[go: up one dir, main page]

CN106130864B - A VPN-based private cloud access method and device - Google Patents

A VPN-based private cloud access method and device Download PDF

Info

Publication number
CN106130864B
CN106130864B CN201610530553.7A CN201610530553A CN106130864B CN 106130864 B CN106130864 B CN 106130864B CN 201610530553 A CN201610530553 A CN 201610530553A CN 106130864 B CN106130864 B CN 106130864B
Authority
CN
China
Prior art keywords
vpn
account
password
private
private cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610530553.7A
Other languages
Chinese (zh)
Other versions
CN106130864A (en
Inventor
李祉岐
孙磊
李�杰
苏国华
金成明
赵永彬
吴舜
来骥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Guodiantong Network Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Liaoning Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Beijing Guodiantong Network Technology Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Liaoning Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, Beijing Guodiantong Network Technology Co Ltd, Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Liaoning Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201610530553.7A priority Critical patent/CN106130864B/en
Publication of CN106130864A publication Critical patent/CN106130864A/en
Application granted granted Critical
Publication of CN106130864B publication Critical patent/CN106130864B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of private clound cut-in method and device based on VPN, comprising: get client to the logging request of private clound, parse the logging request and obtain private clound account, private clound password and private key;It generates and the matched VPN account of the private clound account and VPN password;Authentication is executed using the VPN account, VPN password and private key;If establishing the connection of the client Yu privately owned Cloud Server by VPN by authentication;Use the private clound account and private clound password login to the privately owned Cloud Server.Make user when by vpn server using cloud service by the above method and device, it is only necessary to input private clound account and private clound password, VPN login can be automatically performed by vpn server, simplifies the operation of login;On the other hand, method provided in this embodiment does not need user and saves private key in advance, but sends newest private key to client by vpn server in logon attempt private clound, avoids the problems such as private key is lost.

Description

A kind of private clound cut-in method and device based on VPN
Technical field
The present invention relates to fields of communication technology, particularly relate to a kind of private clound cut-in method and device based on VPN.
Background technique
When client and privately owned Cloud Server be not in a network segment, it is necessary to by vpn server in client A designated lane is established between privately owned Cloud Server, reaches the mesh that client logs in virtual desktop in privately owned Cloud Server 's.Data are encrypted by VPN simultaneously, guarantee the safety of virtual desktop.Vpn server is needed to configure in the process IP and port numbers, VPN account and VPN password, private key etc., after ensuring VPN successful connection, could input private clound account Virtual desktop is logged in after private clound password.
Private key is the key message for VPN decryption, and private key is generated by vpn server, and by way of file copy Copy this document to client in advance.In the implementation of the present invention, it is following to have found that the prior art at least exists by inventor Problem: it first, private key is terminable, and needs to copy private key into all clients to, is not only not easy to configuration and may be used also Private key can be caused expired;Second, user needs to input VPN account, VPN when logging in privately owned Cloud Server by vpn server Password login will also input private clound account, private clound password login to virtual desktop, memory and input two to vpn server Set account number cipher is inconvenient.
Summary of the invention
In view of this, it is an object of the invention to propose a kind of private clound cut-in method and device based on VPN, to reality Now simplify user's operation by way of changing logging in VPN server, while avoiding private key expired.
Based on a kind of above-mentioned purpose private clound cut-in method based on VPN provided in an embodiment of the present invention, comprising:
Client is got to the logging request of private clound, the logging request is parsed and obtains private clound account, private clound Password and private key;
It generates and the matched VPN account of the private clound account and VPN password;
Authentication is executed using the VPN account, VPN password and private key;If being established by authentication by VPN The connection of the client and privately owned Cloud Server;
Use the private clound account and private clound password login to the privately owned Cloud Server.
In some alternative embodiments, described to execute authentication, tool using the VPN account, VPN password and private key Body includes:
The private clound account and the private clound password are kept in;
When needing to verify, uses the private clound account as VPN account, use the private clound password close as VPN Code carries out authentication.
In some alternative embodiments, the matching relationship of VPN account and VPN password is preset;The generation and the private There are the matched VPN account of cloud account and VPN password, specifically include:
The private clound account is kept in;
Using the private clound account as VPN account;
It searches and the matched VPN password of the VPN account.
In some alternative embodiments, described to execute authentication, tool using the VPN account, VPN password and private key Body includes:
It verifies the VPN account and whether the VPN password is correct;
If it is determined that the VPN account and the VPN password bad, send authentication failed message to client.
In some alternative embodiments, the method also includes:
If it is determined that the VPN account and the VPN password are correct, whether expired the private key is further verified;
If it is determined that the private key is expired, authentication failed message and newest private key are sent to client;
The private key that client is sent is obtained, whether expired verifies the private key.
Based on a kind of above-mentioned purpose private clound access device based on VPN provided in an embodiment of the present invention, comprising:
Communication unit, for obtaining client to the logging request of private clound;
Account number cipher generation unit parses the logging request for getting client to the logging request of private clound Obtain private clound account, private clound password and private key;It generates and the matched VPN account of the private clound account and VPN password;
Identification authenticating unit, for executing authentication using the VPN account, VPN password and private key;If passing through identity Verifying, the connection of the client Yu privately owned Cloud Server is established by VPN;
Unit is logged in, for using the private clound account and private clound password login to the privately owned Cloud Server.
In some alternative embodiments, the identification authenticating unit is used for the private clound account and the private clound Password is temporary;When needing to verify, uses the private clound account as VPN account, use the private clound password close as VPN Code carries out authentication.
In some alternative embodiments, the matching relationship of VPN account and VPN password is preset;The account number cipher generates Unit is for keeping in the private clound account;Using the private clound account as VPN account;It searches and the VPN account The VPN password matched.
In some alternative embodiments, the identification authenticating unit is for verifying the VPN account and the VPN password It is whether correct;If it is determined that the VPN account and the VPN password bad, send authentication failed message to client.
In some alternative embodiments, the identification authenticating unit is used to determine that the VPN account and the VPN are close After code is correct, whether expired the private key is further verified;If it is determined that the private key is expired, the communication unit is used for client End sends authentication failed message and newest code key, obtains the key that client is sent, and the identification authenticating unit is also used to verify Whether the key is expired.
From the above it can be seen that a kind of private clound cut-in method and dress based on VPN disclosed by the embodiments of the present invention Setting makes user when by vpn server using cloud service, it is only necessary to input private clound account and private clound password, Ji Keyou Vpn server is automatically performed VPN login, and user simplifies the operation of login without remembering VPN account and password;Another party Face, method provided in this embodiment do not need user and save private key in advance, but in logon attempt private clound by vpn server Newest private key is sent to client, avoids the problems such as private key is lost.
Detailed description of the invention
Fig. 1 is a kind of flow diagram of the embodiment of the private clound cut-in method based on VPN provided by the invention;
Fig. 2 is that a kind of process of some alternative embodiments of the private clound cut-in method based on VPN provided by the invention is shown It is intended to;
Fig. 3 is that a kind of process of some alternative embodiments of the private clound cut-in method based on VPN provided by the invention is shown It is intended to;
Fig. 4 is that a kind of process of some alternative embodiments of the private clound cut-in method based on VPN provided by the invention is shown It is intended to;
Fig. 5 is that a kind of process of some alternative embodiments of the private clound cut-in method based on VPN provided by the invention is shown It is intended to;
Fig. 6 is a kind of module map of the embodiment of the private clound access device based on VPN provided by the invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with specific embodiment, and reference Attached drawing, the present invention is described in more detail.
It should be noted that all statements for using " first " and " second " are for differentiation two in the embodiment of the present invention The non-equal entity of a same names or non-equal parameter, it is seen that " first " " second " only for the convenience of statement, does not answer It is interpreted as the restriction to the embodiment of the present invention, subsequent embodiment no longer illustrates this one by one.
Fig. 1 is a kind of flow diagram of the embodiment of the private clound cut-in method based on VPN provided by the invention.Such as figure Shown, one aspect of the present invention discloses a kind of embodiment of private clound cut-in method based on VPN, is suitable for VPN and services Device, comprising:
S10 gets client to the logging request of private clound, parses the logging request and obtain private clound account, private There are cloud password and private key.
Private clound account, private clound password and the code key inputted comprising user in client in the logging request.It is described Code key is pre-generated by vpn server, and after receiving the logging request of client transmission, vpn server is by newest private key It is sent to client, and is logged in using the VPN after private key participation.
S11 is generated and the matched VPN account of the private clound account and VPN password.
The specific VPN account and the method for VPN password of generating can be according to pre-set matching rule, choose with it is described The VPN account and VPN password that private clound account matches;It can also be according to pre-set matching rule, from pre-set Available VPN account is chosen in VPN account library, and obtains the VPN account and VPN password.It in an alternate embodiment of the invention, can be with Directly set private clound account for VPN account, thus without further obtaining other VPN account, save retrieval and The time matched further it is identical as the private clound password can also to set VPN password to, in this way in logging in VPN server When can directly be logged in using the private clound account and private clound password.
S12 executes authentication using the VPN account, VPN password and private key;If passing through VPN by authentication Establish the connection of the client Yu privately owned Cloud Server.
S13 uses the private clound account and private clound password login to the privately owned Cloud Server.
In the optional embodiment of the present embodiment, safeguard that a record has private clound account, private clound in vpn server Password, and matched VPN password is distinguished with the matched whole VPN account of the private clound account and with each VPN account Log in matching list.After getting the logging request of user, first verify that private clound account in logging request and private clound are close Whether code matches, if it is determined that matching, further searches the VPN to match with the private clound account from the login matching list Account and VPN password carry out the login of VPN service.
The method provided through this embodiment, user is when using cloud service by vpn server, it is only necessary to input privately owned Cloud account and private clound password can be automatically performed VPN login by vpn server, and user is without remembering VPN account and close Code, simplifies the operation of login;On the other hand, method provided in this embodiment does not need user and saves private key in advance, but Newest private key is sent to client by vpn server when logon attempt private clound, avoids the problems such as private key is lost.
Another aspect of the present invention discloses a kind of alternative embodiment of private clound cut-in method based on VPN, comprising:
S10 gets client to the logging request of private clound, parses the logging request and obtain private clound account, private There are cloud password and private key.
S11 is generated and the matched VPN account of the private clound account and VPN password.
S12 executes authentication using the VPN account, VPN password and private key;If passing through VPN by authentication Establish the connection of the client Yu privately owned Cloud Server.
S13 uses the private clound account and private clound password login to the privately owned Cloud Server.
Wherein, step S12 executes authentication using the VPN account, VPN password and private key, specifically includes:
S20 keeps in the private clound account and the private clound password.
S21 when needing to verify, uses the private clound account as VPN account, use the private clound password as VPN password carries out authentication.
The present embodiment further discloses the step of logging in VPN service.After receiving the logging request of client transmission, The private clound account for including in logging request and private clound password are kept in, and use private clound account as VPN account, The private clound password is used to carry out authentication in vpn server as VPN password, that is to say, that in advance by vpn server Login account password be set as identical as the login account password of privately owned Cloud Server, so as to by privately owned Cloud Server from The dynamic login for completing VPN service simplifies operation without the manual logging in VPN server of user.
Another aspect of the present invention discloses a kind of alternative embodiment of private clound cut-in method based on VPN, comprising:
S10 gets client to the logging request of private clound, parses the logging request and obtain private clound account, private There are cloud password and private key.
S11 is generated and the matched VPN account of the private clound account and VPN password.
S12 executes authentication using the VPN account, VPN password and private key;If passing through VPN by authentication Establish the connection of the client Yu privately owned Cloud Server.
S13 uses the private clound account and private clound password login to the privately owned Cloud Server.
The matching relationship of default VPN account and VPN password;Step S11 is generated and the matched VPN of private clound account Account and VPN password, specifically include:
S30 keeps in the private clound account.
S31, using the private clound account as VPN account.
S32 is searched and the matched VPN password of the VPN account.
In the present embodiment, VPN account and VPN password and the matching relationship of the two are stored in advance in vpn server;When right When account number cipher is verified, inspection is executed using the matching relationship of the VPN account and VPN password;It similarly, can also root It is searched and the matched VPN password of VPN account according to the matching relationship.VPN password and the private clound password in the present embodiment Can be different, even if so the private clound account and password loss of user, VPN password will not be exposed, be further increased Safety.
Another aspect of the present invention discloses a kind of alternative embodiment of private clound cut-in method based on VPN, comprising:
S10 gets client to the logging request of private clound, parses the logging request and obtain private clound account, private There are cloud password and private key.
S11 is generated and the matched VPN account of the private clound account and VPN password.
S12 executes authentication using the VPN account, VPN password and private key;If passing through VPN by authentication Establish the connection of the client Yu privately owned Cloud Server.
S13 uses the private clound account and private clound password login to the privately owned Cloud Server.
Step S12 executes authentication using the VPN account, VPN password and private key, specifically includes:
S40, verifies the VPN account and whether the VPN password is correct.
S41, if it is determined that the VPN account and the VPN password bad, send authentication failed message to client.
The present embodiment first verifies that whether VPN account, VPN password are correct, so when carrying out the authentication of VPN service Private key is further verified again in the next steps afterwards.The reason of being arranged in this way is, since private key is to get user Logging request rear line send, therefore the timeliness of private key is very strong, the expired probability of private key is relatively low, so verifying Shi Xiangying has lower priority;But it is also not excluded under some cases, such as system mistake or other people illegal operations are led Cause private key expired or can not be with public key match, this just needs subsequent further to verify private key.
Another aspect of the present invention discloses a kind of alternative embodiment of private clound cut-in method based on VPN, comprising:
S10 gets client to the logging request of private clound, parses the logging request and obtain private clound account, private There are cloud password and private key.
S11 is generated and the matched VPN account of the private clound account and VPN password.
S12 executes authentication using the VPN account, VPN password and private key;If passing through VPN by authentication Establish the connection of the client Yu privately owned Cloud Server.
S13 uses the private clound account and private clound password login to the privately owned Cloud Server.
In the present embodiment, step S12 executes authentication using the VPN account, VPN password and private key, specific to wrap It includes:
Whether expired S50 further verifies the private key if it is determined that the VPN account and the VPN password are correct.
S51 sends authentication failed message and newest private key to client if it is determined that the private key is expired.
The present embodiment, in addition to sending corresponding authentication failed message to client, notifies client after determining that private key is expired Except this event of private key authentication failed, newest private key is also re-transmitted to client.Client is receiving described test After demonstrate,proving failed message and newest private key, the newest private key that can be transmitted and received again to vpn server is carried out for vpn server Verifying.
S52 obtains the private key that client is sent, whether expired verifies the private key.
After the private key for receiving client transmission again, execute verifying judges whether the private key is expired.Generally go through step After the processing of rapid S51, the timeliness for guaranteeing private key is had been able to.But for some special circumstances, still there may be private keys Expired problem, therefore the timeliness of private key is verified again in step S52.
Optionally, in some optional embodiments of the present embodiment, further includes:
S53 sends false alarm to client if the private key that verifying client is sent again is still expired.
It has mentioned above, if the expired problem of private key still occurs, then substantially after processing a series of in this way It can determine and special problem such as system mistake, network error or other people illegally interferences has occurred, need to alert user's note Meaning, prevents from causing unknown losses.
In order to be further illustrated to the concrete application of above-described embodiment, below by specific implementation scene to above-mentioned reality Example is applied to further explain:
User is throughout the year on business trips, it is desirable to which accessible private clound at any time, work asynchronously data.When user passes through public network When network accesses private clound, due to safety concerns, need to be connected to private clound by vpn server;In first scene, specifically Login step include:
(1) user enters cloud disk service login interface by client, passes through the link of cloud disk service login interface first Private key is downloaded, private clound account and private clound password are then inputted, clicks login button;Client is sent out to vpn server first It send comprising private clound account, the logging request of private clound password and private key.
(2) after vpn server receives the logging request, use the private clound account as VPN account, use institute Private clound password is stated as VPN password, and it is expired to determine that the private key does not have, for user's logging in VPN service.
(3) after the success of VPN service login, vpn server sends the message that VPN is logined successfully to client, establishes client VPN connection between end and privately owned Cloud Server.
(4) the private clound account and the privately owned Cloud Server of private clound password login are used, to client after logining successfully Send the message that cloud service logins successfully.
(5) client is transferred to private clound interface after getting the message that cloud service logins successfully.
In second scenario, the network environment that user uses is unstable, there is a problem in login process, specifically Login step includes:
(1) user enters cloud disk service login interface by client, passes through the link of cloud disk service login interface first Private key is downloaded, private clound account and private clound password are then inputted, clicks login button;Client is sent out to vpn server first Send include private clound account, private clound password and private key logging request.But since network is not sufficiently stable, can not establish The connection of client and vpn server, user abandon this login process.
(2) when every two days, user again attempts to log in, but without obtaining new private key.Vpn server uses the private There is cloud account as VPN account, uses the private clound password as VPN password by further verifying after VPN service verification The private key timeliness determines that private key is expired, sends the expired message of private key to client.
(3) after user receives the expired message of private key, private key is downloaded in the link for clicking cloud disk service login interface, again Click login button.
(4) after vpn server receives the logging request, use the private clound account as VPN account, use institute Private clound password is stated as VPN password, and it is expired to determine that the private key does not have, for user's logging in VPN service.
(5) the private clound account and the privately owned Cloud Server of private clound password login are used, to client after logining successfully Send the message that cloud service logins successfully.
(6) client is transferred to private clound interface after getting the message that cloud service logins successfully.
An additional aspect of the present invention discloses a kind of embodiment of private clound access device based on VPN, comprising:
Communication unit 60, for obtaining client to the logging request of private clound;
Account number cipher generation unit 61 parses the login and asks for getting client to the logging request of private clound It asks and obtains private clound account, private clound password and private key;It generates and the matched VPN account of the private clound account and VPN password;
Identification authenticating unit 62, for executing authentication using the VPN account, VPN password and private key;If passing through body Part verifying, the connection of the client Yu privately owned Cloud Server is established by VPN;
Unit 63 is logged in, for using the private clound account and private clound password login to the privately owned Cloud Server.
The device provided through this embodiment, user is when using cloud service by vpn server, it is only necessary to input privately owned Cloud account and private clound password can be automatically performed VPN login by vpn server, and user is without remembering VPN account and close Code, simplifies the operation of login;On the other hand, device provided in this embodiment does not need user and saves private key in advance, but Newest private key is sent to client by vpn server when logon attempt private clound, avoids the problems such as private key is lost.
In some alternative embodiments, the identification authenticating unit 62 is used for the private clound account and described privately owned Cloud password is temporary;When needing to verify, uses the private clound account as VPN account, use the private clound password as VPN Password carries out authentication.
In some alternative embodiments, the matching relationship of VPN account and VPN password is preset;The account number cipher generates Unit 61 is for keeping in the private clound account;Using the private clound account as VPN account;It searches and the VPN account Matched VPN password.
In some alternative embodiments, the identification authenticating unit 62 is used to verify the VPN account and the VPN is close Whether code is correct;If it is determined that the VPN account and the VPN password bad, send authentication failed message to client.
In some alternative embodiments, the identification authenticating unit 62 is used to determine the VPN account and the VPN After password is correct, whether expired the private key is further verified;If it is determined that the private key is expired, the communication unit 60 be used for Client sends authentication failed message and newest code key, obtains the key that client is sent, and the identification authenticating unit 62 is also used In verifying, whether the key is expired.
It should be understood by those ordinary skilled in the art that: the discussion of any of the above embodiment is exemplary only, not It is intended to imply that the scope of the present disclosure (including claim) is limited to these examples;Under thinking of the invention, above embodiments Or can also be combined between the technical characteristic in different embodiments, step can be realized with random order, and be existed such as Many other variations of the upper different aspect of the invention, for simplicity, they are not provided in details.
In addition, to simplify explanation and discussing, and in order not to obscure the invention, it can in provided attached drawing It is connect with showing or can not show with the well known power ground of integrated circuit (IC) chip and other components.Furthermore, it is possible to Device is shown in block diagram form, to avoid obscuring the invention, and this has also contemplated following facts, i.e., about this The details of the embodiment of a little block diagram arrangements be height depend on will implementing platform of the invention (that is, these details should It is completely within the scope of the understanding of those skilled in the art).Elaborating that detail (for example, circuit) is of the invention to describe In the case where exemplary embodiment, it will be apparent to those skilled in the art that can be in these no details In the case where or implement the present invention in the case that these details change.Therefore, these descriptions should be considered as explanation Property rather than it is restrictive.
Although having been incorporated with specific embodiments of the present invention, invention has been described, according to retouching for front It states, many replacements of these embodiments, modifications and variations will be apparent for those of ordinary skills.Example Such as, discussed embodiment can be used in other memory architectures (for example, dynamic ram (DRAM)).
The embodiment of the present invention be intended to cover fall into all such replacements within the broad range of appended claims, Modifications and variations.Therefore, all within the spirits and principles of the present invention, any omission, modification, equivalent replacement, the improvement made Deng should all be included in the protection scope of the present invention.

Claims (10)

1.一种基于VPN的私有云接入方法,其特征在于,包括:1. a VPN-based private cloud access method is characterized in that, comprising: 获取到客户端对私有云的登录请求,解析所述登录请求获取私有云账号、私有云密码和私钥;Obtain the login request of the client to the private cloud, and parse the login request to obtain the private cloud account, private cloud password and private key; 生成与所述私有云账号匹配的VPN账号和VPN密码;generating a VPN account and VPN password matching the private cloud account; 使用所述VPN账号、VPN密码和私钥执行身份验证;若通过身份验证,通过VPN建立所述客户端与私有云的连接;Use the VPN account number, VPN password and private key to perform authentication; if the authentication is passed, establish the connection between the client and the private cloud through VPN; 使用所述私有云账号和私有云密码登录至所述私有云。Log in to the private cloud using the private cloud account and private cloud password. 2.根据权利要求1所述的方法,其特征在于,所述使用所述VPN账号、VPN密码和私钥执行身份验证,具体包括:2. method according to claim 1, is characterized in that, described using described VPN account number, VPN password and private key to carry out identity verification, specifically comprises: 将所述私有云账号和所述私有云密码暂存;temporarily storing the private cloud account and the private cloud password; 需要验证时,使用所述私有云账号作为VPN账号,使用所述私有云密码作为VPN密码进行身份验证。When verification is required, the private cloud account is used as the VPN account, and the private cloud password is used as the VPN password for authentication. 3.根据权利要求1所述的方法,其特征在于,预设VPN账号与VPN密码的匹配关系;所述生成与所述私有云账号匹配的VPN账号和VPN密码,具体包括:3. method according to claim 1, is characterized in that, the matching relation of preset VPN account number and VPN password; Described generating the VPN account number and VPN password that match with described private cloud account number, specifically comprises: 将所述私有云账号暂存;temporarily save the private cloud account; 将所述私有云账号作为VPN账号;Use the private cloud account as a VPN account; 查找与所述VPN账号匹配的VPN密码。Find the VPN password that matches the VPN account number. 4.根据权利要求1所述的方法,其特征在于,所述使用所述VPN账号、VPN密码和私钥执行身份验证,具体包括:4. method according to claim 1, is characterized in that, described using described VPN account number, VPN password and private key to carry out identity verification, specifically comprises: 验证所述VPN账号与所述VPN密码是否正确;Verify that the VPN account and the VPN password are correct; 若判定所述VPN账号与所述VPN密码不正确,向客户端发送验证失败消息。If it is determined that the VPN account and the VPN password are incorrect, a verification failure message is sent to the client. 5.根据权利要求4所述的方法,其特征在于,所述使用所述VPN账号、VPN密码和私钥执行身份验证,具体包括:5. method according to claim 4, is characterized in that, described using described VPN account number, VPN password and private key to carry out identity verification, specifically comprises: 若判定所述VPN账号与所述VPN密码正确,进一步验证所述私钥是否过期;If it is determined that the VPN account and the VPN password are correct, further verify whether the private key has expired; 若判定所述私钥过期,向客户端发送验证失败消息和最新私钥;If it is determined that the private key is expired, send a verification failure message and the latest private key to the client; 获取客户端发送的私钥,验证所述私钥是否过期。Obtain the private key sent by the client, and verify whether the private key expires. 6.一种基于VPN的私有云接入装置,其特征在于,包括:6. A VPN-based private cloud access device, comprising: 通信单元,用于获取客户端对私有云的登录请求;a communication unit, used to obtain a login request from the client to the private cloud; 账号密码生成单元,用于获取到客户端对私有云的登录请求,解析所述登录请求获取私有云账号、私有云密码和私钥;生成与所述私有云账号匹配的VPN账号和VPN密码;an account password generation unit, configured to obtain a login request from a client to a private cloud, analyze the login request to obtain a private cloud account, a private cloud password and a private key; and generate a VPN account and a VPN password that match the private cloud account; 身份认证单元,用于使用所述VPN账号、VPN密码和私钥执行身份验证;若通过身份验证,通过VPN建立所述客户端与私有云的连接;An identity authentication unit for performing identity authentication using the VPN account number, VPN password and private key; if the identity authentication is passed, the connection between the client and the private cloud is established through the VPN; 登录单元,用于使用所述私有云账号和私有云密码登录至所述私有云。A login unit, configured to log in to the private cloud by using the private cloud account and the private cloud password. 7.根据权利要求6所述的装置,其特征在于,所述身份认证单元用于将所述私有云账号和所述私有云密码暂存;需要验证时,使用所述私有云账号作为VPN账号,使用所述私有云密码作为VPN密码进行身份验证。7. The device according to claim 6, wherein the identity authentication unit is used to temporarily store the private cloud account and the private cloud password; when verification is required, the private cloud account is used as the VPN account , use the private cloud password as the VPN password for authentication. 8.根据权利要求6所述的装置,其特征在于,预设VPN账号与VPN密码的匹配关系;所述账号密码生成单元用于将所述私有云账号暂存;将所述私有云账号作为VPN账号;查找与所述VPN账号匹配的VPN密码。8. The device according to claim 6, wherein the matching relationship between the VPN account and the VPN password is preset; the account and password generation unit is used to temporarily store the private cloud account; the private cloud account is used as VPN account; look up the VPN password that matches the VPN account. 9.根据权利要求6所述的装置,其特征在于,所述身份认证单元用于验证所述VPN账号与所述VPN密码是否正确;若判定所述VPN账号与所述VPN密码不正确,向客户端发送验证失败消息。9. The device according to claim 6, wherein the identity authentication unit is used to verify whether the VPN account number and the VPN password are correct; if it is determined that the VPN account number and the VPN password are incorrect, a The client sends an authentication failure message. 10.根据权利要求9所述的装置,其特征在于,所述身份认证单元用于在判定所述VPN账号与所述VPN密码正确后,进一步验证所述私钥是否过期;若判定所述私钥过期,所述通信单元用于向客户端发送验证失败消息和最新秘钥,获取客户端发送的密钥,所述身份认证单元还用于验证所述密钥是否过期。10. The device according to claim 9, wherein the identity authentication unit is configured to further verify whether the private key expires after determining that the VPN account and the VPN password are correct; If the key expires, the communication unit is configured to send a verification failure message and the latest secret key to the client, and obtain the key sent by the client, and the identity authentication unit is further configured to verify whether the key expires.
CN201610530553.7A 2016-07-06 2016-07-06 A VPN-based private cloud access method and device Active CN106130864B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610530553.7A CN106130864B (en) 2016-07-06 2016-07-06 A VPN-based private cloud access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610530553.7A CN106130864B (en) 2016-07-06 2016-07-06 A VPN-based private cloud access method and device

Publications (2)

Publication Number Publication Date
CN106130864A CN106130864A (en) 2016-11-16
CN106130864B true CN106130864B (en) 2019-02-26

Family

ID=57282578

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610530553.7A Active CN106130864B (en) 2016-07-06 2016-07-06 A VPN-based private cloud access method and device

Country Status (1)

Country Link
CN (1) CN106130864B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110768885A (en) * 2018-07-27 2020-02-07 上海鋆锦信息科技有限公司 Industrial VPN device based on private cloud and use method
CN108881299A (en) * 2018-08-01 2018-11-23 杭州安恒信息技术股份有限公司 The safe O&M method and device thereof of private clound platform information system
CN112804191A (en) * 2020-12-21 2021-05-14 深圳科诺医学检验实验室 Remote login method, device and equipment based on VPN
CN113949551A (en) * 2021-10-12 2022-01-18 中安网脉(北京)技术股份有限公司 A virtualized cloud cryptographic service system based on channel isolation and its implementation method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891790A (en) * 2012-09-21 2013-01-23 中国电信股份有限公司云计算分公司 VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud
CN105162775A (en) * 2015-08-05 2015-12-16 深圳市方迪科技股份有限公司 Logging method and device of virtual machine
CN105471885A (en) * 2015-12-23 2016-04-06 浪潮(北京)电子信息产业有限公司 Remote server based on VPN connection and login method thereof
CN105493453A (en) * 2014-12-30 2016-04-13 华为技术有限公司 Method, device and system achieving remote access

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8407323B2 (en) * 2011-07-12 2013-03-26 At&T Intellectual Property I, L.P. Network connectivity wizard to support automated creation of customized configurations for virtual private cloud computing networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891790A (en) * 2012-09-21 2013-01-23 中国电信股份有限公司云计算分公司 VPN (Virtual Private Network) virtualization method and system of visiting virtual private cloud
CN105493453A (en) * 2014-12-30 2016-04-13 华为技术有限公司 Method, device and system achieving remote access
CN105162775A (en) * 2015-08-05 2015-12-16 深圳市方迪科技股份有限公司 Logging method and device of virtual machine
CN105471885A (en) * 2015-12-23 2016-04-06 浪潮(北京)电子信息产业有限公司 Remote server based on VPN connection and login method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
基于IPSec VPN的移动安全系统的设计与实现;吴松洋,谭成翔;《计算机应用》;20090930;正文全文
基于VPN实现企业虚拟私有云的体系架构;丁靖宇,乐嘉锦等;《计算机应用与软件》;20110831;正文全文

Also Published As

Publication number Publication date
CN106130864A (en) 2016-11-16

Similar Documents

Publication Publication Date Title
CN108880822B (en) An identity authentication method, device, system, and an intelligent wireless device
US10142113B2 (en) Identifying and maintaining secure communications
KR102581873B1 (en) Method and apparatus for updating password of electronic device, device and storage medium
US9197420B2 (en) Using information in a digital certificate to authenticate a network of a wireless access point
CN104038486B (en) System and method for realizing user login identification based on identification type codes
CN107122674B (en) Access method of oracle database applied to operation and maintenance auditing system
CN105827412A (en) Authentication method, server and client
CN111182525B (en) Method and device for storing data
CN110198297B (en) Flow data monitoring method and device, electronic equipment and computer readable medium
CN109347864B (en) Single sign-on method and device based on virtual private network
CN106130864B (en) A VPN-based private cloud access method and device
CN110932850B (en) Communication encryption method and system
Hubbard et al. A study of SSL proxy attacks on Android and iOS mobile applications
CN117494162B (en) Data storage encryption system, method, device and medium
JP2022534677A (en) Protecting online applications and web pages that use blockchain
Ye et al. Formal analysis of a single sign-on protocol implementation for android
CN105471885A (en) Remote server based on VPN connection and login method thereof
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN111327629A (en) Identity verification method, client and server
CN113922975B (en) Security control method, server, terminal, system and storage medium
CN107181589A (en) A kind of fort machine private key management method and device
CN109587180B (en) Method for establishing connection, client and server
CN109981677A (en) A kind of credit management method and device
CN114186206A (en) Login method and device based on small program, electronic equipment and storage medium
CN107707542A (en) A kind of method and system for preventing that ssh from cracking

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant