TWI241497B - Operation method of single sign on system - Google Patents

Operation method of single sign on system Download PDF

Info

Publication number
TWI241497B
TWI241497B TW90123672A TW90123672A TWI241497B TW I241497 B TWI241497 B TW I241497B TW 90123672 A TW90123672 A TW 90123672A TW 90123672 A TW90123672 A TW 90123672A TW I241497 B TWI241497 B TW I241497B
Authority
TW
Taiwan
Prior art keywords
server
user
time
check
patent application
Prior art date
Application number
TW90123672A
Other languages
Chinese (zh)
Inventor
Shu-Fen Liou
Original Assignee
Taiwan Semiconductor Mfg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taiwan Semiconductor Mfg filed Critical Taiwan Semiconductor Mfg
Priority to TW90123672A priority Critical patent/TWI241497B/en
Application granted granted Critical
Publication of TWI241497B publication Critical patent/TWI241497B/en

Links

Abstract

The present invention relates to an operation method of single sign on system and is applied to multiple programs or systems already signed on so as to allow user to sign on any system and to sign on other relevant system for operation without needing to input user's ID and password again. By applying the single sign-on system provided by the present invention to the programs or systems already signed on, when user utilizes one set of user's ID and password to sign on one system and intends to sign on another system, the another system will search for the user's ID and password in the most recent sign-on from a database of single sign on system, compare with those in its user-related database, and then further compare a system time thereof and a user-requested sign-on time; if it is within the preset time, user is allowed to sign on. As such, user only needs to memorize one set of user's ID and password for signing on different systems, solving user's trouble in memorizing a series of user's IDs and passwords. Besides, as the single sign on system provided by the present invention can be installed in existing network equipment, e.g. database, workstation, etc., the cost is inexpensive and the subsequent maintenance is easy.

Description

1241497 A7 五、發明說明( 發明領域: 本發明係有關於一種單次登入系統(Single sign 〇n ; SSO)之運作方法’特別是有關於應用在多平台(Multiple Platform)或多系統(Muitiple System)的電腦與設備之間的 一種早次登入系統之運作方法,以增加系統的安全性和使 用之方便性。 發明背景: ------------ 裝 (請先閱讀背面之注意事項 寫本頁) 經濟部智慧財產局員工消費合作社印製 在多使用者的電腦環境中,為了識別(Identify)和鑑定 (Authenticate)每位使用者,一般都會實施識別和鑑定機 制。識別和鐘定機制十分重φ,因為可藉其控制每位使用 者的使用權限,拒絕不明人士的非法使用,以達到保護系 統安全的目的。而普遍實行的識別和鑑定機制就是利用使 用者識別碼(User ID)及其對應的密碼(passw〇rd)來鏗定每 位使用者。因此,在多使用者的電腦系統中,都會提供唯 一的使用者識別碼及其對應的密碼給每位已經註冊的使用 者,讓使用者擁有屬於個人的使用環境和使用權限。 然而,如果在多平台或多系統的電腦與設備之間應用 上述的識別和鑑定機制,因為使用者在每一個平台或系統 1241497 A7 B7 五、發明說明() 中’都有各自的使用者識別碼及密碼,因此,當使用者需 要從一個平台(或系統)進入另一個平台(或系統)時,需要輸 入該使用者對應此平台(或系統)的使用者識別碼及密碼, 若使用者需要在各個系統之間切換’則需要重複不斷的輸 入使用者識別碼及密碼,所以使用者就得記住在每一個系 統中自己的使用者識別碼及密碼,否則將無法登入系統, 因此使用上十分不方便,而且在登入不同系統時需重複不 斷的輸入會浪費寶貴的時間。又若使用者為求方便牢記, 在每一個系統中都採用相同或相似的使用者識別碼及密碼 時’當使用者識別碼及密碼因不小心或其他原因而外洩, 被其他人所獲知時,此不被允許使用的人就能輕易利用該 使用者識別碼及密碼而進入不同系統,使得系統安全受到 威脅。 請參考第1圖,其所繪示為一習知網路架構示意圖。 隨著現今的網際網路發展,在網路流通的資訊有越來越多 的趨勢,以及一種應用在網路3 0,名為“全球資訊網” (World Wide Web ; WWW)之應用服務的發展,因此由數台 電腦或設備所集中組成的系統已經不敷使用,目前很多系 統已經不是單由數台電腦所集中組成,而是由分散於不同 地方的電腦或設備,如工作站(Workstation)60、伺服器 (Server)62、資料庫(Database)64、路由器(R〇uter)66 和備 份設備(Backup Device)68等相關設備,經由網路3〇所連結 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) --------------- (請先閱讀背面之注意事項寫本頁) 一H°J·. -線· 經濟部智慧財產局員工消費合作社印製 1241497 A7 --——____B7 五、發明說明() 組成,以提供給使用者1 〇眾多不同的服務。 而所謂的全球資訊網廣義上是由瀏覽軟體(Brower)、 網路、伺服器和WWW協定等所組成,藉以提供網路資訊 傳輸一個簡單且統一的整合方法,而且讓WWW的使用者 1 0可輕易利用電腦7 0中的瀏覽軟體,透過網路3 〇連線到 伺服器62執行相關動作,如發出命令、要求回覆等。而劉 覽軟體與伺服器62進行的溝通可採用www協定,而其中 超文子傳輸協疋(Hypertext Transport Protocol ; HTTP)是眾 多WWW協定中最普遍且最常採用的一種。 如第1圖所示,由於網路30的發達,更多的資料庫64、 伺服器62和工作站60等連結成一個龐大的系統,使得使 用者1 0在登入各個不同系統時必需重複不斷的輸入對應 的使用者識別碼及密碼,明顯表現出低工作效率及浪費時 間的缺點。 為了增加使用者10在網路30中使用登入系統的方便 性和效率,很多改善的方法被提出,#中最為廣泛應用的 是庫記(Cookie)。庫記是儲存在瀏覽軟體中的一小塊資訊, 當使用者1G利用,軟體透過網路3G連線到網頁時:網 頁會送出庫記到使用者10 @瀏覽軟體以標明此網頁的相 關内容,例如網頁的位址”吏用者存取的時間和存取内容 本紙張尺度適用中國國家標準(CNS)A4規格(210^7公釐) (請先閱讀背面之注意·1241497 A7 V. Description of the Invention (Field of the Invention: The present invention relates to the operation method of a single sign-on system (Single Sign On; SSO), and particularly to the application on a multiple platform or a multiple system (Muitiple System). ) A method of operating an early login system between a computer and a device to increase system security and ease of use. BACKGROUND OF THE INVENTION: ------------ Install (please read the back first) Note on this page) The Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs is printed in a multi-user computer environment. In order to identify and authenticate each user, an identification and authentication mechanism is generally implemented. Identification The Hezhongding mechanism is very heavy, because it can control the use rights of each user, and refuse the illegal use of unknown people to achieve the purpose of protecting the security of the system. The universally implemented identification and authentication mechanism is to use the user identification code (User ID) and its corresponding password (password) to determine each user. Therefore, in a multi-user computer system, a unique The user identification code and its corresponding password are given to each registered user, so that the user has personal use environment and use rights. However, if the above identification is applied between computers and devices on multiple platforms or systems And authentication mechanism, because the user has its own user identification code and password in each of the platforms or systems 1241497 A7 B7 V. Invention Description (), so when users need to enter from one platform (or system) to another For a platform (or system), you need to enter the user ID and password corresponding to the platform (or system). If the user needs to switch between systems, you need to enter the user ID and Password, so users have to remember their own user ID and password in each system, otherwise they will not be able to log in to the system, so it is very inconvenient to use, and repeated input when logging in to different systems will waste valuable information Time, and if the user keeps in mind for convenience, the same or similar When the user ID and password are leaked due to accidental or other reasons and known to others, this person who is not allowed to use can easily use the user ID and password and Entering different systems makes system security threatened. Please refer to Figure 1, which is a schematic diagram of a known network architecture. With the development of today's Internet, more and more information circulates on the network. Trends and the development of an application service called the World Wide Web (WWW) that is applied on the Internet 30, so a system composed of several computers or devices has been inadequate, and currently many The system is no longer composed of several computers. It is composed of computers or equipment scattered in different places, such as Workstation 60, Server 62, Database 64, and Router. ) 66 and Backup Device 68 and other related equipment, which are connected via the network 30. This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 mm) ---------- ----- ( First read the notes on the back to write this page) One H ° J ·. -Line · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 1241497 A7 --——____ B7 V. Description of Invention () Composition to provide to users 1 〇 Many different services. The so-called global information network is broadly composed of browsing software (Brower), network, server and WWW protocol, etc., in order to provide a simple and unified integration method of network information transmission, and let WWW users 1 0 The browsing software in the computer 70 can be easily used to connect to the server 62 through the network 300 to perform related actions, such as issuing a command, requesting a reply, and the like. The communication between Liu Lan software and the server 62 can use the www protocol, and the Hypertext Transport Protocol (HTTP) is the most common and most commonly used among many WWW protocols. As shown in Figure 1, due to the development of the network 30, more databases 64, servers 62, and workstations 60 are connected into a large system, so that the user 10 must repeat the process of logging in to different systems. Entering the corresponding user identification code and password obviously shows the disadvantages of low work efficiency and wasted time. In order to increase the convenience and efficiency of the user 10 using the login system in the network 30, many improved methods have been proposed, and the most widely used in # is the cookie. The library record is a small piece of information stored in the browsing software. When the user uses 1G and the software connects to the web page through the network 3G: the web page will send the library record to the user 10 @ browse software to indicate the relevant content of this web page , Such as the address of the webpage, "the time and content of the user's access. This paper size applies the Chinese National Standard (CNS) A4 specification (210 ^ 7 mm). (Please read the note on the back first.

事項P 寫本頁) 經濟部智慧財產局員工消費合作社印製 1241497 A7 ___B7 五、發明說明() 等,瀏覽軟體就會將庫記儲存起來’以備往後使用者1 0再 次瀏覽時使用。 例如,網上書店(On-line Book Store)會透過網路送出 庫記到每位已經狂冊會員的潘j覽軟體中’又或在使用者連 、線到網上書店時,與使用者的瀏覽軟體進行庫記的交換, 在網上書店的伺服器中儲存包含使用者相關資料(如使用 者識別碼及密碼等)的庫記’以便在使用者下次來訪時不必 輸入其個人的使用者識別碼及密碼’就可直接進入其個人 的系統環境。 所以在登入系統中應用庫記的方法時’當使用者利用 瀏覽軟體連線到網頁以登入系統’在輸入使用者識別碼及 密碼登入的同時,網頁就可將此使用者的使用者識別碼及 密碼記錄在庫記内,並送出庫記到使用者的瀏覽軟體以標 明網頁的相關内容’以便在使用者下次登入時不必輸入其 個人的使用者識別碼及後碼’就可直接進入糸統’因此當 使用者在不同的系統間進出時,能減少輸入使用者識別石馬 及密碼的時間。 (請先閱讀背面之注意事項;1^寫本頁) 訂 經濟部智慧財產局員工消費合作社印製 系10站 障者作 保用工 能使於 不當位 並,入 ,示登 法所以 方圖碼 的 1 密 記第及 庫如碼 用 。別 應性識 中密者 統隱用 系的使 入者入 登用輸 在使 ο ,和7 過全腦 不安電 的由 統經 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 1241497 B7 經濟部智慧財產局員工消費合作社印製 五、發明說明() 60或伺服器62的系統時,使用者識別碼及密碼必須透過 網路30,如區域網路(Local Area Network ; LAN)40或廣域 網路(Wide Area Network ; WAN)50等,才能到達該系統, 在使用者識別碼及密碼的傳送過程中,任何人(如第1圖中 之使用者20)都可輕易利用相關網路設備72,透過網路30 來發現並攔截(Block)該使用者識別碼及密碼,於是就可藉 此使用者識別碼及密碼進入相關的系統中進行活動,系統 的安全就會受到威脅。 雖然,在使用者1 0輸入使用者識別碼及密碼後,可先 加密(Encryption)和編碼(Encode)才經由網路傳送,而庫記 也會經過適當的加密才傳送出去,但也不能絕對保証使用 者識別碼及密碼不會被攔截且被解密(Decrypti〇n)和解碼 (Decode)。於是,既可以增加使用之方便性,又能增加系 統安全性的習知單次登入系統便被提出而採用。 不過’雖然目前的習知單次登入系統可以增加使用者 方便性及系統安全性,但由於很多習知單次登入系統有其 獨特的運作流程及設計,以控管所有與其相連的伺服器、 工作站和資料庫等設備,因此在既有的網路架構中加入習 知單次登入系統’需要對所有與其相連的伺服器、工作站 和資料庫等設備中的軟體、韌體或硬體作大幅度的修改及 更動’這些修改及更動的工作都需要花費不少的 、刀和可 i紙張尺度刺t關家鮮(CNS)A4祕(〗1G x 297公餐) ---^ (請先閱讀背面之注 意 裝--- 寫本頁) 訂: 線丨- 1241497 A7 -------- -Β7 _ __—-- 五、發明說明() 觀的時間進行,特別是儲存使用者識別碼及密碼的資料 庫,更需要許多時間來進行相關的整合工作。而且’習知 單次登入系統的售價都非常昂貴,因此應用習知單次登入 系統的成本十分向。 發明目的及概述: 經濟部智慧財產局員工消費合作社印製 鑒於上述之發明背景中,在多使用者的電腦環境中’ 為了識別、鑑定以及控制每位使用者的使用權限等’一般 都會利用使用者識別碼及密碼來實施識別和鑑定機制’以 達到保護系統安全的目的。更由於隨著現今的網際網路發 展,很多系統是由分散於不同地方的電腦或設備,如工作 站、伺服器、資料庫、路由器和備份設備等相關設備’經 由網路所連結組成。當使用者在登入各個不同系統時必需 重複不斷的輸入對應的使用者識別碼及密碼,因而顯得使 用者介面並不親切,更由於使用者需要牢記各系統不同的 使用者識別碼及密碼,增添使用者在系統操作上的不便。 另外’當使用者在登入各個不同系統時輸入的使用者識別 碼及密碼’容易被不明人士所攔截並解譯,使得系統的安 全性受到威脅。雖然有很多改善方法被提出使用,例如刊 用庫δ己的方法或應用習知單次登入系統等,但利用庫記的 方法在系統安全方面仍有其嚴重的漏洞,而習知單次登入 系統售價昂貴且需許多人力和時間作整合工作,使得成本 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公餐) 1241497Matter P write this page) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 1241497 A7 ___B7 5. The invention description () etc., the browsing software will store the treasury 'for future users to use it when they browse again 10 times. For example, the online book store (On-line Book Store) will send the library to the panjlan software of each member who has been crazy book through the Internet, or when the user is connected or connected to the online bookstore, Of browsing software for the exchange of treasury records. The treasury records containing user-related information (such as user ID and password) are stored in the server of the online bookstore, so that users do not have to enter their personal User ID and password 'can directly enter their personal system environment. Therefore, when applying the library method in the login system, 'When a user connects to a webpage using a browsing software to log in to the system', while entering a user ID and password to log in, the webpage can use this user ID And password are recorded in the treasury, and the treasury is sent to the user's browsing software to indicate the relevant content of the webpage, so that the user can enter directly without entering his personal user identification code and postcode when he next logs in 糸Therefore, when the user enters and exits between different systems, the time for entering the user's identification stone and password can be reduced. (Please read the notes on the back first; 1 ^ write this page) Order 10 disabled persons in the printing department of the Intellectual Property Bureau of the Ministry of Economic Affairs for the printing department of the disabled to use it as a security worker. 1 secret number and library as code. Do n’t use the Confidence of the Secret Person in the Secret System. The user ’s access to the system is lost, and 7 cases of total brain unrest power are applied to this paper. The national standard (CNS) A4 specification (210 X 297 mm) applies. ) 1241497 B7 Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs 5. When the system of invention 60 or server 62 is used, the user ID and password must pass through network 30, such as Local Area Network (LAN) ) 40 or Wide Area Network (WAN) 50, etc. to reach the system. In the process of transmitting the user identification code and password, anyone (such as user 20 in Figure 1) can easily use the relevant The network device 72 discovers and blocks the user identification code and password through the network 30, so the user identification code and password can be used to enter the related system for activities, and the security of the system will be threatened . Although after the user 10 enters the user identification code and password, the encryption and encoding can be transmitted through the network, and the treasury will also be transmitted through the appropriate encryption, but it cannot be absolutely Ensure that the user identification code and password will not be intercepted and decrypted (Decryption) and decoded (Decode). Therefore, the conventional single sign-on system that can increase the convenience of use and increase the security of the system is proposed and adopted. However, 'Although the current conventional single sign-on system can increase user convenience and system security, because many conventional single sign-on systems have their unique operating processes and designs to control all servers connected to them, Equipment such as workstations and databases, so adding the conventional single sign-on system to the existing network architecture requires the software, firmware, or hardware in all devices, such as servers, workstations, and databases connected to it Modifications and changes of the magnitude 'These modifications and changes require a lot of work, and knife and paper size stab home Guan (CNS) A4 secret (〗 1G x 297 meals) --- ^ (please first Read the note on the back --- Write this page) Order: Line 丨-1241497 A7 -------- -B7 _ ___-- V. Description of the invention () Observe the time, especially for storage users Databases of identification codes and passwords require much more time for related integration work. Moreover, the prices of ‘knowledge single sign-on systems are very expensive, so the cost of applying the knowledge single sign-on system is very high. Purpose and summary of the invention: Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. In view of the above-mentioned invention background, in a multi-user computer environment, 'in order to identify, authenticate, and control the use rights of each user', it is generally used. User identification code and password to implement the identification and authentication mechanism 'to achieve the purpose of protecting the security of the system. Furthermore, with the development of the current Internet, many systems are composed of computers or equipment scattered in different places, such as workstations, servers, databases, routers, and backup equipment, etc., and are connected by the Internet. When users log in to different systems, they must repeatedly enter corresponding user IDs and passwords, which makes the user interface not friendly, and because users need to keep in mind the different user IDs and passwords of each system, add User inconvenience in system operation. In addition, 'user IDs and passwords entered by users when logging in to different systems' are easily intercepted and interpreted by unknown people, which threatens the security of the system. Although many improvement methods have been proposed and used, such as the method of publishing library δ itself or the application of single sign-on system, the method of using library records still has serious vulnerabilities in system security. The system is expensive and requires a lot of manpower and time for integration work, making the cost of this paper standard applicable to the Chinese National Standard (CNS) A4 specification (210 X 297 meals) 1241497

五、發明說明() 增加不少’所以目前迫切需要一種簡便、安全性高及成本 低廉的登入系統。 (請先閱讀背面之注意事項寫本頁) 本發明的主要目的,為提供一種單次登入系統之運作 方法’在眾多登入系統或應用程式中,應用本發明所提供 的單次登入系統及其運作方法,可讓使用者只需牢記一組 使用者識別碼及密碼,以及只需登入任一已參與單次登入 之系統一次’即可在不需重新輸入使用者識別碼及密碼的 情況下,就可以登入其他相連的網站(視使用者的使用權限 而定)。又由於已參與單次登入之各系統,在使用者要求從 一系統登入另一系統時,會先到本發明所提供之單次登入 系統的資料庫中,找尋及傳輸使用者的使用者識別碼及密 碼,這些資訊交換動作都是在系統和系統之間進行,因此 大大減少使用者識別碼及密碼被不明人士攔截及解譯的機 會。 經濟部智慧財產局員工消費合作社印製 根據以上所述之目的,本發明提供一種單次登入系統 之運作方法,首先在欲使用單次登入系統的網路(如區域網 路)中選擇一台設備(如伺服器或資料庫等)作為本發明之單 次登入系統的安裝處,並對此區域網路和其中的設備進行 適當的修改調整,使在此區域網路中欲使用單次登入的系 統、平台或祠服器、工作站等跟安裝有單次登入系統的設 備互相連線,而使用的網路協定可採用Ηττρ協定。當使V. Description of the invention () A lot of increase ’Therefore, there is an urgent need for a simple, high-security and low-cost login system. (Please read the notes on the back first to write this page) The main purpose of the present invention is to provide a method of operating a single sign-on system. 'The single sign-on system provided by the present invention is used in many login systems or applications and the The operation method allows users to remember only a set of user ID and password, and only need to log in to any system that has participated in single sign-on once, without the need to re-enter the user ID and password. , You can log in to other connected websites (depending on the user's permissions). And because of the systems that have participated in single sign-on, when a user requests to log in from one system to another, he will first go to the database of the single sign-on system provided by the present invention to find and transmit the user identification of the user Codes and passwords, these information exchange actions are performed between systems and systems, thus greatly reducing the chance of user identification codes and passwords being intercepted and interpreted by unknown people. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs According to the above-mentioned purpose, the present invention provides a method for operating a single sign-on system. First, select one of the networks (such as a local area network) to use the single sign-on system. Equipment (such as a server or database) is used as the installation place of the single sign-on system of the present invention, and appropriate modifications and adjustments are made to this local area network and the equipment therein, so that single sign-on is intended to be used in this local area network Systems, platforms, temple servers, workstations, etc., are connected to the equipment installed with the single sign-on system, and the network protocol used may be the Ηττρ protocol. To make

紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公f 1 -------------J A7 1241497 B7 五、發明說明() 用者利用一組使用者識別碼及密碼登入系統後,欲再從該 系統登入另一系統,此另一系統會到單次登入系統之資料 庫找哥使用者在如次登入時的使用者識別碼及密碼,然後 與本身的使用者相關資料庫加以比對,這些動作都是在系 統和系統之間進行,因此大大減少使用者識別碼及密碼被 不明人士攔截及解譯的機會。經過驗證使用者識別碼與密 碼,以及比對系統時間和時間標籤後,使用者即可登入。 如此可讓使用者只需牢記一組使用者識別碼及密碼,即可 登入不同的系統,解決過往使用者需牢記許多使用者識別 碼及密碼的麻煩。另外,由於本發明所提供之單次登入系 統可女裝在既有的網路設備(如資料庫、工作站等),因此 成本低廉,而且後續維護容易。 圖式簡單說明: 本發明的較佳實施例將於往後之說明文字中辅以下列 圖形做更詳細的闡述,其中: ------------ 裝 (請先閱讀背面之注意事項 寫本頁) 經濟部智慧財產局員工消費合作社印製 第1圖係繪示為習知網路架構示意圖。 第2圖係繪示為利用本發明之一實施例的網路架 意圖 構 第3圖係繪示為利用本發明之一實施例的另 構示意圖 網路架 10 本紙張尺度適用中國國家標準(CNS)A4規格(21〇 X 297公爱) 1241497 ^ A7 B7 經濟部智慧財產局員工消費合作社印製 五、發明說明() 第 4圖係繪示為利用本發明之一實施例的設定流程 圖。 第5圖係繪示為利用本發明之一實施例的運作流程 圖。 圖號對照說明: 10 使 用 者 20 使 用 者 30 網 路 40 區 域 網 路 50 廣 域 網 路 60 X 作 站 62 伺 服 器 64 資 料 庫 66 路 由 器 68 備 份 設 備 70 電 腦 72 網 路 設 備 90 網 路 架 構 100 單 次 登 入 系 統 105 第 一 飼 服 器 110 第 二 伺 服 器 115 第 一 資 料 庫 120 第 二 資 料 庫 125 網 路 130 應 用 程 式 組 135 第 三 祠 服 器 140 第 四 伺 服 器 145 使 用 者 150 網 路 架 構 200 安 裝 步 驟 205 建 立 步 驟 210 設 定 步 驟 215 同 步 步 驟 220 輸 入 步 驟 225 判 斷 步 驟 230 登 入 步 驟 235 要 求 登 入 步 驟 11 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) --------------裝—— (請先閱讀背面之注意事項寫本頁) 一·. -線丨 1241497 A7 B7 五、發明說明( 240 250 260 270 280 暫存步驟 判斷步驟 登入步驟 拒絕登入 拒絕登入 245 搜尋步驟 255 比對步驟 265 清除步驟 275 拒絕登人 經濟部智慧財產局員工消費合作社印製 發明詳細說明: 請參考第2圖,其所繪示為利用本發明 — 〜一霄施例的 網路架構示意圖,其中以第一資料庫1 1 5作為本 胃 赞"月所提 供的單次登入系統1 〇〇的安裝處。如第2圖所干 ll Η丨不,此網路 架構90是由第一資料庫1 1 5與第一伺服器1 05和第二飼服 器1 1 0相連,而第二資料庫1 20與第二伺服器丨丨〇相連所 組成,且第一資料庫1 1 5、第一伺服器1 〇5和第二伺服器 1 10各有其由不同的應用程式所組成的應用程式組 (Application Group)130。另外,在此網路架構90中所有與 對外的網路1 25連線的系統或設備(如第2圖中之第一伺服 器1 05和第二伺服器1 1 〇)中,於應用程式組1 30内供使用 者登入的網路應用程式(Web-based Application)可採用 的網路協定有HTTP協定等,以增加網路管理員的控管方 便和維護人員的維護容易性。 請同時參考第2圖和第3圖,第3圖其所繪示為利用 12 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) ------------裝--- (請先閱讀背面之注音?事項寫本頁) 訂: 線· 1241497 A7 五、發明說明() 本發明之一實施例的 庫 、、罔路架構示意圖。因為第一資料 犀11 5為本發明所提供 r^ ^ 勺早二人登入系統1 〇〇的安裝處,所 以虽網路架構i 5 0中加兩 ,,.^ 入而要單次登入功能的網路應用程 式或糸統時,例如在第9 2圖所示由第一資料庫1 1 5、第二 駟料庫 1 2 0、第一徊服口。 良為105和第二伺服器11〇所組成之 網路架:90中,加入需要單次登入之第三伺服器135和第 饲服盗140日夺’第二伺服器135和第四伺服器⑷只需 =第_資料庫115連線,並在第—f料庫115和此加入的 。又備(如第3圖中之第三伺服器135和第四伺服器Μ。)中作 適當的修改,如將各飼服器與資料摩中已註冊的使用者的 使用者識別碼及密碼統一等,即可快速加入網路架構^ 5 〇 並進行應用。 請同時參考第2圖和第4圖,第4圖所繪示為利用本 發明之一實施例的設定流程圖。首先如第4圖中之安裝步 驟200安裝本發明所提供的單次登入系統ι〇〇在既有的第 一資料庫1 1 5中,然後執行建立步驟205,建立單次登入 系統1 0 0的資料庫,以配合單次登入系統1 〇 〇的運作。 接者在與第一資料庫115相連的設備(如第2圖中之第 一伺服器1 05和第二伺服器丨丨0)中的軟體中稍作修改,且 執行设定步驟2 1 0以設定相關的連線設定,例如調整連線 環境參數、設定網路架構中各設備之網路位址等。然後再 13 本紙張尺度適用中國國家標準(CNS)A4規格(210 x 297公f ) --------------^--- (請先閱讀背面之注意事項 寫本頁) . 經濟部智慧財產局員工消費合作社印製 1241497Paper size applies to China National Standard (CNS) A4 specifications (210 X 297 male f 1 ------------- J A7 1241497 B7 V. Description of invention () User uses a set of user identification code After logging in to the system with a password, if you want to log in to another system from that system, this other system will go to the database of the single sign-on system to find the user ID and password of the brother user at the same time, and then contact the User-related databases are compared, and these actions are performed between systems, thus greatly reducing the chance of user IDs and passwords being intercepted and interpreted by unknown people. Verified user IDs and passwords, and After comparing the system time and time label, the user can log in. This allows the user to log in to different systems by simply remembering a set of user IDs and passwords, solving the need for users to remember many user IDs And password trouble. In addition, because the single sign-on system provided by the present invention can be used on existing network equipment (such as databases, workstations, etc.), the cost is low and the subsequent maintenance capacity is low. Schematic description: The preferred embodiment of the present invention will be described in more detail in the following explanatory text with the following figures, where: ------------ installed (please read first Note on the back page :) Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs. Figure 1 is a schematic diagram of a conventional network architecture. Figure 2 is a network framework utilizing an embodiment of the present invention. The third figure is a schematic diagram showing another structure using an embodiment of the present invention. Network frame 10 This paper size applies the Chinese National Standard (CNS) A4 specification (21 × X 297 public love) 1241497 ^ A7 B7 Ministry of Economic Affairs Printed by the Intellectual Property Bureau's Consumer Cooperatives 5. Description of the Invention (4) Figure 4 shows a setting flow chart using one embodiment of the present invention. Figure 5 shows an operation flow using one embodiment of the present invention. Figure. Comparative illustration of drawing numbers: 10 users 20 users 30 network 40 local area network 50 wide area network 60 X working station 62 server 64 database 66 router 68 backup device 70 computer 72 network Device 90 network architecture 100 single sign-on system 105 first server 110 second server 115 first database 120 second database 125 network 130 application group 135 third temple server 140 fourth server 145 User 150 Network architecture 200 Installation steps 205 Setup steps 210 Setup steps 215 Synchronization steps 220 Input steps 225 Judgment steps 230 Login steps 235 Request login steps 11 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297) (Li) -------------- Installation-(Please read the notes on the back to write this page) I ..-Line 丨 1241497 A7 B7 V. Description of the invention (240 250 260 270 280 Temporary Steps Judgment Steps Login Steps Deny Login Deny Login 245 Search Step 255 Compare Step 265 Clear Step 275 Deny Registration of Intellectual Property Bureau Employees Consumer Cooperatives of the Ministry of Economy Detailed description of the invention: Please refer to Figure 2, which is shown as Utilizing the present invention-~ network architecture schematic of the embodiment , Of which the first database 115 as a stomach like this " month for single sign-mentioned system is installed at one thousand and the. As shown in Fig. 2, the network structure 90 is connected to the first server 105 and the second feeder 1 1 0 by the first database 1 1 5 and the second database 1 20 It is connected to the second server 丨 丨 〇, and the first database 1 15, the first server 105, and the second server 1 10 each have their own application groups composed of different applications ( Application Group) 130. In addition, in this network architecture 90, all systems or devices connected to the external network 1 25 (such as the first server 105 and the second server 1 1 0 in FIG. 2) are used in the application program. The network protocols (Web-based Application) that can be used for user login in Group 1 30 include HTTP protocol, etc., to increase the control and convenience of network administrators and the ease of maintenance by maintenance personnel. Please refer to Figure 2 and Figure 3 at the same time. Figure 3 shows the use of 12 paper sizes to apply Chinese National Standard (CNS) A4 (210 X 297 mm) ---------- --Install --- (Please read the phonetic on the back? Matters to write on this page) Order: Line · 1241497 A7 V. Description of the invention () Schematic diagram of the library and Kushiro architecture of one embodiment of the present invention. Because the first data file 115 is the installation place of the early two-person login system 1000 provided by the present invention, although the network architecture i 50 is added with two, .. ^, a single login function is required. When using a web application or system, for example, as shown in FIG. 92, the first database 1 15, the second database 1 20, and the first server are used. Good network framework consisting of 105 and second server 11: In 90, add the third server 135 and the first server that require single sign-on 140 days to win the second server 135 and the fourth server ⑷ Simply connect to the #_Database 115, and add it in the #f_Database 115 and here. And (for example, the third server 135 and the fourth server M in FIG. 3), make appropriate modifications, such as the user ID and password of the registered user in each feeder and data server. Unified, etc., you can quickly join the network architecture ^ 5 〇 and apply. Please refer to FIG. 2 and FIG. 4 at the same time. FIG. 4 shows a setting flowchart using an embodiment of the present invention. First, install the single sign-on system provided by the present invention in the installation step 200 in FIG. 4 in the existing first database 1 15 and then execute the establishment step 205 to establish the single sign-on system 1 0 0 Database to support the operation of the single sign-on system 1000. The receiver makes a slight modification in the software in the device connected to the first database 115 (such as the first server 105 and the second server 丨 丨 0 in Figure 2), and performs the setting step 2 1 0 To set related connection settings, such as adjusting the connection environment parameters, setting the network address of each device in the network architecture, and so on. Then 13 paper sizes are applicable to Chinese National Standard (CNS) A4 (210 x 297 male f) -------------- ^ --- (Please read the notes on the back first to write this Page). Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 1241497

个叫厂y丨嘈示為利用 …-實施例的運作流程圖。當使…45需透過喝 125登入第2圖中之第一飼服器1〇5時,使用纟⑷執 輸入步驟220,在相關的網路應用程式中輸入使用者識 碼及密碼,並利用網路協定(如Ηττρ協定)透過網路' 傳送至第一伺服器105時,第一伺服器1〇5中的登入檢 程式(未標示)則根據第一伺服器1〇5中的已註冊使用= 關資料的記錄,來檢查使用者識別碼及密碼,執行判斷 驟225以判定使用者識別碼及密碼是否存在於記錄中, 不存在判斷結果為否則拒絕登入,若存在判斷結果為是 准許登入並執行登入步驟230以登入第一伺服器1〇5。 ------------ 裝 「請先閱讀背面之注意事項 寫本頁) · 經濟部智慧財產局員工消費合作社印製 當使用者1 45需要從一個系統登入另一個系統時,在 沒有單次登入的情況下,使用者145必需再次輸入對應的 使用者識別碼及密碼。請再參考第2圖,而在本發明之一 實施例中,當使用者丨45需要從第一伺服器i 05登入第二 伺服器1 1 0而執行要求登入步驟23 5時,第一伺服器i 〇5 中的登入檢查程式會先執行暫存步驟240,將此使用者145 在登入第一伺服器丨05時所輸入的使用者識別碼及密碼, 14 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 1241497 A7 B7______五、發明說明() 與標示要求登入時間點的時間標籤,暫時寫入安裴有單次 登入系統1 00的第一資料庫丨丨5中,當第二伺服器丨丨〇接 收到使用者1 4 5在第一伺服器1 〇 5要求登入第二伺服器i i 〇 的要求後’由於與第一資料庫丨丨5相連的第二伺服器n 〇 已經對本身的軟硬體等作出適當的修改,並已經統—各系 統、词服器和資料庫等的使用者相關資訊(如使用者識別碼 及密碼等),所以第二伺服器丨丨〇中的相關網路應用程式, 會利用網路協定(如HTTP協定)透過網路架構90到第一資 料庫1 15中執行搜尋步驟245,以找尋此使用者145在登 入第一伺服器1 05時所輸入的使用者識別碼及密碼與時間 標籤。 在搜尋到該使用者1 45的使用者識別碼及密碼與時間 標籤後,第二伺服器1 1 0的登入檢查程式則根據第二伺服 器1 1 0中的已註冊使用者相關資料的記錄,來檢查使用者 識別碼及密碼,並執行判斷步驟2 5 0以判定使用者識別瑪 及密碼是否存在於記錄中,若不存在則結果為否,拒絕登 入0 ------------裝--- (請先閱讀背面之注意事項寫本頁} 訂 經濟部智慧財產局員工消費合作社印製 若第一資料庫1 1 5中的使用者識別碼及密碼與第二词 服器1 1 〇中使用者識別碼及密碼的記錄相符時,則判斷步 驟2 5 0的結果為是,接著執行比對步驟2 5 5,將標示要求 登入時間點之時間標籤與目前第二伺服器1 1 〇的系統時間 15 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公f ) 1241497 A7The individual call factory is annoyed as the operation flow chart of the embodiment. When making ... 45 need to log in to the first feeder 105 in the second figure through drinking 125, use the input step 220 to input the user ID and password in the relevant web application, and use When a network protocol (such as the Ηττρ protocol) is transmitted to the first server 105 through the network, the login check program (unlabeled) in the first server 105 is registered according to the registration in the first server 105 Use = records of related information to check the user ID and password, and perform judgment step 225 to determine whether the user ID and password exist in the record. If there is no judgment result, otherwise log in. If the judgment result exists, it is permitted. Log in and execute a login step 230 to log in to the first server 105. ------------ Install "Please read the precautions on the back to write this page) · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs when users 1 45 need to log in from one system to another In the case of no single sign-on, the user 145 must enter the corresponding user identification code and password again. Please refer to FIG. 2 again. In one embodiment of the present invention, when the user 45 needs to switch from the first When a server i 05 logs in to the second server 1 1 0 and executes the request login step 23 5, the login check program in the first server i 0 5 first executes a temporary step 240, and this user 145 A server 丨 User ID and password entered at 05. 14 This paper size is applicable to China National Standard (CNS) A4 (210 X 297 mm) 1241497 A7 B7______ V. Description of the invention () and logo require login The time tag at the time point is temporarily written into the first database 丨 5 of the one-time login system 100 of Amber, when the second server 丨 丨 receives the user 1 4 5 on the first server 1 〇 5 After the request to log in to the second server ii 〇 Because the second server n 0 connected to the first database 丨 5 has made appropriate modifications to its own software and hardware, and has unified the user-related information of each system, server, database, etc. ( (Such as user ID, password, etc.), so the related web applications in the second server 丨 丨 〇 will use the network protocol (such as the HTTP protocol) to run through the network structure 90 to the first database 1 15 Search step 245 to find the user ID, password, and time tag entered by the user 145 when logging in to the first server 105. The user ID, password, and time tag of the user 1 45 are found After that, the login check program of the second server 1 10 checks the user ID and password based on the record of the registered user-related data in the second server 1 10, and executes the judgment step 2 50 to Determine whether the user identification code and password exist in the record. If it does not exist, the result is no, refuse to log in. 0 ------------ install --- (Please read the notes on the back first to write this Page} Order Staff Consumption The cooperative prints that if the user ID and password in the first database 1 1 5 matches the record of the user ID and password in the second server 1 10, the result of step 2 50 is determined to be yes , Then execute the comparison step 2 5 5 to mark the time label of the time required to log in with the current system time of the second server 1 1 〇 15 This paper size applies the Chinese National Standard (CNS) A4 specification (210 X 297 public f ) 1241497 A7

五、發明說明() 作一比對,當時間標籤與目前第二伺服器11〇的系統時間 兩者之間並未超過預定時間(在本發明之一實施例中,預定 時間約為3秒)時,則比對步驟255的結果為是,接著執行 登入步驟260,讓使用者145登入第二伺服器11〇,於是使 用者1 45就不需再次輸入使用者識別碼及密碼。但當時間 標籤與目前第二伺服器丨10的系統時間兩者之間已經超過 預定時間(如前述之約3秒),則比對步驟255的結果為否, 第二伺服器1 1 〇就會拒絕使用者丨4 5從第一伺服器丨〇 5登 入第二伺服器1 1 0。 (請先閱讀背面之注意事項】 裝—— 「寫本頁) 經濟部智慧財產局員工消費合作社印製 比對時間標籤與目前第二伺服器丨丨〇的系統時間的目 的’是為了避免當使用者145從第一伺服器105要求登入 第二伺服器1 1 0後,因網路傳輸或運作出現問題等因素, 而使得登入過程延長或第二伺服器1 1 〇不斷在等候第一資 料庫1 1 5的回覆等問題出現,從而導致登入逾時,更可能 使得網路的運作出現問題。 當執行登入步驟260完成後,第二伺服器1 1 〇中的相 關網路應用程式就會執行清除步驟2 6 5,將第一資料庫1 1 5 中相關的使用者識別碼及密碼與時間標籤清除,又或隔離 備份供往後的檢查,以確保第一資料庫1 1 5中儲存有最新 的相關資料。然後在第二伺服器1 1 〇中的網路應用程式與 第一資料庫1 1 5的通信完成後,第二伺服器1 1 〇中的網路 本紙張尺度適用中國國家標準(CNS)A4規格(210 x 297公f ) 1241497 A7 經濟部智慧財產局員工消費合作社印製 五、發明說明() 應用程式就關閉與第一資料庫丨丨$的通信,並完全掌控後 續的運作’使用者i 45就可在第二伺服器丨丨〇中進行工作。 同樣的動作原理也會出現在當使用者丨45需要從第二 伺服器1 1 0登入第一伺服器丨〇5或其他已經參與單次登入 系統1 00的設備時。當使用者丨45需要從第二伺服器n 〇 登入第一伺服器丨05,第二伺服器丨丨〇中的登入檢查程式 同樣會先將使用者1 45在登入第二伺服器丨丨〇時所輸入的 使用者識別碼、密碼,以及要求登入第一伺服器丨〇 5時之 時間標籤,暫時寫入第一資料庫i丨5中,而第一伺服器工〇5 中的網路應用程式亦會到第一資料庫i丨5中找尋使用者識 別碼及密碼與時間標籤並進行檢查。 另外,若在本發明所提供的單次登入系統1〇〇之資料 庫中找尋不到使用者識別碼及密碼,則已參與單次登入系 統100的設備會要求使用者145再重新輸入使用者識別碼 及密碼以作登入。 本發明之優點為提供一種單次登入系統之運作方法, 在魔大的互連網路環境中,使㈣h要不斷的輸入不同 的使用者識別瑪及密碼’以進入不同的系統或平台,而在 應用本發明所提出之單次登入系統後,使用者只需藉單— 個使用者識別碼及密碼,以及在任—p灸命路Α Μ ^ 匕參興早次登入系統 17 本紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) (請先閱讀背面之注意事項1! 裝--- 八寫本頁) · -線· 1241497 A7V. Description of the invention (1) For comparison, when the time tag and the current system time of the second server 1110 do not exceed a predetermined time (in one embodiment of the present invention, the predetermined time is about 3 seconds). ), The result of the comparison step 255 is yes, and then the login step 260 is executed to allow the user 145 to log in to the second server 11 so that the user 1 45 does not need to enter the user identification code and password again. However, when the time tag and the current system time of the second server 10 have exceeded a predetermined time (such as about 3 seconds as described above), the result of the comparison step 255 is no, and the second server 1 1 〇 The user will be refused to log in to the second server 1 1 0 from the first server 5. (Please read the precautions on the back first) Installation-"Write this page" The purpose of printing and comparing the time label of the Intellectual Property Bureau employee consumer cooperative of the Ministry of Economic Affairs with the current system time of the second server 丨 丨 〇 is to avoid After the user 145 requests from the first server 105 to log in to the second server 110, the login process is prolonged due to factors such as network transmission or operation problems, or the second server 1 1 0 is constantly waiting for the first data Questions such as the reply from library 1 15 occur, which causes the login to time out, which is more likely to cause problems with the operation of the network. When the login step 260 is completed, the related web application in the second server 1 1 0 will Perform the clearing step 2 6 5 to clear the related user ID, password and time stamp in the first database 1 1 5 or isolate the backup for future inspection to ensure that it is stored in the first database 1 1 5 Have the latest relevant information. Then after the communication between the web application in the second server 1 10 and the first database 1 15 is completed, the network paper size in the second server 1 10 is applicable to China country Standard (CNS) A4 (210 x 297 male f) 1241497 A7 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 5. Description of the invention () The application closed communication with the first database 丨 丨 $, and fully controlled Subsequent operations' user i 45 can work in the second server 丨 丨 〇. The same principle of operation will also appear when the user 丨 45 needs to log in to the first server from the second server 1 1 0 丨〇5 or other devices that have participated in the single sign-on system 100. When the user 丨 45 needs to log in to the first server 丨 05 from the second server n 〇, the login check program in the second server 丨 丨 is the same The user ID and password entered by the user 1 45 when logging in to the second server 丨 丨 and the time stamp required to log in to the first server 丨 05 will be written into the first database temporarily.丨 5, and the web application in the first server 05 will also go to the first database i 丨 5 to find and check the user ID, password, and time stamp. In addition, if the Provided single sign-on system 1〇 If the user ID and password cannot be found in the database, the device that has participated in the single sign-on system 100 will ask the user 145 to re-enter the user ID and password for login. The advantage of the present invention is to provide a single The operation method of the secondary login system, in the Internet environment of Magic University, enables ㈣h to continuously enter different user identification codes and passwords to enter different systems or platforms, and to apply the single login proposed by the present invention After the system, the user only needs to borrow a user ID and password, as well as the incumbent-p moxibustion road Α ^ ^ Deng Shenxing early login system 17 This paper size applies Chinese National Standard (CNS) A4 specifications (210 X 297 mm) (Please read the note 1 on the back first! Attachment --- Write this page) ·-line · 1241497 A7

經濟部智慧財產局員工消費合作社印製 發明說明() 的設備登入一次後,即可登入其他已參與單次登入系統的 設備,而無需再次輸入使用者識別碼及密碼,因此增加使 用的便利性。更由於使用者只需記下單一個使用者識別碼 及密碼,即可登入不同的設備、系統或平台,故解決了使 用者必須牢記不同系統中不同的使用者識別碼及密碼的不 便。另外’在現有的網路架構中應用本發明所提供的單次 登入系統,成本十分低廉,因只需在既有設備中安裝本發 明所提供的單次登入系統,並對其他在網路架構中的設備 或系統等稍作修改即可,而且從安裝到完成的施工時間快 速,安裝調整只需耗用小量的人力資源,後續的維護也不 需要大量的人員。 本發明之另一優點為提供一種單次登入系統之運作方 法,在多系統的網路環境中,應用本發明所提供的單次登 入系統,當使用者登入不同的系統或平台時,只需要單次 輸入使用者識別碼及密碼’安裝有早次登入系統的資料庫 或其他相關設備就會將使用者識別碼及密碼記錄下來,當 使用者要求登入另一系統時,系統就會自動到資料庫中找 尋使用者的使用者識別碼及密碼和要求登入時間作一比對 處理,以判定准許登入與否。這些的動作都是設備與設備 之間經由複雜的加密解密動作所完成的資訊交換,因此使 用者識別碼及密碼並不會被不明人士攔截解譯,系統的安 全性就得以大大地提高。 (請先閱讀背面之注音?事項^?5^寫本頁) _ 尽紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐) 1241497 A/ _B7 五、發明說明() 如熟悉此技術之人員所暸解的,以上所述僅為本發明 之較佳實施例而已,並非用以限定本發明之申請專利範 圍;凡其它未脫離本發明所揭示之精神下所完成之等效改 變或修飾,均應包含在下述之申請專利範圍内。 (請先閱讀背面之注意事項寫本頁) 裝 訂: •線· 經濟部智慧財產局員工消費合作社印製 尽紙張尺度適用中國國家標準(CNS)A4規格(210 X 297公釐)Once the device printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs has printed a device, you can log in to other devices that have participated in the single sign-on system without having to enter the user ID and password again, thus increasing the convenience of use . Furthermore, since users only need to write down a single user ID and password, they can log in to different devices, systems or platforms, which solves the inconvenience that users must remember different user IDs and passwords in different systems. In addition, the cost of applying the single sign-on system provided by the present invention in the existing network architecture is very low, because it is only necessary to install the single sign-on system provided by the present invention in existing equipment, and The equipment or system can be slightly modified, and the construction time from installation to completion is fast. Installation and adjustment only require a small amount of human resources, and subsequent maintenance does not require a large number of personnel. Another advantage of the present invention is to provide a method of operating a single sign-on system. In a multi-system network environment, the single sign-on system provided by the present invention is applied. When a user logs in to different systems or platforms, he only needs to Single input of user ID and password 'The database or other related equipment installed with the previous login system will record the user ID and password. When the user requests to log in to another system, the system will automatically go to The user ID and password of the user in the database are compared with the requested login time to determine whether the login is permitted or not. These actions are information exchanges between equipment and equipment through complex encryption and decryption operations. Therefore, the user identification code and password will not be intercepted and interpreted by unknown people, and the security of the system is greatly improved. (Please read the phonetic on the back? Matters ^? 5 ^ write this page) _ As far as the paper size is concerned, the Chinese National Standard (CNS) A4 specification (210 X 297 mm) 1241497 A / _B7 V. Description of the invention () If you are familiar with this Those skilled in the art understand that the above is only a preferred embodiment of the present invention, and is not intended to limit the scope of patent application of the present invention; any other equivalent changes or other changes made without departing from the spirit disclosed by the present invention or Modifications shall all be included in the scope of patent application described below. (Please read the notes on the back first to write this page) Binding: • Thread · Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs The Chinese standard (CNS) A4 specification (210 X 297 mm) is applied to the paper size

Claims (1)

1241497 A8 B8 C8 n〇1241497 A8 B8 C8 n〇 在尋獲該使用者識別碼、該密瑪和該時間標藏後,該 第二檢查程式對該使用者識別碼、該密碼和該時間標籤進 行一檢查步驟,以判定允許該使用者 有登入該第二伺服器盥 否,其中該檢查步驟為檢查該使、 可硪別碼和該密碼有否 存在於該第二伺服器之一記錄中, Μ及檢查該時間標籤有 否超過一預定時間。 2·如申請專利範圍第1項所述之罝& ^ 戌^ 1 K早次登入系統之運作 方法,其中在該使用者登入該第二伺 1J服益後,更包栝將位 於該第三词服器中之該使用者識別螞、 ’ 該密碼和該時間栋 籤清除。 3·如申請專利範圍第1項所述 〜早次登入系统之運作 方法,其中上述之第一伺服器、該筮— , 第〜伺服器和該第三祠 服器係選自於工作站、伺服器和資料 貝枓庫所組成之一族群。 4.如申請專利範圍第1項所述 早次登入系統 方法,其中上述之網路架構為一區域 /'、 4、、周路架構。 21 本紙張尺度適用中國國豕標準(CNS ) A4規格(210X 297公董) (請先閲讀背面之注*'事項# 裝- 頁) 經濟部智慧財/|.局員工消費合作社印製 運作 之 1241497 A8 B8 C8 D8 申請專利範圍 5 .如申請專利範圍第1項所述之單次登入系統之運作 方法,其中上述之網路架構為一廣域網路架構。 6. 如申請專利範圍第1項所述之單次登入系統之運作 方法,其中上述之網路協定為一 HTTP協定。 7. 如申請專利範圍第1項所述之單次登入系統之運作 方法,其中上述之第二伺服器之該記錄為該第二伺服器之 已註冊使用者相關資料的一記錄。 請 先 閲 讀 背 ιδ 之 注 I· ¥ 頁 裝 作 ii 之 統 系 入 登 次 与 〇 之秒 述3 所為 項約 1 間 第時 圍定 範預 利之 專述 請上 申中 如其 8 , 法 方 1 之 第成 一 組 由所 在線 用連 應互 係相 rL , 法料 方資 作一 運第 之一 統和 系器 入服 登伺 次二 單第 種一 1 ’ 9.器 17^ 月 伺 第 該 器 17又 月 伺一 第 該 且 一 式之 第程庫 該用料 和應資 器 一 一 艮 I 伺成 二組 所 式 程 用 應 個 數 複 由 , 有 中具第 構別該 架分及 路庫以 網料, 一 資組 第 該 和 器 艮 月 伺 二 第 該 器 月 伺一 Ί訂 線 經濟部智慧財是局員工消費合作社印製 定 協 路 網一 用 採 係 : 信括 通包 的少 路至 網法 一 方 之作 外之 對統 及系 以入 信登 通次 的單 間該 在 構 架 係 統 系 入 登 次 單 該 中 其 統 系 入 登 ; 次中 口 一 料 供資 提一 第 該 22 本紙浪尺度適用中國國家標準(CNS ) A4規格(210X297公釐) 1241497 A8 B8 C8 D8 經濟部智慧財.4局員工消費合作社印製 六、申請專利範圍 在該第一伺服器、該第二伺服器和該第一資料庫之間 進行一連線設定,其中該連線設定包括調整連線環境參數 及/或設定該網路架構中該第一伺服器、該第二伺服器以及 該第一資料庫之網路位址; 執行一同步步驟,藉以將該第一伺服器之一第一系統 時間、該第二伺服器之一第二系統時間和該第一資料庫之 一第三系統時間予以同步; 當一使用者透過該網路從該第一伺服器的該應用程式 組中之一第一應用程式登入該第一伺服器時,該第一伺服 器中之一第一檢查程式會對該使用者所輸入至該第一應用 程式的一使用者識別碼和一密碼進行一第一檢查步驟; 經該第一檢查步驟後,若該第一檢查步驟之一第一檢 查結果為否,則拒絕該使用者登入該第一伺服器; 經該第一檢查步驟後,若該第一檢查步驟之該第一檢 查結果為是,則允許該使用者登入該第一伺服器,其中該 第一檢查步驟為檢查該使用者識別碼和該密碼在該第一伺 服器之一第一記錄中是否存在,若存在則該第一檢查結果 為是’若不存在則該第一^檢查結果為否; 當該使用者登入該第一伺服器後,欲從該第一伺服器 透過該網路登入該第二伺服器時,該第一伺服器中之該第 一檢查程式會將該使用者之該使用者識別碼、該密碼和一 時間標籤暫時存入該第一資料庫,其中該時間標籤為該使 用者欲從該第一伺服器登入該第二伺服器的一時間點; 請先閲讀背面之注意事見再本 •裝· 頁) 訂 線 聲 - 1— . 本紙張尺度適用中國國家標準(CNS ) A4規格(210X297公釐) 1241497 A8 B8 C8 D8 申請專利範圍 之 中 器 17又 月 伺入 二登 第欲 該尋 找 中 第 會 式 程 杳一 檢二 第 者 用 使 該 之 器 Τ7又 月 伺 Fgl ΪΠΊ 肩 另 料識 資者 一 用 第使 該該 到的 該 後 籤 標 間 時 該 和 碼 密 該 ' ; 碼 籤別 標識 間者 時用 該使 和該 碼獲 密尋 該在 碼 進 籤 標 間 時 該 和 碼 密 該 碼 別 識 者 用 使 ; 該驟 對步 式查 程檢 查二 檢第 二一 第行 第 一; 之器 驟服 步祠 查二 檢第 二該 第入 該登 若者 , 用 後使 驟該 步絕 查拒 檢則 二, 第否 該為 經果 結 查 檢,該 二驟在 第步碼 該查密 之檢該 驟間和 步時碼 查一別 檢行識 二執者 第籤用 該標使 若間該 , 時查 後該檢 驟對為 步著驟 查接步 檢則查 二,檢 第是二 該為第 經果該 結中 查其 第 該 則 在 存 若 在 存 否 是 中 錄 己 含° 二 第 1 之 器 ρ又 月 伺二 第 檢 三 第 一 ;之 否騾 為步 果查 結檢 查間 檢時 二該 第若 該, 則後 在驟 存步 不查 若檢 , 間 是時 為該 果經 結 查 器 服 伺二 第 該 入 檢該 三中 第其 亥 , •vs 之器 驟服 步伺 查二 檢第 間該 時入 登該登 者若者 用,用 使後使 該驟該 絕步許 拒查允 則檢則 , 間 , 否時是 為該為 果經果 結 結 查 查 第 器 亥 艮 和伺 點二 間第 時該 該和 的點 示間 標時 所該 籤若 標, 間間 時時 該統 對系 比二 為第 驟該 步之 查器 檢服 間伺 時二 (請先閲讀背面之注意· -裝· 頁) I—訂 經濟部智慧时.4局員工消費合作社印製 查器 檢服 間伺 時二 該第 則該 , 和 間點 時間 定時 預該 一 若 過, 超否 差為 目&又 才 3^ 的結 間查 時檢 統三 系第 二該 第之 該驟 之步 -WR· 驟 步 查 檢 間 時 該 内 之 間 時及 定以 預; 該是 在為 間果 時結 統查 系檢 二三 第第 該該 之之 24 本紙張尺度適用中國國家標準(CNS ) Α4規格(210Χ297公釐) 1241497 A8 B8 C8 D8 六、申請專利範圍 當允許該使用者登入該第二伺服器後,該第二伺服器 將位於該第一資料庫中之該使用者識別碼、該密碼和該時 間標籤清除。 1 0.如申請專利範圍第9項所述之單次登入系統之運作 方法,其中上述之第一伺服器和該第二伺服器係選自於工 作站、伺服器和資料庫所組成之一族群。 11.如申請專利範圍第9項所述之單次登入系統之運作 方法,其中上述之網路架構為一區域網路架構。 1 2 ·如申請專利範圍第9項所述之單次登入系統之運作 方法,其中上述之網路架構為一廣域網路架構。 1 3.如申請專利範圍第9項所述之單次登入系統之運作 方法,其中上述之網路協定為一 HTTP協定。 1 4.如申請專利範圍第9項所述之單次登入系統之運作 方法,其中上述之第一應用程式為一第一網路應用程式。 1 5.如申請專利範圍第9項所述之單次登入系統之運作 方法,其中上述之第一伺服器之該第一記錄為該第一伺服 器之已註冊使用者相關資料的一記錄。 25 本紙張尺度適用中國國家標準(CNS ) A4規格(210X297公釐) (請先閲讀背面之注意事項再本頁) 裝- 線 經濟部智慧財產局員工消費合作社印製 1241497 A8 B8 C8 D8 申請專利範圍 1 6.如申請專利範圍第9項所述之單次登入系統之運作 服伺 二 第該 為錄記 二 。 第錄 該記 之一 器的 服料 祠資 二關 第相 之者 述用 上使 中冊 其註 , 已 法之 方器 中 其法 方 作 ii之統 系入 登次 單 。 之秒 述3 所為 項約 9間 第 圍 範 利 專 請 申如 時定預之述 (請先閲讀背面之注意事項再jii本頁) -裝· 、1T 線 經濟部智慧財產局員工消費合作社印製 26 本紙張尺度適用中國國家標準(CNS ) A4規格(210X;297公釐)After finding the user ID, the Mima, and the time stamp, the second checking program performs a checking step on the user ID, the password, and the time stamp to determine that the user is allowed to log in Whether the second server is used, wherein the checking step is to check whether the messenger code, the passcode and the password exist in one of the records of the second server, and check whether the time stamp exceeds a predetermined time . 2. The operation method of the 登入 & ^ 戌 ^ 1K early login system as described in item 1 of the scope of patent application, wherein after the user logs in to the second server 1J service, the package will be located in the first In the three-word server, the user recognizes 蚂, the password and the time signature are cleared. 3. As described in item 1 of the scope of the patent application ~ the operation method of the early login system, wherein the first server, the first server, the third server and the third server are selected from a workstation and a server. An instrumental group of instruments and materials. 4. The method of logging in to the system as described in item 1 of the scope of patent application, wherein the above network structure is a regional / ', 4, or weekly structure. 21 This paper size is applicable to China National Standard (CNS) A4 specification (210X 297 public directors) (please read the note on the back * 'Item # installed-page) Ministry of Economic Affairs Smart Money / |. Bureau employee consumer cooperative prints and operates 1241497 A8 B8 C8 D8 Patent Application Scope 5. The operation method of the single sign-on system described in item 1 of the patent application scope, wherein the above network structure is a wide area network structure. 6. The operation method of the single sign-on system as described in item 1 of the scope of patent application, wherein the above-mentioned network protocol is an HTTP protocol. 7. The operation method of the single sign-on system as described in item 1 of the scope of patent application, wherein the record of the second server mentioned above is a record of related data of registered users of the second server. Please read the note I · ¥ on the back of ιδ. The page pretends to be ii, which is a combination of the entry times and 0 seconds. 3 items are about 1 time period. Fan Yuli's special description, please refer to Shenzhong No. 8 and French Party No. 1. In a group, all the relevant applications are connected to each other using the corresponding phase rL, and the company is expected to make the first order of the first order and the system to enter the service. The second order is the first one. The month and the month of the first time and the first time the library and the equipment are used together. The second and the second time are the number of applications. It is expected that the first group and the second group will serve the second month and the second group will be the first line. The Ministry of Economic Affairs, Smart Finance is the employee consumer cooperative of the Bureau, and the development of the cooperative road network is used by the following departments: The network law party ’s work outside the system and the single room with access to the letter should be registered in the framework of the system, the system should be included in the system, and the system should be included in the system; Applicable to China Standard (CNS) A4 specification (210X297 mm) 1241497 A8 B8 C8 D8 Printed by the Ministry of Economic Affairs Intellectual Property Co., Ltd. 4 Printed by the Consumer Consumption Cooperative of the 6th Bureau. The scope of patent application is on the first server, the second server and the first information. A connection setting is performed between the libraries, where the connection setting includes adjusting a connection environment parameter and / or setting a network position of the first server, the second server, and the first database in the network architecture. Performing a synchronization step to synchronize a first system time of one of the first servers, a second system time of one of the second servers, and a third system time of one of the first databases; when one is used When a user logs in to the first server from a first application in the application group of the first server through the network, a first checking program in the first server will input the input to the user. To a user identification code and a password of the first application to perform a first check step; after the first check step, if the first check result of one of the first check steps is no, the user is rejected Sign in to A server; after the first checking step, if the first checking result of the first checking step is yes, allowing the user to log in to the first server, wherein the first checking step is checking the user Whether the identification code and the password exist in one of the first records of the first server; if it exists, the first check result is yes; if it does not exist, the first check result is no; when the user logs in to the After the first server wants to log in to the second server from the first server through the network, the first check program in the first server will send the user ID, A password and a time tag are temporarily stored in the first database, where the time tag is a point in time when the user wants to log in to the second server from the first server; please read the precautions on the back to see the second copy • Installation · Page) Ordering sound-1—. This paper size applies to Chinese National Standard (CNS) A4 specification (210X297 mm) 1241497 A8 B8 C8 D8 In the scope of the patent application, the device is in the second month Look for In the first meeting, Cheng Chengyi checked the second party and used the device T7 to serve Fgl 月 ΠΊ. It is expected that the capitalist used the first and the second signing room to sign the code and the secret code; Use this code and the code to find the secret when you identify the person. Use the code and the code to identify the secret person when you enter the signing room. Use this step to check the second step of the step. ; The device is to take the second step of the ancestral temple check, and the second step is to check the second step. After use, the second step is to be checked. The second step is to check the result. Secret inspection of this step and step time code check a different inspection line to identify the second holder. If you sign the standard, after the time check, the check pair is step by step check followed by step check. If it is the second, it should be the first result, if it is checked, the first should be recorded. If it is, whether it is stored, the second is the first device, and the second is the second, the third, and the first. When checking between inspections, if you should, then you will not check if you check in This time is the time for the fruit to pass through the checker to serve the second and the third middle school, • The device of the vs. step to the second check to enter the boarder at that time. After that, the step should be checked, the rule of refusal to be checked, and if not, it is to be checked for the result of the fruit and the fruit, and the point of the second time should be the time point of the time. If you sign the bid, you should check the system from time to time. The second step is the inspection step of the step. This time (please read the note on the back first-page). I—Order the wisdom of the Ministry of Economic Affairs .4 Bureau Consumer Cooperatives printed checkers to check the time of the service, the second time should be, and the time of the time point should be passed, the difference is the goal & only 3 ^ of the time check system The third step is the second step of the first step-WR · The step of checking the time and the time between the time and the time; This paper size applies to Chinese National Standard (CNS) A4 specification (210 × 297 mm) 1241497 A8 B8 C8 D8 VI. Scope of Patent Application When the user is allowed to log in to the second server, the second server will clear the user ID, the password, and the time label located in the first database. 10. The method of operating the single sign-on system according to item 9 of the scope of patent application, wherein the first server and the second server are selected from a group consisting of workstations, servers, and databases . 11. The operation method of the single sign-on system according to item 9 of the scope of patent application, wherein the above network structure is a local network structure. 1 2 · The operation method of the single sign-on system described in item 9 of the scope of patent application, wherein the above network structure is a wide area network structure. 1 3. The operation method of the single sign-on system according to item 9 of the scope of patent application, wherein the above-mentioned network protocol is an HTTP protocol. 1 4. The operation method of the single sign-on system according to item 9 of the scope of patent application, wherein the first application program is a first network application program. 1 5. The method of operating the single sign-on system as described in item 9 of the scope of the patent application, wherein the first record of the first server is a record of related data of registered users of the first server. 25 This paper size applies Chinese National Standard (CNS) A4 specification (210X297 mm) (Please read the precautions on the back before this page) Packing-Printed by the Intellectual Property Bureau Employee Consumer Cooperative of the Ministry of Line Economy 1241497 A8 B8 C8 D8 Patent Application Scope 1 6. As described in item 9 of the scope of the patent application, the second service of the single sign-on system is the second record. Recorded the record of one of the records of the instrument, the second level of the temple, and the person who said it was used in the book, and the method of the second method in the registered square device is included in the registration order. The second paragraph 3 is about 9 items of Fan Li, please apply as stated in the schedule (please read the precautions on the back before jii page)-installed, printed by the 1T line of the Ministry of Economic Affairs Intellectual Property Bureau employee consumer cooperatives 26 This paper size is applicable to China National Standard (CNS) A4 (210X; 297mm)
TW90123672A 2001-09-25 2001-09-25 Operation method of single sign on system TWI241497B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW90123672A TWI241497B (en) 2001-09-25 2001-09-25 Operation method of single sign on system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW90123672A TWI241497B (en) 2001-09-25 2001-09-25 Operation method of single sign on system

Publications (1)

Publication Number Publication Date
TWI241497B true TWI241497B (en) 2005-10-11

Family

ID=37013966

Family Applications (1)

Application Number Title Priority Date Filing Date
TW90123672A TWI241497B (en) 2001-09-25 2001-09-25 Operation method of single sign on system

Country Status (1)

Country Link
TW (1) TWI241497B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI385968B (en) * 2008-03-14 2013-02-11 Univ Nat Pingtung Sci & Tech Object network management method capable of self-tracing with high efficiency
TWI640886B (en) * 2017-01-19 2018-11-11 富邦人壽保險股份有限公司 Login method and login authentication device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI385968B (en) * 2008-03-14 2013-02-11 Univ Nat Pingtung Sci & Tech Object network management method capable of self-tracing with high efficiency
TWI640886B (en) * 2017-01-19 2018-11-11 富邦人壽保險股份有限公司 Login method and login authentication device

Similar Documents

Publication Publication Date Title
Sarrayrih et al. Challenges of online exam, performances and problems for online university exam
US8296834B2 (en) Secure single-sign-on portal system
US9450942B1 (en) Access to resources
Winslett et al. Using digital credentials on the World Wide Web
CN100397814C (en) Uniform identication method and system based on network
WO2018216988A1 (en) Security authentication system and security authentication method for creating security key by combining authentication factors of multiple users
JP5126968B2 (en) Authentication / authorization system, authentication / authorization method
EP1918845A2 (en) Multiple security access mechanisms for a single identifier
Laborde et al. Know Your Customer: Opening a new bank account online using UAAF
US10158624B2 (en) System, device and method for monitoring network
TWI241497B (en) Operation method of single sign on system
KR100559984B1 (en) Authentication system and authentication method
JP2014164359A (en) Authentication system
WO2018216991A1 (en) Security authentication method for creating security key by combining authentication factors of multiple users
Saxena Security and online content management: balancing access and security
JP2009253389A (en) Method and system for authentication of access point for use of asp service
Gyabi et al. Data Security in Rural Banking Sector: A Case Study in Ashanti Region
JP2006171923A (en) Electronic application system equipped with individual specification function
Kumar et al. Comparative study of e-Authentication framework for e-governance
JP2006172357A (en) Access control system, access control method, shared server and program
Retief The Biggest Cybersecurity Risk Businesses face today
Norman Accessing services with client digital certificates: a short report from the DCOCE project
Jerry Find Library Materials
Singh et al. Management of Data Security in Distributed System
Mezgár Trust in e-government services

Legal Events

Date Code Title Description
MK4A Expiration of patent term of an invention patent