TWI714159B - User authentication management system and method - Google Patents

User authentication management system and method Download PDF

Info

Publication number
TWI714159B
TWI714159B TW108124271A TW108124271A TWI714159B TW I714159 B TWI714159 B TW I714159B TW 108124271 A TW108124271 A TW 108124271A TW 108124271 A TW108124271 A TW 108124271A TW I714159 B TWI714159 B TW I714159B
Authority
TW
Taiwan
Prior art keywords
user
expansion
client device
network
management information
Prior art date
Application number
TW108124271A
Other languages
Chinese (zh)
Other versions
TW202103474A (en
Inventor
楊長杰
曹志銘
Original Assignee
東碩資訊股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 東碩資訊股份有限公司 filed Critical 東碩資訊股份有限公司
Priority to TW108124271A priority Critical patent/TWI714159B/en
Application granted granted Critical
Publication of TWI714159B publication Critical patent/TWI714159B/en
Publication of TW202103474A publication Critical patent/TW202103474A/en

Links

Images

Landscapes

  • Small-Scale Networks (AREA)

Abstract

A user authentication management system and a method thereof are provided, which are suitable for allocating authorities to one or more user devices. The system includes one or more docking stations and a management information device. Each user device is connected to the docking station. Each docking station is configured to transmit user identification information obtained from the user devices. The management information device is connected to the one or more docking stations and stores a user authentication database. The management information device is configured to look up a user identity corresponding to the user identification information of each user device and authentication granted to the user identity from the user authentication database. The management information device allows each user device to use resources in accordance with the granted authentications.

Description

用戶權限管理系統及方法User authority management system and method

本發明涉及一種管理系統及方法,特別是涉及一種用戶權限管理系統及方法。The invention relates to a management system and method, in particular to a user authority management system and method.

隨著網路技術的發展,網路用戶逐步增加,網路已經成為人們生活、工作中不可或缺的重要因素,在我們的家庭、公司都存在區域網路, 如公司網路、家庭網路等。在區域網路內,如何區分不同的網路用戶,並根據不同的用戶分配對應的權限,成為一個重要的課題,如公司網路,希望能夠區別老闆、管理員、員工等不同用戶,並對這些用戶,分別分配不同的權限。With the development of Internet technology, Internet users have gradually increased. The Internet has become an indispensable factor in people’s lives and work. There are local networks in our homes and companies, such as corporate networks and home networks. Wait. In a local area network, how to distinguish between different network users and assign corresponding permissions according to different users has become an important topic. For example, in a company network, it is hoped to distinguish between different users such as bosses, administrators, and employees. These users are assigned different permissions.

本發明所要解決的技術問題在於,針對現有技術的不足提供一種用戶權限管理系統,適用於分配一或多個用戶端裝置的權限。種用戶權限管理系統包含一或多個擴充裝置以及管理資訊裝置。一或多個擴充裝置提供用戶端裝置與擴充裝置連接。擴充裝置配置以傳輸從相連接的用戶端裝置取得的用戶識別資訊。管理資訊裝置連接一或多個擴充裝置。管理資訊裝置儲存用戶權限資料庫。管理資訊裝置配置以從用戶權限資料庫中,查找用戶端裝置的用戶識別資訊對應的使用者身分以及允許使用者身分使用的權限,以控制擴充裝置允許用戶端裝置使用權限內的資源。The technical problem to be solved by the present invention is to provide a user authority management system in view of the shortcomings of the prior art, which is suitable for allocating the authority of one or more client devices. This user authority management system includes one or more expansion devices and management information devices. One or more expansion devices provide the connection between the client device and the expansion device. The expansion device is configured to transmit user identification information obtained from the connected client device. The management information device is connected to one or more expansion devices. The management information device stores the user authority database. The management information device configuration is used to find the user identity corresponding to the user identification information of the client device and the permission to use the user identity from the user permission database to control the resources within the permission of the client device to be used by the expansion device.

另外,本發明提供一種用戶權限管理方法,適用於分配一或多個用戶端裝置的權限,包含以下步驟:配置一或多個擴充裝置,提供用戶端裝置與其中一擴充裝置連接,從與擴充裝置連接的用戶端裝置取得用戶識別資訊,並傳輸用戶識別資訊;配置管理資訊裝置,儲存用戶權限資料庫;利用管理資訊裝置,從用戶權限資料庫中查找用戶識別資訊對應的使用者身分以及允許使用者身分使用的權限;以及利用管理資訊裝置,控制擴充裝置允許用戶端裝置使用權限內的資源。In addition, the present invention provides a user authority management method, which is suitable for allocating the authority of one or more client devices, including the following steps: configure one or more expansion devices, provide the client device to connect with one of the expansion devices, and expand The client device connected to the device obtains user identification information and transmits user identification information; configures the management information device to store the user authority database; uses the management information device to find the user identity and permission corresponding to the user identification information from the user authority database The authority used by the user as a user; and using the management information device to control the expansion device to allow the client device to use the resources within the authority.

如上所述,本發明提供一種用戶權限管理系統及方法,其可透過擴充裝置連接多個用戶端裝置與管理資訊裝置,利用擴充裝置傳輸與擴充裝置連接的用戶端裝置的識別資訊至管理資訊裝置,管理資訊裝置將用戶端裝置的識別資訊與用戶權限資料庫中儲存的識別資訊進行匹配,如果匹配成功,允許用戶端裝置在用戶權限資料庫中的識別資訊對應的網路權限內使用網路資源,藉此對預上線用戶的訪問權限和網路資源使用權限進行有效地管理控制。As described above, the present invention provides a user authority management system and method, which can connect multiple client devices with a management information device through an expansion device, and use the expansion device to transmit identification information of the client device connected to the expansion device to the management information device , The management information device matches the identification information of the client device with the identification information stored in the user authority database. If the matching is successful, the client device is allowed to use the network within the network authority corresponding to the identification information in the user authority database Resources, to effectively manage and control the access rights of pre-launched users and the usage rights of network resources.

為使能更進一步瞭解本發明的特徵及技術內容,請參閱以下有關本發明的詳細說明與圖式,然而所提供的圖式僅用於提供參考與說明,並非用來對本發明加以限制。In order to further understand the features and technical content of the present invention, please refer to the following detailed description and drawings about the present invention. However, the provided drawings are only for reference and description, and are not used to limit the present invention.

以下是通過特定的具體實施例來說明本發明所公開有關“發光裝置”的實施方式,本領域技術人員可由本說明書所公開的內容瞭解本發明的優點與效果。本發明可通過其他不同的具體實施例加以施行或應用,本說明書中的項細節也可基於不同觀點與應用,在不悖離本發明的構思下進行種修改與變更。另外,本發明的附圖僅為簡單示意說明,並非依實際尺寸的描繪,事先聲明。以下的實施方式將進一步詳細說明本發明的相關技術內容,但所公開的內容並非用以限制本發明的保護範圍。The following are specific specific examples to illustrate the implementation of the "light emitting device" disclosed in the present invention. Those skilled in the art can understand the advantages and effects of the present invention from the content disclosed in this specification. The present invention can be implemented or applied through other different specific embodiments, and the item details in this specification can also be modified and changed based on different viewpoints and applications without departing from the concept of the present invention. In addition, the drawings of the present invention are merely schematic illustrations, and are not drawn according to actual dimensions, and are stated in advance. The following embodiments will further describe the related technical content of the present invention in detail, but the disclosed content is not intended to limit the protection scope of the present invention.

應當可以理解的是,雖然本文中可能會使用到“第一”、“第二”、“第三”等術語來描述種元件或者信號,但這些元件或者信號不應受這些術語的限制。這些術語主要是用以區分一元件與另一元件,或者一信號與另一信號。另外,本文中所使用的術語“或”,應視實際情況可能包含相關聯的列出項目中的任一個或者多個的組合。It should be understood that although terms such as "first", "second", and "third" may be used herein to describe various elements or signals, these elements or signals should not be limited by these terms. These terms are mainly used to distinguish one element from another, or one signal from another signal. In addition, the term "or" used in this article should, depending on the actual situation, possibly include any one or a combination of more of the associated listed items.

[第一實施例][First Embodiment]

請參閱圖1,其為本發明第一實施例的用戶權限管理系統的方塊圖。如圖1所示,本發明第一實施例的用戶權限管理系統1包含一個擴充裝置(Docking Station) DOCK以及管理資訊裝置(Management Information System) MIS,適用於分配一或多個用戶端裝置的權限,例如兩個用戶端裝置USER1、USER2的權限例如訪問網路的權限。Please refer to FIG. 1, which is a block diagram of a user authority management system according to a first embodiment of the present invention. As shown in FIG. 1, the user authority management system 1 of the first embodiment of the present invention includes an expansion device (Docking Station) DOCK and a management information device (Management Information System) MIS, which is suitable for allocating the authority of one or more client devices. For example, the permissions of the two client devices USER1 and USER2 are the permissions to access the network.

共用擴充裝置DOCK可設置在一空間例如整個公司內,或多個擴充裝置DOCK可分別設置在該空間劃分出的多個子空間內例如多個會議室內。擴充裝置DOCK可具有多個擴充槽。The common expansion device DOCK may be installed in a space such as an entire company, or multiple expansion devices DOCK may be respectively installed in multiple sub-spaces divided by the space, such as multiple conference rooms. The expansion device DOCK can have multiple expansion slots.

連接器的兩端可分別***用戶端裝置USER1或USER2的連接埠與擴充裝置DOCK的擴充槽,以將用戶端裝置USER1或USER2與擴充裝置DOCK電性連接。如圖1所示,在本實施例中,擴充裝置DOCK具有兩個USB擴充槽,兩個用戶端裝置USER1、USER2分別具有USB連接埠,實務上,其可替換為不同型態的擴充槽以及連接埠,在此僅舉例說明,本發明不以此為限。Both ends of the connector can be respectively inserted into the port of the client device USER1 or USER2 and the expansion slot of the expansion device DOCK to electrically connect the client device USER1 or USER2 and the expansion device DOCK. As shown in Figure 1, in this embodiment, the expansion device DOCK has two USB expansion slots, and the two client devices USER1 and USER2 have USB ports respectively. In practice, they can be replaced with different types of expansion slots and The connection port is only illustrated here, and the present invention is not limited thereto.

管理資訊裝置MIS可無線連接擴充裝置DOCK,配置以控制擴充裝置DOCK,以管理多個用戶端裝置USER1、USER2的網路權限。管理資訊裝置MIS可預先儲存用戶權限資料庫,其具有用戶端裝置USER1、USER2的使用者身分例如訪客、客戶、老闆、主管、員工等,以及針對不同等級的使用者身分設置的不同的權限,例如可訪問所有網頁或僅可訪問特定網頁。The management information device MIS can be wirelessly connected to the expansion device DOCK, and configured to control the expansion device DOCK to manage the network permissions of multiple client devices USER1 and USER2. The management information device MIS can pre-store a user authority database, which has the user identities of the client devices USER1, USER2, such as visitors, customers, bosses, supervisors, employees, etc., and different permissions set for different levels of user identities. For example, all web pages can be accessed or only specific web pages can be accessed.

若用戶端裝置USER1、USER2企圖訪問網路以使用網路資源時,用戶端裝置USER1、USER2可有線連接擴充裝置DOCK。擴充裝置DOCK可取得相連接的用戶端裝置USER1、USER2的用戶識別資訊ID。例如,用戶識別資訊ID為用戶端裝置USER1或USER2的唯一識別碼,例如用戶端裝置USER1、USER2的IP位址或MAC位址,在此僅舉例說明,本發明不以此為限。If the client devices USER1 and USER2 attempt to access the network to use network resources, the client devices USER1 and USER2 can be wired to the expansion device DOCK. The expansion device DOCK can obtain the user identification information ID of the connected client devices USER1 and USER2. For example, the user identification information ID is the unique identification code of the client device USER1 or USER2, such as the IP address or MAC address of the client device USER1 or USER2. This is only an example, and the present invention is not limited to this.

網路交換器NESW1、NESW2可設置在擴充裝置DOCK以及管理資訊裝置MIS之間。擴充裝置DOCK可將用戶端裝置USER1、USER2分別的用戶識別資訊ID,分別透過網路交換器NESW1、NESW2傳輸至管理資訊裝置MIS。Network switches NESW1 and NESW2 can be installed between the expansion device DOCK and the management information device MIS. The expansion device DOCK can transmit the user identification information IDs of the client devices USER1 and USER2 respectively to the management information device MIS through the network switches NESW1 and NESW2.

管理資訊裝置MIS可從其所儲存的用戶權限資料庫中,查找用戶端裝置USER1、USER2的用戶識別資訊對應的使用者身分以及允許使用者身分使用的權限,以控制擴充裝置DOCK允許用戶端裝置USER1、USER2使用權限內的資源。The management information device MIS can search for the user identity corresponding to the user identification information of the client devices USER1 and USER2 from the user authority database stored in it, and the permissions allowed to use the user identity to control the expansion device DOCK to allow the client device USER1 and USER2 use resources within their authority.

舉例來說,管理資訊裝置MIS限制用戶端裝置USER1僅可下載公司專用的網路共享資料夾中的原始檔案,但不具有更改、刪除這些原始檔案的內容、上傳新檔案的網路權限。相較之下,用戶端裝置USER2則具有上傳、下載、更改、刪除原始或新檔案等的網路權限。For example, the management information device MIS restricts the client device USER1 to only download the original files in the company's dedicated network shared folder, but does not have the network permissions to modify, delete the content of these original files, and upload new files. In contrast, the client device USER2 has network permissions to upload, download, modify, and delete original or new files.

請一併參閱圖2、圖3、圖4,圖2為本發明第二實施例的用戶權限管理系統的方塊圖;圖3為本發明第二實施例的用戶權限管理系統的未確認擴充裝置以及用戶端裝置的示意圖;圖4為本發明第二實施例的用戶權限管理系統的已認證擴充裝置以及用戶端裝置的識別資訊的示意圖。Please refer to FIG. 2, FIG. 3, and FIG. 4 together. FIG. 2 is a block diagram of a user authority management system according to a second embodiment of the present invention; FIG. 3 is an unconfirmed expansion device of the user authority management system according to a second embodiment of the present invention and The schematic diagram of the client device; FIG. 4 is a schematic diagram of the authenticated expansion device and the identification information of the client device of the user authority management system according to the second embodiment of the present invention.

如圖2所示,本發明第二實施例的用戶權限管理系統包含多個例如五個擴充裝置DOCK1、DOCK2、DOCK3、DOCK4、DOCK5以及管理資訊裝置MIS,適用於分配多個例如五個用戶端裝置USER1、USER2、USER3、USER4、USER5的權限。用戶端裝置USER1~USER5可為筆記型電腦、行動裝置或其他電子裝置,在此僅舉例說明,本發明不以此為限。As shown in FIG. 2, the user authority management system of the second embodiment of the present invention includes a plurality of, for example, five expansion devices DOCK1, DOCK2, DOCK3, DOCK4, DOCK5, and a management information device MIS, which is suitable for distributing multiple, for example, five client terminals. Device USER1, USER2, USER3, USER4, USER5 permissions. The client devices USER1 to USER5 can be notebook computers, mobile devices, or other electronic devices, which are only examples for illustration, and the present invention is not limited thereto.

用戶端裝置USER1~USER5可分別與擴充裝置DOCK1~DOCK5電性連接。每個擴充裝置DOCK1~DOCK5可具有檢測模組,分別檢測用戶端裝置USER1~USER5與擴充裝置DOCK1~DOCK5的連接狀態。The client devices USER1~USER5 can be electrically connected with the expansion devices DOCK1~DOCK5, respectively. Each expansion device DOCK1~DOCK5 can have a detection module to detect the connection status of the client device USER1~USER5 and the expansion device DOCK1~DOCK5 respectively.

在本實施例中,每個擴充裝置DOCK1~DOCK5僅連接單一個用戶端裝置USER1。然而,實務上,每個擴充裝置DOCK1~DOCK5可具有多個擴充插槽,部分或全部的用戶端裝置USER1~USER5可共用同一個擴充裝置。In this embodiment, each expansion device DOCK1 to DOCK5 is only connected to a single client device USER1. However, in practice, each expansion device DOCK1~DOCK5 can have multiple expansion slots, and some or all of the client devices USER1~USER5 can share the same expansion device.

網路交換器NESW1設置在擴充裝置DOCK1、DOCK2以及管理資訊裝置MIS之間。另外,網路交換器NESW2以及網路交換器NESW1設置在用戶端裝置USER3、USER4、USER5以及管理資訊裝置MIS之間。The network switch NESW1 is arranged between the expansion devices DOCK1, DOCK2 and the management information device MIS. In addition, the network switch NESW2 and the network switch NESW1 are installed between the client devices USER3, USER4, USER5 and the management information device MIS.

如圖3所示,在擴充裝置DOCK1~DOCK5未無線連接至管理資訊裝置MIS之前,管理資訊裝置MIS無法識別擴充裝置DOCK1~DOCK5以及與擴充裝置DOCK1~DOCK5相連接的用戶端裝置USER1~USER5。此時,管理資訊裝置MIS可從外部電子裝置例如雲端伺服器接收一權限設定請求,並據以預先設定可能連接擴充裝置DOCK1~DOCK5的多個用戶端裝置USER1~USER5或其他不可預期的用戶端裝置例如臨時訪客的權限。As shown in Figure 3, before the expansion devices DOCK1~DOCK5 are not wirelessly connected to the management information device MIS, the management information device MIS cannot identify the expansion devices DOCK1~DOCK5 and the client devices USER1~USER5 connected to the expansion devices DOCK1~DOCK5. At this time, the management information device MIS can receive a permission setting request from an external electronic device such as a cloud server, and pre-set multiple client devices USER1~USER5 that may be connected to the expansion device DOCK1~DOCK5 or other unexpected clients based on it. Permission for devices such as temporary visitors.

在用戶端裝置USER1~USER5的使用者職位改變或更換其他使用者使用時,管理資訊裝置MIS可更新所儲存的用戶權限資料庫的用戶端裝置USER1~USER5的權限。在增加新用戶端裝置或新用戶端裝置取代原有的用戶端裝置USER1~USER5時,管理資訊裝置MIS可增加用戶權限資料庫的新用戶端裝置的用戶識別資訊例如IP位址或MAC位址,設定新用戶端裝置的使用者身分允許的權限。When the user position of the client device USER1~USER5 is changed or another user is used, the management information device MIS can update the permissions of the client device USER1~USER5 in the stored user permission database. When a new client device is added or a new client device replaces the original client device USER1~USER5, the management information device MIS can increase the user identification information of the new client device in the user authority database, such as IP address or MAC address To set the permissions allowed by the user identity of the new client device.

可選擇性地,為方便確認用戶端裝置USER1~USER5的使用者的身分是否更換,可加設一道認證程序。舉例來說,當用戶端裝置USER1~USER5有線連接擴充裝置DOCK1~DOCK5,並且擴充裝置DOCK1~DOCK5無線連接管理資訊裝置MIS時,管理資訊裝置MIS可請求與擴充裝置DOCK1~DOCK5連接的用戶端裝置USER1~USER5的使用者回應其身分識別資訊例如個人資訊(包含姓名、職位階級等)或代表個人資訊的一組身分識別碼。Optionally, in order to facilitate the confirmation of whether the identities of the users of the client devices USER1~USER5 are changed, an authentication procedure can be added. For example, when the client device USER1~USER5 is wired to the expansion device DOCK1~DOCK5, and the expansion device DOCK1~DOCK5 is wirelessly connected to the management information device MIS, the management information device MIS can request the client device connected to the expansion device DOCK1~DOCK5 The users of USER1~USER5 respond to their identification information such as personal information (including name, job class, etc.) or a set of identification codes representing personal information.

管理資訊裝置MIS可認證個人資訊以及身分識別碼,決定用戶端裝置USER1~USER5的權限。當管理資訊裝置MIS比對取得的個人資訊以及身分識別碼與用戶端裝置USER1~USER5原本的個人資訊以及身分識別碼不同,判斷用戶端裝置USER1~USER5的使用者已更換或職位階級已調整。在此情況下,管理資訊裝置MIS可更新用戶權限資料庫所儲存的用戶端裝置USER1~USER5的使用者身分資料,並針對新使用者身分資料重新設置權限。The management information device MIS can authenticate personal information and identification codes, and determine the permissions of the client devices USER1~USER5. When the personal information and ID codes obtained by the management information device MIS are different from the original personal information and ID codes of the client devices USER1~USER5, it is determined that the users of the client devices USER1~USER5 have been replaced or the position level has been adjusted. In this case, the management information device MIS can update the user identity data of the client devices USER1~USER5 stored in the user permission database, and reset the permissions for the new user identity data.

除了用戶端裝置USER1~USER5的權限除了取決於用戶端裝置USER1~USER5的用戶識別資訊對應的使用者身分外,亦可取決於用戶端裝置USER1~USER5所連接的擴充裝置DOCK1~DOCK5的擴充識別資訊對應的擴充裝置資訊例如其所設置的位置。In addition to the authority of the client devices USER1~USER5 depending on the user identity corresponding to the user identification information of the client devices USER1~USER5, it can also depend on the extended identification of the expansion devices DOCK1~DOCK5 connected to the client devices USER1~USER5 The expansion device information corresponding to the information, such as its set location.

舉例來說,管理資訊裝置MIS可儲存擴充裝置DOCK1~DOCK5的擴充識別資訊及所對應的權限在用戶權限資料庫。當用戶端裝置USER1~USER5連接至擴充裝置DOCK1~DOCK5時,管理資訊裝置MIS可依據擴充識別資訊識別擴充裝置DOCK1~DOCK5,接著依據擴充裝置DOCK1~DOCK5的擴充識別資訊以及用戶端裝置USER1~USER5的用戶識別資訊,決定與擴充裝置DOCK1~DOCK5相連接的用戶端裝置USER1~USER5的權限。For example, the management information device MIS can store the extended identification information of the expansion devices DOCK1~DOCK5 and the corresponding permissions in the user permissions database. When the client device USER1~USER5 is connected to the expansion device DOCK1~DOCK5, the management information device MIS can identify the expansion device DOCK1~DOCK5 according to the expansion identification information, and then according to the expansion identification information of the expansion device DOCK1~DOCK5 and the client device USER1~USER5 The user identification information determines the permissions of the client devices USER1~USER5 connected to the expansion devices DOCK1~DOCK5.

請參閱圖5,其為本發明第三實施例的用戶權限管理方法的步驟流程圖。如圖5所示,本發明第三實施例的用戶權限管理方法包含以下步驟S501~S517。Please refer to FIG. 5, which is a flowchart of the steps of a user authority management method according to a third embodiment of the present invention. As shown in FIG. 5, the user authority management method of the third embodiment of the present invention includes the following steps S501 to S517.

在步驟S501,資訊管理裝置可設定一或多個用戶端裝置的網路權限,儲存一或多個用戶端裝置的用戶識別資訊以及其相應的網路權限,建立用戶權限資料庫。本實施例以網路權限為例,但應理解資訊管理裝置亦可管理用戶端裝置對其他資源的使用權限,例如透過顯示裝置同步顯示用戶端裝置的畫面等,在此僅舉例說明,本發明不以此為限。In step S501, the information management device may set network permissions of one or more client devices, store user identification information of one or more client devices and their corresponding network permissions, and create a user permission database. This embodiment takes the network authority as an example, but it should be understood that the information management device can also manage the use authority of the client device for other resources, such as displaying the screen of the client device synchronously through the display device. This is only an example for illustration. Not limited to this.

在步驟S503,用戶端裝置可選擇性地連接多個擴充裝置中的任一個擴充裝置。舉例來說,用戶端裝置依據所在位置決定連接哪一個擴充裝置。應理解,用戶端裝置的位置是可以改變的,故可從一擴充裝置的擴充插槽拔出連接器,改***另一擴充裝置的擴充插槽。In step S503, the client device can be selectively connected to any one of the multiple expansion devices. For example, the client device determines which expansion device to connect to according to its location. It should be understood that the position of the client device can be changed, so the connector can be pulled out from the expansion slot of one expansion device and inserted into the expansion slot of another expansion device.

在步驟S505,擴充裝置的檢測模組檢測到用戶端裝置與其相連接時,擴充裝置的處理模組可對相連接的用戶端裝置打開認證權限,輸出一用戶身分認證要求至用戶端裝置以要求用戶端裝置提供用戶識別資訊。In step S505, when the detection module of the expansion device detects that the client device is connected to it, the processing module of the expansion device can open the authentication authority to the connected client device, and output a user identity authentication request to the client device to request The client device provides user identification information.

在步驟S507,用戶端裝置接收到身分認證要求時,可回應用戶識別資訊至擴充裝置,請求進行身分驗證。In step S507, when the client device receives the identity authentication request, it can respond to the user identification information to the expansion device to request identity verification.

在步驟S509,擴充裝置透過網路無線傳輸用戶端裝置的用戶識別資訊至管理資訊裝置,請求管理資訊裝置驗證用戶端裝置。In step S509, the expansion device wirelessly transmits the user identification information of the client device to the management information device via the network, and requests the management information device to verify the client device.

在步驟S511,資訊管理裝置可比對用戶端裝置提供的用戶識別資訊與用戶權限資料庫中所儲存的用戶識別資訊,查找用戶權限資料庫所儲存的用戶識別資訊對應的使用者身分以及允許的處理模組的網路權限。In step S511, the information management device may compare the user identification information provided by the client device with the user identification information stored in the user authority database, search for the user identity corresponding to the user identification information stored in the user authority database, and allow processing The network permissions of the module.

在步驟S513,資訊管理裝置查找用戶權限資料庫中的用戶端裝置的使用者身分允許的網路權限,發下用戶端裝置的網路權限。In step S513, the information management device searches for the network permissions permitted by the user identity of the client device in the user permission database, and issues the network permissions of the client device.

在步驟S515,擴充裝置通知用戶端裝置已完成身分驗證。In step S515, the expansion device notifies the client device that the identity verification has been completed.

在步驟S517,擴充裝置允許用戶端裝置在資訊管理裝置允許的網路權限內使用網路資源,例如訪問特定網頁、存取規範內的資料。In step S517, the expansion device allows the client device to use network resources within the network permissions allowed by the information management device, such as accessing specific web pages and accessing data in specifications.

[實施例的有益效果][Beneficial effects of the embodiment]

綜上所述,本發明提供一種用戶權限管理系統及方法,其可透過擴充裝置連接多個用戶端裝置與管理資訊裝置,利用擴充裝置傳輸與擴充裝置連接的用戶端裝置的識別資訊至管理資訊裝置,管理資訊裝置將用戶端裝置的識別資訊與用戶權限資料庫中儲存的識別資訊進行匹配,如果匹配成功,允許用戶端裝置在用戶權限資料庫中的識別資訊對應的網路權限內使用網路資源,藉此對預上線用戶的訪問權限和網路資源使用權限進行有效地管理控制。In summary, the present invention provides a user authority management system and method, which can connect multiple client devices and management information devices through an expansion device, and use the expansion device to transmit the identification information of the client device connected to the expansion device to the management information Device, the management information device matches the identification information of the client device with the identification information stored in the user authority database. If the matching is successful, the client device is allowed to use the network within the network authority corresponding to the identification information in the user authority database. Route resources to effectively manage and control the access rights of pre-launched users and network resource usage rights.

以上所公開的內容僅為本發明的優選可行實施例,並非因此侷限本發明的申請專利範圍,所以凡是運用本發明說明書及圖式內容所做的等效技術變化,均包含於本發明的申請專利範圍內。The content disclosed above is only a preferred and feasible embodiment of the present invention, and does not limit the scope of the patent application of the present invention. Therefore, all equivalent technical changes made using the description and schematic content of the present invention are included in the application of the present invention. Within the scope of the patent.

DOCK、DOCK1~DOCK5:擴充裝置DOCK, DOCK1~DOCK5: Expansion device

MIS:管理資訊裝置MIS: Management Information Device

USER1~USER5:用戶端裝置USER1~USER5: client device

NESW1、NESW2:網路交換器NESW1, NESW2: network switch

S501~S517:步驟S501~S517: steps

圖1為本發明第一實施例的用戶權限管理系統的方塊圖。Fig. 1 is a block diagram of a user authority management system according to a first embodiment of the present invention.

圖2為本發明第二實施例的用戶權限管理系統的方塊圖。Fig. 2 is a block diagram of a user authority management system according to a second embodiment of the present invention.

圖3為本發明第二實施例的用戶權限管理系統的未確認擴充裝置以及用戶端裝置的示意圖。3 is a schematic diagram of an unconfirmed expansion device and a client device of the user authority management system according to the second embodiment of the present invention.

圖4為本發明第二實施例的用戶權限管理系統的已認證擴充裝置以及用戶端裝置的識別資訊的示意圖。4 is a schematic diagram of the identification information of the authenticated expansion device and the client device of the user authority management system according to the second embodiment of the present invention.

圖5為本發明第三實施例的用戶權限管理方法的步驟流程圖。Fig. 5 is a flow chart of the steps of a user authority management method according to a third embodiment of the present invention.

DOCK1~DOCK5:擴充裝置 DOCK1~DOCK5: Expansion device

MIS:管理資訊裝置 MIS: Management Information Device

USER1~USER5:用戶端裝置 USER1~USER5: client device

NESW1、NESW2:網路交換器 NESW1, NESW2: network switch

Claims (10)

一種用戶權限管理系統,適用於分配一或多個用戶端裝置的權限,該用戶權限管理系統包含:一擴充裝置,提供該用戶端裝置與該擴充裝置連接,配置以傳輸從相連接的該用戶端裝置取得的一用戶識別資訊;以及一管理資訊裝置,連接該擴充裝置,並且該擴充裝置連接在該管理資訊裝置以及該用戶端裝置之間,該管理資訊裝置儲存一用戶權限資料庫,其中當該用戶端裝置有線連接該擴充裝置,並且該擴充裝置無線連接該管理資訊裝置時,該管理資訊裝置配置以請求該擴充裝置回應該擴充裝置的使用者的該用戶識別資訊所包含的該用戶端裝置的使用者的一姓名以及一職位階級,據以從該用戶權限資料庫中查找該用戶端裝置的該用戶識別資訊對應的一使用者身分以及允許該使用者身分的一權限,以控制該擴充裝置允許該用戶端裝置使用該權限內的資源;其中當該管理資訊裝置比對該用戶權限資料庫與該用戶識別資訊,判斷目前從該用戶端裝置取得的該姓名的該職位階級與該用戶端裝置原本的使用者的職位階級不同,以判斷該用戶端裝置的使用者的職位階級已調整時,該管理資訊裝置更新該用戶權限資料庫所儲存的該用戶端裝置的該使用者身分的資料,並針對新的該使用者身分的資料以重新設置使用者的該權限。 A user authority management system is suitable for allocating the authority of one or more client devices. The user authority management system includes: an expansion device for connecting the client device to the expansion device and configured to transmit the connected user A user identification information obtained by the end device; and a management information device connected to the expansion device, and the expansion device is connected between the management information device and the client device, the management information device stores a user authority database, wherein When the client device is wired to the expansion device, and the expansion device is wirelessly connected to the management information device, the management information device is configured to request the expansion device to respond to the user contained in the user identification information of the user of the expansion device A name and a position level of the user of the end device are used to search for a user identity corresponding to the user identification information of the client device and a permission for the user identity from the user authority database to control The expansion device allows the client device to use the resources within the authority; wherein when the management information device compares the user authority database with the user identification information, it determines the position and rank of the name currently obtained from the client device The original user of the client device has a different job level, to determine that the user’s job level of the client device has been adjusted, the management information device updates the user of the client device stored in the user authority database Identity data, and reset the user’s authority for the new user’s identity data. 如申請專利範圍第1項所述的用戶權限管理系統,其中該管理資訊裝置依據該用戶端裝置的該用戶識別資訊以及該擴充裝置的一擴充識別資訊,以決定該用戶端裝置的使用權限。 For example, in the user authority management system described in item 1 of the scope of patent application, the management information device determines the use authority of the client device based on the user identification information of the client device and an extended identification information of the expansion device. 如申請專利範圍第1項所述的用戶權限管理系統,更包含一第一網路交換器,連接在該管理資訊裝置以及至少一該擴充裝置之間;該第一網路交換器配置以允許該管理資訊裝置以及該至少一擴 充裝置之間透過網路傳輸網路資源。 For example, the user authority management system described in item 1 of the scope of patent application further includes a first network switch connected between the management information device and at least one expansion device; the first network switch is configured to allow The management information device and the at least one extension Transfer network resources between charging devices through the network. 如申請專利範圍第3項所述的用戶權限管理系統,更包含一第二網路交換器,連接在該第一網路交換器以及其他該一或多個擴充裝置之間;該第一網路交換器以及該第二網路交換器配置以允許該管理資訊裝置以及該一或多個擴充裝置之間透過網路傳輸網路資源。 For example, the user authority management system described in item 3 of the scope of patent application further includes a second network switch connected between the first network switch and the other one or more expansion devices; the first network The channel switch and the second network switch are configured to allow the management information device and the one or more expansion devices to transmit network resources through the network. 如申請專利範圍第1項所述的用戶權限管理系統,其中該用戶識別資訊包含該用戶端裝置的一IP位址或一MAC位址。 For the user authority management system described in item 1 of the scope of the patent application, the user identification information includes an IP address or a MAC address of the client device. 一種網路用戶權限管理方法,適用於分配一或多個用戶端裝置的權限,該用戶權限管理方法包含以下步驟:配置一擴充裝置,提供該用戶端裝置與該擴充裝置連接,從與該擴充裝置連接的該用戶端裝置取得一用戶識別資訊,並傳輸該用戶識別資訊;配置一管理資訊裝置,儲存一用戶權限資料庫;利用該管理資訊裝置,請求該擴充裝置回應該擴充裝置的使用者的該用戶識別資訊所包含的該用戶端裝置的使用者的一姓名以及一職位階級,據以從該用戶權限資料庫中查找該用戶識別資訊對應的一使用者身分以及允許該使用者身分使用的一權限;利用該管理資訊裝置,控制該擴充裝置允許該用戶端裝置使用該權限內的網路資源;以及利用該管理資訊裝置,比對該用戶權限資料庫與該用戶識別資訊,判斷目前從該用戶端裝置取得的該姓名的該職位階級與該用戶端裝置原本的使用者的職位階級是否相同,若是,持續執行上一步驟,若否,判斷該用戶端裝置的使用者的職位階級已調整時,更新該用戶權限資料庫所儲存的該用戶端裝置的該使用者身分的資料,並針對新的該使用者身分的資料以重新設置 使用者的該權限。 A network user authority management method is suitable for allocating the authority of one or more client devices. The user authority management method includes the following steps: configuring an expansion device, providing the client device to connect with the expansion device, and then connecting with the expansion device. The client device connected to the device obtains user identification information and transmits the user identification information; configures a management information device to store a user authority database; uses the management information device to request the expansion device to respond to the user of the expansion device The user identification information contains a name and a position level of the user of the client device, based on which a user identity corresponding to the user identification information is searched from the user authority database and the user identity is allowed to use Use the management information device to control the expansion device to allow the client device to use the network resources within the permission; and use the management information device to compare the user authority database with the user identification information to determine the current Whether the job rank of the name obtained from the client device is the same as the job rank of the original user of the client device, if so, continue to perform the previous step, if not, determine the job rank of the user of the client device When adjusted, update the user ID data of the client device stored in the user authority database, and reset the user ID data for the new user ID The user's authority. 如申請專利範圍第6項所述的網路用戶權限管理方法,更包含以下步驟:利用該管理資訊裝置,依據該用戶端裝置的該用戶識別資訊以及該擴充裝置的一擴充識別資訊,以決定該用戶端裝置的使用權限。 For example, the network user authority management method described in item 6 of the scope of the patent application further includes the following steps: using the management information device, based on the user identification information of the client device and an extended identification information of the expansion device to determine The permission to use the client device. 如申請專利範圍第6項所述的網路用戶權限管理方法,更包含以下步驟:配置一第一網路交換器,連接在該管理資訊裝置以及至少一該擴充裝置之間;以及利用該第一網路交換器,允許該管理資訊裝置以及該至少一擴充裝置之間透過網路傳輸網路資源。 For example, the network user authority management method described in item 6 of the scope of patent application further includes the following steps: configuring a first network switch, which is connected between the management information device and at least one expansion device; and using the first network switch A network switch allows network resources to be transmitted between the management information device and the at least one expansion device through the network. 如申請專利範圍第8項所述的網路用戶權限管理方法,更包含以下步驟:配置一第二網路交換器,連接在該第一網路交換器以及其他該一或多個擴充裝置之間;以及利用該第一網路交換器以及一第二網路交換器,允許該管理資訊裝置以及其他該一或多個擴充裝置之間透過網路傳輸網路資源。 The network user authority management method described in item 8 of the scope of patent application further includes the following steps: configure a second network switch, which is connected to the first network switch and the other one or more expansion devices And using the first network switch and a second network switch to allow the management information device and the other one or more expansion devices to transmit network resources through the network. 如申請專利範圍第6項所述的網路用戶權限管理方法,其中該用戶識別資訊包含該用戶端裝置的一IP位址或一MAC位址。 In the method for managing network user rights as described in item 6 of the scope of patent application, the user identification information includes an IP address or a MAC address of the client device.
TW108124271A 2019-07-10 2019-07-10 User authentication management system and method TWI714159B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108124271A TWI714159B (en) 2019-07-10 2019-07-10 User authentication management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108124271A TWI714159B (en) 2019-07-10 2019-07-10 User authentication management system and method

Publications (2)

Publication Number Publication Date
TWI714159B true TWI714159B (en) 2020-12-21
TW202103474A TW202103474A (en) 2021-01-16

Family

ID=74670019

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108124271A TWI714159B (en) 2019-07-10 2019-07-10 User authentication management system and method

Country Status (1)

Country Link
TW (1) TWI714159B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050237985A1 (en) * 1999-11-03 2005-10-27 Wayport, Inc. Providing different network access levels in a network communication system
CN101282254A (en) * 2007-04-02 2008-10-08 华为技术有限公司 Method, system and apparatus for managing household network equipment
CN101436934A (en) * 2008-10-20 2009-05-20 福建星网锐捷网络有限公司 Method, system and equipment for controlling user upper wire

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050237985A1 (en) * 1999-11-03 2005-10-27 Wayport, Inc. Providing different network access levels in a network communication system
CN101282254A (en) * 2007-04-02 2008-10-08 华为技术有限公司 Method, system and apparatus for managing household network equipment
CN101436934A (en) * 2008-10-20 2009-05-20 福建星网锐捷网络有限公司 Method, system and equipment for controlling user upper wire

Also Published As

Publication number Publication date
TW202103474A (en) 2021-01-16

Similar Documents

Publication Publication Date Title
CN108293045B (en) Single sign-on identity management between local and remote systems
US10136322B2 (en) Anonymous authentication system
TWI530610B (en) Access control system using near field communication
CN106411857B (en) A kind of private clound GIS service access control method based on virtual isolation mech isolation test
US6622220B2 (en) Security-enhanced network attached storage device
EP2807794B1 (en) Network mediated multi-device shared authentication
CN114168529B (en) Archive management system based on cloud archive
US9256723B2 (en) Security key using multi-OTP, security service apparatus, security system
KR102472362B1 (en) Internet Of Things Device Control System and Method Based On Block Chain
US20080051061A1 (en) Authentication system and authentication method for performing authentication of wireless terminal
TW201508497A (en) Storage management system and method
WO2006059639A1 (en) Information sharing system, information sharing method, group management program, and compartment management program
US10341320B2 (en) BYOD credential management
US20190297491A1 (en) Network device selective synchronization
US20140189346A1 (en) License server manager
TW201508537A (en) Storage management system and method
TW201629805A (en) System, method and database proxy server for separating operations of read and write
US10581923B2 (en) System and method for configuration of a connected device connection
CN102984045A (en) Access method of Virtual Private Network and Virtual Private Network client
WO2019215439A1 (en) Methods and apparatus for authenticating devices
CN104144095A (en) Terminal authentication method and interchanger
CN111478894A (en) External user authorization method, device, equipment and readable storage medium
CN105516124A (en) Portal authentication method, portal server and terminal
US20150373027A1 (en) Managing access to a network
TWI714159B (en) User authentication management system and method