201104488 六、發明說明: 【發明所屬之技術領域】 本發明係有關於一種電腦裝置之管理方法,特別是有 關於電腦裝置安全性之管理方法。 【先前技術】 關於電腦安全性管理,習知的電腦鎖裝置主要分為硬 體鎖技術與軟體鎖技術兩種。在硬體鎖技術中,需要額外 的設備(例如介面卡或智慧卡)以及相對的安裝手續。雖 然硬體鎖技術具有較高的安全性,但額外設備與安裝導致 較高的成本。另一方面,在軟體鎖技術中,係利用外接裝 置(如USB隨身碟)來儲存憑證,而在作業系統啟動後來 驗證此憑證是否合法。軟體鎖技術雖然操作方便且成本低 廉,但是容易遭到破解,例如,更換電腦裝置的開機硬碟, 或於微軟視窗系統中以安全模式進入,都可解除軟體鎖。 因此,期望提供一種電腦裝置安全性之管理方法,其 操作方便、具有較低成本、且提供較高的安全性。 【發明内容】 本發明提供一種管理方法,適用於一電腦裝置,包括: 開啟電腦裝置之電源;由電腦裝置之基本輸出入系統來執 行開機驗證程序;根據該開機驗證程序之執行結果來判斷 是否通過開機驗證;假使通過開機驗證,啟動電腦裝置之 作業系統;以及假使不通過開機驗證,使電腦裝置當機。 在一些實施例中,此管理方法更包括在啟動作業系統 後’執行監視驗證程序,根據該監視驗證程序之執行結果 來判斷是否通過監視驗證;假使通過監視驗證,持續開啟 201104488 電腦裝置之電源,且再次執行監視驗證程序;以及假使不 通過監視驗證,關閉電腦裝置之電源,或者鎖定電.腦裝置 之至少一功能操作並再次執行監視驗證程序。 .【實施方式】 為使本發明之上述目的、特徵和優點能更明顯易懂, 下文特舉一較佳實施例,並配合所附圖式,作詳細說明如 下。 第1圖係表示根據本發明實施例在之電腦裝置與系統 執行示意圖。參閱第1圖,電腦裝置具有基本輸出入系統 (BIOS) 10與操作系統(OS) 11。第2圖表示根據本發 明實施例之管理方法之流程圖。以下將配合第1與2‘圖來 說明管理方法之實施例。首先,在電腦裝置之電源開啟後 (步驟S20),由基本輸出入系統10執行開機驗證程序P10 (步驟S.2.1 )。接著’基本輸.出入.糸統10根據開機驗證程 序P10之執行結果來判斷是否通過開機驗證(步驟S22)。 假使通過開機驗證,則啟動電腦裝置之作業系統11 (步驟 523) ;假使不通過開機驗證,則電腦裝置便當機(步驟 524) 。在作業系統11啟動後,由作業系統11執行監視驗 證程序P11 (步驟S.25)。接著,作業系統11根據監視驗 證程序P11之執行結果來判斷是否通過監視驗證(步驟 S26 )。假使通過監視驗證,電腦裝置之電源持、續開啟(步 驟S27),且作業系統11再次執行監視驗證程序P11 (步 驟S25)。在此實施例中,作業系統11可持續執行或定期 執行監視驗證程序P11。假使不通過監視驗證,則關閉電 腦裝置之電源,或者不關閉電腦裝置之電源而由操作系統 11鎖定電腦裝置之至少一功能操作(步驟S28)並以持續 201104488 或定期方式來再次執行監視驗證程序pu (步驟S25)。在 此貫施例中’電腦裝置之操作功能包括關於鍵盤、滑鼠、 螢幕電源的使用或供給等#。舉例來說,假使不通過監視 驗證’可鎖定鍵盤以及/或滑鼠的使用、以及/或者停止供應 電源給螢幕。電腦裝置之操作功能也包括特定的應用程 式,例如假使不通過監視驗證,則鎖定瀏覽器以及/ 收發軟體等等。 第3A及3B圖係表示第2圖中執行開機驗證程序ρι〇 之步驟S21詳細流程圖。參閱第1及3圖,在電腦裝置之 電源開啟後’基本輸出人系'统1G判斷在基本輪出入系統記 憶體12中丄是否儲存金餘㈣(步驟§3〇)。在此實施例中, 假使基本輸出入系統記憶體12沒有儲存金錄κΕγ,在步 驟22中基本輸出入系統10則判斷通過開機驗證,接著, 啟動電腦裝置之作業系統n (步驟S23) 接者 出入:ί基出,系統記憶體12儲存金鑰跡基本輸 出入糸統10接著判斷是否且 土不铷 置13 (步驟S3〗)。在μ f 文甩驷裝1之一外部裝 刪隨身碟,_ 此外部裝置13可以是 叫Μ儲存憑證CJE]Rt。其士私山 . 憶體12所儲存之金鑰蛊 基本輸出入糸統記201104488 VI. Description of the Invention: [Technical Field] The present invention relates to a management method for a computer device, and more particularly to a method for managing the security of a computer device. [Prior Art] Regarding computer security management, conventional computer lock devices are mainly classified into two types: hardware lock technology and software lock technology. In hardware lock technology, additional equipment (such as interface cards or smart cards) and relative installation procedures are required. Although hardware lock technology has high security, additional equipment and installation result in higher costs. On the other hand, in the software lock technology, an external device (such as a USB flash drive) is used to store the voucher, and it is verified whether the voucher is legal after the operating system is started. Although the soft lock technology is easy to operate and low in cost, it is easy to be cracked. For example, if you change the boot disk of a computer device or enter it in a safe mode in the Microsoft Windows system, the software lock can be released. Accordingly, it is desirable to provide a method of managing the security of a computer device that is easy to operate, has low cost, and provides high security. SUMMARY OF THE INVENTION The present invention provides a management method, which is applicable to a computer device, including: turning on a power of a computer device; performing a boot verification process by a basic input and output system of the computer device; and determining whether the execution result is based on the execution result of the boot verification program By booting up; if the booting is verified, the operating system of the computer device is activated; and if the computer is not verified by the booting, the computer device is down. In some embodiments, the management method further includes: performing a monitoring verification program after starting the operating system, determining whether to pass the monitoring verification according to the execution result of the monitoring verification program; and if the monitoring is verified, continuously turning on the power of the 201104488 computer device, And the monitoring verification program is executed again; and if the monitoring device is not passed, the power of the computer device is turned off, or at least one functional operation of the electric brain device is locked and the monitoring verification program is executed again. The above described objects, features and advantages of the present invention will become more apparent from the description of the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a diagram showing the execution of a computer device and system in accordance with an embodiment of the present invention. Referring to Figure 1, the computer device has a basic input/output system (BIOS) 10 and an operating system (OS) 11. Figure 2 is a flow chart showing a management method in accordance with an embodiment of the present invention. The embodiment of the management method will be described below in conjunction with the first and second diagrams. First, after the power of the computer device is turned on (step S20), the power-on verification program P10 is executed by the basic input/output system 10 (step S.2.1). Then, the basic input/output system 10 determines whether or not the power-on verification is performed based on the execution result of the power-on verification program P10 (step S22). If it is verified by power-on, the operating system 11 of the computer device is started (step 523); if the power-on verification is not passed, the computer device is down (step 524). After the operation system 11 is started, the monitoring verification program P11 is executed by the work system 11 (step S.25). Next, the operating system 11 determines whether or not the verification by the monitoring is performed based on the execution result of the monitoring verification program P11 (step S26). In case of verification by the monitoring, the power of the computer device is turned on (step S27), and the operating system 11 executes the monitoring verification program P11 again (step S25). In this embodiment, the operating system 11 can continuously execute or periodically execute the monitoring verification program P11. If the power of the computer device is not turned off by the monitoring, or the power of the computer device is not turned off, the operating system 11 locks at least one functional operation of the computer device (step S28) and executes the monitoring verification program again in a continuous manner at 101104488 or in a periodic manner. Pu (step S25). In this embodiment, the operational functions of the computer device include the use or supply of a keyboard, a mouse, a screen power source, and the like. For example, if the monitor cannot be used to verify the 'lockable keyboard and/or the use of the mouse, and/or stop supplying power to the screen. The operational functions of the computer device also include specific applications, such as locking the browser and/or the software for sending and receiving, if not verified by the monitoring. 3A and 3B are flowcharts showing a detailed step S21 of executing the power-on verification program ρι〇 in Fig. 2. Referring to Figures 1 and 3, after the power of the computer device is turned on, the 'Basic Output System' 1G judges whether or not the gold is stored in the basic wheel entry/exit system memory (4) (step § 3). In this embodiment, if the basic input/output system memory 12 does not store the gold record κΕγ, the basic input/output system 10 determines the power-on verification in step 22, and then the operating system n of the computer device is started (step S23). In and out: 基基出, the system memory 12 stores the keystrokes and the basic output is entered into the system 10 and then judges whether or not the soil is not set 13 (step S3). The portable device is mounted on the outside of the μ f file, and the external device 13 can be called a storage certificate CJE]Rt. Chevalier private mountain. Recall the key stored in body 12 蛊 basic output into the 糸
是在電腦裝置於前〜士、 °卩,衣置13所儲存之憑證CERT II執行金鎗/憑證產1 啟動操作系統11時,由操作系統 步驟31之判斷所產生獲得的。 證(步驟S22)之其一’.、、弟2圖中匈斷是否通過閧機驗 外部裝置13,在步领22依據。假使不具有連接電腦裝置之 過開機驗證,則雷砂#中基本輸出入系統1〇則判斷不通 假使具有連:日裝置當機(步驟咖)。 月^置之外部裝置&則自此外部裝 201104488 置13讀取儲存其内的憑證CERT (步驟S32)。讀取儲存 =外部裝置13之憑證CERT後,基本輸出入系統1〇比對It is obtained by the judgment of the operating system step 31 when the computer device is stored in the front-down, the 卩, and the clothing stored in the certificate CERT II executes the golden gun/certificate 1 when the operating system 11 is started. In the case of the test (step S22), whether or not the Hungarian break is passed through the machine, the external device 13 is used, and the step 22 is used. If there is no power-on verification for connecting the computer device, then the basic output into the system 1 in Leisha # is judged to be unreasonable. If there is a connection: the device is down (step coffee). The external device & is then read from the external device 201104488 13 to read the certificate CERT stored therein (step S32). Read storage = the external device 13 certificate CERT, the basic output into the system 1 〇 comparison
,錄KEY與憑證CERT,以判斷金鑰KEY與憑證CERT 疋否,配(步驟S33)。步驟S33之判斷結果作為第2圖 中判斷是否通過開機驗證(步驟S22)之另一依據。假使 金鑰KEY與憑證CERT匹配,在步驟22中基本輪出入系 統10則判斷通過開機驗證,接著,啟動電腦裝置之作業系 統11 (步驟S23)。假使金鑰KEY與憑證CERT不匹配, 則流耘回到步驟S3丨,基本輸出入系統1〇則判斷是否具有 連接笔&震置且尚未被讀取憑證之外部裝置。假使具有連 接电腩裝置且尚未被讀取之外部裝置13,則重複步驟s.32 與 S33。 在此實施例中,假使在步驟S3〇後於步驟S31判斷出 不具有遑接電腦裝置之任何外部裝置,或者在步驟S33後 於步驟S31判斷出不具有連接電腦裝置且尚未被讀取憑證 之外部裝置,在步驟22中基本輸出入系統1〇則判斷不通 過開機驗證,接著’電腦裝置便當機(步驟S24 )。 在<另—實施例中,假使在步驟S31中判斷出不具有連 接電細=置之任何外部裝置,或者判斷出不具有連接電腦 裝置且尚未被讀取憑證之外部裝置’基本輸出入系統丨〇可 判斷基本輸出入系統記憶體12是否儲存開機密碼pw (步 驟S34)。步驟S34之判斷結果作為第2圖中判斷是否通 過開機驗證(步驟S22)之又另—依據。假使基本輸出入 系統,k體12沒有儲存開機密碼pw,在步驟22中基本輸 出入系統10則判斷不通過開機驗證程序ρι〇不通過,則電 腦裝置便當機(步驟S24)。 201104488 假使基本輸出入系統記憶體12儲存開機密碼PW,則 要求使用者透過輸入介面提供一輸入密碼(步驟S35)。 接著,基本輸出入系統10比對開機密碼PW與輸入密碼以 判斷此兩者是否匹配(步驟S36)。步驟S36之判斷結果 作為第2圖中判斷是否通過開機驗證(步驟S22)之另一 依據。假使開機密碼PW與輸入密碼匹配,在步驟22中基 本輸出入系統10則判斷通過開機驗證,接著,啟動電腦裝 置之作業系統11 (步驟S23)。假使開機密碼PW與輸入 密碼不匹配,在步驟22中基本輸出入系統10則判斷不通 ® 過開機驗證,則電腦裝置便當機(步驟S24)。在此實施 例中,假使作業系統11之啟動是藉由匹配之開機密碼PW 與輸入密碼,雖然作業系統11被啟動,作業系統11可判 斷提供輸入密碼之使用者具有較低的權限,因此鎖定電腦 裝置之至少一功能操作。 第4A及4B圖係表示'表示第2圖中執行監視驗證程序 P11之步驟S25詳細流程圖。參閱第1及4A-4B圖,在啟 動操作系統Π後,操作系統11判斷在基本輸出入系統記 • 憶體12中是否儲存金鑰KEY(步驟S40)。在此實施例中, 在第3A及3B圖之步驟S30中判斷輸出入系統記憶體12 沒有儲存金鑰KEY而進一步啟動作業系統11之情況下, 此時,基本輸出入系統記憶體12則沒有儲存金鑰KEY, 在步驟26中操作系統11則判斷通過監視驗證,接著,電 腦裝置之電源持續開啟(步驟S27),且作業系統11再次 執行監視驗證程序P11 (步驟S25)。 假使基本輸出入系統記憶體12儲存金鑰KEY,操作系 統11判斷是否具有連接電腦裝置之外部裝置13 (涉驟 201104488 S41)。步驟41之判斷結果作為第2圖中判 .視驗證(步驟S26)之其—依據。 ^過監 置之外部裝置13,在步驟26中操作f則; 監視驗證,則關閉電腦裝置之電源,或者不關閉 之電源而由操作线11敕電腦裝置之至少—j裝置 (步驟S28)並再次執行監視驗證.程序m (步驟 = 操作 假使具有連接電腦裝置之外部裝置13,則^)。 置13讀取儲存其内的憑證cERT ( 邻裝 :外部裝置Π之憑_RT後剑; 與憑證CERT,以判斷金錄ΚΕγ與憑證娜丁是否 驟S43)。步驟S4.3之判斷結果作 是^ 步=26)之另一依據。假使金繪= ^fRT匹配,在步驟26中操作系統η則判斷通過^ =接者’電腦裝置之電源持續開啟(步驟剛,且 F示糸統11再次執行監視驗證程序pu ^實施财,當電腦裝置之至少—魏操作已於切^ 屬1之_ 也解除被鎖定之功能操作。 ^使,讲與憑證CERT不匹 二斷是否具嫩 二ί:=曹假使具有連議 取之卜巧置13則重複步驟S42與S43。 不且例I作又使在步驟S4〇後於步驟s41判斷出 :=!腦t置之任何外部裝置,或者在步驟= 之外部狀置、^具有堤接電腦裝置且尚未被讀取憑證 之外孩置在步驟26中基本輪出人线Π)判斷不通過 201104488 監視驗證,接著,關閉電腦裝置之電源,或者不關閉電腦 裝置之電源而由操作系統11鎖定電腦裝置之至少一功能 操作(步驟S28)並再次執行監視驗證程序P11(步驟S25)。 在一些實施例中,操作系統11之一些應用程式需依據 監視驗證之通過與否來執行,例如定時鎖定程式。使用者 可透過應用程式介面14來設定在通過監視應用的情況 下,當維持啟動操作系統11的時間過一既定長度時,將監 視驗證程序P11之通過視為無效的,因此,當維持啟動操 作系統11的時間過一既定長度時,定時鎖定程式會判定逾 ® 時而鎖定電腦裝置之部分功能操作。 參閱第1及4A-4B圖,假使在步驟S43中判斷金鑰KEY 與憑證CERT匹配,操作系統11判斷是否具有回傳機制(步 驟S44 )。假使不具有回傳功能,在步驟26中操作系統11 則判斷通過監視驗證,接著,電腦裝置之電源持續開啟(步 驟S27) ·,且作業系統11再次執行監視驗證程序P11 (步 驟 S25)。 假使具有回傳機制,則由一特定應用程式1:5判斷監視 • 驗證之通過是否有效(步驟S4.5)。假使監視驗證之通過 為有效的,在步驟26中操作系統11則判斷通過監視驗證, 接著,電腦裝置之電源持續開啟(步驟S27),且作業系 統11再次執行監視驗證程序P11 (步驟S25)。假使監視 驗證之通過為非有效的,在步驟26中操作系統11則判斷 不通過監視驗證,則關閉電腦裝置之電源,或者不關閉電 腦裝置之電源而由操作系統Π鎖定電腦裝置之至少一功 能操作(步驟S28)並再次執行監視驗證程序P11 (步驟 S25)。 9 201104488 第5圖係表示表示第2圖中步驟S28之詳細流程圖。 參閱第2及5圖,當在步驟S26中,操作系統11則判斷不 通過監視驗證,流程進入至步驟S28。首先,操作系統11 判斷是否關閉電腦裝置之電源(步驟S50)。假使不關閉 電腦裝置之電源,操作系統11鎖定電腦裝置之至少一操作 功能並再次執行監視驗證程序P11 (步驟S51 )。相反地, 則關閉電腦裝置之電源(步驟S52 )。 在此實施例中,當監視驗證程序P11不通過時,何者 操作功能需被鎖定,可透過應用程式介面14藉由應用程式 來設定。 根據上述可得知,若在開啟電腦裝置之電源後,首先 由基本輸出入系統10來執行開機驗證程序P10,以對電腦 裝置之安全性進行把關。假使開機驗證程序P1 〇不通過, 則無法啟動作業系統11,即使更換開機硬碟也無法進入作 業系統。此外.,金錄KEY是儲存於基本輸出入系統記憶體 12中而不易被竊取或篡改,因此本發明實施例之管理方法 提供了較高的電腦裝置安全性。再者,利用外接裝置來儲 存憑證CERT,對終端使用者而言具有較佳的方便性與較 低的成本。 本發明雖以較佳實施例揭露如上,然其並非用以限定 本發明的範圍,任何所屬技術領域中具有通常知識者,在 不脫離本發明之精神和範圍内,當可做些許的更動與潤 飾,因此本發明之保護範圍當視後附之申請專利範圍所界 定者為準。 201104488 【圖式簡單說明】 第1圖表示根據本發明實施例在之電腦裝置與系統執 行示意圖; 第2圖表示根據本發明實施例之管理方法之流程圖; 第3A及3B圖表示根據本發明實施例之執行開機驗證 程序之流程圖; 第4A及4B圖表示本發明實施例之執行監視驗證程序 之流程圖;以及 第5圖表示根據本發明實施例,在監視驗證程序不通 • 過後之操作方法流程圖。 【主要元件符號說明】 10〜基本輸出入系統(BIOS); 11〜操作系統(OS); 12〜BIOS記憶體; 13〜外部裝置; 14〜應用程式介面; φ 15〜應用程式; P10〜開機驗證程序; P11〜監視驗證程序; 520.. .528〜步驟流程; 530.. .536〜步驟流程; 540.. .545〜步驟流程;以及 550.. .552〜步驟流程。The KEY and the credential CERT are recorded to determine whether the key KEY and the credential CERT are not matched (step S33). The judgment result of the step S33 is another basis for judging whether or not the power-on verification (step S22) is passed in the second figure. If the key KEY is matched with the credential CERT, the basic round entry/exit system 10 determines in step 22 that the booting is verified, and then the operating system 11 of the computer device is started (step S23). If the key KEY does not match the credential CERT, the flow returns to step S3, and the basic input/output system 1 determines whether or not there is an external device that is connected to the pen & is not yet read. If there is an external device 13 that is connected to the power device and has not been read, steps s.32 and S33 are repeated. In this embodiment, if it is determined in step S31 that there is no external device that is connected to the computer device, or after step S33, it is determined in step S31 that the computer device is not connected and the certificate has not been read. The external device, after basically inputting and entering the system 1 in step 22, determines that the power-on verification is not passed, and then the computer device is down (step S24). In the <another embodiment, if it is determined in step S31 that there is no external device connected to the device, or it is determined that there is no external device connected to the computer device and the voucher has not been read, the basic device is input into the system. It is judged whether or not the basic input/output system memory 12 stores the power-on password pw (step S34). The judgment result of the step S34 is used as the basis for judging whether or not the power-on verification (step S22) is passed in the second figure. If the basic output is entered into the system, the k-body 12 does not store the power-on password pw. If the system enters the system 10 in step 22 and determines that the power-on verification program ρι〇 does not pass, the computer device is down (step S24). 201104488 If the basic input/output system memory 12 stores the power-on password PW, the user is required to provide an input password through the input interface (step S35). Next, the basic input/output system 10 compares the power-on password PW with the input password to judge whether or not the two match (step S36). The judgment result of step S36 is another basis for judging whether or not the power-on verification (step S22) is passed in Fig. 2 . If the power-on password PW matches the input password, the basic input/output system 10 judges the power-on verification in step 22, and then starts the computer system operation system 11 (step S23). If the power-on password PW does not match the input password, in step 22, the basic input/output system 10 determines that the power-on authentication is over, and the computer device is down (step S24). In this embodiment, if the activation of the operating system 11 is by matching the power-on password PW and entering the password, although the operating system 11 is activated, the operating system 11 can determine that the user providing the input password has a lower authority, and therefore locks At least one functional operation of the computer device. 4A and 4B are diagrams showing a detailed flowchart of step S25 showing the execution of the monitoring verification program P11 in Fig. 2. Referring to Figures 1 and 4A-4B, after the operating system is started, the operating system 11 judges whether or not the key KEY is stored in the basic input/output system memory 12 (step S40). In this embodiment, in the case where it is judged in step S30 of FIGS. 3A and 3B that the input/output system memory 12 does not store the key KEY and further activates the operating system 11, at this time, the basic input/output system memory 12 does not. The key KEY is stored, and in step 26, the operating system 11 judges that the verification by the monitoring is performed, and then the power of the computer device is continuously turned on (step S27), and the operating system 11 executes the monitoring verification program P11 again (step S25). If the basic input/output to the system memory 12 stores the key KEY, the operating system 11 determines whether or not there is an external device 13 connected to the computer device (step 201104488 S41). The judgment result of the step 41 is judged as the basis of the verification (step S26) in Fig. 2. ^Over-regulated external device 13, operating f in step 26; monitoring and verifying, turning off the power of the computer device, or turning off the power supply by operating line 11 至少 at least -j device of the computer device (step S28) and again Perform monitoring verification. Program m (Step = Operation If there is an external device 13 connected to the computer device, ^). Set 13 to read the credential cERT stored therein (neighbor: external device 凭 _ RT after the sword; and the credential CERT to determine whether the gold record ΚΕ and the voucher Nadine is S43). The judgment result of the step S4.3 is another basis of the step = 26). If the gold painting = ^fRT match, in step 26 the operating system η judges that the power supply of the computer device is continuously turned on by the ^=receiver's computer device (step just, and F shows that the system 11 executes the monitoring verification program again. At least the computer device has been smashed into the genus 1 and also unlocked the function of the locked function. ^ Make, speak and the certificate CERT is not the same as the tender two ί: = Cao spoof has a deliberation Steps 13 and S43 are repeated. In addition, in the case of step S4, it is determined in step S4 that any external device is set to be in the step s41, or in the external state of step = The computer device has not been read by the voucher and is basically placed in step 26 to turn off the human line.) It is judged that the verification is not passed through 201104488, and then the power of the computer device is turned off, or the power of the computer device is not turned off. At least one functional operation of the computer device is locked (step S28) and the monitoring verification program P11 is executed again (step S25). In some embodiments, some applications of the operating system 11 need to be executed in accordance with the pass or fail of the monitoring verification, such as a timing lock program. The user can use the application interface 14 to set the monitoring verification program P11 to be invalid when the time for starting the operating system 11 is maintained for a predetermined length when the application is monitored. Therefore, when the startup operation is maintained. When the time of system 11 exceeds a predetermined length, the timing lock program determines that some of the functional operations of the computer device are locked out. Referring to Figures 1 and 4A-4B, if it is judged in step S43 that the key KEY matches the credential CERT, the operating system 11 judges whether or not there is a backhaul mechanism (step S44). If there is no backhaul function, the operating system 11 judges that the power is turned on by the monitoring in step 26, and then the power of the computer device is continuously turned on (step S27), and the operating system 11 executes the monitoring verification program P11 again (step S25). If there is a backhaul mechanism, it is judged by a specific application 1:5 whether or not the verification is valid (step S4.5). If the passage of the monitoring verification is valid, the operating system 11 judges that the verification by the monitoring is performed in step 26, and then the power of the computer device is continuously turned on (step S27), and the work system 11 executes the monitoring verification program P11 again (step S25). If the monitoring verification is not valid, in step 26, the operating system 11 determines that the power of the computer device is turned off without monitoring the verification, or the operating system locks at least one function of the computer device without turning off the power of the computer device. The operation (step S28) and the monitoring verification program P11 are executed again (step S25). 9 201104488 Fig. 5 shows a detailed flowchart showing step S28 in Fig. 2. Referring to Figures 2 and 5, when the operating system 11 determines in step S26 that the monitoring is not passed, the flow proceeds to step S28. First, the operating system 11 judges whether or not the power of the computer device is turned off (step S50). If the power of the computer device is not turned off, the operating system 11 locks at least one operational function of the computer device and executes the monitoring verification program P11 again (step S51). Conversely, the power of the computer device is turned off (step S52). In this embodiment, when the monitoring verification program P11 does not pass, the operation function needs to be locked, and can be set by the application interface 14 through the application. According to the above, if the power of the computer device is turned on, the power-on verification program P10 is first executed by the basic input/output system 10 to check the security of the computer device. If the power-on verification program P1 does not pass, the operating system 11 cannot be started, and the operating system cannot be entered even if the boot disk is replaced. In addition, the gold record KEY is stored in the basic input/output system memory 12 and is not easily stolen or tampered. Therefore, the management method of the embodiment of the present invention provides high security of the computer device. Moreover, the use of an external device to store the credential CERT provides better convenience and lower cost for the end user. The present invention has been disclosed in the above preferred embodiments, and is not intended to limit the scope of the present invention. Any one of ordinary skill in the art can make a few changes without departing from the spirit and scope of the invention. The scope of protection of the present invention is therefore defined by the scope of the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram showing the execution of a computer apparatus and system according to an embodiment of the present invention; FIG. 2 is a flow chart showing a management method according to an embodiment of the present invention; FIGS. 3A and 3B are diagrams showing the present invention. FIG. 4A and FIG. 4B are flowcharts showing the execution of the monitoring verification program according to the embodiment of the present invention; and FIG. 5 is a diagram showing the operation after the monitoring and verification program is not provided according to the embodiment of the present invention. Method flow chart. [Main component symbol description] 10~ Basic output system (BIOS); 11~ operating system (OS); 12~BIOS memory; 13~ external device; 14~ application interface; φ 15~ application; P10~ boot Verification procedure; P11~monitoring verification program; 520..528~step flow; 530.. .536~step flow; 540.. .545~step flow; and 550.. .552~ step flow.