1273813 九、發明說明: 【發明所屬之技術領域】 本發明為一種無線認證登入系統之 用者藉一無線認證裝置經一古刀、噔程痒二 寸別是指使 法。 衣置序達成登入主機之方 【先前技術】 為保護一系統之資訊安全,如電腦、網 專之内容,習用方、丰容α直a 口 π —, 、、、罔路汉備 谷白用方法夕以事刚已設定好之使用者帳於、资 馬,甚至各種生物認證方法,如指紋、虹_ 糸統之安全認證,最為通常的方法如登腦 = ::號,’於-多人之作業系統中,該 <後,可進入一使用者獨有之作業環境。 ^參閱習用微軟視窗作業系統之登入方法,如第一圖 ^準登人晝面所示’係於登人晝面中選擇或鍵入一使用 者名Ϊ (系統管理者、第一使用者、第二使用者等),再鍵 =事ΐ已建立㈣狀密碼,之後可進人該使用者所屬之 作業環境。 吳國專利US5,671,354號揭露於使用者端利用帳號密 ,登入網路系統。更有如美國專利US6,487,662號等所揭 路之生物認證方法,但其辨識能力仍有其限制,並且安裴 該生物認證裝置之成本仍無法使用於一般消費者身上。" 、斤有鑑於習用技術系統登入認證步驟之繁瑣與複雜,迷 ,,化登入程序,本發明提供一種無線認證登入方法,與 安全登出的機制,實現簡單、方便,且快速進入使用者作 1273813 業環境的目的。 【發明内容】 本發明為一種無線認證登入系統之方法,係藉一使用 者配戴之無線認證裝置作為登入或登出系統之憑證,改進 習用使用帳號、密碼與選擇使用者等複雜之系統登入步驟。 該登入系統方法之一實施例步驟包括:當無線認證裝 置進入系統中之一認證模組之有效範圍内;即產生一登入 請求訊息,係由該認證模組感應該無線認證裝置後產生 之;由認證模組傳送至無線認證裝置一認證請求訊息;認 證模組接收自該無線認證裝置送出之該認證碼;即進入一 認證程序;並主動登入系統。 一種!線認證登入系統之方法,其一較佳實施方法步 驟包括:使用者持一無線認證裝置進入電腦系統中之一認 證模組之有效範圍内;即由認證模組感應無線認證裝置 後,即產生登入請求訊息;由認證模組傳送至無線認證裝 置一認證請求訊息;隨之由認證模組接收自無線認證裝置 送出之该認證碼;之後核對認證碼與使用者資訊,以判斷 該組認證碼與使用者資訊之對應是否有效;判斷有效後, 建立該無線認證裝置與認證模組之聯繫關係;之後主動登 入電腦系統。 【實施方式】 本發明為一種無線認證登入系統之方法,係藉一使用 者配戴之無線認證裝置作為登入或登出系統之憑^,如第 1273813 二圖所不’使用者2〇配戴或手持一無線認證裝置 配戴此裝置23之使用者20接近一電腦系、统2 丄备 系統21中所裝設之認證模組22達成—齡,如電礙H腦 電感耦合等,即產生-認證程序,電_統21隨。、 生之認證碼與使用者資訊,料有效之認證,即自上產 無線認證u 2 3所登記之制輕m,並不该 或選擇使用者與鍵入密碼。 鍵入 上述電腦系統21巾之認證模、组22可以外接 主機式為之,更可為内喪於電腦主機板上認證晶建 ==線5忍證裝置23可為主動或被動射頻晶片卡(朗’ :;二:、磁卡等卡片形式,或任何嵌入形式,並不以圖 機岳I不、限制;而認證模組22與無線認證裝置23之叙二 ♦ 1可為無線網路(wireless)、藍芽(bluetooth)、無二 ^ 紅外線(I r D A)、雷射等無線通訊方式,並不以此述^ 复第二圖係為本發明無線認證登入系統之裝置架構圖, ^系、、先為近端或退端之電腦糸統,並不限於圖示之實 :例二如圖所示,其中連接電腦系統3〇之週邊裝置包括二 單元Μ,以顯示系統登入晝面、登入狀態、錯誤或成 3且入之訊息;輸入單元32,如滑鼠、鍵盤等;儲存單元 士硬碟、軟碟等,為該電腦糸統3〇中儲存資料之儲存 某肢’亦為本發明認證方法所要保護之資料所在。 電腦系統30更包括一使用者資料庫34,係為此多人 使用之作業系統中之使用者資訊,如使用者帳號、密碼、 所屬檔案、作業環境設定等。本發明所使用之一認證模組 1273813 36,係内建或外接於電腦系統30,或内嵌於主機板上,當 認證裝置300接近電腦系統30之認證模組3β之一特定範 圍内,認證裝置300與認證模組36產生一耦合關係,如電 磁耦合或電感耦合,it交換認證訊息,當系統$定為登入 之請求,認證模組36即接收無線認證裝置3〇〇 、證痛, 透過認證資料庫35與使用者資料庫34之成功核^^^成/ 連繫關係,最後,藉所核對之使用者資訊經該電腦系統3〇 之登入管理早元3 01達成登入糸統之目的,此方法/為取代 傳統帳號、密碼之系統認證方法。 本發明無線認證登入之流程請參閱第四圖之流程圖, 歩驟如下: 登入流程開始前,電腦系統中設置之認證模組需與使 用者所需擁有的無線認證裝置設定一認證關係,如公鍮私 鑰,該認證關係須與系統使用者資訊建立連結,如建立一 查表(lookup table) ’其中資料如一認證關係對應一使用 者資訊。 S401 :完整建立使用者與認證關係之對應後,登入流 程開始; S403 :開始時,系統處於待機狀態,等待認證裝置接 近某一特定感應範圍; S405 :無線認證裝置進入該系統中之認證模組有效範 圍内,產生一耦合關係; S407 :認證模組感應該無線認證裝置後,即產生登入 請求(request)訊息,並告知電腦系統有一登入訊息; S409 ·隨即認證模組傳送至無線認證裝置一認證請求 1273813 訊息’要求無線認證裝置之認證碼; S411 :隨即,無線認證裝置發送一組認證碼,由該認 證模組接收; S413 :利用認證碼進入比對使用者之認證程序,而認 说程序包括核對該組認證碼與該使用者資訊,該認證碼可 為一轉譯之内定碼,必非限於該原始之認證瑪,並且之後 判辦该組認證碼是否有效,與判斷所對應之使用者資訊是 否有效,若認證碼為無效,系統回到待機狀態,或給予一 錯誤訊息;若使用者資訊無效,系統亦回到待機狀態,或 給予錯誤訊息;若二者皆通過認證,則建立該無線認證裝 置與該認證模組之聯繫關係; S415 :認證通過後,即自動登入系統。 而弟五圖為本發明無線認證登入較佳實施例流程圖, 其步驟如下: 登入系統前,需建立無線認證裝置與認證模組之認證 資料庫,且須與電腦系統之使用者資訊作一對應,此電腦 系統為一多人使用之作業環境。 S501 :完整建立使用者與認證關係之對應後,登入流 程開始; S503:系統待機狀態,即電腦系統之認證模組隨時處 於偵測有否無線認證裝置接近; S505 ·判辦疋否有無線認證裝置接近?若並無彳貞測到 認證裝置接近,則處於待機狀態(S503); S507:當無線認證裝置進入電腦系統之認證有效範圍 内,如使用者持無線認證裝置進入該電腦系統中之認證模 1273813 組之有效範圍内,該認證模組與無線認證裝置因相互感應 而建立耦合關係; S509 :此時,認證模組内部即產生一登入請求訊息, 表示感應到一需要認證之訊息; 〜 S511 :認證模組對無線認證裝置傳送認證請求訊息; S513 :此時,無線認證裝置即因感應而傳送一内嵌於 晶片之認證碼’由感應模組接收此組認證碼; S515·由認證模組根據其中包括認證碼與對應之使用 者資訊之認證資料庫,進行核對認證碼與使用者資訊之牛 驟; 、σ ’y S517 :判斷認證碼是否有效?即經核對後,判斷益線 認證裝置所傳送之龍碼是轉效記載於紐資料庫中? :認庫中之資料,則不予登入系統,並 了热喊不早兀顯不一錯誤登入之訊息,且回到系統 其巾認證㈣庫之㈣可經過加密手續加強其 則不予登貝錢法對應資料庫中之資料, 息,回到亚可無顯示單元顯示—錯誤登入之訊 糸、、先待機狀態(S503); 者資料無’若核對有誤,表示其認證碼與使用 (S503) ; ; μ貝料庫中對應,故回到系統待機之狀態 之連繫關係右核對n即建立無線認證裝置與認證模組 亚且系統隨時保持偵測此連繫關係是否有效 10 1273813 之狀態,可藉定時相互傳送認證資料實施之; S523 :根據使用者資訊登入電腦系統中特定使用者之 作業環境中。 第六圖則為本發明無線認證登出之一實施例流程。一 旦無線認證裝置與認證模組間之連繫關係消失,表示認證 機制錯誤,如認證模組故障或無線認證裝置損毁,或使用 者持無線認證裝置離開系統,則進行登出流程(步驟 S601); 系統處於無線認證裝置與認證膜組織連繫狀態 (S603 );1273813 IX. Description of the Invention: [Technical Field of the Invention] The present invention is a method for a wireless authentication login system to borrow a wireless authentication device through an ancient knife and a itch. In order to protect the security of a system, such as computer and network content, the use of the party, Fengrong α straight a mouth π —, , , , 罔路汉备谷白用The method is based on the user account that has just been set up, the capital horse, and even various biometric authentication methods, such as fingerprints, rainbow 糸 之 security certification, the most common methods such as Deng brain = ::, '于-多In the human operating system, the <after, access to a user-specific operating environment. ^ Refer to the login method of the Microsoft Windows operating system, as shown in the first figure, click on the screen to select or type a user name (system administrator, first user, first) Two users, etc.), and then the key = the password has been established (four), and then can enter the working environment of the user. U.S. Patent No. 5,671,354 discloses that the user uses the account number to log in to the network system. There is a biometric authentication method such as that disclosed in U.S. Patent No. 6,487,662, but its identification ability still has its limitations, and the cost of installing the biometric authentication device cannot be used by ordinary consumers. " jin, in view of the cumbersome and complicated, confusing, and login procedure of the custom technology system login authentication step, the present invention provides a wireless authentication login method, and a secure logout mechanism, which is simple, convenient, and quick to enter the user. The purpose of the 1273813 industry environment. SUMMARY OF THE INVENTION The present invention is a wireless authentication login system method, which uses a wireless authentication device worn by a user as a credential for logging in or logging out of the system, and improves complicated logins such as using an account, a password, and selecting a user. step. An embodiment of the login system method includes: when the wireless authentication device enters an effective range of one of the authentication modules in the system; that is, generating a login request message, which is generated by the authentication module after the wireless authentication device is sensed; The authentication module transmits the authentication request message to the wireless authentication device; the authentication module receives the authentication code sent from the wireless authentication device; that is, enters an authentication program; and actively logs into the system. One! The method for the line authentication login system, the method of the preferred implementation method comprises: the user holding a wireless authentication device into the effective range of one of the authentication modules in the computer system; that is, after the authentication module senses the wireless authentication device, the method is generated a login request message; the authentication module transmits the authentication request message to the wireless authentication device; the authentication module receives the authentication code sent from the wireless authentication device; and then checks the authentication code and the user information to determine the group authentication code. Whether the correspondence with the user information is valid; after the judgment is valid, establish a relationship between the wireless authentication device and the authentication module; and then actively log in to the computer system. [Embodiment] The present invention is a wireless authentication login system method, which uses a wireless authentication device worn by a user as a login or logout system, as shown in the figure 1273813. Or the user 20 who wears the wireless authentication device to wear the device 23 is close to a computer system, and the authentication module 22 installed in the backup system 21 reaches the age, such as the H brain inductive coupling, etc. - Certification procedures, electricity _ system 21 with. , the birth certificate and user information, the material is valid, that is, the self-produced wireless certificate u 2 3 registered light m, and should not choose the user and type the password. Type the above-mentioned computer system 21 towel authentication mode, group 22 can be external host type, but also can be killed on the computer motherboard certification crystal == line 5 tough device 23 can be active or passive RF chip card (lang ' :; 2:, card form such as magnetic card, or any embedded form, is not limited by the machine, but the authentication module 22 and the wireless authentication device 23 can be wireless (wireless) Wireless communication methods such as bluetooth, no-infrared (Ir DA), laser, etc., are not described as the device architecture diagram of the wireless authentication login system of the present invention. First, the computer system for the near end or the back end is not limited to the illustration: the second example is shown in the figure. The peripheral device connected to the computer system includes two units to display the system login page and login. Status, error or message entered into the unit; input unit 32, such as a mouse, keyboard, etc.; storage unit, hard disk, floppy disk, etc., for storing the data in the computer system The information to be protected by the invention authentication method is located. A user database 34 is user information in the operating system used by the multi-person, such as a user account, a password, a file, a working environment setting, etc. One of the authentication modules 1273813 36 used in the present invention is Built in or externally connected to the computer system 30, or embedded in the motherboard, when the authentication device 300 is close to a specific range of the authentication module 3β of the computer system 30, the authentication device 300 and the authentication module 36 generate a coupling relationship, such as Electromagnetic coupling or inductive coupling, it exchanges authentication messages. When the system $ is determined to be a login request, the authentication module 36 receives the wireless authentication device 3, the certificate of pain, and the successful core of the authentication database 35 and the user database 34. ^^^成/connection relationship. Finally, the user information verified by the computer system is managed by the login system of the computer system. The method is to replace the traditional account and password. The process of the wireless authentication login process of the present invention is referred to the flow chart of the fourth figure, and the steps are as follows: Before the login process starts, the authentication module set in the computer system needs to be required by the user. Some wireless authentication devices set an authentication relationship, such as public key, which needs to establish a connection with the system user information, such as establishing a lookup table, where the information such as an authentication relationship corresponds to a user information. After the user and the authentication relationship are completely established, the login process starts; S403: At the beginning, the system is in a standby state, waiting for the authentication device to approach a certain sensing range; S405: The authentication module of the wireless authentication device entering the system is valid. Within the scope, a coupling relationship is generated; S407: after the authentication module senses the wireless authentication device, a login request message is generated, and the computer system is notified to have a login message; S409: the authentication module is transmitted to the wireless authentication device for authentication. Request 1273813 message 'requires the authentication code of the wireless authentication device; S411: Immediately, the wireless authentication device sends a set of authentication codes, which are received by the authentication module; S413: uses the authentication code to enter the authentication program of the comparison user, and the recognition program Including verifying the group authentication code and the user information, the authentication code may be one The internal code of the translation must not be limited to the original authentication code, and then the validity of the authentication code is determined, and the user information corresponding to the judgment is valid. If the authentication code is invalid, the system returns to the standby state, or gives An error message; if the user information is invalid, the system also returns to the standby state, or gives an error message; if both are authenticated, the relationship between the wireless authentication device and the authentication module is established; S415: After the authentication is passed, That is, automatically log in to the system. The fifth diagram is a flow chart of a preferred embodiment of the wireless authentication login of the present invention. The steps are as follows: Before logging in to the system, a certification database of the wireless authentication device and the authentication module needs to be established, and the user information of the computer system must be used as one. Correspondingly, this computer system is an operating environment for a large number of people. S501: After the user and the authentication relationship are completely established, the login process starts; S503: the system standby state, that is, the authentication module of the computer system is always detecting whether the wireless authentication device is approaching; S505 · Whether the wireless authentication is performed Is the device close? If it is not detected that the authentication device is close, it is in the standby state (S503); S507: When the wireless authentication device enters the authentication effective range of the computer system, if the user enters the authentication mode of the computer system with the wireless authentication device 1273813 Within the effective range of the group, the authentication module and the wireless authentication device establish a coupling relationship by mutual induction; S509: At this time, a login request message is generated inside the authentication module, indicating that a message requiring authentication is detected; ~ S511: The authentication module transmits an authentication request message to the wireless authentication device; S513: At this time, the wireless authentication device transmits an authentication code embedded in the chip by sensing, and the authentication module receives the group authentication code; S515· According to the authentication database including the authentication code and the corresponding user information, the verification code and the user information are checked; σ 'y S517: Is the authentication code valid? That is, after the verification, it is judged that the dragon code transmitted by the benefit line certification device is recorded in the New Zealand database. : The information in the library is not logged into the system, and the hot shouting does not reveal the wrong login message, and returns to the system. The towel authentication (4) library (4) can be strengthened by the encryption procedure. The money method corresponds to the information in the database, and returns to the display of the display unit without error display - the error login, the standby status (S503); the data is not 'if the check is incorrect, indicating its authentication code and use ( S503); ; μ in the library, so the relationship back to the system standby state right check n is to establish a wireless authentication device and authentication module and the system keeps detecting whether the connection is valid at any time 10 1273813 The status can be implemented by periodically transmitting the authentication data to each other; S523: logging in to the working environment of a specific user in the computer system according to the user information. The sixth figure is a flow of an embodiment of the wireless authentication logout of the present invention. Once the connection relationship between the wireless authentication device and the authentication module disappears, indicating that the authentication mechanism is incorrect, such as the authentication module failure or the wireless authentication device is damaged, or the user leaves the system with the wireless authentication device, the logout process is performed (step S601). The system is in a state in which the wireless authentication device is in association with the authentication film organization (S603);
.......-——PVP- ITTJ v ουυϋ ) J 系統隨即判斷該連繫狀態消失(S607); 系統主動登出該使用者之作業環境(S609 ); 登人機狀態’料下—無線認證模組接近之 且八畢件(S611) 〇 曰、丁上所述,本發明無線認證登入系統之方法,在、;一 月ΐ系裝置接近—安裝有認證模組之電 環产,、生一涊證流程,亚主動登入該使用者之作業 發明物U代^帳絲碼之認證機制,實為—不可多得^ 符合發:;專業上之利用性、新穎性及進步性,完全 準本安f專申晴要件,爱依法提出中請,敬請詳杳並賜 丰本案專利,以㈣發明者權益。 ^查亚賜 拘限發明:較佳可行實施例,非因此即 内容所,故舉凡運用本發明說明書及圖示 斤為之♦效結構變化,均同it包含於本發 11 1273813 内,合予陳明。 【圖式簡單說明】 第一圖係為習用視窗作業系統使用者登入晝面示意 圖, 第二圖係為本發明無線認證登入系統之使用示意圖; 第三圖係為本發明無線認證登入系統之裝置架構圖; 第四圖係為本發明無線認證登入流程圖; 第五圖係為本發明無線認證登入較佳貫施例流程圖, 第六圖係為本發明無線認證登出流程圖。 【主要元件符號說明】 使用者20 電腦21 認證模組22 無線認證裝置2 3 電腦糸統3 0 顯示單元31 輸入單元32 儲存單元33 使用者資料庫34 認證資料庫35 認證模組3 6 認證裝置300 12 1273813 登入管理單元301.......--PVP-ITTJ v ουυϋ ) J The system immediately judges that the connection status disappears (S607); the system actively logs out the user's working environment (S609); - The wireless authentication module is close to the eight-piece (S611). According to the method of the wireless authentication login system of the present invention, the system is close to the installation of the authentication module. , the process of birth certificate, the initiative to log in to the user's work invention U generation ^ account silk code authentication mechanism, in fact - not much ^ conform to the hair:; professional use, novelty and progressive Fully accurate intrinsic safety of the intrinsic safety, and the requirements of the law, please pay attention to the patent in the case of the case, to (4) the inventor's rights. ^查亚赐限限限 invention: a preferred embodiment, not a content, so the use of the description of the invention and the ♦ effect of the structural changes are included in this issue 11 1273813, combined Chen Ming. BRIEF DESCRIPTION OF THE DRAWINGS The first figure is a schematic diagram of a user login window of a conventional window operation system, the second figure is a schematic diagram of the use of the wireless authentication login system of the present invention; the third figure is a device of the wireless authentication login system of the present invention. The fourth diagram is a flowchart of the wireless authentication login method of the present invention; the fifth diagram is a flowchart of the preferred embodiment of the wireless authentication login of the present invention, and the sixth diagram is a flowchart of the wireless authentication logout of the present invention. [Description of main component symbols] User 20 Computer 21 Authentication module 22 Wireless authentication device 2 3 Computer system 3 0 Display unit 31 Input unit 32 Storage unit 33 User database 34 Authentication database 35 Authentication module 3 6 Authentication device 300 12 1273813 Login Management Unit 301