KR20230171643A - Remote login method using biometric authentication and device for performing the same - Google Patents

Abstract

According to an embodiment of the present invention, a remote login method that can remotely lock or unlock a user's computer on which a login program is installed runs an app connected to the login program and a server on the user's mobile. an execution step, authenticating the user's biometric information in the app, setting the authenticated user to lock or unlock the computer, transmitting the settings to the server, and the server according to the settings. It may include a transmission step of transmitting a signal.

Description

Remote login method using biometric authentication and device for performing the same {Remote login method using biometric authentication and device for performing the same}

The present invention relates to a remote login method using biometric authentication and a device for performing the same.

As attempts to log in to computers such as PCs for fraudulent purposes occur frequently, technology is needed to effectively prevent this.

When attempting to log in to a computer, various authentication methods may be used, and each authentication method may differ from each other in terms of convenience and security. For example, in the case of authentication methods using passwords or PINs, the process is simple, but the possibility of information being exposed through hacking is relatively high, and in the case of authentication methods using OTP, although security is high, a separate mobile terminal is used to The process of receiving and entering can be somewhat cumbersome. In addition, in the case of authentication methods using biometric information, security is high, but the limitation is that the computer must be equipped with hardware for biometric information recognition. Technology using personal mobile devices for biometric information recognition is being developed.

Recently, the risk of ID and password entered on the computer being stolen is increasing due to malicious programs being installed on the computer.

The present invention was designed to solve the above problems, and the present invention includes a remote login method using biometric authentication that can remotely lock or unlock a computer according to the user's intention while increasing security by utilizing biometric information, and We would like to provide a device to accomplish this.

According to an embodiment of the present invention, a remote login method that can remotely lock or unlock a user's computer on which a login program is installed runs an app connected to the login program and a server on the user's mobile. an execution step, authenticating the user's biometric information in the app, setting the authenticated user to lock or unlock the computer, transmitting the settings to the server, and the server according to the settings. It may include a transmission step of transmitting a signal.

The login program may request RDP (Remote Desktop Protocol) from the computer according to the signal received from the server and allocate an RDP session to the operating program of the computer.

The transfer step may include disconnecting the RDP session when the setting is unlocked.

Before the execution step, it may include the step of storing the ID and password to be used for the computer through the app on the server and entering the ID and password into the login program to connect to each other.

The login program may include the step of transmitting the changed IP to the server every time the computer runs and the IP changes.

A remote login method using biometric authentication and a device for performing the same according to an embodiment of the present invention can remotely lock or unlock a computer according to the user's intention while increasing security by using biometric information.

Figure 1 is a diagram illustrating a system for implementing a login authentication management method using biometric authentication according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating components included in the server 100 shown in FIG. 1.
Figures 3 and 4 are flow charts for explaining a login authentication management method according to another embodiment of the present invention.
Figures 5 and 6 are diagrams to explain an example of performing additional authentication when logging in through password authentication is attempted among the login authentication management methods according to another embodiment of the present invention.

Below, various embodiments will be described in detail with reference to the attached drawings. The embodiments described below may be modified and implemented in various different forms. In order to more clearly explain the characteristics of the embodiments, detailed descriptions of matters widely known to those skilled in the art to which the following embodiments belong have been omitted. In addition, in the drawings, parts that are not related to the description of the embodiments are omitted, and similar parts are given similar reference numerals throughout the specification.

Throughout the specification, when a configuration is said to be “connected” to another configuration, this includes not only cases where it is “directly connected,” but also cases where it is “connected with another configuration in between.” In addition, when a configuration “includes” a configuration, this means that other configurations may be further included rather than excluding other configurations, unless specifically stated to the contrary.

Hereinafter, embodiments will be described in detail with reference to the attached drawings.

Figure 1 is a diagram illustrating a system for implementing a login authentication management method using biometric authentication according to an embodiment of the present invention.

Referring to FIG. 1, a system for implementing a login authentication management method according to an embodiment may include a mobile device 10, a server 100, and a computer 200.

The mobile 10 is a device that the user 1 always carries, and can be used when the user 1 logs in to the computer 200 or receive notifications related to logging in. For example, the user 1 may install an app (not shown) on the mobile phone 10 that is connected to a login program (not shown) installed on the computer 200. The app installed on the mobile 10 can authenticate the biometric information of the user 1. For example, by recognizing the user's (1) fingerprint, face, iris, etc., it is possible to confirm whether the user running the app is an authenticated user.

As another example, the user 1 receives an OTP (One Time Password) through the mobile 10 and attempts to log in by entering it into the computer 200, or establishes a P2P connection between the mobile 10 and the computer 200 (e.g. You can attempt to log in to the computer 200 through a Bluetooth connection or NFC connection, etc. Specifically, in this case, the user 1 may attempt to directly lock or unlock the computer 200 without setting the lock or unlock using the app on the mobile 10. In this case, the computer 200 transmits a lock or unlock signal to the server 100, and the server 100 receives this signal, generates an OTP, etc., and transmits it to the user's app. The user inputs the received OTP into the computer 200, and the computer 200 determines whether the entered OTP is authentic through communication with the server 100, and if so, unlocks the device.

In addition, for example, when abnormal signs suspected of an illegal login attempt are detected on the computer 200, the server 100 sends a notification to the mobile 10 so that the user 1 can quickly respond to the abnormal signs. can do. In order to perform the operations required for such login authentication management, a login authentication management service app may be installed on the mobile device 10.

Such apps may be produced and distributed by those who provide login authentication management services, and some or all of their operations may be controlled by the server 100. In other words, some or all of the operations performed by the app are performed by the server 100, and only the UI may be displayed on the screen of the mobile 10.

The computer 200 is a target object for which the user 1 wishes to log in, and may be a computing device such as a desktop or laptop.

For example, a login program connected to an app via the server 100 may be installed on the computer 200.

The login program requests RDP (Remote Desktop Protocol) from the computer 200 according to a signal received from the server 100, and the computer 200 that receives the request can allocate an RDP session to the operating program. .

The server 100 is a computing device for performing login authentication management for the computer 200, and performs login authentication management through wired and wireless communication with the mobile device 10 and the computer 200. For example, the user 1 can register as a member in the app installed on the mobile phone 10. Member information entered into the app may be stored on the server 100. Member information may be a unique ID of the app, an ID and password for logging in to the computer 200. In other words, the user 1 saves the ID and password to be used on the computer 200 on the server 100 through the app, thereby protecting the ID and password from malicious programs that may be generated by setting them on the computer 200 itself. Deodorization can be prevented.

Additionally, the login program installed on the computer 200 can transmit the IP to the server 100 every time the computer 200 is run or the IP changes. The transmitted IP information may be stored in the server 100.

When the lock or unlock button is set in the app of the mobile 10, the corresponding setting may be transmitted to the server 100. That is, the app sends a signal to the server 100 with the app's unique ID and a lock or unlock command set by the user (1).

To explain unlocking in detail, the server 100 can connect to the computer 200 matching the unique ID of the app through RDP. After connecting to the computer 200 through RDP, an unlock signal can be transmitted to the computer 200. At this time, the login program runs in the background of the computer 200 and waits, and when an unlock signal is sent, it can find the user 1 who connected to the computer 200 through RDP and disconnect the RDP connection. Specifically, the computer 200 to which the unlock signal is sent searches for a user connected to RDP and hijacks the session connected to the RDP using the TSCON command. Through this, the screen of the computer 200 becomes UNLOCK. Through this, the user can unlock by simply performing biometrics through the app on the mobile phone 10, rather than entering the ID and password directly into the computer 200. This allows the user to enter the ID and password on the computer 200. You can prevent information theft that may occur by directly entering .

To explain the lock in detail, when the user sets the lock in the app, a lock setting command is transmitted to the corresponding computer 200 through the server 100. Unlike unlocking, locking can be easily implemented by transmitting a command to the computer 200 operating program.

FIG. 2 is a diagram illustrating components included in the server 100 shown in FIG. 1. Referring to FIG. 2, the server 100 according to one embodiment may include a communication unit 110, a control unit 120, and a storage unit 130.

The communication unit 110 is a component for transmitting and receiving data with the mobile 10 and the computer 200, and can support various wired and wireless communication protocols for this purpose. For example, the communication unit 110 may be implemented in the form of a communication chipset that supports at least one of communication methods such as Wi-Fi and Ethernet.

The control unit 120 includes at least one processor, such as a CPU, and controls the overall operation of the server 100. The control unit 120 may perform an operation to manage login authentication for the computer 200 by executing a program stored in the storage unit 130, which will be described later.

Various types of programs and data can be stored in the storage unit 130. In particular, the storage unit 130 may store data and programs necessary for managing login authentication for the computer 200.

Hereinafter, embodiments in which the server 100 manages login authentication for the computer 200 will be described in detail with reference to other drawings.

The computer 200 according to one embodiment may support multiple authentication methods. Hereinafter, a plurality of authentication methods supported by the computer 200 will be briefly described.

The computer 200 may support an authentication method using a password or PIN. For example, when an input window for entering a password or PIN appears on the screen of the computer 200, the user 1 can enter the password or PIN through an input device (e.g. keyboard and mouse, etc.) of the computer 200. there is.

The server 100 may compare the input password or PIN with the previously stored password or PIN corresponding to the user 1 and determine that authentication has succeeded if it matches. To this end, information about passwords or PINs matching each of a plurality of users may be stored in advance in the storage unit 130 of the server 100.

The computer 200 may support an authentication method using OTP. For example, an input window for entering an OTP may be displayed on the screen of the computer 200, and a temporarily generated OTP may be displayed on the UI screen of an app for managing login authentication installed on the mobile device 10. At this time, the OTP may be generated by the server 100 and transmitted to the mobile 10, or the OTP may be generated by the mobile 10 and displayed on the UI screen of the app and notified to the server 100 at the same time.

When the user 1 inputs the OTP confirmed on the screen of the mobile 10 through the input device of the computer 200, the computer 200 transmits the received OTP to the server 100, and the server 100 It is checked whether the temporarily generated OTP matches the OTP received from the computer 200, and if they match, the authentication is determined to have been successful.

The computer 200 may support an authentication method using biometric information such as fingerprint, iris, and face. For example, the computer 200 is equipped with a device for biometric information recognition in a built-in form (e.g. a depth camera provided in the main body, etc.), or in the form of a connectable external device (e.g. a fingerprint reader connected through a USB port, etc.). ) can be provided.

When the user 1 inputs his/her biometric information through a device for biometric information recognition, the computer 200 transmits the received biometric information to the server 100, and the server 100 transmits the received biometric information in advance. Successful authentication can be determined by comparing the biometric information corresponding to the stored user 1. At this time, for security reasons, the computer 200 does not transmit the biometric information itself (e.g. an image of the user's face, etc.) to the server 100, but transmits information about feature points extracted from the biometric information through an artificial neural network, etc. to the server. It is transmitted to (100), and the server 100 also stores the characteristic points extracted from the biometric information and compares them with the received information. This is a common content in biometric recognition technology, so detailed explanation will be omitted.

The computer 200 may support an authentication method through P2P connection, such as Bluetooth connection or NFC connection. For example, when a Bluetooth connection or NFC connection is established between the mobile 10 of the user 1 and the computer 200, the server 100 may determine that authentication has succeeded. For this purpose, information about the mobile 10 matching each computer 200 may be stored in advance in the server 100.

In the case of the authentication method through P2P connection, login is allowed in a situation where it is highly likely that the user (1) authorized to log in is located within a certain distance from the computer (200), so the mobile (10) and the computer (200) It is appropriate to stay logged in only as long as the connection is maintained, and switch to the logged out state if the connection is lost. Therefore, in the embodiments described in this specification, if the authentication method used by the user 1 when attempting to log in is an authentication method through a P2P connection, the user 1 switches to the logged in state, but periodically checks whether the connection is maintained and performs authentication. Strengthen security. For further details, refer to the specific examples below.

The computer 200 may support various other authentication methods in addition to the authentication methods listed above.

Additionally, according to one embodiment, when the mobile 10 of the user 1 supports an authentication method that the computer 200 does not support, the server 100 authenticates the computer 200 through authentication using the mobile 10. You can also allow logging in. For example, if the computer 200 is not equipped with a device for fingerprint recognition, and the user 1 requests login through fingerprint authentication, the server 100 may use the mobile 10, which is a device matching the computer 200. ), and if the user 1 succeeds in fingerprint authentication through the mobile phone 10, the computer 200 can be switched to the login state.

Hereinafter, a method for managing login authentication for the computer 200 using the server 100 described above will be described.

Figures 3 and 4 are flow charts for explaining a login authentication management method according to another embodiment of the present invention.

Referring to FIG. 3, in step 301, when the user 1 attempts to log in to the computer 200, the control unit 120 of the server 100 requests authentication using at least one of a plurality of authentication methods. At this time, the control unit 120 may select an authentication method to be used for authentication and present it to the user 1, or may present a plurality of available authentication methods and allow the user 1 to select at least one of them. . Presentation and selection of an authentication method can be performed through the input/output unit (screen, keyboard, etc.) of the computer 200.

In step 302, if the user 1 succeeds in authentication using the first authentication method, the control unit 120 may determine at least one of whether additional authentication is required and whether periodic authentication is necessary depending on the type of the first authentication method. Subsequently, in step 303, the control unit 120 may manage the login status of the computer 200 by performing at least one of additional authentication and periodic authentication according to the determined result.

As described above, the computer 200 supports a plurality of authentication methods, and the plurality of authentication methods differ from each other in terms of security. For example, authentication using a password or PIN is the most advantageous in terms of convenience, but it is relatively less secure than other authentication methods as it can be easily exposed to the risk of hacking. Therefore, in the embodiments described in this specification, the server 100 determines whether additional authentication is necessary or whether authentication should continue to be performed periodically, depending on the type of authentication method used by the user 1 when attempting to log in. Depending on the determination result, the login status of the computer 200 can be managed by performing at least one of additional authentication and periodic authentication.

Detailed steps included in step 303 are shown in the flow chart of FIG. 4.

Referring to FIG. 4, in step 401, the control unit 120 checks whether additional authentication is necessary. If additional authentication is necessary, the control unit 120 proceeds to step 402 and can request authentication by the second authentication method from the user 1. At this time, the second authentication method may have higher security than the first authentication method. For example, if the user 1 attempts to log in using an authentication method using a password or PIN as the first authentication method, the control unit 120 uses an authentication method using an OTP or an authentication method using biometric information, etc. Additional authentication may be requested.

In step 403, the control unit 120 determines whether the user 1 has successfully authenticated using the second authentication method within a preset time, and if successful, proceeds to step 408 and determines that the login to the computer 200 has been successful. Stay logged in. However, if the user 1 fails to authenticate using the second authentication method within the preset time, the control unit 120 proceeds to step 404, determines that the login to the computer 200 has failed, and sends the message to the preset destination address. Notifications can be sent. At this time, the preset destination address may be the mobile 10 of the user 1. The control unit 120 may request storage by transmitting log data indicating that additional authentication has failed to a preset destination address (e.g. server storage), or may store the log data in a blockchain network to strengthen security. there is.

According to one embodiment, the control unit 120 stores the above log data in the storage unit 130 and the blockchain network, and periodically compares the log data stored in the two locations to monitor whether the log data has been forged or altered. This may be possible, and a detailed explanation of this will be provided below.

The process described above through steps 401 to 404 and 408 will be described in detail with reference to FIGS. 5 and 6.

Figures 5 and 6 are diagrams to explain an example of performing additional authentication when logging in through password authentication is attempted among the login authentication management methods according to another embodiment of the present invention.

Referring to FIG. 5, an input window for entering a password or PIN is displayed on the first screen 510 displayed on the computer 200. When the user 1 succeeds in authentication by entering the correct password or PIN in the input window of the first screen 510 (authentication success by the first authentication method), a pop-up window 520 appears on the screen of the computer 200. displayed. A warning message is displayed in the pop-up window 520 indicating that if authentication by the second authentication method (e.g. authentication using OTP or authentication using SMS, etc.) is not successful within a certain period of time, the user will be automatically logged off.

If the user (1) does not succeed in authentication using the second authentication method within a certain period of time after the pop-up window (520) is displayed, the server (100) notifies that an abnormality has been detected in the user's (1) mobile device (10). can be transmitted. By doing this, it is possible to filter out an intruder who attempted to log in to the computer 200 by stealing only the password of the user 1, and to notify the user 1 that an unauthorized login attempt was made.

Within a certain period of time after the pop-up window 520 is displayed, the user 1 may attempt authentication using the second authentication method. When the user 1 selects authentication using OTP among the authentication methods presented as options available as the second authentication method in the pop-up window 520, the server 100 selects the user 1's mobile (100) as shown in FIG. 6. In 10), the app UI screen 610 for OTP authentication can be displayed. The app displays a randomly generated OTP in the first area 611, and the user 1 can check it and enter it into the computer 200 to attempt authentication.

In the embodiment shown in Figures 5 and 6, it has been described that an authentication method using a password or PIN is used as the first authentication method, and an authentication method using OTP is used as the second authentication method. However, it is not limited to this and a computer ( Various authentication methods supported by 200) can be used as the first authentication method or the second authentication method.

Returning to FIG. 4, if it is determined in step 401 that additional authentication is not necessary, the control unit 120 proceeds to step 405 and checks whether periodic authentication is required. If periodic authentication is necessary as a result of the confirmation, the control unit 120 proceeds to step 406 and determines that the login to the computer 200 has been successful and switches to the login state. Then, the control unit 120 periodically performs authentication in step 407, and switches the computer 200 to the logout state if authentication fails.

Steps 405 to 407 are explained in detail using specific examples as follows.

The control unit 120 determines that periodic authentication is necessary if the first authentication method is an authentication method through a P2P connection between the mobile 10 and the computer 200. If periodic authentication is required, first switch the computer 200 to the logged in state so that the user 1 can use it (step 406), and continue to authenticate using the same authentication method (authentication method through P2P connection) at certain stock prices. Perform. As long as the mobile 10 is located at a connectable distance from the computer 200 and the P2P connection is maintained, periodic authentication is successful. However, if the user 1 intentionally disconnects the P2P connection, or if the mobile 10 is connected to the computer 200, periodic authentication is successful. If the P2P connection is disconnected by moving away from 200, authentication will fail during the next periodic authentication, and thus the control unit 120 switches the computer 200 to the logged out state. (step 407)

On the other hand, if additional authentication is not required as a result of the confirmation in step 401, and if periodic authentication is not required as a result of the confirmation in step 405 (e.g. when the first authentication method is an authentication method using biometric information), proceed to step 408. Therefore, the control unit 120 determines that the login to the computer 120 is successful, and a logout event such as the user 1 intentionally logging out or not using the computer 200 for more than a certain period of time does not occur. Stay logged in.

If the security level of the first authentication method is higher than a preset standard, the control unit 120 may determine that access to the computer 200 has been successful without additional or periodic authentication.

Returning to FIG. 3, in step 303, the control unit 120 manages the login status of the computer 200 by performing at least one of additional authentication and periodic authentication according to the result determined in step 302 to determine whether the login is finally successful, Abnormalities may be detected based on at least one of the successful login time and the number of authentication failures, and when abnormalities are detected, a notification about the abnormalities may be sent to a preset destination address. Alternatively, the control unit 120 may store log data about abnormal symptoms in the storage unit 130 or a blockchain network and provide it to an administrator, etc. when necessary.

The specific method for detecting abnormalities is as follows.

The control unit 120 may determine that an abnormality has occurred if an attempt was made to log in to the computer 200 but the log in was not successful (for reasons such as additional authentication failure).

Alternatively, the control unit 120 may determine that an abnormality has occurred if the login to the computer 200 is finally successful, but the success time is within a preset time zone (e.g., a time zone other than normal work hours on weekdays or on weekends, etc.). .

Alternatively, the control unit 120 may determine that an abnormality has occurred if the user 1 attempts authentication to log in to the computer 200 but the number of authentication failures exceeds a preset mood value.

The control unit 120 stores log data related to logging in to the computer 200 (e.g. log data including both normal login and abnormal symptom occurrences) in the storage unit 130 or a blockchain, and stores it in the storage unit 130 or in the blockchain, and then stores it in the storage unit 130 or in the blockchain, and provides it to the administrator when necessary. It may be possible to provide

According to one embodiment, the control unit 120 stores all events related to login (e.g. normal login, abnormal symptom occurrence, etc.) as log data in the storage unit 130 and the blockchain, respectively, and logs are periodically stored in two locations. By comparing data with each other, it is possible to monitor whether log data has been forged or altered.

The specific method by which the control unit 120 monitors whether log data has been forged or altered is as follows.

The same log data is stored in the storage unit 130 and the blockchain, respectively. If the log data stored in the two locations does not match at some point, considering the characteristics of the blockchain that effectively prevents forgery and falsification of information, someone can save the storage unit 130 and the blockchain. By accessing (130), it can be determined that the log data has been forged or altered. Therefore, when the control unit 120 confirms that the log data stored in the two locations do not match, it determines that the log data stored in the storage unit 130 has been forged and altered and sends a warning message to the preset destination address (e.g. mobile terminal). Can be transmitted.

At this time, the blockchain network in which log data is stored may be configured through various storage devices. According to one embodiment, mobile terminals and computers of a plurality of users who receive the login authentication management service provided by the server 100, etc. A blockchain network can be configured to include.

According to the embodiments described above, when a user attempts to log in while performing authentication using a specific authentication method, it is determined whether to perform additional authentication or periodic authentication according to the type of the authentication method, thereby providing relatively secure security. Even if authentication is done using an authentication method that is vulnerable to , a compensating effect can be expected.

The term '~unit' used in the above embodiments refers to software or hardware components such as FPGA (field programmable gate array) or ASIC, and the '~unit' performs certain roles. However, '~part' is not limited to software or hardware. The '~ part' may be configured to reside in an addressable storage medium and may be configured to reproduce on one or more processors. Therefore, as an example, '~ part' refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, and procedures. , subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables.

The functions provided within the components and 'parts' may be combined into a smaller number of components and 'parts' or may be separated from additional components and 'parts'.

In addition, the components and 'parts' may be implemented to regenerate one or more CPUs within the device or secure multimedia card.

The computer login authentication management method according to the embodiment described with reference to FIGS. 3 to 6 may also be implemented in the form of a computer-readable medium that stores instructions and data executable by a computer. At this time, instructions and data can be stored in the form of program code, and when executed by a processor, they can generate a certain program module and perform a certain operation. Additionally, computer-readable media can be any available media that can be accessed by a computer and includes both volatile and non-volatile media, removable and non-removable media. Additionally, computer-readable media may be computer recording media, which are volatile and non-volatile implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. It can include both volatile, removable and non-removable media. For example, computer recording media may be magnetic storage media such as HDDs and SSDs, optical recording media such as CDs, DVDs, and Blu-ray discs, or memory included in servers accessible through a network.

Additionally, the computer login authentication management method according to the embodiment described with reference to FIGS. 3 to 6 may be implemented as a computer program (or computer program product) including instructions executable by a computer. A computer program includes programmable machine instructions processed by a processor and may be implemented in a high-level programming language, object-oriented programming language, assembly language, or machine language. . Additionally, the computer program may be recorded on a tangible computer-readable recording medium (eg, memory, hard disk, magnetic/optical medium, or solid-state drive (SSD)).

Therefore, the computer login authentication management method according to the embodiment described with reference to FIGS. 3 to 6 can be implemented by executing the above-described computer program by a computing device. The computing device may include at least some of a processor, memory, a storage device, a high-speed interface connected to the memory and a high-speed expansion port, and a low-speed interface connected to a low-speed bus and a storage device. Each of these components is connected to one another using various buses and may be mounted on a common motherboard or in some other suitable manner.

Here, the processor can process instructions within the computing device, such as displaying graphical information to provide a graphic user interface (GUI) on an external input or output device, such as a display connected to a high-speed interface. These may include instructions stored in memory or a storage device. In other embodiments, multiple processors and/or multiple buses may be utilized along with multiple memories and memory types as appropriate. Additionally, the processor may be implemented as a chipset consisting of chips including multiple independent analog and/or digital processors.

Memory also stores information within a computing device. In one example, memory may be comprised of volatile memory units or sets thereof. As another example, memory may consist of non-volatile memory units or sets thereof. The memory may also be another type of computer-readable medium, such as a magnetic or optical disk.

And the storage device can provide a large amount of storage space to the computing device. A storage device may be a computer-readable medium or a configuration that includes such media, and may include, for example, devices or other components within a storage area network (SAN), such as a floppy disk device, a hard disk device, an optical disk device, Or it may be a tape device, flash memory, or other similar semiconductor memory device or device array.

The above-described embodiments are for illustrative purposes, and those skilled in the art will recognize that the above-described embodiments can be easily modified into other specific forms without changing the technical idea or essential features of the above-described embodiments. You will understand. Therefore, the above-described embodiments should be understood in all respects as illustrative and not restrictive. For example, each component described as unitary may be implemented in a distributed manner, and similarly, components described as distributed may also be implemented in a combined form.

The scope sought to be protected through this specification is indicated by the patent claims described later rather than the detailed description above, and should be interpreted to include the meaning and scope of the claims and all changes or modified forms derived from the equivalent concept. .

1: User 10: Mobile terminal
100: Server 110: Communication Department
120: control unit 130: storage unit
200: computer

Claims (5)

In a remote login method that can remotely lock or unlock a user's computer with a login program installed,
An execution step of executing an app connected to the login program via a server on the user's mobile phone;
Authenticating the user's biometric information in the app;
an authenticated user locking or unlocking the computer;
transmitting the settings to the server; and
A remote login method using biometric authentication, including a transmission step in which the server transmits a signal according to the settings. According to claim 1,
The login program is,
A remote login method using biometric authentication that requests RDP (Remote Desktop Protocol) from the computer according to the signal received from the server and assigns an RDP session to the computer's operating program. According to claim 2,
The transmission step is,
If the above setting is unlocked,
A remote login method using biometric authentication, including the step of disconnecting the RDP session. According to claim 1,
Before the execution step,
Saving the ID and password to be used for the computer through the app on the server; and
A remote login method using biometric authentication, including the step of entering the ID and password into the login program and connecting to each other. According to claim 4,
The login program is,
A remote login method using biometric authentication, including the step of transmitting the changed IP to the server every time the computer runs and the IP changes.