TWI709873B - Method and system for safely managing electronic devices with electronic keys - Google Patents

Method and system for safely managing electronic devices with electronic keys Download PDF

Info

Publication number
TWI709873B
TWI709873B TW107108289A TW107108289A TWI709873B TW I709873 B TWI709873 B TW I709873B TW 107108289 A TW107108289 A TW 107108289A TW 107108289 A TW107108289 A TW 107108289A TW I709873 B TWI709873 B TW I709873B
Authority
TW
Taiwan
Prior art keywords
firmware
electronic device
electronic
information
electronic key
Prior art date
Application number
TW107108289A
Other languages
Chinese (zh)
Other versions
TW201939333A (en
Inventor
余家庭
Original Assignee
系微股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 系微股份有限公司 filed Critical 系微股份有限公司
Priority to TW107108289A priority Critical patent/TWI709873B/en
Publication of TW201939333A publication Critical patent/TW201939333A/en
Application granted granted Critical
Publication of TWI709873B publication Critical patent/TWI709873B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本發明係一種以電子鑰匙安全管理電子裝置的方法及系統,主要係由一電子裝置連接一電子鑰匙裝置所組成,當該電子裝置執行一韌體程式(Firmware)並需要輸入一韌體密碼資訊,則發送一通知訊息至該電子鑰匙裝置,並由該電子鑰匙裝置判斷是否接收到使用者輸入的一認證資訊,若是,則發送該韌體密碼資訊至該電子裝置,該電子裝置根據該韌體密碼資訊進入該韌體程式的一設定環境或其他功能選項;藉此,將該電子裝置的韌體密碼資訊分離至該電子鑰匙裝置中,能產生兼具安全管理、便於攜帶之效果,以達到同時兼顧安全性及便利性之目的。The present invention is a method and system for safely managing an electronic device with an electronic key. It is mainly composed of an electronic device connected to an electronic key device. When the electronic device executes a firmware program (Firmware) and needs to enter a firmware password information , A notification message is sent to the electronic key device, and the electronic key device determines whether a user-input authentication information is received, and if so, the firmware password information is sent to the electronic device, and the electronic device is based on the firmware The password information enters a setting environment or other function options of the firmware program; thereby, the firmware password information of the electronic device is separated into the electronic key device, which can produce the effect of both security management and portability. To achieve the purpose of taking into account both safety and convenience.

Description

以電子鑰匙安全管理電子裝置的方法及系統Method and system for safely managing electronic devices with electronic keys

本發明係關於一種管理電子裝置的方法及系統,尤指一種以電子鑰匙安全管理電子裝置的方法及系統。The present invention relates to a method and system for managing an electronic device, in particular to a method and system for safely managing an electronic device with an electronic key.

電腦是現在最普遍使用的電子裝置之一,經常儲存大量資料,包括使用者的人身機密資訊、工作資料、網路或系統帳號之登入帳號密碼等重要資料,然而當電腦丟失或者未經授權經由電腦進入含有使用者敏感訊息的應用程式時,將導致使用者敏感訊息外洩或產生身份盜用的情形。Computers are one of the most commonly used electronic devices. They often store large amounts of data, including the user’s personal confidential information, work data, network or system account login account passwords and other important data. However, when the computer is lost or unauthorized access When the computer enters the application containing the user's sensitive information, the user's sensitive information will be leaked or identity theft will occur.

尤其是現有技術中,密碼通常均儲存在電腦中,使得不肖人士、未經授權者仍有辦法取得儲存於電腦中的密碼,因此,現有技術中的電腦安全措施仍有所不足,確實有待進一步提出更佳解決方案的必要性。Especially in the prior art, passwords are usually stored in computers, so that unscrupulous persons and unauthorized persons can still obtain the passwords stored in the computer. Therefore, the computer security measures in the prior art are still inadequate and need to be further improved. The need for better solutions.

有鑑於上述現有技術的不足,本發明的主要目的係提供一種以電子鑰匙安全管理電子裝置的方法及系統,其將電子裝置的韌體密碼分離至另一隨身裝置,以產生兼具安全管理、便於攜帶的功效。In view of the above-mentioned shortcomings of the prior art, the main purpose of the present invention is to provide a method and system for securely managing an electronic device with an electronic key, which separates the firmware password of the electronic device to another portable device, so as to generate both security management, Easy to carry effect.

為達成上述目的所採取的主要技術手段係令前述以電子鑰匙安全管理電子裝置的方法,主要係由一電子裝置連接一電子鑰匙裝置所組成,並於該電子裝置執行一韌體程式(Firmware),該方法包括以下步驟: 當該電子裝置需要輸入一韌體密碼資訊,則發送一通知訊息至該電子鑰匙裝置; 由該電子鑰匙裝置判斷是否接收到一認證資訊; 若是,則由該電子鑰匙裝置發送該韌體密碼資訊至該電子裝置;以及 由該電子裝置根據該韌體密碼資訊進入該韌體程式的一設定環境或其他功能選項。The main technical means adopted to achieve the above purpose is to make the aforementioned method of safely managing an electronic device with an electronic key, which is mainly composed of an electronic device connected to an electronic key device, and a firmware program (Firmware) is executed on the electronic device , The method includes the following steps: when the electronic device needs to enter a firmware password information, sending a notification message to the electronic key device; the electronic key device determines whether an authentication information is received; if so, the electronic key The device sends the firmware password information to the electronic device; and the electronic device enters a setting environment or other function options of the firmware program according to the firmware password information.

依前述方法,使用者可隨身攜帶該電子鑰匙裝置,並且操作該電子裝置,當該電子裝置執行該韌體程式,且需要輸入該韌體密碼資訊時,該電子裝置發送該通知訊息至該電子鑰匙裝置,並由該電子鑰匙裝置判斷是否接收到由使用者輸入的該認證資訊,若是,則發送該韌體密碼資訊至該電子裝置,該電子裝置根據該韌體密碼資訊進入該韌體程式提供的設定環境或其他功能選項;藉此,將該電子裝置的韌體密碼資訊分離至該電子鑰匙裝置中,能產生兼具安全管理、便於攜帶之效果,以達到同時兼顧安全性及便利性之目的。According to the aforementioned method, the user can carry the electronic key device with him and operate the electronic device. When the electronic device executes the firmware program and needs to enter the firmware password information, the electronic device sends the notification message to the electronic device. Key device, and the electronic key device determines whether the authentication information input by the user is received, and if yes, sends the firmware password information to the electronic device, and the electronic device enters the firmware program according to the firmware password information The setting environment or other function options provided; by this, the firmware password information of the electronic device is separated into the electronic key device, which can produce the effect of both security management and portability, so as to achieve both security and convenience The purpose.

為達成上述目的所採取的另一主要技術手段係令前述以電子鑰匙安全管理電子裝置的系統包括: 一電子裝置,其包括一第一處理器、一第一通訊模組以及一第一儲存模組,該第一處理器係電連接該第一通訊模組、該第一儲存模組,該第一儲存模組儲存一韌體程式(Firmware); 一電子鑰匙裝置,其包括一第二處理器、一第二通訊模組、一第二儲存模組以及一輸入模組,該第二處理器係電連接該第二通訊模組、該第二儲存模組、該輸入模組,該第二儲存模組儲存一韌體密碼資訊,該第二通訊模組係與該第一通訊模組連接; 其中,當該電子裝置的第一處理器執行該韌體程式,且需要輸入該韌體密碼資訊時,由該電子裝置的第一通訊模組發送一通知訊息至該電子鑰匙裝置的第二通訊模組,並由該電子鑰匙裝置的第二處理器判斷是否接收到該輸入模組輸入的一認證資訊,若是,則由該電子鑰匙裝置的第二通訊模組發送該韌體密碼資訊至該電子裝置的第一通訊模組,以及由該電子裝置的第一處理器根據該韌體密碼資訊,進入該韌體程式的一設定環境或其他功能選項。Another main technical means adopted to achieve the above-mentioned purpose is to make the aforementioned system for safely managing an electronic device with an electronic key includes: an electronic device including a first processor, a first communication module, and a first storage module Group, the first processor is electrically connected to the first communication module, the first storage module, the first storage module stores a firmware program (Firmware); an electronic key device, which includes a second processing , A second communication module, a second storage module, and an input module, the second processor is electrically connected to the second communication module, the second storage module, the input module, the first Two storage modules store a firmware password information, and the second communication module is connected with the first communication module; wherein, when the first processor of the electronic device executes the firmware program, the firmware needs to be input For password information, the first communication module of the electronic device sends a notification message to the second communication module of the electronic key device, and the second processor of the electronic key device determines whether the input module input is received If yes, the firmware password information is sent by the second communication module of the electronic key device to the first communication module of the electronic device, and the first processor of the electronic device is based on the firmware Password information, enter a setting environment or other function options of the firmware program.

藉由前述構造,使用者隨身攜帶該電子鑰匙裝置,並且啟動並操作該電子裝置,當該電子裝置的第一處理器執行該韌體程式且需要輸入該韌體密碼資訊時,該電子裝置的第一通訊模組發送該通知訊息至該電子鑰匙裝置,並由該電子鑰匙裝置的第二處理器判斷是否接收到由使用者輸入的該認證資訊,若是,則由該電子鑰匙裝置的第二通訊模組發送該韌體密碼資訊至該電子裝置,該電子裝置的第一處理器根據該韌體密碼資訊,進入該韌體程式提供的設定環境或其他功能選項;藉此,將該電子裝置的韌體密碼資訊分離至該電子鑰匙裝置中,能產生兼具安全管理、便於攜帶之效果,以達到同時兼顧安全性及便利性之目的。With the aforementioned structure, the user carries the electronic key device with him and activates and operates the electronic device. When the first processor of the electronic device executes the firmware program and needs to enter the firmware password information, the electronic device’s The first communication module sends the notification message to the electronic key device, and the second processor of the electronic key device determines whether the authentication information input by the user is received, and if so, the second processor of the electronic key device The communication module sends the firmware password information to the electronic device, and the first processor of the electronic device enters the setting environment or other function options provided by the firmware program according to the firmware password information; thereby, the electronic device Separation of the firmware password information into the electronic key device can produce the effect of both safety management and portability, so as to achieve the purpose of taking into account both safety and convenience.

關於本發明以電子鑰匙安全管理電子裝置的系統之較佳實施例,請參考圖1、2所示,其包括一電子裝置10、一電子鑰匙裝置20,該電子裝置10、該電子鑰匙裝置20可分別供使用者隨身攜帶或手持使用,使用者可將該電子裝置10與該電子鑰匙裝置20透過有線或無線的方式連接,並於該電子裝置10上執行預先儲存的一韌體程式(Firmware)。於本較佳實施例中,該電子裝置10可由一電腦設備或一智慧型裝置所構成,該電子鑰匙裝置20可由一手機、一運動手環或一播放器等可攜式電子裝置所構成。Regarding the preferred embodiment of the system of the present invention for safely managing an electronic device with an electronic key, please refer to Figures 1 and 2 which includes an electronic device 10, an electronic key device 20, the electronic device 10, the electronic key device 20 It can be carried or held by the user. The user can connect the electronic device 10 and the electronic key device 20 in a wired or wireless manner, and execute a pre-stored firmware program (Firmware) on the electronic device 10. ). In this preferred embodiment, the electronic device 10 can be constituted by a computer device or a smart device, and the electronic key device 20 can be constituted by a portable electronic device such as a mobile phone, a sports bracelet or a player.

如圖2所示,該電子裝置10係包括一第一處理器11、一第一通訊模組12以及一第一儲存模組13,該第一處理器11係分別與該第一通訊模組12、該第一儲存模組13構成電連接,該第一儲存模組13係用以儲存該韌體程式;該電子鑰匙裝置20係包括一第二處理器21、一第二通訊模組22、一第二儲存模組23以及一輸入模組24,該第二處理器21係分別與該第二通訊模組22、該第二儲存模組23、該輸入模組24構成電連接,該第二儲存模組23係可用以預先或者隨時儲存一韌體密碼資訊,該第二通訊模組22係透過有線或無線的方式與該第一通訊模組21構成連接。As shown in FIG. 2, the electronic device 10 includes a first processor 11, a first communication module 12, and a first storage module 13. The first processor 11 is connected to the first communication module. 12. The first storage module 13 forms an electrical connection, and the first storage module 13 is used to store the firmware program; the electronic key device 20 includes a second processor 21 and a second communication module 22 , A second storage module 23 and an input module 24. The second processor 21 is electrically connected to the second communication module 22, the second storage module 23, and the input module 24, respectively. The second storage module 23 can be used to store a firmware password information in advance or at any time. The second communication module 22 is connected to the first communication module 21 in a wired or wireless manner.

於本較佳實施例中,該第一通訊模組12與該第二通訊模組22可分別由一藍牙模組或一WiFi模組等無線通訊模組所構成,或者該第一通訊模組12與該第二通訊模組22可分別由一USB模組等有線通訊模組所構成。於本較佳實施例中,該第二儲存模組23可為一Flash模組,該韌體程式係已經預先寫入該第二儲存模組23的軟體;進一步的,於本較佳實施例中該第二儲存模組23係可由一唯讀記憶體(ROM)、一可程式化的唯讀記憶體(PROM)、一複寫式可程式化的唯讀記憶體(EPROM)、一電子複寫式可程式化的唯獨記憶體(EEPROM)或一快閃記憶體(Flash)所構成。In this preferred embodiment, the first communication module 12 and the second communication module 22 may be respectively composed of a Bluetooth module or a WiFi module, or other wireless communication modules, or the first communication module 12 and the second communication module 22 can be respectively composed of a wired communication module such as a USB module. In this preferred embodiment, the second storage module 23 can be a Flash module, and the firmware program is pre-written into the software of the second storage module 23; further, in this preferred embodiment The second storage module 23 can be a read-only memory (ROM), a programmable read-only memory (PROM), a copy type programmable read-only memory (EPROM), and an electronic copy It is composed of a programmable memory (EEPROM) or a flash memory (Flash).

必須說明的是,於本較佳實施例中所述的韌體,其主要是負責計算裝置的運作,直到一個對計算裝置載入一作業系統(OS)到一記憶體中的啟動程序可以運行。一經載入,則由作業系統負責計算裝置的正常運作,雖然載入作業系統之後,為了安全性和其它原因,提供某些服務可能需要將控制權從作業系統轉回韌體。在本發明中韌體可由一基板管理控制器(BMC)、一IE(Innovation Engine)伺服器的韌體及BIOS(Basic Input/Output System)、或者一嵌入式控制器(Embed Controller,EC)等電腦設備的韌體所構成。It must be noted that the firmware described in this preferred embodiment is mainly responsible for the operation of the computing device until a startup program that loads an operating system (OS) into a memory on the computing device can run . Once loaded, the operating system is responsible for the normal operation of the computing device, although after loading the operating system, for security and other reasons, providing certain services may require the control to be transferred from the operating system back to the firmware. In the present invention, the firmware can be a baseboard management controller (BMC), an IE (Innovation Engine) server firmware and BIOS (Basic Input/Output System), or an embedded controller (Embed Controller, EC), etc. The firmware of the computer equipment.

當該電子裝置10的第一處理器11執行該韌體程式,且需要輸入該韌體密碼資訊時,由該電子裝置10的第一通訊模組12發送一通知訊息至該電子鑰匙裝置20的第二通訊模組22,並由該電子鑰匙裝置20的第二處理器21判斷是否接收到該輸入模組24輸入的一認證資訊,若是,則由該電子鑰匙裝置20的第二通訊模組22發送該韌體密碼資訊至該電子裝置10的第一通訊模組12,以及由該電子裝置10的第一處理器11根據該韌體密碼資訊,進入該韌體程式的一設定環境或其他功能選項。When the first processor 11 of the electronic device 10 executes the firmware program and needs to input the firmware password information, the first communication module 12 of the electronic device 10 sends a notification message to the electronic key device 20 The second communication module 22, and the second processor 21 of the electronic key device 20 determines whether an authentication information input by the input module 24 is received, and if so, the second communication module of the electronic key device 20 22 Send the firmware password information to the first communication module 12 of the electronic device 10, and the first processor 11 of the electronic device 10 enters a setting environment or other settings of the firmware program according to the firmware password information Functional options.

藉由本發明之上述較佳實施例可知,本發明的主要應用方式係於使用者隨身攜帶該電子鑰匙裝置20,並且操作該電子裝置10,當該電子裝置10執行該韌體程式,且需要輸入該韌體密碼資訊時,該電子裝置10發送該通知訊息至該電子鑰匙裝置20,並由該電子鑰匙裝置20判斷是否接收到由使用者輸入的該認證資訊,若是,則發送該韌體密碼資訊至該電子裝置10,該電子裝置10根據該韌體密碼資訊進入該韌體程式提供的設定環境或其他功能選項,藉此將該電子裝置10的韌體密碼資訊分離至該電子鑰匙裝置20中,能產生兼具安全管理、便於攜帶之功效。According to the above-mentioned preferred embodiments of the present invention, the main application method of the present invention is to carry the electronic key device 20 with the user and operate the electronic device 10. When the electronic device 10 executes the firmware program and needs to input When the firmware password information, the electronic device 10 sends the notification message to the electronic key device 20, and the electronic key device 20 determines whether the authentication information input by the user is received, and if so, sends the firmware password Information to the electronic device 10, the electronic device 10 enters the setting environment or other function options provided by the firmware program according to the firmware password information, thereby separating the firmware password information of the electronic device 10 to the electronic key device 20 In the middle, it can produce both safety management and easy portability.

根據上述較佳實施例的具體應用方式,本發明可進一步歸納一電子鑰匙安全管理電子裝置的方法,該方法主要係由該電子裝置10以有線或無線的方式連接該電子鑰匙裝置20,該電子裝置10可為一電腦裝置、該電子鑰匙裝置20可為一行動裝置,並於該電子裝置10執行該韌體程式,如圖3所式,該方法包括以下步驟: 令該電子裝置10與該電子鑰匙裝置20建立連線,以交換資訊(S101); 當該電子裝置10需要輸入該韌體密碼資訊,則發送該通知訊息至該電子鑰匙裝置20(S102); 由該電子鑰匙裝置20判斷是否接收到使用者輸入的該認證資訊(S103);於本較佳實施例中,該認證資訊可包括一身分資訊(ID)、一認證碼資訊(Password)及一許可資訊(Permission),並且不同的許可資訊對應有不同的身分資訊、認證碼資訊; 若是,則由該電子鑰匙裝置20發送該韌體密碼資訊至該電子裝置10(S104);以及 由該電子裝置10根據該韌體密碼資訊進入該韌體程式的一設定環境或其他功能選項(S105);於本較佳實施例中,該設定環境或其他功能選項可包括一一BIOS設定環境、一Boot設定環境、一Setup設定環境或一載入配置文件功能等,該載入配置文件功能係可根據不同的許可資訊,而載入對應的一配置文件;另外,該電子鑰匙裝置20發送的韌體密碼資訊,係可為一加密過的韌體密碼資訊,因此當該電子裝置10收到該加密過的韌體密碼資訊,則先對該加密過的韌體密碼資訊進行解密。According to the specific application mode of the above-mentioned preferred embodiment, the present invention can further summarize a method for electronic key security management of an electronic device. The method mainly involves the electronic device 10 being connected to the electronic key device 20 in a wired or wireless manner. The device 10 can be a computer device, the electronic key device 20 can be a mobile device, and the firmware program is executed on the electronic device 10, as shown in FIG. 3. The method includes the following steps: making the electronic device 10 and the The electronic key device 20 establishes a connection to exchange information (S101); when the electronic device 10 needs to input the firmware password information, the notification message is sent to the electronic key device 20 (S102); the electronic key device 20 determines Whether the authentication information input by the user is received (S103); in the preferred embodiment, the authentication information may include an identity information (ID), an authentication code information (Password), and a permission information (Permission), and Different license information corresponds to different identity information and authentication code information; if so, the electronic key device 20 sends the firmware password information to the electronic device 10 (S104); and the electronic device 10 according to the firmware password Information enters a setting environment or other function options of the firmware program (S105); in this preferred embodiment, the setting environment or other function options may include a BIOS setting environment, a Boot setting environment, and a Setup setting environment Or a configuration file loading function, etc. The configuration file loading function can load a corresponding configuration file according to different permission information; in addition, the firmware password information sent by the electronic key device 20 can be a The encrypted firmware password information, so when the electronic device 10 receives the encrypted firmware password information, it first decrypts the encrypted firmware password information.

進一步的,於本較佳實施例中當上述步驟執行至「由該電子鑰匙裝置20判斷是否接收到該認證資訊(S103)」之步驟,如圖4所示,該方法更包括以下次步驟: 若是,則由該電子鑰匙裝置20的第二處理器21判斷該第二儲存模組23中是否已預先儲存有該韌體密碼資訊(S1031); 若否,由該電子鑰匙裝置20要求使用者透過該輸入模組24輸入另一韌體密碼資訊,並儲存於該第二儲存模組23,以及該電子鑰匙裝置20透過無線通訊模組將該另一韌體密碼資訊傳送至該電子裝置10(S1032);以及 接續執行前述「由該電子鑰匙裝置20發送該韌體密碼資訊至該電子裝置10(S104)」之步驟。Further, in the preferred embodiment, when the above steps are executed to the step of "determining whether the authentication information is received by the electronic key device 20 (S103)", as shown in FIG. 4, the method further includes the following steps: If yes, the second processor 21 of the electronic key device 20 determines whether the firmware password information is pre-stored in the second storage module 23 (S1031); if not, the electronic key device 20 requests the user Another firmware password information is input through the input module 24 and stored in the second storage module 23, and the electronic key device 20 transmits the another firmware password information to the electronic device 10 through the wireless communication module (S1032); and continue to perform the steps of "Send the firmware password information from the electronic key device 20 to the electronic device 10 (S104)".

關於本發明電子鑰匙安全管理電子裝置的方法之另一較佳實施例,其主要技術內容與前一較佳實施例大致相同,惟本較佳實施例中在該電子鑰匙安全管理電子裝置的方法中進一步提供一進入該韌體程式設定環境或其他功能選項之流程,如圖5所示,該方法更包括以下步驟: 利用該電子鑰匙裝置20儲存的韌體密碼資訊,進入該電子裝置10之韌體程式的設定環境(S106);於本較佳實施例中,該電子裝置10之韌體程式為一BIOS(Basic Input/Output System),係透過該電子鑰匙裝置20儲存的韌體密碼資訊進入該電子裝置10之BIOS的設定畫面; 修改該韌體程式的一配置資訊(S107),於本較佳實施例中,該配置資訊可為一BIOS的配置文件(BIOS Profile)資料;以及 儲存修改後的一新配置資訊(S108)。Regarding another preferred embodiment of the method for the electronic key to securely manage an electronic device of the present invention, the main technical content is roughly the same as the previous preferred embodiment, but in this preferred embodiment, the method for the electronic key to securely manage an electronic device A process for entering the firmware program setting environment or other function options is further provided. As shown in FIG. 5, the method further includes the following steps: Use the firmware password information stored in the electronic key device 20 to enter the electronic device 10 The setting environment of the firmware program (S106); in this preferred embodiment, the firmware program of the electronic device 10 is a BIOS (Basic Input/Output System), which is the firmware password information stored through the electronic key device 20 Enter the BIOS setting screen of the electronic device 10; modify a configuration information of the firmware program (S107). In the preferred embodiment, the configuration information can be a BIOS profile data; and save A new configuration information after modification (S108).

進一步的,於本較佳實施例中當上述步驟執行至「儲存修改後的一新配置資訊(S108)」之步驟,如圖6所示,該方法更包括以下子步驟: 由該電子鑰匙裝置20儲存修改後的一新配置資訊,該電子鑰匙裝置20可儲存一組以上或多組不同的新配置資訊(S1081);以及 由該電子鑰匙裝置20將該新配置資訊發送至該電子裝置10,以取代該電子裝置10中原本的配置資訊(S1082)。Further, in the preferred embodiment, when the above steps are executed to the step of "saving a modified new configuration information (S108)", as shown in FIG. 6, the method further includes the following sub-steps: from the electronic key device 20 stores a modified new configuration information, the electronic key device 20 can store more than one or more sets of different new configuration information (S1081); and the electronic key device 20 sends the new configuration information to the electronic device 10 , To replace the original configuration information in the electronic device 10 (S1082).

再者,除了上述方式之外,於本較佳實施例中當上述步驟執行至「儲存修改後的一新配置資訊(S108)」之步驟,如圖6所示,該方法更可包括以下子步驟:由該電子鑰匙裝置20直接發送修改後的一新配置資訊至該電子裝置10儲存,以取代該電子裝置10中原本的配置資訊(S1083)。Furthermore, in addition to the above method, in the preferred embodiment, when the above steps are executed to the step of "saving a modified new configuration information (S108)", as shown in FIG. 6, the method may further include the following Steps: The electronic key device 20 directly sends a modified new configuration information to the electronic device 10 for storage to replace the original configuration information in the electronic device 10 (S1083).

10‧‧‧電子裝置11‧‧‧第一處理器12‧‧‧第一通訊模組13‧‧‧第一儲存模組20‧‧‧電子鑰匙裝置21‧‧‧第二處理器22‧‧‧第二通訊模組23‧‧‧第二儲存模組24‧‧‧輸入模組10‧‧‧Electronic device 11‧‧‧First processor 12‧‧‧First communication module 13‧‧‧First storage module 20‧‧‧Electronic key device 21‧‧‧Second processor 22‧‧ ‧Second communication module 23‧‧‧Second storage module 24‧‧‧Input module

圖1 係本發明之一較佳實施例的系統架構方塊圖。 圖2 係本發明之一較佳實施例的又一系統架構方塊圖。 圖3 係本發明之一較佳實施例的方法流程圖。 圖4 係本發明之一較佳實施例的又一方法流程圖。 圖5 係本發明之另一較佳實施例的方法流程圖。 圖6 係本發明之另一較佳實施例的又一方法流程圖。Figure 1 is a block diagram of the system architecture of a preferred embodiment of the present invention. Figure 2 is a block diagram of another system architecture of a preferred embodiment of the present invention. Fig. 3 is a flowchart of a method according to a preferred embodiment of the present invention. Fig. 4 is a flowchart of another method according to a preferred embodiment of the present invention. Figure 5 is a flowchart of another preferred embodiment of the present invention. Fig. 6 is a flowchart of another method according to another preferred embodiment of the present invention.

10‧‧‧電子裝置 10‧‧‧Electronic device

20‧‧‧電子鑰匙裝置 20‧‧‧Electronic key device

Claims (8)

一種以電子鑰匙安全管理電子裝置的方法,係由一電子裝置連接一電子鑰匙裝置所組成,並於該電子裝置執行一韌體程式(Firmware),該方法包括以下步驟:當該電子裝置需要輸入一韌體密碼資訊,則發送一通知訊息至該電子鑰匙裝置;由該電子鑰匙裝置判斷是否接收到一認證資訊,包含以下次步驟:若是,則判斷是否已預先儲存有該韌體密碼資訊;若是,則由該電子鑰匙裝置發送該韌體密碼資訊至該電子裝置;若否,要求使用者輸入另一韌體密碼資訊,並儲存該使用者輸入的該另一韌體密碼資訊,以及由該電子鑰匙裝置透過無線發送該另一韌體密碼資訊至該電子裝置;以及由該電子裝置根據該韌體密碼資訊進入該韌體程式的一設定環境或其他功能選項。 A method for safely managing an electronic device with an electronic key is composed of an electronic device connected to an electronic key device, and a firmware program (Firmware) is executed on the electronic device. The method includes the following steps: When the electronic device requires input A firmware password information, sending a notification message to the electronic key device; determining whether an authentication information is received by the electronic key device, including the following steps: if yes, determining whether the firmware password information has been stored in advance; If yes, the electronic key device sends the firmware password information to the electronic device; if not, the user is required to enter another firmware password information, and the other firmware password information entered by the user is stored, and The electronic key device wirelessly sends the another firmware password information to the electronic device; and the electronic device enters a setting environment or other function options of the firmware program according to the firmware password information. 如請求項1所述之以電子鑰匙安全管理電子裝置的方法,該方法更包括以下步驟:利用該電子鑰匙裝置儲存的韌體密碼資訊,進入該電子裝置之韌體程式的設定環境;修改該韌體程式的一配置資訊;儲存修改後的一新配置資訊。 As described in claim 1, the method for safely managing an electronic device with an electronic key further includes the following steps: using the firmware password information stored in the electronic key device to enter the setting environment of the firmware program of the electronic device; A configuration information of the firmware program; a new configuration information after modification is saved. 如請求項2所述之以電子鑰匙安全管理電子裝置的方法,當上述步驟執行至「儲存修改後的一新配置資訊」之步驟,該方法更包括以下子步驟: 由該電子鑰匙裝置儲存修改後的一新配置資訊,該電子鑰匙裝置儲存一組以上或多組不同的新配置資訊;將該新配置資訊發送至該電子裝置,以取代原本的配置資訊。 For the method for safely managing an electronic device with an electronic key as described in claim 2, when the above steps are executed to the step of "saving a modified new configuration information", the method further includes the following sub-steps: The electronic key device stores a modified new configuration information, the electronic key device stores one or more sets of different new configuration information; the new configuration information is sent to the electronic device to replace the original configuration information. 如請求項2所述之以電子鑰匙安全管理電子裝置的方法,當上述步驟執行至「儲存修改後的一新配置資訊」之步驟,該方法更包括以下子步驟:由該電子鑰匙裝置發送修改後的一新配置資訊至該電子裝置儲存,以取代該電子裝置中原本的配置資訊。 For the method for safely managing an electronic device with an electronic key as described in claim 2, when the above steps are executed to the step of "saving a modified new configuration information", the method further includes the following sub-steps: sending the modification from the electronic key device The latter new configuration information is stored in the electronic device to replace the original configuration information in the electronic device. 一種以電子鑰匙安全管理電子裝置的系統,其包括:一電子裝置,其包括一第一處理器、一第一通訊模組以及一第一儲存模組,該第一處理器係電連接該第一通訊模組、該第一儲存模組,該第一儲存模組儲存一韌體程式(Firmware);一電子鑰匙裝置,其包括一第二處理器、一第二通訊模組、一第二儲存模組以及一輸入模組,該第二處理器係電連接該第二通訊模組、該第二儲存模組、該輸入模組,該第二通訊模組係與該第一通訊模組連接;其中,當該電子裝置的第一處理器執行該韌體程式,且需要輸入該韌體密碼資訊時,由該電子裝置的第一通訊模組發送一通知訊息至該電子鑰匙裝置的第二通訊模組,並由該電子鑰匙裝置的第二處理器判斷是否接收到該輸入模組輸入的一認證資訊,若是,則判斷該第二儲存模組是否已預先儲存有該韌體密碼資訊,若該第二儲存模組已預先儲存該韌體密碼資訊,則由該電子鑰匙裝置的第二通訊模組發送該韌體密碼資訊至該電子裝置的第一通訊模組,若該第二儲存模組未預先儲存該韌體密碼資訊,則要求使用者輸入另一韌體密碼資訊,並由該第二儲存模組儲存該使用者輸入的該另一韌體密碼資訊,以及由該電子鑰匙裝置透過該第二通訊模組發送該另一韌體密碼資訊至該電子裝置,以及由 該電子裝置的第一處理器根據該韌體密碼資訊,進入該韌體程式的一設定環境或其他功能選項。 A system for safely managing an electronic device with an electronic key includes: an electronic device including a first processor, a first communication module, and a first storage module. The first processor is electrically connected to the second A communication module, the first storage module, the first storage module stores a firmware program (Firmware); an electronic key device, which includes a second processor, a second communication module, a second A storage module and an input module, the second processor is electrically connected to the second communication module, the second storage module, and the input module, the second communication module is connected to the first communication module Connection; wherein, when the first processor of the electronic device executes the firmware program and needs to enter the firmware password information, the first communication module of the electronic device sends a notification message to the first electronic key device Two communication modules, and the second processor of the electronic key device determines whether the authentication information input by the input module is received, and if so, determines whether the second storage module has pre-stored the firmware password information If the second storage module has pre-stored the firmware password information, the second communication module of the electronic key device sends the firmware password information to the first communication module of the electronic device, if the second If the storage module does not store the firmware password information in advance, it requires the user to enter another firmware password information, and the second storage module stores the other firmware password information entered by the user, and the electronic The key device sends the other firmware password information to the electronic device through the second communication module, and The first processor of the electronic device enters a setting environment or other function options of the firmware program according to the firmware password information. 如請求項5所述之以電子鑰匙安全管理電子裝置的系統,該第一通訊模組與該第二通訊模組可分別由一無線通訊模組或一有線通訊模組所構成。 For the system for safely managing an electronic device with an electronic key as described in claim 5, the first communication module and the second communication module can be respectively composed of a wireless communication module or a wired communication module. 如請求項5所述之以電子鑰匙安全管理電子裝置的系統,該認證資訊可包括一身分資訊、一認證碼資訊及一許可資訊,並且不同的許可資訊對應有不同的身分資訊、認證碼資訊;該設定環境或其他功能選項可包括一BIOS設定環境、一Boot設定環境、一Setup設定環境或一載入配置文件功能,該載入配置文件功能係可根據不同的許可資訊,而載入對應的一配置文件。 For the system for safely managing electronic devices with electronic keys as described in claim 5, the authentication information may include an identity information, an authentication code information, and a permission information, and different permission information corresponds to different identity information and authentication code information ; The setting environment or other function options may include a BIOS setting environment, a Boot setting environment, a Setup setting environment, or a configuration file loading function. The configuration file loading function can be loaded according to different license information. A configuration file. 如請求項5所述之以電子鑰匙安全管理電子裝置的系統,該電子鑰匙裝置發送的韌體密碼資訊,係可為一加密過的韌體密碼資訊,當該電子裝置收到該加密過的韌體密碼資訊,則對該加密過的韌體密碼資訊進行解密。For the system for safely managing an electronic device with an electronic key as described in claim 5, the firmware password information sent by the electronic key device can be an encrypted firmware password information, when the electronic device receives the encrypted The firmware password information is to decrypt the encrypted firmware password information.
TW107108289A 2018-03-12 2018-03-12 Method and system for safely managing electronic devices with electronic keys TWI709873B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107108289A TWI709873B (en) 2018-03-12 2018-03-12 Method and system for safely managing electronic devices with electronic keys

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107108289A TWI709873B (en) 2018-03-12 2018-03-12 Method and system for safely managing electronic devices with electronic keys

Publications (2)

Publication Number Publication Date
TW201939333A TW201939333A (en) 2019-10-01
TWI709873B true TWI709873B (en) 2020-11-11

Family

ID=69023301

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107108289A TWI709873B (en) 2018-03-12 2018-03-12 Method and system for safely managing electronic devices with electronic keys

Country Status (1)

Country Link
TW (1) TWI709873B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI738243B (en) * 2020-03-10 2021-09-01 神雲科技股份有限公司 Server system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW420796B (en) * 1999-01-13 2001-02-01 Primax Electronics Ltd Computer system equipped with portable electronic key
US7447911B2 (en) * 2003-11-28 2008-11-04 Lightuning Tech. Inc. Electronic identification key with portable application programs and identified by biometrics authentication
US7956770B2 (en) * 2007-06-28 2011-06-07 Sony Ericsson Mobile Communications Ab Data input device and portable electronic device
TW201327167A (en) * 2011-12-29 2013-07-01 Hon Hai Prec Ind Co Ltd Electronic device and password protecting method thereof
TW201405356A (en) * 2012-07-30 2014-02-01 Yen-Yuan Chiang Management and protection system for personal information of mobile device and method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW420796B (en) * 1999-01-13 2001-02-01 Primax Electronics Ltd Computer system equipped with portable electronic key
US7447911B2 (en) * 2003-11-28 2008-11-04 Lightuning Tech. Inc. Electronic identification key with portable application programs and identified by biometrics authentication
US7956770B2 (en) * 2007-06-28 2011-06-07 Sony Ericsson Mobile Communications Ab Data input device and portable electronic device
TW201327167A (en) * 2011-12-29 2013-07-01 Hon Hai Prec Ind Co Ltd Electronic device and password protecting method thereof
TW201405356A (en) * 2012-07-30 2014-02-01 Yen-Yuan Chiang Management and protection system for personal information of mobile device and method thereof

Also Published As

Publication number Publication date
TW201939333A (en) 2019-10-01

Similar Documents

Publication Publication Date Title
US8909940B2 (en) Extensible pre-boot authentication
JP4982825B2 (en) Computer and shared password management methods
CN108476404A (en) Safety equipment matches
KR101654778B1 (en) Hardware-enforced access protection
US20090319806A1 (en) Extensible pre-boot authentication
US20200026882A1 (en) Methods and systems for activating measurement based on a trusted card
US20150381658A1 (en) Premises-aware security and policy orchestration
US8296841B2 (en) Trusted platform module supported one time passwords
WO2019047148A1 (en) Password verification method, terminal, and computer readable storage medium
US20190139026A1 (en) Mobile payment method, system on chip, and terminal
WO2020135814A1 (en) Locking method and related electronic device
US20200019708A1 (en) Remote access controller in-band access system
WO2016072833A1 (en) System and method to disable factory reset
WO2022256128A1 (en) Firmware policy enforcement via a security processor
KR20190033930A (en) Electronic device for encrypting security information and method for controlling thereof
TWI709873B (en) Method and system for safely managing electronic devices with electronic keys
US20230359741A1 (en) Trusted boot method and apparatus, electronic device, and readable storage medium
KR101745390B1 (en) Data leakage prevention apparatus and method thereof
KR102248132B1 (en) Method, apparatus and program of log-in using biometric information
US20220078026A1 (en) Verifications of workload signatures
KR20210026233A (en) Electronic device for controlling access for device resource and operating method thereof
TWI616772B (en) Factory reset protection disarm method and electronic device
EP3915030B1 (en) Storage of network credentials
JP5854070B2 (en) Access control device, terminal device, and program
WO2023142749A1 (en) Device unlocking method and apparatus, electronic device and computer-readable storage medium