.

验证服务器S1在接收到HTTP请求后,会解密出用户名usr2和设备名device2,在已注册的数据库中进行设备和用户名的匹配,匹配失败则返回“该用户未进行设备注册,拒绝登录”信息给网关服务器,并且转发至移动终端显示,匹配成功则会返回成功信息和token2值key2给网关服务器,并且转发至移动终端,同时会将key2传送值登录服务器S2进行保存。After receiving the HTTP request, the verification server S1 decrypts the user name usr2 and the device name device2, and matches the device and the user name in the registered database. If the matching fails, the system returns "The user has not registered the device and refuses to log in". The information is sent to the gateway server and forwarded to the mobile terminal for display. If the matching is successful, the success information and the token2 value key2 are returned to the gateway server, and forwarded to the mobile terminal, and the key2 transmission value is also logged into the server S2 for storage.

步骤206、移动终端接收到key2值后,根据key2将当前设备的时间t1和地点经纬度p1进行加密传送至网关服务器。 Step 206: After receiving the key2 value, the mobile terminal encrypts and transmits the current device time t1 and the location latitude and longitude p1 to the gateway server according to the key2.

步骤207、网关服务器向认证服务器转发该请求,认证服务器收到HTTP请求后,会解密出对应的key2,与预先存的key2进行比较,key2无效则拒绝用户usr2的登录请求,返回“usr2登录失败”信息给网关服务器,并且转发至移动终端显示;key2有效,则将key2带上向登录服务器S2发送请求获取桌面连接参数。Step 207: The gateway server forwards the request to the authentication server. After receiving the HTTP request, the authentication server decrypts the corresponding key2 and compares it with the pre-stored key2. If the key2 is invalid, the login request of the user usr2 is rejected, and the “usr2 login failure” is returned. The information is sent to the gateway server and forwarded to the mobile terminal for display; if key2 is valid, the key2 is sent to the login server S2 to send a request to obtain the desktop connection parameter.

步骤208、登录服务器S2接收到认证服务器的http请求后,比较预先存的key2是否有效,如果无效,则返回“获取桌面连接参数失败”的消息给认证服务器S1,同时认证服务器S1将该消息传送给网关服务器,网管服务器转发至移动终端进行显示。若认证成功,则将字符串信息传送给认证服务器S1,比如字符串:--192.168.11.11 1022 key2。Step 208: After receiving the http request of the authentication server, the login server S2 compares whether the pre-stored key2 is valid. If it is invalid, returns a message “Failed to obtain the desktop connection parameter” to the authentication server S1, and the authentication server S1 transmits the message. To the gateway server, the network management server forwards it to the mobile terminal for display. If the authentication is successful, the string information is transmitted to the authentication server S1, such as a string: --192.168.11.11 1022 key2.

步骤209、认证服务器S1收到登录服务器S2传过来的登录字符串后,将字符串--192.168.11.11 1022 key2和预存的时间t1,地点p1,以及key2生成二维码页面,并将该页面返回给网关服务器,并且转发至移动终端进行显示。Step 209: After receiving the login string transmitted by the login server S2, the authentication server S1 generates a two-dimensional code page by using the string 192.168.11.11 1022 key2 and the pre-stored time t1, the location p1, and the key2, and the page is generated. Return to the gateway server and forward it to the mobile terminal for display.

步骤210、移动终端接收用户长按住二维码页面进行扫面展示的二维码的指令,提取出连接桌面的字符串--192.168.11.11 1022 key2,时间t2,地点p2,将t2、t1和p2、p1进行比较,若时间差超过允许的范围或者地点超过允许的范围则提示“会话失效,请重新登录”;若时间差未超过允许的范围并且地点未超过允许的范围,则将会直接向登录服务器发起请求桌面请求。Step 210: The mobile terminal receives an instruction of the user to press and hold the two-dimensional code page to scan the two-dimensional code, and extracts a string connecting the desktop--192.168.11.11 1022 key2, time t2, location p2, t2, t1 Compare with p2 and p1. If the time difference exceeds the allowable range or the location exceeds the allowable range, the message “Session is invalid, please log in again”; if the time difference does not exceed the allowable range and the location does not exceed the allowable range, it will directly The login server initiates a request for a desktop request.

步骤211、登录服务器接收到网关服务器转发的桌面请求后会把桌面传给移动终端进行显示。Step 211: After receiving the desktop request forwarded by the gateway server, the login server transmits the desktop to the mobile terminal for display.

图7为本公开实施例的一种认证服务器的示意图,如图7所示,本实施例的认证服务器包括:FIG. 7 is a schematic diagram of an authentication server according to an embodiment of the present disclosure. As shown in FIG. 7, the authentication server in this embodiment includes:

验证模块,被配置为接收到终端发送的用户登录请求消息后,对用户信息进行验证;The verification module is configured to: after receiving the user login request message sent by the terminal, verify the user information;

获取模块,被配置为在所述验证模块验证通过后,向登录服务器获取虚拟桌面连接参数;An obtaining module, configured to obtain a virtual desktop connection parameter from the login server after the verification module passes the verification;

生成模块,被配置为根据用户登录信息和所述虚拟桌面连接参数生成二维码的登录页面,将所述二维码的登录页面发送给所述终端。The generating module is configured to generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter, and send the login page of the two-dimensional code to the terminal.

可选地,本实施例的认证服务器还可以包括:存储模块, Optionally, the authentication server in this embodiment may further include: a storage module,

所述验证模块,对用户信息进行验证包括:验证用户为已注册用户时,向所述终端返回具有有效期的第一令牌,并将所述第一令牌发送给所述登录服务器;接收所述终端发送的用户登录信息和第二令牌,验证所述第二令牌是否有效;The verification module, when verifying the user information, includes: when the user is a registered user, returning a first token having a validity period to the terminal, and sending the first token to the login server; Determining whether the second token is valid by using the user login information and the second token sent by the terminal;

所述存储模块,被配置为在所述验证模块,验证所述第二令牌有效时存储所述用户登录信息,所述用户登录信息包括用户登录时间信息和/或用户登录地点信息。The storage module is configured to store the user login information when the verification module verifies that the second token is valid, and the user login information includes user login time information and/or user login location information.

图8为本公开实施例的终端的示意图,如图8所示,本实施例的终端包括:FIG. 8 is a schematic diagram of a terminal according to an embodiment of the present disclosure. As shown in FIG. 8, the terminal in this embodiment includes:

启动模块,被配置为启动登录云桌面应用后,向认证服务器发送用户登录请求消息;The startup module is configured to send a user login request message to the authentication server after the login to the cloud desktop application is started;

接收模块,被配置为接收所述认证服务器发送的二维码的登录页面。The receiving module is configured to receive a login page of the two-dimensional code sent by the authentication server.

可选地,所述启动模块,向认证服务器发送的所述用户登录请求消息携带预存的已注册的用户信息。Optionally, the startup module sends the pre-stored registered user information to the user login request message sent to the authentication server.

可选地,本实施例的终端还可以包括:加密模块,Optionally, the terminal in this embodiment may further include: an encryption module,

所述接收模块,还被配置为接收所述认证服务器发送验证消息,如验证成功,则获取所述验证消息中携带的具有有效期的第一令牌;The receiving module is further configured to receive the verification message sent by the authentication server, and if the verification is successful, obtain the first token with the validity period carried in the verification message;

所述加密模块,被配置为利用所述第一令牌对用户登录信息进行加密,将加密后的用户登录信息和第二令牌发送给所述认证服务器。The encryption module is configured to encrypt the user login information by using the first token, and send the encrypted user login information and the second token to the authentication server.

可选地,本实施例的终端还可以包括:Optionally, the terminal in this embodiment may further include:

解析模块,被配置为接收到解析指令后,解析出所述二维码中的时间信息和/或地点信息;The parsing module is configured to parse the time information and/or the location information in the two-dimensional code after receiving the parsing instruction;

发送模块,被配置为当解析出的所述时间信息和/或地点信息满足指定条件时,向登录服务器发送登录云桌面请求消息。The sending module is configured to send a login cloud desktop request message to the login server when the parsed time information and/or location information meets the specified condition.

图9为本公开实施例的登录服务器的示意图,如图9所示,本实施例的登录服务器包括:FIG. 9 is a schematic diagram of a login server according to an embodiment of the present disclosure. As shown in FIG. 9, the login server of this embodiment includes:

接收模块,被配置为接收认证服务器的获取虚拟桌面连接参数请求消息;a receiving module, configured to receive a virtual desktop connection parameter request message of the authentication server;

发送模块,被配置为将虚拟桌面连接参数信息发送给所述认证服务器。The sending module is configured to send the virtual desktop connection parameter information to the authentication server.

可选地,本实施例的登录服务器还可以包括: Optionally, the login server of this embodiment may further include:

对比模块,将所述获取虚拟桌面连接参数请求消息携带的第二令牌与预存的第一令牌进行对比,如相同,再触发所述发送模块将虚拟桌面连接参数信息发送给所述认证服务器。The comparison module compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and if the same, triggers the sending module to send the virtual desktop connection parameter information to the authentication server. .

可选地,本实施例的登录服务器还可以包括:Optionally, the login server of this embodiment may further include:

推送模块,被配置为接收到终端的登录云桌面请求消息后,将虚拟桌面推送给所述终端。The push module is configured to: after receiving the login cloud desktop request message of the terminal, push the virtual desktop to the terminal.

本公开实施例还提供了一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行上述任一实施例中的方法。Embodiments of the present disclosure also provide a non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of the above embodiments.

本公开实施例还提供了一种电子设备的结构示意图。参见图10,该电子设备包括:The embodiment of the present disclosure further provides a schematic structural diagram of an electronic device. Referring to FIG. 10, the electronic device includes:

至少一个处理器(processor)100,图11中以一个处理器100为例;和存储器(memory)101,还可以包括通信接口(Communications Interface)102和总线103。其中,处理器100、通信接口102、存储器101可以通过总线103完成相互间的通信。通信接口102可以被配置为信息传输。处理器100可以调用存储器101中的逻辑指令,以执行上述实施例的方法。At least one processor 100, which is exemplified by a processor 100 in FIG. 11; and a memory 101, may further include a communication interface 102 and a bus 103. The processor 100, the communication interface 102, and the memory 101 can complete communication with each other through the bus 103. Communication interface 102 can be configured for information transfer. The processor 100 can call logic instructions in the memory 101 to perform the methods of the above-described embodiments.

此外,上述的存储器101中的逻辑指令可以通过软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。In addition, the logic instructions in the memory 101 described above may be implemented in the form of a software functional unit and sold or used as a stand-alone product, and may be stored in a computer readable storage medium.

存储器101作为一种计算机可读存储介质,可被配置为存储软件程序、计算机可执行程序,如本公开实施例中的方法对应的程序指令/模块。处理器100通过运行存储在存储器101中的软件程序、指令以及模块,从而执行功能应用以及数据处理,即实现上述方法实施例中的云桌面认证的方法。The memory 101 is a computer readable storage medium that can be configured to store a software program, a computer executable program, a program instruction/module corresponding to a method in an embodiment of the present disclosure. The processor 100 executes the function application and the data processing by executing the software program, the instruction and the module stored in the memory 101, that is, the method for implementing the cloud desktop authentication in the above method embodiment.

存储器101可包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序;存储数据区可存储根据终端设备的使用所创建的数据等。此外,存储器101可以包括高速随机存取存储器,还可以 包括非易失性存储器。The memory 101 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to usage of the terminal device, and the like. In addition, the memory 101 may include a high speed random access memory, and may also Includes non-volatile memory.

本公开实施例的技术方案可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括一个或多个指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本公开实施例所述方法的全部或部分步骤。而前述的存储介质可以是非暂态存储介质,包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等多种可以存储程序代码的介质,也可以是暂态存储介质。The technical solution of the embodiments of the present disclosure may be embodied in the form of a software product stored in a storage medium, including one or more instructions for causing a computer device (which may be a personal computer, a server, or a network) The device or the like) performs all or part of the steps of the method described in the embodiments of the present disclosure. The foregoing storage medium may be a non-transitory storage medium, including: a USB flash drive, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like. A medium that can store program code, or a transitory storage medium.

本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件(例如处理器)完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的每个模块/单元可以采用硬件的形式实现,例如通过集成电路来实现其相应功能,也可以采用软件功能模块的形式实现,例如通过处理器执行存储于存储器中的程序/指令来实现其相应功能。本公开实施例不限制于任何特定形式的硬件和软件的结合。One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct related hardware, such as a processor, which may be stored in a computer readable storage medium, such as a read only memory, disk or optical disk. Wait. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, being executed by a processor and stored in a memory. Programs/instructions to implement their respective functions. Embodiments of the present disclosure are not limited to any specific form of combination of hardware and software.

虽然本公开实施例所揭露的实施方式如上,但所述的内容仅为便于理解本公开实施例而采用的实施方式,并非用以限定本申请。任何本申请所属领域内的技术人员,在不脱离本公开所揭露的实施例的前提下,可以在实施的形式及细节上进行任何的修改与变化,但本申请的专利保护范围,仍须以所附的权利要求书所界定的范围为准。The embodiments disclosed in the embodiments of the present disclosure are as described above, but are merely used to facilitate the understanding of the embodiments of the present disclosure, and are not intended to limit the present application. Any modifications and changes in the form and details of the embodiments may be made by those skilled in the art without departing from the scope of the disclosure. The scope defined by the appended claims shall prevail.

工业实用性Industrial applicability

本公开实施例提供的云桌面认证的方法、服务器及终端,能够提高云终端身份认证的安全性能,极大地降低了用户信息的泄漏风险。 The method, the server and the terminal for cloud desktop authentication provided by the embodiments of the present disclosure can improve the security performance of the cloud terminal identity authentication, and greatly reduce the risk of leakage of user information.

Claims (28)

一种云桌面认证的方法,包括:A method for cloud desktop authentication, including: 认证服务器响应用户登录请求对用户信息进行验证;The authentication server verifies the user information in response to the user login request; 验证通过后,向登录服务器获取虚拟桌面连接参数信息;After the verification is passed, the virtual desktop connection parameter information is obtained from the login server. 根据用户登录信息和所述虚拟桌面连接参数信息生成二维码的登录页面。Generating a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter information. 如权利要求1所述的方法,其特征在于,The method of claim 1 wherein 所述认证服务器响应用户登录请求对用户信息进行验证包括:认证服务器接收到终端发送的用户登录请求消息后,对用户信息进行验证;The verification of the user information by the authentication server in response to the user login request includes: after the authentication server receives the user login request message sent by the terminal, the user information is verified; 生成所述二维码的登录页面后,还包括:将所述二维码的登录页面发送给所述终端。After the login page of the two-dimensional code is generated, the method further includes: sending a login page of the two-dimensional code to the terminal. 如权利要求2所述的方法,其特征在于:所述对用户信息进行验证包括:The method of claim 2 wherein said verifying user information comprises: 验证用户为已注册用户时,向所述终端返回具有有效期的第一令牌,并将所述第一令牌发送给所述登录服务器;When the user is a registered user, returning a first token with a validity period to the terminal, and sending the first token to the login server; 接收所述终端发送的用户登录信息和第二令牌,验证所述第二令牌有效时,存储所述用户登录信息。Receiving the user login information and the second token sent by the terminal, and verifying that the second token is valid, storing the user login information. 如权利要求2所述的方法,其特征在于:The method of claim 2 wherein: 所述用户登录请求消息携带所述用户登录信息。The user login request message carries the user login information. 如权利要求1至3任一项所述的方法,其特征在于:A method according to any one of claims 1 to 3, characterized in that: 所述用户登录信息包括用户登录时间信息和/或用户登录地点信息。The user login information includes user login time information and/or user login location information. 一种认证服务器,其特征在于,包括:An authentication server, comprising: 验证模块,被配置为响应用户登录请求对用户信息进行验证;a verification module configured to verify user information in response to a user login request; 获取模块,被配置为在所述验证模块验证通过后,向登录服务器获取虚拟桌面连接参数;An obtaining module, configured to obtain a virtual desktop connection parameter from the login server after the verification module passes the verification; 生成模块,被配置为根据用户登录信息和所述虚拟桌面连接参数生成二维码的登录页面。The generating module is configured to generate a login page of the two-dimensional code according to the user login information and the virtual desktop connection parameter. 如权利要求6所述的认证服务器,其特征在于, The authentication server according to claim 6, wherein 所述验证模块,被配置为接收到终端发送的用户登录请求消息后,对用户信息进行验证;The verification module is configured to: after receiving the user login request message sent by the terminal, verify the user information; 所述生成模块,还被配置为将所述二维码的登录页面发送给所述终端。The generating module is further configured to send a login page of the two-dimensional code to the terminal. 如权利要求7所述的认证服务器,其特征在于:还包括存储模块,The authentication server according to claim 7, further comprising a storage module. 所述验证模块,对用户信息进行验证包括:验证用户为已注册用户时,向所述终端返回具有有效期的第一令牌,并将所述第一令牌发送给所述登录服务器;接收所述终端发送的用户登录信息和第二令牌,验证所述第二令牌是否有效;The verification module, when verifying the user information, includes: when the user is a registered user, returning a first token having a validity period to the terminal, and sending the first token to the login server; Determining whether the second token is valid by using the user login information and the second token sent by the terminal; 所述存储模块,被配置为在所述验证模块,验证所述第二令牌有效时存储所述用户登录信息,所述用户登录信息包括用户登录时间信息和/或用户登录地点信息。The storage module is configured to store the user login information when the verification module verifies that the second token is valid, and the user login information includes user login time information and/or user login location information. 一种云桌面认证的方法,包括:A method for cloud desktop authentication, including: 终端根据登录云桌面应用向认证服务器发起用户登录请求;The terminal initiates a user login request to the authentication server according to the login cloud desktop application. 所述终端获取所述认证服务器的二维码的登录页面。The terminal acquires a login page of the two-dimensional code of the authentication server. 如权利要求9所述的方法,其特征在于,The method of claim 9 wherein: 所述终端根据登录云桌面应用向认证服务器发起用户登录请求包括:终端启动登录云桌面应用后,向认证服务器发送用户登录请求消息;And the sending, by the terminal, the user login request to the authentication server according to the login cloud desktop application includes: after the terminal starts to log in to the cloud desktop application, sending, by the terminal, the user login request message to the authentication server; 所述终端获取所述认证服务器的二维码的登录页面包括:所述终端接收所述认证服务器发送的二维码的登录页面。The obtaining, by the terminal, the login page of the two-dimensional code of the authentication server includes: the terminal receiving a login page of the two-dimensional code sent by the authentication server. 如权利要求10所述的方法,其特征在于:The method of claim 10 wherein: 所述用户登录请求消息携带预存的已注册的用户信息。The user login request message carries pre-stored registered user information. 如权利要求10所述的方法,其特征在于:The method of claim 10 wherein: 所述用户登录请求消息携带用户登录信息。The user login request message carries user login information. 如权利要求10所述的方法,其特征在于:所述终端向认证服务器发送用户登录请求消息之后,还包括:The method of claim 10, wherein after the terminal sends the user login request message to the authentication server, the method further includes: 所述终端接收所述认证服务器发送验证消息,如验证成功,则获取所述验证消息中携带的具有有效期的第一令牌; Receiving, by the terminal, the authentication server to send a verification message, if the verification is successful, acquiring a first token with a validity period carried in the verification message; 利用所述第一令牌对用户登录信息进行加密,将加密后的用户登录信息和第二令牌发送给所述认证服务器。The user login information is encrypted by using the first token, and the encrypted user login information and the second token are sent to the authentication server. 如权利要求10至13任一项所述的方法,其特征在于:所述方法还包括:The method according to any one of claims 10 to 13, wherein the method further comprises: 所述终端接收到解析指令后,解析出所述二维码中的时间信息和/或地点信息;After receiving the parsing instruction, the terminal parses time information and/or location information in the two-dimensional code; 当所述时间信息和/或地点信息满足指定条件时,向登录服务器发送登录云桌面请求消息。When the time information and/or the location information meets the specified condition, the login cloud desktop request message is sent to the login server. 一种终端,其特征在于,包括:A terminal, comprising: 启动模块,被配置为根据登录云桌面应用向认证服务器发起用户登录请求;The startup module is configured to initiate a user login request to the authentication server according to the login cloud desktop application; 接收模块,被配置为获取所述认证服务器的二维码的登录页面。The receiving module is configured to acquire a login page of the two-dimensional code of the authentication server. 如权利要求15所述的终端,其特征在于,The terminal of claim 15 wherein: 所述启动模块,被配置为启动登录云桌面应用后,向认证服务器发送用户登录请求消息;The startup module is configured to send a user login request message to the authentication server after the login to the cloud desktop application is started; 所述接收模块,被配置为接收所述认证服务器发送的二维码的登录页面。The receiving module is configured to receive a login page of the two-dimensional code sent by the authentication server. 如权利要求16所述的终端,其特征在于:The terminal of claim 16 wherein: 所述启动模块,向认证服务器发送的所述用户登录请求消息携带预存的已注册的用户信息。The startup module sends the pre-stored registered user information to the user login request message sent to the authentication server. 如权利要求16所述的终端,其特征在于:还包括加密模块,The terminal according to claim 16, further comprising an encryption module, 所述接收模块,还被配置为接收所述认证服务器发送验证消息,如验证成功,则获取所述验证消息中携带的具有有效期的第一令牌;The receiving module is further configured to receive the verification message sent by the authentication server, and if the verification is successful, obtain the first token with the validity period carried in the verification message; 所述加密模块,被配置为利用所述第一令牌对用户登录信息进行加密,将加密后的用户登录信息和第二令牌发送给所述认证服务器。The encryption module is configured to encrypt the user login information by using the first token, and send the encrypted user login information and the second token to the authentication server. 如权利要求16至18任一项所述的终端,其特征在于:还包括:The terminal according to any one of claims 16 to 18, further comprising: 解析模块,被配置为接收到解析指令后,解析出所述二维码中的时间信息和/或地点信息;The parsing module is configured to parse the time information and/or the location information in the two-dimensional code after receiving the parsing instruction; 发送模块,被配置为当解析出的所述时间信息和/或地点信息满足指定条件 时,向登录服务器发送登录云桌面请求消息。a sending module configured to: when the parsed time information and/or location information meets a specified condition The login cloud desktop request message is sent to the login server. 一种云桌面认证的方法,包括:A method for cloud desktop authentication, including: 登录服务器接收认证服务器的获取虚拟桌面连接参数请求消息;The login server receives the virtual desktop connection parameter request message of the authentication server; 将虚拟桌面连接参数信息发送给所述认证服务器。The virtual desktop connection parameter information is sent to the authentication server. 如权利要求20所述的方法,其特征在于:所述登录服务器将虚拟桌面连接参数信息发送给所述认证服务器之前,还包括:The method of claim 20, wherein before the login server sends the virtual desktop connection parameter information to the authentication server, the method further includes: 所述登录服务器将所述获取虚拟桌面连接参数请求消息携带的第二令牌与预存的第一令牌进行对比,如相同,再将虚拟桌面连接参数信息发送给所述认证服务器。The login server compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and sends the virtual desktop connection parameter information to the authentication server. 如权利要求20或21所述的方法,其特征在于:所述登录服务器将虚拟桌面连接参数信息发送给所述认证服务器之后,还包括:The method of claim 20 or 21, wherein after the login server sends the virtual desktop connection parameter information to the authentication server, the method further includes: 所述登录服务器接收到终端的登录云桌面请求消息后,将虚拟桌面推送给所述终端。After receiving the login cloud desktop request message of the terminal, the login server pushes the virtual desktop to the terminal. 一种登录服务器,其特征在于,包括:A login server, comprising: 接收模块,被配置为接收认证服务器的获取虚拟桌面连接参数请求消息;a receiving module, configured to receive a virtual desktop connection parameter request message of the authentication server; 发送模块,被配置为将虚拟桌面连接参数信息发送给所述认证服务器。The sending module is configured to send the virtual desktop connection parameter information to the authentication server. 如权利要求23所述的登录服务器,其特征在于:还包括:The login server of claim 23, further comprising: 对比模块,将所述获取虚拟桌面连接参数请求消息携带的第二令牌与预存的第一令牌进行对比,如相同,再触发所述发送模块将虚拟桌面连接参数信息发送给所述认证服务器。The comparison module compares the second token carried in the obtaining the virtual desktop connection parameter request message with the pre-stored first token, and if the same, triggers the sending module to send the virtual desktop connection parameter information to the authentication server. . 如权利要求24或25所述的登录服务器,其特征在于:还包括:The login server according to claim 24 or 25, further comprising: 推送模块,被配置为接收到终端的登录云桌面请求消息后,将虚拟桌面推送给所述终端。The push module is configured to: after receiving the login cloud desktop request message of the terminal, push the virtual desktop to the terminal. 一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求1-5中任一项的方法。A non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of claims 1-5. 一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求9-14中任一项的方法。 A non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any of claims 9-14. 一种非暂态计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令设置为执行权利要求20-22中任一项的方法。 A non-transitory computer readable storage medium storing computer executable instructions arranged to perform the method of any one of claims 20-22.
PCT/CN2017/080697 2016-04-29 2017-04-17 Method, server, and terminal for cloud desktop authentication WO2017186005A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610283279.8A CN107332808B (en) 2016-04-29 2016-04-29 A method, server and terminal for cloud desktop authentication
CN201610283279.8 2016-04-29

Publications (1)

Publication Number Publication Date
WO2017186005A1 true WO2017186005A1 (en) 2017-11-02

Family

ID=60160723

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/080697 WO2017186005A1 (en) 2016-04-29 2017-04-17 Method, server, and terminal for cloud desktop authentication

Country Status (2)

Country Link
CN (1) CN107332808B (en)
WO (1) WO2017186005A1 (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632387A (en) * 2018-05-15 2018-10-09 网易(杭州)网络有限公司 Generate the method, apparatus and terminal of game reservation message
CN109783357A (en) * 2018-12-14 2019-05-21 深圳壹账通智能科技有限公司 The method and device of test application program, computer equipment, storage medium
CN111310140A (en) * 2020-02-05 2020-06-19 Tcl移动通信科技(宁波)有限公司 Application login authentication method, electronic equipment, mobile terminal and storage medium
CN111460423A (en) * 2020-03-03 2020-07-28 深圳市思迪信息技术股份有限公司 Two-dimensional code scanning login method and device
CN113094438A (en) * 2021-04-19 2021-07-09 沈阳展威电力科技有限公司 Internal and external network data isolation and transmission method based on two-dimensional code image recognition technology
CN113407448A (en) * 2021-06-18 2021-09-17 杭州遥望网络科技有限公司 Grafana function control method and device, electronic equipment and medium
CN114143114A (en) * 2022-01-12 2022-03-04 福建省海峡信息技术有限公司 Network security communication method based on intelligent terminal
CN114244548A (en) * 2021-04-12 2022-03-25 无锡江南计算技术研究所 Cloud IDE-oriented dynamic scheduling and user authentication method
CN114567510A (en) * 2022-03-21 2022-05-31 上海商汤智能科技有限公司 Login authentication method, device, equipment and storage medium
CN114615329A (en) * 2022-03-08 2022-06-10 北京从云科技有限公司 Method and system for realizing SDP architecture without client
CN114913299A (en) * 2022-05-30 2022-08-16 西安雷风电子科技有限公司 Map data processing method, system and device
CN114979235A (en) * 2022-04-22 2022-08-30 福建升腾资讯有限公司 Cloud desktop data sharing method and server
CN115278559A (en) * 2022-07-29 2022-11-01 上海千随信息技术有限公司 Information promotion method, device, system and storage medium based on near field communication
CN117215710A (en) * 2023-11-07 2023-12-12 江西联创精密机电有限公司 Cloud desktop training seat control method and device, storage medium and electronic equipment
CN117579674A (en) * 2024-01-17 2024-02-20 之江实验室 Remote control system and method
CN119299237A (en) * 2024-12-12 2025-01-10 方圆标志认证集团有限公司 A cloud platform-based authentication system and method

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107911363A (en) * 2017-11-14 2018-04-13 福建中金在线信息科技有限公司 User information store method, device and server
CN109873805B (en) * 2019-01-02 2021-06-25 平安科技(深圳)有限公司 Cloud desktop login method, device, device and storage medium based on cloud security
CN110191158A (en) * 2019-05-09 2019-08-30 厦门网宿有限公司 A kind of cloud desktop services method and system
CN110532752A (en) * 2019-09-03 2019-12-03 山东超越数控电子股份有限公司 A kind of method, equipment and readable medium logging in cloud desktop system
CN111193776B (en) * 2019-12-11 2022-02-25 福建升腾资讯有限公司 Method, device, equipment and medium for automatically logging in client under cloud desktop environment
CN111585745A (en) * 2020-07-07 2020-08-25 珠海雷特科技股份有限公司 Method for accessing intelligent household control panel to network and intelligent household system
CN114091002A (en) * 2020-08-24 2022-02-25 中兴通讯股份有限公司 Cloud desktop access authentication method, electronic device and computer-readable storage medium
CN114442872B (en) * 2020-10-19 2023-10-27 聚好看科技股份有限公司 Layout and interaction method of virtual user interface and three-dimensional display equipment
CN112291269B (en) * 2020-11-30 2023-03-03 南方电网科学研究院有限责任公司 Cloud desktop authentication method and device, electronic equipment and readable storage medium
CN112748831A (en) * 2020-12-23 2021-05-04 湖南麒麟信安科技股份有限公司 Method, device and medium for opening virtual application through desktop shortcut
CN112948800B (en) * 2021-02-26 2024-04-12 北京北大千方科技有限公司 Two-dimensional code log-in annunciator management platform method, device, equipment and medium
CN113010822A (en) * 2021-04-21 2021-06-22 上海交通大学 Information processing method, server and electronic equipment
CN113709113A (en) * 2021-08-03 2021-11-26 中国大唐集团科学技术研究总院有限公司 Cloud desktop security and credibility authentication method based on three-terminal separation design
CN117676772A (en) * 2022-08-29 2024-03-08 中兴通讯股份有限公司 Cloud desktop access method, electronic equipment and computer readable medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130347071A1 (en) * 2011-03-10 2013-12-26 Orange Method and system for granting access to a secured website
CN104618402A (en) * 2015-03-10 2015-05-13 四川省宁潮科技有限公司 Out-of-band authentication-based virtual desktop cloud connecting method
CN105162774A (en) * 2015-08-05 2015-12-16 深圳市方迪科技股份有限公司 Virtual machine login method, virtual machine login method and device for terminal
CN105162775A (en) * 2015-08-05 2015-12-16 深圳市方迪科技股份有限公司 Logging method and device of virtual machine

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8812687B2 (en) * 2011-09-15 2014-08-19 Microsoft Corporation Managing user state of cloud desktops
CN103067371A (en) * 2012-12-24 2013-04-24 广州杰赛科技股份有限公司 Cloud terminal identity authentication method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130347071A1 (en) * 2011-03-10 2013-12-26 Orange Method and system for granting access to a secured website
CN104618402A (en) * 2015-03-10 2015-05-13 四川省宁潮科技有限公司 Out-of-band authentication-based virtual desktop cloud connecting method
CN105162774A (en) * 2015-08-05 2015-12-16 深圳市方迪科技股份有限公司 Virtual machine login method, virtual machine login method and device for terminal
CN105162775A (en) * 2015-08-05 2015-12-16 深圳市方迪科技股份有限公司 Logging method and device of virtual machine

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632387A (en) * 2018-05-15 2018-10-09 网易(杭州)网络有限公司 Generate the method, apparatus and terminal of game reservation message
CN108632387B (en) * 2018-05-15 2021-11-23 网易(杭州)网络有限公司 Method, device and terminal for generating game reservation message
CN109783357A (en) * 2018-12-14 2019-05-21 深圳壹账通智能科技有限公司 The method and device of test application program, computer equipment, storage medium
CN111310140A (en) * 2020-02-05 2020-06-19 Tcl移动通信科技(宁波)有限公司 Application login authentication method, electronic equipment, mobile terminal and storage medium
CN111460423A (en) * 2020-03-03 2020-07-28 深圳市思迪信息技术股份有限公司 Two-dimensional code scanning login method and device
CN114244548B (en) * 2021-04-12 2023-10-13 无锡江南计算技术研究所 Cloud IDE-oriented dynamic scheduling and user authentication method
CN114244548A (en) * 2021-04-12 2022-03-25 无锡江南计算技术研究所 Cloud IDE-oriented dynamic scheduling and user authentication method
CN113094438A (en) * 2021-04-19 2021-07-09 沈阳展威电力科技有限公司 Internal and external network data isolation and transmission method based on two-dimensional code image recognition technology
CN113094438B (en) * 2021-04-19 2023-10-27 沈阳展威电力科技有限公司 Internal and external network data isolation and transmission method based on two-dimensional code image recognition technology
CN113407448A (en) * 2021-06-18 2021-09-17 杭州遥望网络科技有限公司 Grafana function control method and device, electronic equipment and medium
CN114143114A (en) * 2022-01-12 2022-03-04 福建省海峡信息技术有限公司 Network security communication method based on intelligent terminal
CN114615329A (en) * 2022-03-08 2022-06-10 北京从云科技有限公司 Method and system for realizing SDP architecture without client
CN114567510A (en) * 2022-03-21 2022-05-31 上海商汤智能科技有限公司 Login authentication method, device, equipment and storage medium
CN114979235A (en) * 2022-04-22 2022-08-30 福建升腾资讯有限公司 Cloud desktop data sharing method and server
CN114979235B (en) * 2022-04-22 2024-01-30 福建升腾资讯有限公司 Cloud desktop data sharing-based method and server
CN114913299A (en) * 2022-05-30 2022-08-16 西安雷风电子科技有限公司 Map data processing method, system and device
CN115278559A (en) * 2022-07-29 2022-11-01 上海千随信息技术有限公司 Information promotion method, device, system and storage medium based on near field communication
CN117215710A (en) * 2023-11-07 2023-12-12 江西联创精密机电有限公司 Cloud desktop training seat control method and device, storage medium and electronic equipment
CN117215710B (en) * 2023-11-07 2024-01-26 江西联创精密机电有限公司 Cloud desktop training seat control method and device, storage medium and electronic equipment
CN117579674A (en) * 2024-01-17 2024-02-20 之江实验室 Remote control system and method
CN117579674B (en) * 2024-01-17 2024-03-15 之江实验室 A remote control system and method
CN119299237A (en) * 2024-12-12 2025-01-10 方圆标志认证集团有限公司 A cloud platform-based authentication system and method

Also Published As

Publication number Publication date
CN107332808B (en) 2021-06-29
CN107332808A (en) 2017-11-07

Similar Documents

Publication Publication Date Title
WO2017186005A1 (en) Method, server, and terminal for cloud desktop authentication
US11323441B2 (en) System and method for proxying federated authentication protocols
CN108092776B (en) System based on identity authentication server and identity authentication token
US10530582B2 (en) Method and device for information system access authentication
US11539690B2 (en) Authentication system, authentication method, and application providing method
US10637650B2 (en) Active authentication session transfer
WO2018145605A1 (en) Authentication method and server, and access control device
WO2020140407A1 (en) Cloud security-based cloud desktop login method, device, equipment and storage medium
TW201706900A (en) Method and device for authentication using dynamic passwords
WO2015130700A1 (en) Security object creation, validation, and assertion for single sign on authentication
CN103906052B (en) A kind of mobile terminal authentication method, Operational Visit method and apparatus
JP5489775B2 (en) Secret key sharing system, method, data processing apparatus, management server, and program
KR102137122B1 (en) Security check method, device, terminal and server
US20150039884A1 (en) Secure Configuration of Authentication Servers
CN104580256A (en) Method and device for logging in through user equipment and verifying user's identity
US12041173B2 (en) Whitelisting clients accessing resources via a secure web gateway with time-based one time passwords for authentication
CN113852681B (en) Gateway authentication method and device and security gateway equipment
TW201638822A (en) Process identity authentication method and device
CN106796630A (en) User authentication
CN105471885A (en) Remote server based on VPN connection and login method thereof
CN111327629A (en) Identity verification method, client and server
US12107956B2 (en) Information processing device, information processing method, and non-transitory computer readable storage medium
CN108809927B (en) Identity authentication method and device
KR20180034199A (en) Unified login method and system based on single sign on service
CN104540136B (en) A kind of method and system logging in WLAN

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17788657

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17788657

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载