TW202029036A - System for using embedded browser module to manage certificate and method thereof - Google Patents

System for using embedded browser module to manage certificate and method thereof Download PDF

Info

Publication number
TW202029036A
TW202029036A TW108101437A TW108101437A TW202029036A TW 202029036 A TW202029036 A TW 202029036A TW 108101437 A TW108101437 A TW 108101437A TW 108101437 A TW108101437 A TW 108101437A TW 202029036 A TW202029036 A TW 202029036A
Authority
TW
Taiwan
Prior art keywords
certificate
smart card
control component
security control
browser module
Prior art date
Application number
TW108101437A
Other languages
Chinese (zh)
Other versions
TWI690820B (en
Inventor
王國河
鄭明昌
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW108101437A priority Critical patent/TWI690820B/en
Application granted granted Critical
Publication of TWI690820B publication Critical patent/TWI690820B/en
Publication of TW202029036A publication Critical patent/TW202029036A/en

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

A system for using an embedded browser module to manage a certificate and a method thereof are provided. By embedding a browser module in an application, calling a safety control component included in the application by the browser module when a certificate management operation is selected, providing inputting a code for a smartcard by the safety control component, and executing the certificate management operation with the smart card by the safety control component after the safety control component determines user identity is verified based on the code, the system and the method can avoid browser restriction while preserving web service for managing certificate, and can achieve the effect of modifying webpage on server to be revised without updating application.

Description

以嵌入式瀏覽器模組管理憑證之系統及方法System and method for managing certificate by embedded browser module

一種憑證管理系統及方法,特別係指一種以嵌入式瀏覽器模組管理憑證之系統及方法。A certificate management system and method, in particular, refers to a system and method for managing certificates with an embedded browser module.

電子憑證,又稱為數位憑證,是一種用於電腦系統的身分識別機制。電子憑證是一個或一組電腦檔案,其中記載了擁有人的身份資料及一組公開密碼。電子憑證的擁有人可向電腦系統認證自己的身分,從而存取或使用某一特定的電腦服務。Electronic certificates, also known as digital certificates, are an identification mechanism used in computer systems. An electronic certificate is a computer file or a set of computer files, which records the owner's identity information and a set of public passwords. The owner of an electronic certificate can authenticate himself to the computer system to access or use a specific computer service.

早期因網路安全性未如現今受到重視,需要透過電子憑證存取或使用的電腦服務大多以網頁附掛安控外掛元件的型態提供,意即使用者在存取或使用這些服務時,是透過瀏覽器來向遠端伺服器進行憑證申請、展期及查詢等相關服務。In the early days, because network security was not as important as it is today, computer services that need to be accessed or used through electronic certificates are mostly provided in the form of webpages with security plug-ins, which means that when users access or use these services, It uses a browser to perform related services such as certificate application, renewal, and query to the remote server.

如今,因近年來網路安全漸受重視,瀏覽器對於運作於其上的網頁及外掛元件之安全性要求及檢核愈益嚴苛,限制大幅增加且支援度下降,造成過去可順利在瀏覽器上執行的憑證新申請、展期、查詢等相關作業因之操作失敗比率大增,反而對使用者造成困擾。Nowadays, due to the increasing importance of network security in recent years, browsers have become more stringent in their security requirements and checks for web pages and plug-in components that operate on them. The restrictions have increased significantly and the support has decreased, resulting in smooth browsers in the past. The operation failure rate of new voucher application, renewal, query and other related operations performed on the Internet has greatly increased, which has caused confusion to users.

綜上所述,可知先前技術中長期以來一直存在透過網頁服務提供憑證管理受到瀏覽器限制的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that in the prior art, the problem of providing credential management through web services is limited by browsers for a long time. Therefore, it is necessary to propose improved technical means to solve this problem.

有鑒於先前技術存在透過網頁服務提供憑證管理受到瀏覽器限制的問題,本發明遂揭露一種以嵌入式瀏覽器模組管理憑證之系統及方法,其中:In view of the problem that the prior art provides certificate management through web services is restricted by browsers, the present invention discloses a system and method for managing certificates using an embedded browser module, in which:

本發明所揭露之以嵌入式瀏覽器模組管理憑證之系統,至少包含:智慧卡以及計算設備,計算設備提供智慧卡連接,用以執行應用程式。應用程式更包含:瀏覽器模組,用以提供選擇憑證管理作業;安控元件,用以提供輸入智慧卡密碼,及用以依據智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業。The system for managing certificates with an embedded browser module disclosed in the present invention at least includes a smart card and a computing device, and the computing device provides a smart card connection for executing application programs. The application also includes: a browser module, used to provide selected certificate management operations; a security control component, used to provide input smart card passwords, and used to determine the user identity based on the smart card password to execute the certificate through the smart card Manage jobs.

本發明所揭露之以嵌入式瀏覽器模組管理憑證之方法,應用於計算設備,其步驟至少包括:計算設備執行包含安控元件及瀏覽器模組之應用程式;連接計算設備及智慧卡;瀏覽器模組於憑證管理作業被選擇時,呼叫安控元件;安控元件提供輸入智慧卡密碼;安控元件依據智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業。The method for managing certificates with an embedded browser module disclosed in the present invention is applied to a computing device, and the steps at least include: the computing device executes an application program including a security control component and a browser module; connecting the computing device and a smart card; The browser module calls the security control component when the certificate management operation is selected; the security control component provides the input of the smart card password; the security control component determines that the user identity is verified according to the smart card password, and then executes the certificate management operation through the smart card.

本發明所揭露之系統與方法如上,與先前技術之間的差異在於本發明透過應用程式嵌入瀏覽器模組,瀏覽器模組在憑證管理作業被選擇時,呼叫應用程式的安控元件,使得安控元件依據被輸入之智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業,藉以解決先前技術所存在的問題,並可以達成在伺服器上修改網頁即可改版無須更新應用程式之技術功效。The system and method disclosed in the present invention are as above. The difference between the present invention and the prior art is that the present invention embeds the browser module through the application program. When the certificate management operation is selected, the browser module calls the security control component of the application program so that The security control component judges that the user's identity is verified based on the entered smart card password, and then executes the certificate management operation through the smart card to solve the problems of the previous technology, and can be achieved by modifying the webpage on the server to modify the version without updating the application The technical effect of the program.

以下將配合圖式及實施例來詳細說明本發明之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本發明解決技術問題所應用的技術手段並據以實施,藉此實現本發明可達成的功效。The following will describe the features and implementation of the present invention in detail with the drawings and embodiments. The content is sufficient to enable anyone familiar with the relevant art to easily and fully understand the technical means used by the present invention to solve the technical problems and implement them accordingly. The achievable effect of the present invention.

本發明可以在應用程式中嵌入瀏覽器模組與安控元件,使得應用程式可以透過瀏覽器模組呼叫安控元件透過智慧卡(Smart Card)進行憑證管理作業。The present invention can embed a browser module and a security control component in an application program, so that the application program can call the security control component through the browser module to perform certificate management operations through a smart card (Smart Card).

以下先以「第1圖」本發明所提之以嵌入式瀏覽器模組管理憑證之系統架構圖來說明本發明系統運作。如「第1圖」所示,本發明之系統含有計算設備100以及智慧卡101。Hereinafter, the system architecture diagram of the embedded browser module management certificate mentioned in the “Figure 1” of the present invention is used to illustrate the operation of the system of the present invention. As shown in "Figure 1", the system of the present invention includes a computing device 100 and a smart card 101.

智慧卡101可以是接觸式晶片卡,也可以是感應式晶片卡,本發明並沒有特別的限制。The smart card 101 may be a contact chip card or an inductive chip card, and the present invention is not particularly limited.

智慧卡101包含傳輸管理元件、處理元件、儲存元件等(圖中均未示),其中,傳輸管理元件可以接收計算設備100所傳送的資料或訊號,也可以傳送資料或訊號至計算設備100,例如接收計算設備100所傳送的作業指令;處理元件可以執行儲存元件中所儲存的晶片作業系統(Chip Operating System, COS),並可以提供晶片作業系統執行傳輸管理元件所接收到的作業指令;儲存元件可以儲存晶片作業系統運行時所需要的資料,並可以提供晶片作業系統在智慧卡101上運行及執行作業指令時所需要的記憶體空間。更詳細的說,晶片作業系統在被執行後,可以依據傳輸管理元件所接收到的作業指令使用處理元件在儲存元件所提供的記憶體空間中執行相對應的作業以產生相對應的作業結果,傳輸管理元件可以將作業系統使用處理元件產生的作業結果傳回計算設備100。The smart card 101 includes transmission management components, processing components, storage components, etc. (not shown in the figure). The transmission management components can receive data or signals transmitted by the computing device 100, and can also transmit data or signals to the computing device 100. For example, receiving operation instructions transmitted by the computing device 100; the processing element can execute the chip operating system (COS) stored in the storage element, and can provide the chip operating system to execute the operation instructions received by the transmission management element; storage; The component can store data required by the chip operating system when it is running, and can provide memory space required by the chip operating system to run on the smart card 101 and execute operation commands. In more detail, after the chip operating system is executed, the processing element can use the processing element to execute the corresponding operation in the memory space provided by the storage element according to the operation instruction received by the transmission management element to generate the corresponding operation result. The transmission management element may transmit the operation result generated by the operating system using the processing element back to the computing device 100.

計算設備100包含但不限於一個或多個處理器、一個或多個記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等元件。透過所包含之多個元件,計算設備100可以載入並執行作業系統,使作業系統在計算設備上運行。The computing device 100 includes, but is not limited to, one or more processors, one or more memory modules, and components such as a bus connecting different components (including memory modules and processors). Through the included multiple components, the computing device 100 can load and execute the operating system, so that the operating system runs on the computing device.

計算設備100的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。The bus of the computing device 100 may include one or more types, for example, including a data bus, an address bus, a control bus, an expansion bus, And/or local bus (local bus) and other types of bus. The bus of computing equipment includes, but is not limited to, parallel industry standard architecture (ISA) bus, peripheral component interconnect (PCI) bus, Video Electronics Standards Association (VESA) local bus, and serial universal serial bus (USB), PCI-E bus, etc.

計算設備100的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。若計算設備100為多處理器設備,也就是計算設備100包含多個處理器,則計算設備100所包含的處理器都相同或類似,且透過匯流排耦接與通訊。The processor of the computing device 100 is coupled to the bus. The processor contains a register group or register space. The register group or register space can be completely set on the processing chip, or all or part of it can be set outside the processing chip and connected via a dedicated electrical connection And/or coupled to the processor via the bus. The processor may be a processing unit, a microprocessor, or any suitable processing element. If the computing device 100 is a multi-processor device, that is, the computing device 100 includes multiple processors, the processors included in the computing device 100 are all the same or similar, and they are coupled and communicated through a bus.

計算設備100的處理器可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。The processor of the computing device 100 may be coupled to the chipset or electrically connected to the chipset through a bus. The chipset is composed of one or more integrated circuits (IC), including a memory controller and a peripheral input/output (I/O) controller, that is to say, the memory controller and the peripheral input/output controller can be included in In an integrated circuit, two or more integrated circuits can also be used. Chipsets usually provide I/O and memory management functions, as well as multiple general and/or dedicated registers, timers, etc., among which the above-mentioned general and/or dedicated registers and timers can be coupled or One or more processors electrically connected to the chipset are accessed or used.

計算設備100的處理器也可以透過記憶體控制器存取安裝於計算設備100上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory, NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟、磁帶機、隨身碟(快閃記憶體)、固態硬碟(Solid State Disk, SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。The processor of the computing device 100 can also access the data in the memory module and the mass storage area installed on the computing device 100 through the memory controller. The above-mentioned memory modules include any type of volatile memory (volatile memory) and/or non-volatile memory (NVRAM), such as static random access memory (SRAM), dynamic random access Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The aforementioned mass storage area can include any type of storage device or storage medium, such as hard disk drives, optical discs, tape drives, flash drives (flash memory), solid state disks (Solid State Disk, SSD), or any Other storage devices, etc. In other words, the memory controller can access data in static random access memory, dynamic random access memory, flash memory, hard disk drives, and solid state drives.

計算設備100的處理器也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、以及GPS接收器等周邊裝置或介面通訊。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、3G/4G/5G等行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路設備、非同步傳輸模式(ATM)設備、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠進行資料的輸入與輸出,也能夠與具有上述描述之元件的另一個計算設備進行通訊。The processor of the computing device 100 can also communicate with peripheral output devices, peripheral input devices, communication interfaces, and GPS receivers and other peripheral devices or interfaces through the peripheral I/O bus through the peripheral I/O controller. The peripheral input device can be any type of input device, such as a keyboard, mouse, trackball, touchpad, joystick, etc., the peripheral output device can be any type of output device, such as a display, a printer, etc., a peripheral input device It can also be the same device as the peripheral output device, such as a touch screen. The communication interface can include a wireless communication interface and/or a wired communication interface. The wireless communication interface can include a mobile communication network that supports Wi-Fi, Zigbee and other wireless local area networks, Bluetooth, infrared, near field communication (NFC), 3G/4G/5G, etc. The wired communication interface can be Ethernet equipment, asynchronous transmission mode (ATM) equipment, DSL modem, cable modem, etc. The processor can periodically poll various peripheral devices and interfaces, so that the computing device can input and output data, and can also communicate with another computing device having the above-described components.

計算設備100提供智慧卡101連接。其中,計算設備100可以包含或連接讀卡機(圖中未示)。若智慧卡101為接觸式晶片卡時,智慧卡101可以插入讀卡機藉以與讀卡機接觸而連接計算設備100;而若智慧卡101為感應式晶片卡時,智慧卡101可以接近讀卡機以與讀卡機發生感應而與計算設備100連接。The computing device 100 provides a smart card 101 connection. Among them, the computing device 100 may include or be connected to a card reader (not shown in the figure). If the smart card 101 is a contact chip card, the smart card 101 can be inserted into a card reader to contact the reader to connect to the computing device 100; if the smart card 101 is a contact chip card, the smart card 101 can be close to the card reader The computer is connected to the computing device 100 by sensing with the card reader.

計算設備100負責透過處理器執行應用程式110。其中,計算設備100的處理器可以運行作業系統(圖中未示),且應用程式110安裝於作業系統中。The computing device 100 is responsible for executing the application program 110 through the processor. The processor of the computing device 100 can run an operating system (not shown in the figure), and the application 110 is installed in the operating system.

應用程式110負責透過智慧卡101執行憑證管理作業。其中,應用程式110更包含瀏覽器模組111以及安控元件112。The application program 110 is responsible for performing certificate management operations through the smart card 101. Among them, the application program 110 further includes a browser module 111 and a security control component 112.

瀏覽器模組111與伺服器400連接,負責由伺服器400下載使用者操作介面。The browser module 111 is connected to the server 400 and is responsible for downloading the user operation interface from the server 400.

瀏覽器模組111也負責提供在所下載的使用者操作介面中選擇進行憑證管理作業、密碼變更作業、或線上解卡作業等執行作業。其中,憑證管理作業可以是憑證更新作業、憑證管理作業、憑證下載作業、憑證儲存作業、憑證匯出作業、或憑證匯入作業等,但本發明並不以上述為限。The browser module 111 is also responsible for performing operations such as selection of credential management operations, password change operations, or online card unlocking operations in the downloaded user operation interface. Wherein, the certificate management operation may be a certificate update operation, a certificate management operation, a certificate download operation, a certificate storage operation, a certificate export operation, or a certificate import operation, etc., but the present invention is not limited to the above.

在部分的實施例中,瀏覽器模組111也可以在提供於使用者操作介面中選擇憑證管理作業時一併選擇安裝於計算設備100中的瀏覽器,藉以提供安控元件112在進行憑證管理作業(如憑證匯出作業或憑證匯入作業等)時使用,但本發明並不以此為限。In some embodiments, the browser module 111 may also select the browser installed in the computing device 100 when selecting the certificate management operation in the user operation interface, so as to provide the security control component 112 for certificate management. It is used during operations (such as certificate export operations or certificate import operations, etc.), but the present invention is not limited to this.

瀏覽器模組111可以在憑證管理作業被選擇時,呼叫安控元件112。The browser module 111 can call the security control component 112 when the credential management operation is selected.

瀏覽器模組111也可以在密碼變更作業被選擇時,顯示輸入原密碼與新密碼的輸入介面,藉以提供輸入原密碼以及新密碼,並可以呼叫安控元件112。The browser module 111 may also display an input interface for inputting the original password and the new password when the password change operation is selected, so as to provide for inputting the original password and the new password, and can call the security control component 112.

瀏覽器模組111也可以在線上解卡作業被選擇時,提供輸入登入伺服器400的網站密碼,並傳送網站密碼至伺服器400驗證,以及接收伺服器400所傳回的驗證結果,並可以在所接收到的驗證結果表示網站密碼通過伺服器的驗證後,提供輸入新密碼,及呼叫安控元件112。The browser module 111 can also provide the website password to log in to the server 400 when the online card unlocking operation is selected, and send the website password to the server 400 for verification, and receive the verification result returned by the server 400, and can After the received verification result indicates that the website password has been verified by the server, a new password is provided and the security control component 112 is called.

安控元件112負責在瀏覽器模組111選擇憑證管理作業時,提供輸入智慧卡密碼以驗證使用者身分,及用以判斷使用者身分通過驗證後,透過智慧卡101執行被選擇的憑證管理作業。The security control component 112 is responsible for providing the smart card password to verify the user's identity when the browser module 111 selects the certificate management operation, and is used to determine that the user's identity is verified, and then execute the selected certificate management operation through the smart card 101 .

更詳細的,當瀏覽器模組111選擇的憑證管理作業為憑證更新作業或憑證管理作業時,安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機(圖中未示)將所下載的目標憑證傳送給智慧卡101儲存;當憑證管理作業為憑證下載作業時,安控元件112可以判斷欲下載之目標憑證是否在計算設備100上申請,若目標憑證是在計算設備100上申請,則安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機將目標憑證傳送給智慧卡101儲存;當憑證管理作業為憑證儲存或憑證匯出作業時,安控元件112可以透過計算設備100的讀卡機由智慧卡101讀取目標憑證,並可以將所讀出的目標憑證儲存為憑證檔案或將所讀出的目標憑證匯入指定瀏覽器;當憑證管理作業為憑證匯入作業時,安控元件112可以由特定瀏覽器中讀取出目標憑證,並可以透過計算設備100的讀卡機將所讀出的目標憑證傳送給智慧卡101儲存。一般而言,上述之指定瀏覽器與特定瀏覽器是瀏覽器模組111在提供使用者選擇憑證管理作業時一併選擇,但本發明並不以此為限。In more detail, when the certificate management operation selected by the browser module 111 is a certificate update operation or a certificate management operation, the security control component 112 can download the target certificate from the server 400, and can use the card reader of the computing device 100 (Figure Not shown in) the downloaded target certificate is sent to the smart card 101 for storage; when the certificate management operation is a certificate download operation, the security control component 112 can determine whether the target certificate to be downloaded is applied for on the computing device 100, if the target certificate is Apply on the computing device 100, the security control component 112 can download the target certificate from the server 400, and can send the target certificate to the smart card 101 for storage through the card reader of the computing device 100; when the certificate management operation is certificate storage or certificate During the export operation, the security control component 112 can read the target certificate from the smart card 101 through the card reader of the computing device 100, and can save the read target certificate as a certificate file or import the read target certificate Specify a browser; when the certificate management operation is a certificate import operation, the security control component 112 can read the target certificate from a specific browser, and can send the read target certificate to the card reader of the computing device 100 Smart card 101 storage. Generally speaking, the above-mentioned designated browser and the designated browser are selected by the browser module 111 when the user selects the certificate management operation, but the invention is not limited to this.

安控元件112也可以在瀏覽器模組111選擇密碼變更作業時,透過計算設備100的讀卡機將瀏覽器模組111提供輸入的原密碼傳送給智慧卡101,並接收智慧卡101判斷瀏覽器模組111提供輸入的原密碼是否正確的判斷結果,以及在智慧卡101所傳回的判斷結果表示原密碼正確時,透過讀卡機將瀏覽器模組111提供輸入的新密碼傳送給智慧卡101,使得智慧卡101以新密碼取代原密碼。The security control component 112 can also send the original password input provided by the browser module 111 to the smart card 101 through the card reader of the computing device 100 when the browser module 111 selects the password change operation, and receive the smart card 101 to judge the browsing The browser module 111 provides the judgment result of whether the input original password is correct, and when the judgment result returned by the smart card 101 indicates that the original password is correct, the new password provided by the browser module 111 is sent to the smart card through the card reader. The card 101 enables the smart card 101 to replace the original password with a new password.

安控元件112也可以在瀏覽器模組111選擇線上解卡作業時,透過計算設備100的讀卡機由智慧卡101讀取目標憑證,並依據所取得之目標憑證由伺服器400取得與目標憑證相對應的通訊資料後,產生認證碼並使用通訊資料發送所產生的認證碼。其中,通訊資料可以是電子郵件帳號,也可以是手機號碼,本發明並不此為限,凡可以確實將認證碼提供給目標憑證之使用者的資料都可以作為本發明之通訊資料。The security control component 112 can also use the card reader of the computing device 100 to read the target certificate from the smart card 101 when the browser module 111 selects the online card unlocking operation, and obtain the target certificate from the server 400 according to the obtained target certificate. After the communication data corresponding to the certificate, generate the authentication code and use the communication data to send the generated authentication code. The communication data can be an email account or a mobile phone number. The present invention is not limited to this. Any data that can provide the authentication code to the user of the target certificate can be used as the communication data of the present invention.

安控元件112還可以判斷瀏覽器模組111提供輸入的認證碼是否正確,並可以在判斷瀏覽器模組111提供輸入的認證碼正確後,透過計算設備100的讀卡機將瀏覽器模組111提供輸入的新密碼傳送至智慧卡101,使得智慧卡101以新密碼取代原密碼。The security control component 112 can also determine whether the entered authentication code provided by the browser module 111 is correct, and after judging that the entered authentication code provided by the browser module 111 is correct, the browser module can be read through the card reader of the computing device 100 The new password provided by 111 is sent to the smart card 101 so that the smart card 101 replaces the original password with the new password.

接著以一個實施例來解說本發明的運作系統與方法,並請參照「第2圖」本發明所提之以嵌入式瀏覽器模組管理憑證之方法流程圖。在本實施例中,假設計算設備100為電腦,應用程式110為憑證管理程式,但本發明並不以此為限。Next, an embodiment is used to explain the operating system and method of the present invention, and please refer to "Figure 2" for the flow chart of the method for managing certificates with the embedded browser module mentioned in the present invention. In this embodiment, it is assumed that the computing device 100 is a computer and the application program 110 is a certificate management program, but the invention is not limited to this.

首先,使用者需要在計算設備100上安裝並執行應用程式110(步驟202),應用程式110在被執行後,應用程式110的瀏覽器模組111可以透過HTTP協定連線到伺服器400下載包含使用者操作介面的網頁,並顯示所下載的網頁以提供使用者進行操作。First, the user needs to install and execute the application program 110 on the computing device 100 (step 202). After the application program 110 is executed, the browser module 111 of the application program 110 can connect to the server 400 through the HTTP protocol. The user operates the web page of the interface, and displays the downloaded web page to provide the user for operation.

若智慧卡101為接觸式晶片卡,則使用者也需要連接計算設備100與智慧卡101(步驟210),但使用者連接計算設備100與智慧卡101的時機並沒有特別的限制,例如,使用者可以在操作計算設備100執行應用程式110(步驟202)前,連接計算設備100與智慧卡101(步驟210);使用者也可以應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,連接計算設備100與智慧卡101(步驟210)。也就是說,計算設備100執行應用程式110(步驟202)與連接計算設備100與智慧卡101(步驟210)並沒有先後次序的關係。另外,要特別說明的是,若智慧卡101為感應式晶片卡,則使用者此時可以不連接計算設備100與智慧卡101,也就是此時尚不需要將智慧卡101靠近計算設備100。If the smart card 101 is a contact chip card, the user also needs to connect the computing device 100 and the smart card 101 (step 210), but the timing of the user connecting the computing device 100 and the smart card 101 is not particularly limited. For example, use The user can connect the computing device 100 and the smart card 101 (step 210) before operating the computing device 100 to execute the application 110 (step 202); the user can also display the browser module 111 of the application 110 connected to the server 400 After the downloaded web page, connect the computing device 100 and the smart card 101 (step 210). In other words, the computing device 100 executes the application program 110 (step 202) and connects the computing device 100 with the smart card 101 (step 210), there is no prioritized relationship. In addition, it should be particularly noted that if the smart card 101 is an inductive chip card, the user may not connect the computing device 100 and the smart card 101 at this time, that is, the smart card 101 does not need to be close to the computing device 100 at this time.

在應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,瀏覽器模組111可以提供使用者選擇欲進行的作業,也就是提供使用者選擇一種憑證管理作業、密碼變更作業、或線上解卡作業。After the browser module 111 of the application 110 displays the webpage downloaded by the server 400, the browser module 111 can provide the user to choose the operation to be performed, that is, to provide the user to choose a certificate management operation and password Change operation or online card release operation.

若使用者選擇憑證更新作業、憑證管理作業、憑證下載作業、憑證儲存作業、憑證匯出作業、或憑證匯入作業等憑證管理作業,則應用程式110的瀏覽器模組111可以在憑證管理作業被使用者選擇時,呼叫應用程式110的安控元件112(步驟220)。If the user selects certificate management operations such as certificate update operation, certificate management operation, certificate download operation, certificate storage operation, certificate export operation, or certificate import operation, the browser module 111 of the application 110 can perform the certificate management operation When selected by the user, the security control component 112 of the application 110 is called (step 220).

在應用程式110的安控元件112被應用程式110的瀏覽器模組111呼叫後,安控元件112可以提供使用者輸入智慧卡密碼(步驟230)。在本實施例中,安控元件112可以產生並顯示對話方塊,並提示使用者在對話方塊中輸入智慧卡密碼。After the security control component 112 of the application program 110 is called by the browser module 111 of the application program 110, the security control component 112 can provide the user to input the smart card password (step 230). In this embodiment, the security control component 112 can generate and display a dialog box, and prompt the user to enter the smart card password in the dialog box.

在應用程式110的安控元件112取得使用者輸入的智慧卡密碼後,安控元件112可以依據使用者輸入的智慧卡密碼判斷使用者身分是否通過驗證(步驟240)。在本實施例中,安控元件112可以透過計算設備100的讀卡機將智慧卡密碼傳送給智慧卡101,智慧卡101可以判斷安控元件112所傳來的智慧卡密碼是否正確,若否,則智慧卡101可以產生表示使用者身分沒有通過驗證的驗證結果,而若智慧卡101判斷安控元件112所傳來的智慧卡密碼正確,則智慧卡101可以產生使用者身分通過驗證的驗證結果。智慧卡101在產生驗證結果後,可以將所產生的驗證結果傳回計算設備100,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所產生的驗證結果,並可以依據所接收到的驗證結果判斷使用者身分是否通過驗證。After the security control component 112 of the application program 110 obtains the smart card password input by the user, the security control component 112 can determine whether the user identity is verified according to the smart card password input by the user (step 240). In this embodiment, the security control component 112 can transmit the smart card password to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can determine whether the smart card password sent by the security control component 112 is correct, if not , The smart card 101 can generate a verification result indicating that the user's identity has not been verified. If the smart card 101 determines that the smart card password sent by the security control component 112 is correct, the smart card 101 can generate a verification that the user's identity is verified result. After the smart card 101 generates a verification result, it can transmit the generated verification result back to the computing device 100. The security control component 112 can receive the verification result generated by the smart card 101 through the card reader of the computing device 100, and can be based on the received verification result. The obtained verification result determines whether the user's identity is verified.

若應用程式110的安控元件112判斷使用者身分沒有通過驗證,則安控元件112可以再次提供輸入智慧卡密碼(步驟230)或結束執行以拒絕進行憑證管理作業;而若應用程式110的安控元件112判斷使用者身分通過驗證,則安控元件112可以透過智慧卡101執行憑證管理作業(步驟250)。在本實施例中,當使用者透過應用程式110的瀏覽器模組111選擇的憑證管理作業為憑證更新作業或憑證管理作業時,安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機將儲存憑證的作業指令以及所下載的目標憑證傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及目標憑證,並可以依據所接收到的作業指令儲存所接收到的目標憑證;當使用者選擇的憑證管理作業為憑證下載作業時,安控元件112可以判斷使用者欲下載至智慧卡101之目標憑證是否是在計算設備100上所申請,若目標憑證不是在計算設備100上申請,則安控元件112將可以不執行憑證下載作業,也就是不傳送目標憑證給智慧卡101,而若目標憑證是在計算設備100上申請,則安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機將儲存憑證的作業指令以及所下載的目標憑證傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及目標憑證,並可以依據所接收到的作業指令儲存所接收到的目標憑證;當使用者所選擇的憑證管理作業為憑證儲存作業時,安控元件112可以產生讀取憑證的作業指令,並透過計算設備100的讀卡機將所產生的作業指令傳送給智慧卡101,智慧卡101在接收到作業指令後,可以依據所接收到的作業指令讀取目標憑證,並可以將所讀出的目標憑證傳回計算設備100,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所傳回的目標憑證,並可以提供使用者選擇目標憑證的儲存路徑以及輸入目標憑證的儲存檔名,以及可以將所接收到之目標憑證的格式轉換為憑證檔案後,以使用者所輸入的儲存檔名儲存在使用者所選擇的儲存路徑中;當使用者所選擇的憑證管理作業為憑證匯出作業時,安控元件112可以產生讀取憑證的作業指令,並透過計算設備100的讀卡機將所產生的作業指令傳送給智慧卡101,智慧卡101在接收到作業指令後,可以依據所接收到的作業指令讀取目標憑證,並可以將所讀出的目標憑證傳回計算設備100,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所傳回的目標憑證,並可以提供使用者選擇安裝於計算設備100中的一個瀏覽器作為指定瀏覽器,以及可以將所接收到之目標憑證匯入指定瀏覽器中;當使用者所選擇的憑證管理作業為憑證匯入作業時,安控元件112可以提供使用者選擇安裝於計算設備100中的一個特定瀏覽器以及目標憑證,並可以由使用者所選擇的特定瀏覽器中讀取出目標憑證,以及可以透過計算設備100的讀卡機將儲存憑證的作業指令以及所下載的目標憑證傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及目標憑證,並可以依據所接收到的作業指令儲存所接收到的目標憑證。If the security control component 112 of the application 110 determines that the user's identity is not verified, the security control component 112 can provide the smart card password again (step 230) or terminate execution to refuse the certificate management operation; and if the application 110 is secured The control component 112 determines that the user's identity is verified, and the security control component 112 can perform a certificate management operation through the smart card 101 (step 250). In this embodiment, when the certificate management operation selected by the user through the browser module 111 of the application 110 is a certificate update operation or a certificate management operation, the security control component 112 can download the target certificate from the server 400, and can use The card reader of the computing device 100 transmits the operation command for storing the certificate and the downloaded target certificate to the smart card 101. The smart card 101 can receive the operation command and the target certificate transmitted by the computing device 100, and can be based on the received operation Command to store the received target certificate; when the certificate management operation selected by the user is a certificate download operation, the security control component 112 can determine whether the target certificate that the user wants to download to the smart card 101 is applied for on the computing device 100, If the target certificate is not applied for on the computing device 100, the security control component 112 may not perform the certificate download operation, that is, not transmit the target certificate to the smart card 101, and if the target certificate is applied for on the computing device 100, the security control The component 112 can download the target certificate from the server 400, and can send the operation instruction for storing the certificate and the downloaded target certificate to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the information sent by the computing device 100 The operation command and the target certificate, and the received target certificate can be stored according to the received operation command; when the certificate management operation selected by the user is a certificate storage operation, the security control component 112 can generate an operation command to read the certificate , And send the generated operation instruction to the smart card 101 through the card reader of the computing device 100. After receiving the operation instruction, the smart card 101 can read the target certificate according to the received operation instruction, and can read The target certificate sent out is returned to the computing device 100, and the security control component 112 can receive the target certificate returned by the smart card 101 through the card reader of the computing device 100, and can provide the user with options for storing the target certificate and inputting the target certificate. Save the file name, and can convert the format of the received target certificate into a certificate file, and store it in the storage path selected by the user with the file name entered by the user; when the user selects the certificate management operation When exporting the certificate, the security control component 112 can generate an operation command to read the certificate, and transmit the generated operation command to the smart card 101 through the card reader of the computing device 100. The smart card 101 receives the operation command , The target certificate can be read according to the received operation command, and the read target certificate can be transmitted back to the computing device 100, and the security control component 112 can receive the return from the smart card 101 through the card reader of the computing device 100 The target certificate can be provided for the user to select a browser installed in the computing device 100 as the designated browser, and the received target certificate can be imported into the designated browser; when the user selects the certificate management operation During the certificate import operation, the security control component 112 can provide the user with a special feature to be installed in the computing device 100. The browser and target certificate can be determined, and the target certificate can be read from the specific browser selected by the user, and the operation command for storing the certificate and the downloaded target certificate can be sent to the wisdom through the card reader of the computing device 100 The card 101 and the smart card 101 can receive the operation command and the target certificate sent by the computing device 100, and can store the received target certificate according to the received operation command.

如此,透過本發明,便可以避免瀏覽器對安控元件的限制,同時也可以維持在不改變使用網頁提供憑證作業的情況下隨時更新應用程式110所能提供的憑證作業功能,也就是只要更新伺服器400之網頁即可以更新應用程式110,而不需要由使用者更新應用程式110。In this way, through the present invention, it is possible to avoid browser restrictions on security control components, and at the same time, it is possible to update the certificate operation function provided by the application 110 at any time without changing the operation of using the webpage to provide the certificate, that is, only update The webpage of the server 400 can update the application 110 without requiring the user to update the application 110.

上述的實施例中,在計算設備100執行應用程式110(步驟202),且應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,若使用者透過瀏覽器模組111選擇密碼變更作業,則瀏覽器模組111可以至伺服器400下載密碼變更介面,並顯示所下載的密碼變更介面以提供使用者輸入原密碼與新密碼,瀏覽器模組111也可以在使用者完成原密碼與新密碼的輸入後呼叫應用程式110的安控元件112,安控元件112被瀏覽器模組111呼叫後,可以透過智慧卡101判斷使用者所輸入的原密碼是否正確,也就是透過計算設備100的讀卡機將使用者所輸入的原密碼以及檢核密碼的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及原密碼,並可以依據所接收到的作業指令判斷所接收到的原密碼是否正確,以及可以產生判斷結果並將所產生的判斷結果傳回計算設備100。In the above-mentioned embodiment, after the computing device 100 executes the application program 110 (step 202), and the browser module 111 of the application program 110 displays the webpage downloaded by the server 400, if the user passes through the browser module 111 If you select the password change operation, the browser module 111 can download the password change interface to the server 400 and display the downloaded password change interface to provide the user with the original password and the new password. The browser module 111 can also be used After the user completes the input of the original password and the new password, it calls the security control component 112 of the application 110. After the security control component 112 is called by the browser module 111, the smart card 101 can determine whether the original password entered by the user is correct. That is, through the card reader of the computing device 100, the original password entered by the user and the operation command for checking the password are sent to the smart card 101. The smart card 101 can receive the operation command and the original password sent by the computing device 100, and can follow The received operation instruction determines whether the received original password is correct, and can generate a determination result and transmit the generated determination result back to the computing device 100.

應用程式110的安控元件112可以在智慧卡101判斷原密碼正確時,將使用者所輸入的新密碼儲存至智慧卡101中。在本實施例中,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所傳回的判斷結果,若判斷結果表示原密碼錯誤,則安控元件112可以停止繼續執行密碼變更作業,而若判斷結果表示原密碼正確,則安控元件112可以透過計算設備100的讀卡機將新密碼以及變更密碼的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及新密碼,並可以依據所接收到的作業指令將原密碼更新為新密碼。The security control component 112 of the application program 110 can store the new password entered by the user in the smart card 101 when the smart card 101 determines that the original password is correct. In this embodiment, the security control component 112 can receive the judgment result returned by the smart card 101 through the card reader of the computing device 100. If the judgment result indicates that the original password is incorrect, the security control component 112 can stop continuing to perform the password change operation , And if the judgment result indicates that the original password is correct, the security control component 112 can send the new password and the operation instructions for changing the password to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the instructions sent by the computing device 100 Operation instructions and new passwords, and can update the original password to the new password according to the received operation instructions.

另外,在計算設備100執行應用程式110(步驟202),且應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,若使用者透過瀏覽器模組111選擇線上解卡作業,則瀏覽器模組111可以呼叫應用程式110的安控元件112。安控元件112被瀏覽器模組111呼叫後,可以由智慧卡101讀取目標憑證,並依據所讀出之目標憑證由伺服器400取得電子郵件帳號,以及可以產生並發送認證碼至電子郵件帳號。In addition, after the computing device 100 executes the application 110 (step 202), and the browser module 111 of the application 110 displays the webpage downloaded by the server 400, if the user selects the online solution through the browser module 111 Card operation, the browser module 111 can call the security control component 112 of the application 110. After the security control component 112 is called by the browser module 111, the target certificate can be read by the smart card 101, and an email account can be obtained from the server 400 according to the read target certificate, and an authentication code can be generated and sent to the email account number.

應用程式110的瀏覽器模組111在呼叫應用程式110的安控元件112後,可以由伺服器400下載認證碼輸入介面,並顯示所下載的認證碼輸入介面以提供使用者輸入認證碼。在使用者完成認證碼的輸入後,安控元件112可以判斷使用者所輸入的認證碼是否正確,並可以在判斷使用者所輸入的認證碼正確時,透過瀏覽器模組111所下載的密碼更新介面提供使用者輸入新密碼,並儲存新密碼至智慧卡101中。在本實施例中,安控元件112可以透過計算設備100的讀卡機將新密碼以及卡片解卡的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及新密碼,並可以依據所接收到的作業指令將原密碼更新為新密碼,並解除智慧卡101的鎖定狀態。After the browser module 111 of the application program 110 calls the security control component 112 of the application program 110, the server 400 can download the authentication code input interface and display the downloaded authentication code input interface to provide the user to input the authentication code. After the user completes the input of the authentication code, the security control component 112 can determine whether the authentication code entered by the user is correct, and can use the password downloaded by the browser module 111 when judging that the authentication code entered by the user is correct The update interface allows the user to enter a new password and store the new password in the smart card 101. In this embodiment, the security control component 112 can transmit the new password and the card unlocking operation instruction to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the operation instruction and the new operation instruction transmitted by the computing device 100. Password, and can update the original password to a new password according to the received operation instruction, and unlock the smart card 101.

此外,瀏覽器模組111也可以在線上解卡作業被使用者選擇時,至伺服器400下載密碼輸入介面,並顯示所下載的密碼輸入介面以提供使用者輸入登入伺服器400的網站密碼。瀏覽器模組111也可以在使用者完成網站密碼的輸入後,傳送使用者輸入的網站密碼至伺服器400驗證,並接收伺服器400所傳回的驗證結果。當瀏覽器模組111所接收到的驗證結果表示網站密碼沒有通過伺服器400的驗證時,瀏覽器模組111可以再次顯示密碼輸入介面以提供使用者再次輸入登入伺服器400的網站密碼;而當瀏覽器模組111所接收到的驗證結果表示網站密碼通過伺服器400的驗證時,瀏覽器模組111可以至伺服器400下載密碼更新介面,並顯示所下載的密碼更新介面以提供使用者輸入新密碼。瀏覽器模組111也可以在驗證結果表示網站密碼通過伺服器400的驗證時,呼叫安控元件112,安控元件112在被瀏覽器模組111呼叫後,可以取得使用者透過瀏覽器模組111所輸入的新密碼,並可以透過計算設備100的讀卡機將新密碼以及卡片解卡的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及新密碼,並可以依據所接收到的作業指令儲存新密碼,藉以將原密碼更新為新密碼,並解除智慧卡101的鎖定狀態。In addition, the browser module 111 can also download the password input interface to the server 400 when the online card unlocking operation is selected by the user, and display the downloaded password input interface to provide the user with a website password to log in to the server 400. The browser module 111 may also send the website password entered by the user to the server 400 for verification after the user completes the input of the website password, and receive the verification result returned by the server 400. When the verification result received by the browser module 111 indicates that the website password has not been verified by the server 400, the browser module 111 may display the password input interface again to provide the user to re-enter the website password to log in to the server 400; and When the verification result received by the browser module 111 indicates that the website password is verified by the server 400, the browser module 111 can download the password update interface to the server 400 and display the downloaded password update interface to provide the user with Enter a new password. The browser module 111 can also call the security control component 112 when the verification result indicates that the website password is verified by the server 400. After the security control component 112 is called by the browser module 111, it can obtain the user through the browser module. 111, the new password and the card unlocking operation instruction can be sent to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the operation instruction and the new password sent by the computing device 100. And the new password can be stored according to the received operation instruction, so as to update the original password to the new password, and unlock the smart card 101.

綜上所述,可知本發明與先前技術之間的差異在於具有透過應用程式嵌入瀏覽器模組,瀏覽器模組在憑證管理作業被選擇時,呼叫應用程式的安控元件,使得安控元件依據被輸入之智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業之技術手段,藉由此一技術手段可以解決先前技術所存在透過網頁服務提供憑證管理受到瀏覽器限制的問題,進而達成在伺服器上修改網頁即可改版無須更新應用程式之技術功效。To sum up, it can be seen that the difference between the present invention and the prior art is that the browser module is embedded through the application program. When the certificate management operation is selected, the browser module calls the security control component of the application program, so that the security control component According to the entered smart card password, it is determined that the user’s identity is verified, and then the smart card is used to perform the technical means of certificate management. This technical means can solve the problem that the prior art provides certificate management through web services is restricted by the browser , And then achieve the technical effect of modifying the webpage on the server without updating the application.

再者,本發明之以嵌入式瀏覽器模組管理憑證之方法,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the method of managing certificates with embedded browser modules of the present invention can be implemented in hardware, software, or a combination of hardware and software, and can also be implemented in a centralized manner in a computer system or distributed in different components. Several interconnected computer systems are implemented in a decentralized manner.

雖然本發明所揭露之實施方式如上,惟所述之內容並非用以直接限定本發明之專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露之精神和範圍的前提下,對本發明之實施的形式上及細節上作些許之更動潤飾,均屬於本發明之專利保護範圍。本發明之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments of the present invention are disclosed as above, the content described is not intended to directly limit the scope of patent protection of the present invention. Anyone with ordinary knowledge in the technical field to which the present invention belongs, without departing from the spirit and scope of the present invention, makes some modifications in the form and details of the implementation of the present invention, all belong to the patent protection of the present invention range. The scope of patent protection of the present invention shall still be determined by the scope of the attached patent application.

100:計算設備101:智慧卡110:應用程式111:瀏覽器模組112:安控元件400:伺服器步驟202:計算設備執行應用程式,應用程式包含安控元件及瀏覽器模組步驟210:連接計算設備及智慧卡步驟220:瀏覽器模組於憑證管理作業被選擇時呼叫安控元件步驟230:安控元件提供輸入智慧卡密碼步驟240:安控元件依據智慧卡密碼判斷使用者身分是否通過驗證步驟250:安控元件透過智慧卡執行憑證管理作業100: Computing device 101: Smart card 110: Application program 111: Browser module 112: Security control component 400: Server Step 202: Computing device executes the application program, the application program includes security control component and browser module Step 210: Connect the computing device and the smart card Step 220: The browser module calls the security control component when the certificate management operation is selected. Step 230: The security control component provides the input of the smart card password. Step 240: The security control component determines whether the user is based on the smart card password. Pass verification step 250: The security control component performs certificate management operations through the smart card

第1圖為本發明所提之以嵌入式瀏覽器模組管理憑證之系統架構圖。 第2圖為本發明所提之以嵌入式瀏覽器模組管理憑證之方法流程圖。Figure 1 is a system architecture diagram of the embedded browser module management certificate according to the present invention. Figure 2 is a flow chart of the method for managing credentials with an embedded browser module according to the present invention.

步驟202:計算設備執行應用程式,應用程式包含安控元件及瀏覽器模組 Step 202: The computing device executes the application, and the application includes security components and browser modules

步驟210:連接計算設備及智慧卡 Step 210: Connect the computing device and smart card

步驟220:瀏覽器模組於憑證管理作業被選擇時呼叫安控元件 Step 220: The browser module calls the security control component when the certificate management operation is selected

步驟230:安控元件提供輸入智慧卡密碼 Step 230: The security component provides the smart card password

步驟240:安控元件依據智慧卡密碼判斷使用者身分是否通過驗證 Step 240: The security control component determines whether the user's identity is verified according to the smart card password

步驟250:安控元件透過智慧卡執行憑證管理作業 Step 250: The security control component performs certificate management operations through the smart card

Claims (10)

一種以嵌入式瀏覽器模組管理憑證之方法,應用於一計算設備,該方法至少包含下列步驟: 該計算設備執行一應用程式,該應用程式包含一安控元件及一瀏覽器模組; 連接該計算設備及一智慧卡; 該瀏覽器模組於一憑證管理作業被選擇時,呼叫該安控元件; 該安控元件提供輸入一智慧卡密碼;及 該安控元件依據該智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行該憑證管理作業。A method for managing certificates with an embedded browser module is applied to a computing device. The method includes at least the following steps: the computing device executes an application program, the application program includes a security control component and a browser module; connection The computing device and a smart card; the browser module calls the security control component when a credential management task is selected; the security control component provides input of a smart card password; and the security control component judges based on the smart card password After the user's identity is verified, the certificate management operation is performed through the smart card. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之方法,其中該安控元件透過該智慧卡執行該憑證管理作業方法之步驟為該安控元件於該憑證管理作業為憑證更新作業或憑證管理作業時,由一伺服器下載一目標憑證並安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證下載作業時,判斷該目標憑證是否在該計算設備上申請,並於該目標憑證在該計算設備上申請時安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證儲存或憑證匯出作業時,由該智慧卡讀取該目標憑證並將該目標憑證儲存為憑證檔案或將該目標憑證匯入指定瀏覽器;該安控元件於該憑證管理作業為憑證匯入作業時,由一特定瀏覽器讀取該目標憑證並安裝該目標憑證至該智慧卡之步驟。As described in item 1 of the scope of patent application, the method for managing certificates with an embedded browser module, wherein the security control component executes the certificate management operation method through the smart card as follows: During a certificate update operation or certificate management operation, a server downloads a target certificate and installs the target certificate to the smart card; when the certificate management operation is a certificate download operation, the security control component determines whether the target certificate is in the calculation Apply on the device, and install the target certificate to the smart card when the target certificate is applied on the computing device; the security control component is read by the smart card when the certificate management operation is certificate storage or certificate export operation The target certificate and save the target certificate as a certificate file or import the target certificate into a designated browser; when the certificate management operation is a certificate import operation, the security control component reads the target certificate by a specific browser and Steps of installing the target certificate to the smart card. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之方法,其中該方法於該計算設備執行該應用程式之步驟後,更包含該瀏覽器模組於密碼變更作業被選擇時,提供輸入一原密碼與一新密碼,並呼叫該安控元件,該安控元件透過該智慧卡判斷該原密碼正確後,儲存該新密碼至該智慧卡中之步驟。As described in the first item of the scope of patent application, the method for managing certificates with an embedded browser module, wherein the method further includes that the browser module is selected in the password change operation after the computing device executes the steps of the application program At the time, input an original password and a new password, and call the security control component. After the security control component judges that the original password is correct through the smart card, the step of storing the new password in the smart card is provided. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之方法,其中該方法於該計算設備執行該應用程式之步驟後,更包含該瀏覽器模組於線上解卡作業被選擇時呼叫該安控元件,該安控元件由該智慧卡讀取該目標憑證,並依據該目標憑證由該伺服器取得一通訊資料後,使用該通訊資料發送一認證碼,並透過該瀏覽器模組提供輸入該認證碼,及判斷該認證碼正確後,透過該瀏覽器模組提供輸入一新密碼,並儲存該新密碼至該智慧卡中之步驟。As described in item 1 of the scope of patent application, the method for managing certificates with an embedded browser module, wherein the method further includes that the browser module is unlocked online after the steps of the application program are executed by the computing device When selecting, call the security control component, the security control component reads the target certificate by the smart card, and obtains a communication data from the server according to the target certificate, uses the communication data to send an authentication code, and browses through The browser module provides the steps to input the authentication code, and after judging that the authentication code is correct, provide the steps of inputting a new password through the browser module, and storing the new password in the smart card. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之方法,其中該方法於該計算設備執行該應用程式之步驟後,更包含該瀏覽器模組於線上解卡作業被選擇時,提供輸入一網站密碼,並傳送該網站密碼至該伺服器驗證,當該網站密碼通過驗證伺服器後,該瀏覽器模組提供輸入一新密碼,並呼叫該安控元件,該安控元件儲存該新密碼至該智慧卡中之步驟。As described in item 1 of the scope of patent application, the method for managing certificates with an embedded browser module, wherein the method further includes that the browser module is unlocked online after the steps of the application program are executed by the computing device When selecting, provide to enter a website password and send the website password to the server for verification. When the website password passes the verification server, the browser module provides to enter a new password and calls the security control component. The step of storing the new password into the smart card by the control component. 一種以嵌入式瀏覽器模組管理憑證之系統,該系統至少包含: 一智慧卡;及 一計算設備,提供該智慧卡連接,用以執行一應用程式,該應用程式更包含: 一瀏覽器模組,用以提供選擇一憑證管理作業;及 一安控元件,用以提供輸入一智慧卡密碼,及用以依據該智慧卡密碼判斷使用者身分通過驗證後,透過該智慧卡執行該憑證管理作業。A system for managing certificates using an embedded browser module. The system at least includes: a smart card; and a computing device that provides the smart card connection for executing an application program, the application program further comprising: a browser module Group for selecting a certificate management operation; and a security control component for inputting a smart card password, and for judging the user identity based on the smart card password to perform the certificate management through the smart card operation. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該安控元件於該憑證管理作業為憑證更新作業或憑證管理作業時,由一伺服器下載一目標憑證並安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證下載作業時,判斷該目標憑證是否在該計算設備上申請,並於該目標憑證在該計算設備上申請時安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證儲存或憑證匯出作業時,由該智慧卡讀取該目標憑證並將該目標憑證儲存為憑證檔案或將該目標憑證匯入指定瀏覽器;該安控元件於該憑證管理作業為憑證匯入作業時,由一特定瀏覽器讀取該目標憑證並安裝該目標憑證至該智慧卡。For example, the embedded browser module management certificate system described in item 6 of the scope of patent application, wherein the security control component downloads a target certificate from a server when the certificate management operation is a certificate update operation or a certificate management operation And install the target certificate to the smart card; when the certificate management operation is a certificate download operation, the security control component determines whether the target certificate is applied for on the computing device, and installs when the target certificate is applied for on the computing device The target certificate to the smart card; when the security control component is the certificate storage or certificate export operation, the smart card reads the target certificate and saves the target certificate as a certificate file or the target certificate Import a designated browser; when the security control component is a certificate import operation, a specific browser reads the target certificate and installs the target certificate to the smart card. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於密碼變更作業被選擇時,提供輸入一原密碼與一新密碼,並呼叫該安控元件,該安控元件更用以透過該智慧卡判斷該原密碼正確後,儲存該新密碼至該智慧卡中。For example, the system for managing certificates with an embedded browser module described in item 6 of the scope of patent application, wherein the browser module is used to provide input of an original password and a new password when the password change operation is selected, and Call the security control component, and the security control component is used to determine that the original password is correct through the smart card, and then store the new password in the smart card. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於線上解卡作業被選擇時呼叫該安控元件,該安控元件更用以由該智慧卡讀取該目標憑證,並依據該目標憑證由該伺服器取得一通訊資料後,使用該通訊資料發送一認證碼,並透過該瀏覽器模組提供輸入該認證碼,及判斷該認證碼正確後,透過該瀏覽器模組提供輸入一新密碼,並儲存該新密碼至該智慧卡中。As described in item 6 of the scope of patent application, the embedded browser module is used to call the security control component when the online card unlocking operation is selected. The security control component is more Used to read the target certificate by the smart card, and after obtaining a communication data from the server according to the target certificate, use the communication data to send an authentication code, and provide input of the authentication code through the browser module, and After judging that the authentication code is correct, provide a new password through the browser module, and store the new password in the smart card. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於線上解卡作業被選擇時,提供輸入一網站密碼,並傳送該網站密碼至該伺服器驗證,及當該網站密碼通過驗證伺服器後,提供輸入一新密碼,並呼叫該安控元件,該安控元件更用以儲存該新密碼至該智慧卡中。As described in item 6 of the scope of patent application, an embedded browser module is used to manage certificates, where the browser module is used to input a website password when the online card unlocking operation is selected and send the website The password is verified by the server, and when the website password passes the verification server, a new password is provided and the security control component is called, and the security control component is further used to store the new password in the smart card.
TW108101437A 2019-01-15 2019-01-15 System for using embedded browser module to manage certificate and method thereof TWI690820B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108101437A TWI690820B (en) 2019-01-15 2019-01-15 System for using embedded browser module to manage certificate and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108101437A TWI690820B (en) 2019-01-15 2019-01-15 System for using embedded browser module to manage certificate and method thereof

Publications (2)

Publication Number Publication Date
TWI690820B TWI690820B (en) 2020-04-11
TW202029036A true TW202029036A (en) 2020-08-01

Family

ID=71134294

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108101437A TWI690820B (en) 2019-01-15 2019-01-15 System for using embedded browser module to manage certificate and method thereof

Country Status (1)

Country Link
TW (1) TWI690820B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230367892A1 (en) * 2022-05-13 2023-11-16 Intuit Inc. Secure embedded web browser

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6734886B1 (en) * 1999-12-21 2004-05-11 Personalpath Systems, Inc. Method of customizing a browsing experience on a world-wide-web site
US7610390B2 (en) * 2001-12-04 2009-10-27 Sun Microsystems, Inc. Distributed network identity
JP2005532736A (en) * 2002-07-03 2005-10-27 オーロラ・ワイヤレス・テクノロジーズ・リミテッド Biometric private key infrastructure
JP4420201B2 (en) * 2004-02-27 2010-02-24 インターナショナル・ビジネス・マシーンズ・コーポレーション Authentication method using hardware token, hardware token, computer apparatus, and program
US7549048B2 (en) * 2004-03-19 2009-06-16 Microsoft Corporation Efficient and secure authentication of computing systems
TWM580295U (en) * 2019-01-15 2019-07-01 臺灣網路認證股份有限公司 System for managing certificate with embedded browser module and computing equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230367892A1 (en) * 2022-05-13 2023-11-16 Intuit Inc. Secure embedded web browser

Also Published As

Publication number Publication date
TWI690820B (en) 2020-04-11

Similar Documents

Publication Publication Date Title
CN104982005B (en) Implement the computing device and method of the franchise cryptographic services in virtualized environment
US8544092B2 (en) Integrity verification using a peripheral device
EP2973147B1 (en) Policy-based secure web boot
US20090319806A1 (en) Extensible pre-boot authentication
CN101960446A (en) Application based on the safety browser
KR20160006764A (en) Development-environment system, development-environment device, and development-environment provision method and program
JP2009507270A (en) A validated computing environment for personal Internet communicators
TW202040385A (en) System for using device identification to identify via telecommunication server and method thereof
CN114969713A (en) Equipment verification method, equipment and system
TWI690820B (en) System for using embedded browser module to manage certificate and method thereof
US9043863B1 (en) Policy enforcing browser
TWM592629U (en) System to obtain appended data and execute corresponding operation when identity is confirmed
TWM580295U (en) System for managing certificate with embedded browser module and computing equipment
TWM588313U (en) System for confirming user identity through financial account information
TWM586390U (en) A system for performing identity verification according to the service instruction to execute the corresponding service
TWM583978U (en) System of using physical carrier to store digital certificate for performing online transaction
TWI697802B (en) System and method for selecting data transmission mode according to client environment for certificate operation
TWM586494U (en) ID recognition system using network identification data through telecommunication server
TWI746920B (en) System for using certificate to verify identity from different domain through portal and method thereof
TW202113647A (en) System for displaying signature message of portable document format file in web page and method thereof
TWI645345B (en) System, device and method for executing certificate operation on basis of token
TWI777105B (en) System for obtaining additional data when identifying to execute operation and method thereof
TWI729535B (en) System for using financial account to confirm identity and method thereof
TWI780341B (en) System for using network identification to identify via telecommunication server and method thereof
TWI757925B (en) System for making two applications run simultaneously by calling input program and method thereof