201206138 六、發明說明: 【發明所屬之技術領域】 本發明係有關一種網路設備及其登錄方法。 【先前技術】 電腦系統通常包括登錄及加鎖/解鎖元件,以保護電腦 系統不受未授權用戶的存取。舉例來說,當電腦系統開啟 後,用戶需要提供一已授權的憑證以登錄電腦系統。用戶只 有在成功登錄電腦系統後’才可以存取及/或控制電腦系統中 的應用程式。一般來說,提供憑證給電腦系統的傳統方法包 括在電腦系統的螢幕上所顯示的一登錄視窗輸入一用戶名 稱及一密碼。 在用戶登錄電腦系統後,若電腦系統在一預設時間内沒 有收到來自用戶的指令時,則電腦系統的一加鎖/解鎖元件 會自動將電腦系統加鎖。此時,若用戶仍要存取及/或控制電 腦系統中的應用程式時,則用戶需要再次提供已授權的憑證 (例如,輸入用戶名稱及密碼)以將電腦系統解鎖。換言之, 每一次加鎖/解鎖元件將電腦系統加鎖後,用戶必須輸入用戶 名稱和密碼以將電腦系統解鎖。然而,重複地輸入用戶名稱 和密碼不僅造成用戶不便,而且使得未授權用戶成功獲得 (或盜取)用戶名稱和密碼的機率增加。 【發明内容】 本發明要解決的技術問題在於提供一種網路設備及 其登錄方法,以利用可攜式設備的識別資訊幫助用戶自動 0647-TW-CH Spec+Claim(filed-201〇〇7l6),doc 3 201206138 地登錄網路設備。 為解決上述技術問題,本發明提供一種網路設備的登 錄方法,包括:接收來自一可攜式設備的一預設識別資 訊;若該預設識別資訊與一資料庫的内容匹配時,則控制 該資料庫提供一預設憑證;以及驗證該預設憑證,若該預 設憑證為有效時,則利用該預設憑證允許該可攜式設備登 錄到該網路設備。 本發明進一步提供一種網路設備,包括:一介面,接 收來自一可攜式設備的一預設識別資訊;以及一處理器, 耦接至該介面’並驗證該預設識別資訊,若該預設識別資 訊與一資料庫的内容匹配時,則從該資料庫中擷取一預設 憑證’若該預設憑證為有效時,則利用該預設憑證允許該 可攜式設備登錄到該網路設備。 與現有技術相比,本發明網路設備的登錄方法透過可 攜式設備的識別資訊幫助用戶自動地登錄網路設備,使得 用戶無需重複輸入用戶憑證,不僅帶給用戶使用上之方便 並且降低未授權用戶成功獲得(或盜取)用戶憑證的機率。 以下結合附圖和具體實施例對本發明的技術方案進 行詳細的說明’以使本發明的特性和優點更為明顯。 【實施方式】 以下將對本發明的實施例給出詳細的說明。雖然本發 明將結合實施例進行闡述,但應理解這並非意指將本發明 限定於這些實施例。相反地,本發明意在涵蓋由後附申請 專利範圍所界定的本發明精神和範圍内所定義的各種變 0647-TW-CH Spec+Claim(filed-20100716).doc 4 201206138 化、修改和均等物。 =外’在以下對本發明的詳細描述中,闡明大量的具 以提供針對本發明的全面理解。然而,本技術領域 、有通常知識者應理解,沒有這些具體細節,本發明同 實施。在其他實例中,對於習知方法、流程、元件 °電路未作詳細描述,以便於凸顯本發明之主旨。 以下部分詳細描述係、以程序、邏輯方塊、步驟、以及 =代表電腦記憶體内資料位元的運算之符號表示之 理技術領域中具有通常知識者 違其作實質内谷的最有效方式。在本發明中,一程 、-邏輯方塊、—步驟或其他等等,被認定為以 係步驟或指令導引產生―所需之結果。這些步驟 =字物理量做物理處理。雖然並非必要但通常這此 儲存、=了^讀或磁錢的戦俾使在電腦系統中 減伟傳送、結合、比較等等。 理量=,應該明白的是,這些相似的用語皆與適當的物 有關,且僅僅是在這些物理量上標 示。除非特別強調,否則顯然從以下述描述可:辨2 明中,這些“接收,,、“控制,,、“允許,,、“檢測,,、發 提供” '“驗證”、“搜尋,,、“擁取,,等等之用語、 電腦系統或其他類似之電子計算裝置'、參考 動作及步㈣料《純;這些 (電子)量處理及轉換為其他類似於 =理 ,存器内或其他諸如資訊儲存、傳送或顯 理量之其他資料儲存。 内之物 〇647-TW-CHSpec-fClaim(fi[ed-2〇l〇〇716).doc 201206138 本發明實施例係透過以一般文字來描述以電腦可使 “的媒體形式(例如,程式模組)存在且透過一或多個電 腦,其他設備來執行之電腦可執行指令。 一般來說,程式 、人執行特义的工作或執行特定抽象資料型態程式模組 常規(r〇utine)、程式、物件、元件、資料結構等等。 程式模組的功能將因各種不同實施態樣而有所結合或分 配。 ^舉例來說,電腦可用之媒體可包含電腦儲存媒體及通 體’但不以此為限。電腦儲存舰包含以任何方式或 技術實施㈣翻如電腦可讀之指令、資料結構、程式模 組或其他資料之可變(v()la則/不可變、可移除/不可移 除的電腦儲存媒體。電賴存媒體包括隨 ⑽M)、唯讀記憶體(謂)、電子式可抹除可2 = δ己憶體(EEPR〇M)、快閃記憶體或其他記憶體技術,光 碟(CD:R〇M)、數位多功能磁碟(DVD)或其他光學儲 存,卡式磁帶(cassettes)、磁帶(tape)、磁碟、或其他磁 式儲存或其他可用於儲存資料之媒體,但不以此為限。 通訊媒體可使用電腦可讀指令、資料結構、程^ 或其他調變資料信號上之資料,例如載波或其他傳輸: 制》且包括任何資訊傳送媒體。術語「調變資料信號」〗 才曰具有一或多組特徵組,或以例如在該信號上加密之資丄、 加密方法而改變之信號。舉例來說,通訊媒體 = 線網路或以直接線路相連之有線媒體,或例如聲學 (acoustic )、無線射頻(radi〇 frequency,RF )、紅外線或其 他等等無線媒體,但不以此為限。上述媒體之結合亦I人 0647-TW-CH Spec+Claim(filed.20100716).do< 6 201206138 在電腦可讀媒體之範圍中。 本發明提供了一種包括一可攜式設備和一網路設備 的一網路系統。其中,可攜式設備包括識別可攜式設備的 一預設識別資訊。預設識別資訊與一預設憑證關聯。網路 設備接收來自可攜式設備的預設識別資訊,並且驗證預設 識別資訊。若驗證結果指示預設識別資訊為有效(或已授 權)時’則該網路設備利用預設憑證以允許可攜式設備的 登錄;否則,該網路設備將丟棄預設識別資訊。 # 圖1所示為根據本發明一實施例網路系統1〇〇示例性 方塊圖。網路系統100包括一可攜式設備102 (例如,、行 動電話、個人數位助理、可攜式媒體播放器、耳機等)和 一網路設備110 (例如’電腦、路由器等)。可攜式設備 102中包含一預設識別資訊106及一軟體程式(例如,應 用程式)等,且其係由一或多個硬體模組實現,。網路設 備110包括一電腦可讀媒體,以儲存一憑證提供元件112、 一程式模組(例如,登錄元件118)及一資料庫116等。 網路設備110可進一步包括一處理器(未顯示在圖1中), _ α執行前述的程式模組。 預設識別資訊106可作為識別可攜式設備1〇2的資 訊。在一實施例中,預設識別資訊106可包括可攜式設備 102中的一識別模組(未顯示在圖1中)的一序列號。舉 例來說,可攜式設備102可為插有一用戶識別模組(SIM) 卡的一行動電話。SIM卡可包含與SIM卡關聯或與行動電 話用戶關聯的序列號。序列號可以是國際移動用戶識別碼 (IMSI碼)。在另一實施例中,預設識別資訊106可包括 0647-TW-CH Spec+Claim(filed-2〇l〇〇716).doc η 201206138 可攜式設備102中一通訊模組(未顯示在圖1中)的一網 路位址,例如可以是一藍牙通訊模組的一藍牙位址(一種 全球唯一位址)、一有線或無線通訊模組的一媒體存取控 制位址(一種全球唯一位址)、或其他可以識別可攜式設 備102中的一模組、一積體電路或一電子晶片的一序列號 /識別碼,但不以此為限。 應用程式可與網路設備110通信。舉例來說’應用程 式可產生具有預設識別資訊1〇6的一資料封包,並且透過 藍牙通道、無線相容認證(WI-FI)通道、通用封包無線 服務(GPRS)通道或光纖通道等將資料封包發送/傳輸至 網路設備110。在本實施例中,在網路設備11〇接收到預 設識別資訊106後,網路設備11〇將驗證預設識別資訊1〇6 並且產生一驗證結果。若驗證結果指示預設識別資訊1〇6 為無效(或未授權)時,則網路設備110將捨棄預設識別 資訊106。若驗證結果指示預設識別資訊1〇6為有效(或 授權)時,則可攜式設備102將登錄網路設備no。在可 攜式設備102成功登錄網路設備no後,可攜式設備1〇2 可與網路設備11〇通信,例如,存取網路設備11()中的應 用程式。 網路設備110包括一作業系統(未顯示在圖1中),以 執行憑證提供元件112和登錄元件118。登錄元件118透 過一登錄介面(未顯示在圖1中)以接收一憑證(例如, 用戶名稱、密碼、臉部特徵資料、指紋特徵資料等)。舉 例來說,登錄元件118可透過網路設備110的螢幕上所顯 示的一登錄視窗,以接收用戶名稱和密碼。另外,登錄元 0647-TW-CH Spec+C laim(fi!ed-20100716).doc 8 201206138 :118亦可透過_臉部朗軟體或者透過—指紋識別軟 體’以接收臉部特徵資料或指紋特徵資料。 在另一實關中’登錄元件118可透過憑證提供元件 112接收用戶的-預設憑證12〇。具體來說,網路設備ιι〇 包括麵接至處理器的—通信介面(例如,藍牙介面,未顯 不在圖1巾)Dgj通齡面可接收來自可攜式設備1〇2 的預没識別資訊106,並且將預設識別資訊1〇6傳遞給憑 也提供元件112。然後,處理器將執行憑證提供元件112, 使得憑證提供元件112在一驗證平台114上驗證預設識別 資訊106而產生一驗證結果,並且根據驗證結果自動地提 供用戶的預設憑證120給登錄元件118。接著,處理器執 行登錄元件118,使得登錄元件ι18驗證預設憑證12〇,舉 例來說’登錄元件118可對一預設憑證列表(未顯示在圖 1中)進行搜尋’若登錄元件U8在預設憑證列表中搜出 與預設憑證120相同或對應的憑證(預設憑證12〇為有效) 時’則登錄元件118將利用預設憑證12〇以允許用戶(例 如,可攜式設備102)登錄到網路設備11〇 ;否則,登錄 元件118將捨棄預設憑證120。 優點在於,用戶可以選擇自動登錄網路設備11〇,使 得用戶無需在每一次登錄網路設備110時輸入用戶名稱和 密碼等憑證。因此,用戶可以更方便地使用網路設備110, 並降低用戶名稱和密碼被未授權用戶成功獲得(或盜取)的 機率。 資料庫116包括多個資料對。其中,每一個資料對包 括一個預設識別資訊及與預設識別資訊關聯的一個預設 0647-TW-CH Spec+Claim(filed-20100716).doc 9 201206138 憑證。當網路設備110接收來自可攜式設備102的預設識 別資訊106後,網路設備no將基於資料庫116在驗證平 臺114上驗證預設識別資訊1〇6是否有效,並且產生驗證 結果。舉例來說’網路設備110透過在資料庫116内的多 個資料對中搜尋預設識別資訊106,以驗證預設識別資訊 106是否有效。若在資料庫116中找到與預設識別資訊ι〇6 相同或對應的資訊時,則預設識別資訊1〇6被視為有效。 換s之’在資料庫116中能找到預設識別資訊1〇6及與預 設識別資訊106關聯的預設憑證120所組成的資料對。接 著’憑證提供元件112將控制資料庫116,以提供預設憑 證120給登錄元件118。在一實施例中,憑證提供元件U2 掘取來自資料庫116的預設憑證12〇,並且將預設憑證12〇 傳遞給登錄元件118。在另一實施例中,登錄元件ι18直 接從資料庫116中擷取預設憑證no。若在資料庫116中 未找到與預設識別資訊1〇6相同或對應的資訊時,則預設 識別資訊106被視為無效,此時,網路設備11〇將捨棄預 設識別資訊106。 圖2所示為根據本發明一實施例登錄網路設備的示例 性方法流程圖20(^流程圖200中的步驟可以透過儲存在 一非暫時性電腦可讀媒體中的電腦執行指令來實行,以下 圖2將結合圖1進行描述。 在步驟202中,網路設備11〇開始一登錄流程(自動 登錄流程)。在步驟204中,網路設備11〇檢測可攜式設 備102 (例如,行動電話、個人數位助理、可攜式媒體播 放器、耳機等)〇 0647-TW-CH Spec+Claim(filed-20100716).d〇i 10 201206138 在步驟206中,網路設備110檢測是否收到預設識別 資訊106。若網路設備110接收到預設識別資訊1〇6時, 則網路設備110執行步驟208。在步驟208中,網路設備 110將驗證預設識別資訊1〇6是否為有效,例如,在資料 庫116中搜尋是否具有與預設識別資訊1〇6相同或者相對 應的資訊。在步驟210中,若預設識別資訊1〇6為無效, 例如,在資料庫116中未找到預設識別資訊1〇6時,則網 路設備110將執行步驟220,捨棄預設識別資訊1〇6。若 鲁 預δ又識別員訊1 〇6有效,例如,在資料庫116中找到預設 識別資訊106相同或者相對應的資訊時,則執行步驟212。 在步驟212中,憑證提供元件112從資料庫116讀取 對應的預§又憑證120 ’並且將預設憑證120傳遞給登錄元 件118。在步驟214中,登錄元件118驗證預設憑證12〇, 例如,登錄元件118在預設憑證列表中搜尋預設憑證12〇。 在步驟216中,若預設憑證π〇為無效,例如,在預設憑 證列表中未找到預設憑證12〇時,則網路設備u〇執行步 φ 驟220 ’以捨棄預設識別資訊106和預設憑證120。若預設 憑證120為有效’例如’在預設憑證列表中找到與預設憑 證120相同或者相應的憑證時,則我行步驟218。在步驟 218中’登錄元件U8利用預設憑證12〇致能可攜式設備 102登錄網路設備。 圖3所示為根據本發明一實施例網路系統300的示例 性方塊圖。在圖3和圖丨中標識相同的元件具有相似的功 能。如圖3所示,網路設備11〇進一步包括一檢測元件 322、一加鎖/解鎖元件324及一登記元件326等程式模組。 0647-TW-CHSpec+Claim(filed-20100716).doc 11 201206138 這些程式模組可儲存在—電腦可讀媒體中。網路設備11〇 更可進-步包括獨立於電腦可讀媒體或者在電腦可讀媒 體中實現的-儲存單元316。儲存單元316可儲存如圖! 中所示的資料庫116。 檢測元件322接收來自可攜式設備1〇2的資料封包, 並檢測可攜式設備1()2的狀態。舉例來說,檢測元件322 檢測可攜式設備102是否位於—特定範圍内,例如,<攜 式設備102與網路設備U〇之間的距離是否小於特定長 度。具體來說,可揭式設備1()2包括—無線通訊模組(例 如,藍牙通訊模組),以進行短距離的資料交換。若無線 通訊模組(例如,藍牙通訊模組)被啟動,且可攜式設備 102與網路設備11〇之間的距離小於特定長度時則網路 ?又備11〇 τ接收到包含可攜式設備102力預設識別資訊 106 (例如,藍牙位址)的資料封包。若無線通訊模組被 除能或者可攜式设備102與網路設備之間的距離大於 特定長度時’則網路設備110無法接收到包含可攜式設備 102的預設識別資訊106的資料封包。 登記元件326將憑證和識別資訊登記到如圖丨所示的 資料庫116中,例如,將憑證和識別資訊寫入儲存單元316 中。具體來說,在登記流程中,當網路設備110接收到來 自可攜式設備102的預設識別資訊1〇6時,則用戶可提供 預設憑證120給登記元件326。舉例來說,用戶在網路設 備110螢幕上所顯示的登記視窗中輪入用戶名稱和密碼。 再舉例來說,用戶利用臉部識別軟體擁取用戶的臉部特 徵’或者利用指紋識別軟體擷取用戶的指紋特徵。因此, 0647-TW-CH Spec+Claim(filed-20100716).doc 12 201206138 登記元件326將預設識別資訊ι〇6和預設憑證12〇寫入铸 存單元316中。在本實施例中,每一個識別資訊對應一個 憑證,但亦可依據實際需求使得每一個憑證對應多個識別 資訊。 儲存平元316儲存資料庫116,例如,儲存單元 儲存包含多個憑證和對應的多個識別資訊的多個資料 對。儲存單元310更可暫存一預設識別資訊。具體來說, 當網路設備110接收來自可攜式設備1〇2的預設識別資訊 1〇6時,則儲存單元316將暫存這個預設識別資訊1〇6。加 鎖/解鎖元件324根據這個暫存的預設識別資訊1〇6執行加 鎖/解鎖。 具體來說,在可攜式設備1〇2登錄網路設備11〇的期 間,檢測元件322檢測可攜式設備1〇2的狀態。若可攜式 設備102斷電或者可攜式設備1〇2被移至特定範圍外時, 則檢測元件322將無法接收來自可攜式設備1〇2的預設識 別資訊106。因此,檢測元件322㈣生一加鎖信號給加 鎖/解鎖元件324,以使加鎖/解鎖元件324將網路設備11〇 加鎖在網路3又備11〇已加鎖的期間,檢測元件Μ]將繼 續檢測可攜式設備102的狀態。若檢測元件322接收到與 暫存在儲存單元3丨6的預設識別資訊⑽相同或相應的識 別資訊時,則可攜式設備1〇2被認為處在特定範圍内那 麼檢測元件322相應地產生解鎖信號給加鎖/解鎖元件 324。加鎖/解鎖元件324將執行解鎖流程,以利用預設憑 證120將網路設備11〇解鎖。然而,若檢測元件322接收 到與暫存在儲存單元316的預設識別資訊1〇6不同的識別 0647-TW-CH Spec+Claim(filed-20100716).doc 13 201206138 資訊時,則代表有另一個可攜式設備位於這個特定範圍 内。網路設備110將捨棄先前接收到的識別資訊,並且繼 續檢測可攜式設備的狀態。 圖4所示為根據本發明一實施例網路設備執行登記流 程的示例性方法流程圖400。方法流程圖400中的步驟可 以透過儲存在一非暫時性電腦可讀媒體中的電腦執行指 令來實行。以下將結合圖1和圖3對圖4進行描述。 在步驟402中’網路設備110開始登記流程。在步驟 404中,網路設備110搜尋目標可攜式設備102。在步驟 406中,檢測元件322檢測是否接收到目標可攜式設備ι〇2 的預設識別資訊106。若網路設備110接收到來自目標可 攜式設備102的預設識別資訊106時,則網路設備11〇執 行步驟408 ’以等待用戶輸入預設憑證12〇 (例如,用戶 名稱、密碼、臉部特徵資料、指紋特徵資料等當登記 元件326接收到預設憑證120時,則網路設備11〇執行步 驟410,以儲存預設憑證120和預設識別資訊1〇6,例如, 將預設憑證120和預設識別資訊106寫入儲存單元316中。 在步驟412中,網路設備110接收來自用戶的指令/ 命令。若用戶命令網路設備110繼續執行登記流程時/則 執行步驟404 ;否則,網路設備11〇將執行步驟414,結 束登記流程。 圖5所示為根據本發明一實施例網路設備執行自動力 鎖/解鎖流程的示例性方法流程圖500。方法流程圖5〇〇中^ 的步驟可以透過儲存在一非暫時性電腦可讀媒體中的電 腦執行指令來實行。以下將結合圖丨和圖3對圖5進行描 0647-TW-CH Spec+Claim(filed-20100716).doc 14 201206138 述。 在可攜式設備102登錄到網路設備丨ι〇的期間,網路 δ又備110執行步驟502 ’以開始自動加鎖流程。具體來說, 在步驟504中,檢測元件322檢測可攜式設備102的狀態, 例如,檢測是否接收到與可攜式設備102關聯的預設識別 資訊106。在步驟506中,若可攜式設備1〇2位於網路設 備110周圍的一特定範圍内,使得檢測元件322可接收到 來自可攜式設備102的預設識別資訊1()6時,則網路設備 110將執行步驟508 ’以啟動一計時器(未顯示在圖1及3 中)。在步驟510中,若超過一預設時間時,則網路設備 110將執行步驟504,以繼續檢測可攜式設備1〇2的狀態。 在步驟506中,若可攜式設備ι〇2位於網路設備11〇周圍 的特定範圍外,使得檢測元件322無法接收到來自可攜式 設備102的預設識別資訊106時,則網路設備丨10將執行 步驟512 ’以將網路設備Η0加鎖。 在網路設備110被加鎖的期間,網路設備11〇將執行 步驟514,以開始自動解鎖流程。類似於步驟5〇4,檢測 元件322在步驟516中檢測可攜式設備1〇2的狀態。在圖 5所示實施例的步驟520中,若可攜式設備102位於特定 範圍外時,則網路設備110將執行步驟516,以繼續檢測 可攜式設備102的狀態。在另一實施例中,若可攜式設備 102位於特定範圍外時,則網路設備110將啟動計時器, 並且在超過一預設時間時執行步驟516。若可攜式設備1〇2 位於特定範圍内,則執行步驟522。在步驟522中,加鎖/ 解鎖元件324從儲存單元316中讀取預設憑證120,並且 0647-TW-CH Spec+Claim(filed-2〇 1 〇〇716).d〇t 201206138 利用預設憑證120將網路設備lio解鎖。在步驟522完成 後,將執行步驟502。 在一實施例的檢測流程中(例如,步驟504),可攜式 設備102可週期性地發送包含預設識別資訊1〇6的資料封 包給網路設備110,使得網路設備11〇保持解鎖狀態。可 攜式設備102可透過停止發送資料封包給網路設備no的 方式將網路設備110加鎖。在另一實施例中,網路設備110 可週期性地發送對預設識別資訊1〇6的請求給可攜式設備 102。若可攜式設備102位於特定範圍内時,則可攜式.設備 102將回應於這個請求,以發送包含預設識別資訊1〇6的 資料封包給網路設備110。若可攜式設備102位於特定範 圍外時’則網路設備110將無法接收來自可攜式設備1〇2 的響應。 圖6所示為根據本發明一實施例網路系統6〇〇的示例 性方塊圖。在圖1、圖3和圖ό標識相同的元件具有相似 的功能。在圖6的實施例中,網路設備11()可以是耦接至 一内部網路628的一路由器或閘道等設備。内部網路628 可以是一種包括多個應用程式(例如,資料備份63〇、用 戶管理632、網域管理634、筆記型電腦636、桌上型電腦 638、工作站640、伺服器642等)的企業内部網路,但不 以此為限。 在本實施例中,可攜式設備1〇2透過網路設備11()登 錄内部網路628。舉例來說,網路設備11〇接收可攜式設 備102的預設識別資訊1〇6,並且驗證預設識別資訊1〇6 是否有效。若預設識別資訊106有效時,則憑證提供元件 0647-TW-CH Spec+Claim(filed-20100716).doc 16 201206138 Π2從資料庫ι16中讀取與預設識別資訊1〇6關聯的預設 憑證120,並且將預設憑證12〇傳遞給登錄元件118 〇因 此’登錄元件118利用預設憑證120致能可攜式設備102 登錄内部網路628。本實施例中,若可攜式設備1〇2未登 錄網路設備1’則無法存取内部網路628。 如圖6所示的實施例中,可攜式設備102町進一步包 括一存取控制元件(圖中未示),以控制内部網路628中應 用程式的存取。當可攜式設備1〇2成功地登錄到網路設備 110時,則可攜式設備1〇2利用存取控制元件存取内部網 路628中的應用程式。 在一實施例中,當可攜式設備102成功登錄(以第一 次成功登錄為例)網路設備110時,則可攜式設備102從 網路設備110下載存取控制元件。在一實施例中,可攜式 設備102也可利用一安裝光碟以安裝存取控制元件。當然 亦可透過其他方式來安裝存取控制元件。 圖7所示為根據本發明一實施例提供憑證的示例性方 法流程圖700。以下將結合圖1、圖3和圖6對圖7進行 描述》 在步驟702中,憑證提供元件112接收來自可攜式設 備102的預設識別資訊106。預設識別資訊1〇6包括序列 號及/或位址。具體來說,在一實施例中,序列號是插入可 攜式設備102中的SIM卡的IMSI碼。在一實施例中,位 址是可攜式設備102中的通訊模組的網路位址。舉例來 說’網路位址是藍牙通訊模組的藍牙位址或是有線/無線通 訊模組的MAC位址。 0647-TW-CH Spec+Claim(filed-20100716).doc 17 201206138 在步驟704中’若預設識別資訊106與資料庫116中 的内容匹配時’則憑證提供元件U2控制資料庫u6提供 預設憑證120給登錄元件U8。具體來說,網路設備u〇 在儲存在資料庫116中的多個資料對中搜尋預設識別資訊 106。若在資料庫ι16中找到預設識別資訊1〇6時,則預設 s线別-貝§fl 106與資料庫116中的一對資料匹配。資料對進 一步包括與預設識別資訊1〇6關聯的預設憑證12〇。 在步驟706中,若預設憑證120為有效,則登錄元件 118利用預設憑證12〇允許可攜式設備ι〇2登錄到網路設 備110。預設憑證12〇包括用戶名稱、密碼、臉部特徵資 料、指紋特徵資料等與擁有可攜式設備1〇2或者被授權使 用可攜式設備102的用戶關聯的憑證中的至少一種。 本發明上述實施例提供了包括登錄介面及/或解鎖介 面的網路設備。網路設備利用與用戶關聯的憑證自動登錄 或者解鎖網路設備。舉例來說,將憑證和可攜式設備的安 全資汛(例如,識別資訊)關聯,例如,將憑證和識別資 訊在資料庫巾配對儲存。崎設備接收來自可攜式設備的 識別資訊’並從資料庫讀取與識別資訊關聯的憑證。網 路設備可廣泛應用於如電腦、路由器、閘道等領域。 在一實施例中,網路設備可為一電腦系統。當可攜式 設備成功登錄電«糾,咖戶可㈣臉部識別登錄網 站。 圖8所示為根據本發明一實施例透過臉部識別以啟動 網站登錄的電腦系統8GG的示例性方塊圖。電腦系統8〇〇 自動填寫用戶的登錄身份和密碼,若用戶通過臉部識別 0647-TW-CH Spec+Claim(filed-20100716).doc 201206138 時,則啟動網站登錄。電腦系統80〇包括一用戶端82〇和 一遠端伺服器840。用戶端820可以是電腦、個人數位助 理等。用戶端820包括一處理器8〇4 (例如,一種中央處 理單元)以及一電腦可讀媒體(例如,儲存設備83〇)β用 戶端820耦接至一照相機8〇2。處理器8〇4可控制照相機 802擷取一光學圖像,並且產生與所擷取光學圖像關聯的 電子信號。處理器804從照相機8〇2接收這個電子信號, 並且發送這個電子信號給儲存設備83〇中的對應的模組。 • 在另一實施例中,照相機802被整合在用戶端82〇中》 在一實施例中,儲存設備83〇包括一圖像識別模組 832、一接收模組834、一管理模組836、一資料庫838, 及一備份與同步模組85〇。圖像識別模組832可以透過處 理器804所執行之電腦執行指令,以執行圖像識別(例如, 臉部識別)。圖像識別模組832將照相機8〇2所擷取的用 戶臉部圖像和儲存在資料庫838的一個或多個臉部範本比 較。若所擷取的用戶臉部圖像與儲存在資料庫838的至少 一個臉部範本匹配時,則用戶通過驗證。否則,用戶未^ 過驗證。 接收模組834可以透過處理器804所執行的電腦執行 指令實現。接收模組834可以是嵌人網頁流覽器的網頁流 覽器接收模組。接收模組834可以透過處理器8〇4執行^ 腦執行指令,進而與網賊覽ϋ配合,以自動地操取2 在網頁上輸入的登錄憑證(例如,登錄身份和密碼)。 外,接收模組834可以透過處理器8〇4執行電腦執行, 令,進而將網頁的用戶登錄憑證和用戶對應的臉部範本^ 0647-TW-CH Spec+Claim(filed-201〇〇716)tdoc 19 201206138 聯,並且若用戶通過驗證時(例如,μ 與險:範本匹配),則在網頁二:::的臉部圓像 (例如一至臉部範本、至少-登錄憑證 :二=:::Τ器804將執行接收模 否通過驗證。若處理努如卜’處理器804可檢測用戶是 邮m 處理器804檢測到照相機802所掏取的臉 子信號與儲存在資料庫W中的臉= ^本匹配時,則處理器_執行接收模組834以檢查與 2 =及匹配的圖像範本相關聯的登錄憑證是否儲存 日hi* 838巾。若在f料庫838中找到這樣的登錄憑證 ^則處理器804執行接收模組834,以自動地在網頁中 立入,應的用戶登錄憑證。因此’用戶無需手動地輸入登 ^證。若用戶通過驗證時,則處理器8〇4執行接收模組 幻4,以自動地填入用戶登錄憑證。 、處理器804執行包括電腦執行指令的管理模組836, 、·-員示資這些資訊包括網頁位址以及分別與這些網頁 地址關聯的用戶登錄憑證,但不以此為I因此,用戶能 夠管理用戶的登錄憑證,例如,流覽、編輯、增加、或刪 除資料庫838中的一個或多個登錄憑證。 備份與同步模組850透過處理器804執行的電腦執行 指令來實現’將資料庫838中儲存的資料備份到遠端飼服 器840中,並且將遠端伺服器84〇中的資料同步到資料庫 838中。因此,當用戶端82〇耦接至遠端伺服器84〇時, 則備份與同步模組850將自動地儲存在遠端伺服器84〇中 〇647-TW-CHSpec+Claim(f,led-201〇〇7l6).doc 20 201206138 的資料同步到用戶端820中。 圖9所示為根據本發明一實施例擷取用戶登錄憑證的 示例性方法流程圖900。雖然圖9描述了一些特定的步驟, 但是這些步驟僅是舉例說明用❶此外,本發明亦可執行各 種其他步驟或者圖9所示步驟中改變過的步驟。方法流程 圖900中的步驟可以透過儲存在電腦可讀媒體中的電腦執 行指令來實現。以下將結合圖8對圖9進行描述。 當用戶第一次登錄網頁時,則用戶需要註冊帳戶以存 • 取網頁,並且手動地輸入用戶登錄憑證(包括用戶身份和 密碼)。在步驟902中,擷取用戶所輸入的登錄憑證(包括 用戶身份和密碼)。具體來說,處理器8〇4執行接收模組 834而與網頁流覽器配合以自動地擷取用戶在網頁中所輸 入的用戶登錄憑證(包括用戶身份和密碼)。在步驟9〇4 中,處理器804判斷用戶是否已經通過臉部驗證。若用戶 已經通過臉部驗證時,則執行步驟91〇 ;否則,將執行步 驟906。在步驟906中,處理器8〇4將觸發圖像識別模組 φ 832,以啟動臉部識別。在一實施例中,透過照相機802 擷取一或多個用戶的臉部圖像。在步驟9〇8中,處理器8〇4 執行圖像識別模組832以判斷照相機8〇2所擷取的臉部圖 像是否與儲存在資料庫838中的臉部圖像範本匹配(用戶 是否被授權)。若用戶通過驗證,例如,所擷取的臉部圖 像與儲存在資料庫838中的臉部圖像範本匹配時,則執行 步驟910 ;否執行步驟916,以結束註冊。 在步驟910中’處理器8G4執行接收模組州以判斷 與網頁__戶登㈣證在f料庫838中是否已經存 0647-TW-CH Spec+Claim(filed-201〇〇7i6).d〇i 21 201206138 在。若登錄憑證在資料庫838中已經存在時,則執行步驟 916 ’以結束註冊。否貝1卜如步驟912中描述,處理器8〇4 執行接收 834’以將所齡的絲憑證存人資料庫咖 中。優點在於,處理器8〇4執行接收模組辦,以將用戶 登錄憑證和對應的臉部圖像範本捆綁或者_。結果,登 錄憑證與對應的網頁和龍的臉部圖像範本相關聯。在步 驟914中,備份與同步模組85〇將資料庫⑽巾的資料備 份到遠端伺服器840中。 圖1〇所示為根據本發明-實施例自動填寫用戶登錄 憑證的不例性方法流程圖麵。雖然圖1()描述了一些特 定的步驟,但是這些步雜是舉舰_。此外,本發明 亦可執行各種其他步驟或者圖1G所示步財改變過的步 驟。方法流程圖1_中的步驟可以透過儲存在電腦可讀 媒體中的電腦執行指令來實行。以下將結合圖8和圖 圖10進行描述。 在步驟1002 +,當用戶打開網頁時,則處理器_ 執行接收模組834以擁取網頁的位址。在步驟丽中, 處理器_判_戶是否通過臉部驗證。若用戶通過臉部 驗證時,則執行轉麵;否則,執行步驟讓。在步驟 藤中,處理㈣4觸發圖像識別模組阳以啟動臉部識 別。在-實施例中,透過照相機8 〇 2拍贝取用戶的一個 像。在步驟麵,,處理器8〇4執行圖像識別 ,附的臉部圖像範本匹配(用户是象否 =存 右用戶通過驗證,例如,所掏取的臉部圖像與儲存在資料 0647-TW-CH Spec+Claim(filed-20100716).doc 22 201206138 庫838中的臉部圖像範本匹配時,則執行步驟1〇1〇 ;否則 執行步驟1014,以退出自動填寫流程。 在步驟1010中’處理器804執行接收模組834以判 斷與網頁和臉部圖像範本關聯的用戶登錄憑證在資料庫 838中是否存在。若在資料庫838中未找到這樣的登錄憑 也時,則執行步驟1016 ,以進行圖9中方法流程圖9〇〇的 s主冊流程,否則,如步驟1〇12描述,處理器8〇4執行接 收模組834以自動地在網頁中填入登錄憑證。因此,用戶 無需手動地輸入登錄憑證。在步驟1〇14中,方法流程圖 1000結束自動填寫。 雖然在此所描述的實施例是以網頁為背景,但是本發 明並不局限於此。比如說,本發料以為其他種類的需要 用戶身份和密碼才可以存取的軟體(例如,即時通信軟 體’ Instant Messenger等)自動填寫登錄憑證。 --π姐只❿f附固值為本發明之常用實施 例。顯然,在不脫離權利要求書所界定的本發明精神和發 明範圍的前提下可以有各種增補、修改和替換。本領域技 術人員應該理解,本㈣在實際應心可根據具體的 和工作要求在料離發卿_妓下絲式、結構、佈 局、比例、材料、it素、it件及其它方面有所變化。因此, 在此彼露之實施例僅用於說明而非限制,本㈣ 後附申請專職鼠其合法等_界定,而不限於此前之 描述。 【圖式簡單說明】 0647-TW-CH Spec+Claim(filed-20100716).doc 23 201206138 以下結合附圖和具體實施例對本發明的技術方法進 行詳細的描述)以使本發明的特徵和優點更為明顯。其中: 圖1所不為根據本發明的—實施例的網路系統的示例 性方塊圖; 圖2所示為根據本發明的一實施例的登錄網路設備的 示例性方法流程圖; 圖3所不為根據本發明的—實施例的網路系統的示例 性方塊圖; 圖顿不為根據本發明的一實施例的登記識別資訊和 憑證的示例性方法流程圖; .圖5所示為根據本發明的一實施例的自動將網路設備 加鎖/解鎖的示例性方法流程圖; 圖6所示為根據本發明的一實施例的網路系統的示例 性方塊圖; 實施例的提供憑證的示例 圖7所示為根據本發明的一 性方法流程圖; 圖8所示為根據本發明的一實施例的經由臉部識別啟 動網站登錄的電腦系統的示例性方塊圖; 圖9=為根據本發_ —實施綱_用戶登 5 登的不例性方法流程圖;以及 圖10所示為根據本發明的—實施例的自 登錄憑證的示例性方法流程圖。 【主要元件符號說明】 100 :網路系統 0647-TW-CH Spec+Claim(filed-20100716).doc 24 201206138 102 :可攜式設備 106 :預設識別資訊 110 :網路設備 112 :憑證提供元件 114 :驗證平臺 116 :資料庫 118 :登錄元件 120 :預設憑證201206138 VI. Description of the Invention: [Technical Field of the Invention] The present invention relates to a network device and a login method thereof. [Prior Art] Computer systems typically include login and lock/unlock elements to protect the computer system from unauthorized users. For example, when the computer system is turned on, the user needs to provide an authorized credential to log in to the computer system. Users can access and/or control applications on the computer system only after successfully logging into the computer system. In general, the traditional method of providing credentials to a computer system includes entering a username and a password in a login window displayed on the screen of the computer system. After the user logs in to the computer system, if the computer system does not receive an instruction from the user within a predetermined time, a locking/unlocking component of the computer system automatically locks the computer system. At this time, if the user still needs to access and/or control the application in the computer system, the user needs to provide the authorized credentials (for example, inputting the user name and password) to unlock the computer system. In other words, after each lock/unlock component locks the computer system, the user must enter a user name and password to unlock the computer system. However, repeatedly entering the user name and password not only causes inconvenience to the user, but also increases the chances of the unauthorized user successfully obtaining (or stealing) the user name and password. SUMMARY OF THE INVENTION The technical problem to be solved by the present invention is to provide a network device and a login method thereof, which are used to help users automatically use the identification information of the portable device. 0647-TW-CH Spec+Claim(filed-201〇〇7l6) , doc 3 201206138 Log in to the network device. To solve the above technical problem, the present invention provides a method for logging in a network device, comprising: receiving a preset identification information from a portable device; and if the preset identification information matches a content of a database, controlling The database provides a preset credential; and verifies the preset credential, and if the preset credential is valid, the preset credential is used to allow the portable device to log in to the network device. The invention further provides a network device, comprising: an interface for receiving a preset identification information from a portable device; and a processor coupled to the interface and verifying the preset identification information, if the pre- When the identification information matches the content of a database, a preset voucher is retrieved from the database. If the preset voucher is valid, the portable voucher is allowed to log in to the network by using the preset voucher. Road equipment. Compared with the prior art, the login method of the network device of the present invention helps the user to automatically log in to the network device through the identification information of the portable device, so that the user does not need to input the user credential repeatedly, which not only brings convenience to the user but also reduces the user's convenience. The probability that an authorized user will successfully acquire (or steal) a user's credentials. The technical solutions of the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments to make the features and advantages of the present invention more obvious. [Embodiment] Hereinafter, a detailed description will be given of an embodiment of the present invention. While the invention will be described in conjunction with the embodiments, it is understood that the invention is not limited to the embodiments. Rather, the invention is intended to cover various modifications, modifications, and equivalents, as defined in the spirit and scope of the invention as defined by the scope of the appended claims. Things. In the following detailed description of the invention, numerous embodiments are set forth to provide a comprehensive understanding of the invention. However, it will be understood by those of ordinary skill in the art that the present invention may be practiced without the specific details. In other instances, well-known methods, procedures, and components have not been described in detail in order to facilitate the substance of the invention. The following sections describe in detail the most efficient ways in which the general knowledge of the system, the program, the logic blocks, the steps, and the representation of the operation of the data bits in the computer memory are in the real world. In the present invention, a pass, a logical block, a step, or the like, is considered to result in a desired result by a step or instruction. These steps = word physical quantities are physically processed. Although it is not necessary, usually this storage, = ^ reading or magnetic money makes the transmission, combination, comparison and so on in the computer system. Rationality = It should be understood that these similar terms are related to the appropriate substance and are only indicated on these physical quantities. Unless specifically emphasized, it is obvious from the following description: "receive,", "control,", "allow,", "detect,,, send" "verify", "search," , "crowd,, etc., computer systems or other similar electronic computing devices', reference actions and steps (four) material "pure; these (electronic) quantities are processed and converted to other similarities, in the memory or Other data storage such as information storage, transmission or sensible quantity. 647-TW-CHSpec-fClaim(fi[ed-2〇l〇〇716).doc 201206138 The embodiment of the present invention is through general text To describe a computer executable instruction that a computer can cause "a form of media (eg, a program module) to exist and be executed by one or more computers, other devices. Generally, programs, people perform special tasks or execute specific abstract data module routines (r〇utine), programs, objects, components, data structures, and so on. The function of the program module will be combined or distributed according to various implementations. For example, media available for computers may include computer storage media and media's but not limited to them. The computer storage ship contains any means or technology (4) computer-readable instructions, data structures, program modules or other data variable (v () la / immutable, removable / non-removable computer Storage media. Power media includes (10)M), read-only memory (predicate), electronic erasable 2 = δ 忆 体 (EEPR 〇 M), flash memory or other memory technology, CD ( CD: R〇M), digital versatile disk (DVD) or other optical storage, cassettes, tapes, disks, or other magnetic storage or other media that can be used to store data, but Not limited to this. The communication medium may use computer readable instructions, data structures, data on other modulated data signals, such as carrier waves or other transmissions, and includes any information delivery media. The term "modulated data signal" refers to a signal that has one or more sets of features, or that is altered by, for example, an encryption or encryption method that is encrypted on the signal. For example, communication media = wired network or wired media connected by direct line, or wireless media such as acoustic, radio frequency (RF), infrared or other, but not limited to . The combination of the above media is also I 0647-TW-CH Spec+Claim(filed.20100716).do < 6 201206138 In the context of computer readable media. The present invention provides a network system including a portable device and a network device. The portable device includes a preset identification information for identifying the portable device. The preset identification information is associated with a preset credential. The network device receives preset identification information from the portable device and verifies the preset identification information. If the verification result indicates that the preset identification information is valid (or authorized), then the network device utilizes the preset credentials to allow the login of the portable device; otherwise, the network device will discard the preset identification information. # Figure 1 is a block diagram showing an exemplary network system 1 in accordance with an embodiment of the present invention. Network system 100 includes a portable device 102 (e.g., a mobile phone, a personal digital assistant, a portable media player, a headset, etc.) and a network device 110 (e.g., a computer, router, etc.). The portable device 102 includes a preset identification information 106 and a software program (for example, an application), etc., and is implemented by one or more hardware modules. The network device 110 includes a computer readable medium for storing a credential providing component 112, a program module (e.g., login component 118), a database 116, and the like. The network device 110 can further include a processor (not shown in FIG. 1) that executes the aforementioned program modules. The preset identification information 106 can be used as the information for identifying the portable device 1〇2. In an embodiment, the preset identification information 106 may include a serial number of an identification module (not shown in FIG. 1) in the portable device 102. For example, the portable device 102 can be a mobile phone with a Subscriber Identity Module (SIM) card inserted. The SIM card may contain a serial number associated with the SIM card or associated with the mobile phone user. The serial number can be an International Mobile Subscriber Identity (IMSI code). In another embodiment, the preset identification information 106 may include 0647-TW-CH Spec+Claim(filed-2〇l〇〇716).doc η 201206138 a communication module in the portable device 102 (not shown in A network address in FIG. 1 can be, for example, a Bluetooth address of a Bluetooth communication module (a globally unique address), a media access control address of a wired or wireless communication module (a global A unique address, or a serial number/identification code that can identify a module, an integrated circuit, or an electronic chip in the portable device 102, but is not limited thereto. The application can communicate with the network device 110. For example, the application can generate a data packet with preset identification information 1〇6 and pass the Bluetooth channel, wireless compatible authentication (WI-FI) channel, universal packet radio service (GPRS) channel or Fibre Channel. The data packet is transmitted/transmitted to the network device 110. In this embodiment, after the network device 11 receives the preset identification information 106, the network device 11 will verify the preset identification information 1〇6 and generate a verification result. If the verification result indicates that the preset identification information 1〇6 is invalid (or unauthorized), the network device 110 will discard the preset identification information 106. If the verification result indicates that the preset identification information 1〇6 is valid (or authorized), the portable device 102 will log in to the network device no. After the portable device 102 successfully logs into the network device no, the portable device 1〇2 can communicate with the network device 11, for example, accessing an application in the network device 11(). Network device 110 includes an operating system (not shown in Figure 1) to execute credential providing component 112 and login component 118. The login component 118 passes through a login interface (not shown in Figure 1) to receive a credential (e.g., username, password, facial profile, fingerprint profile, etc.). For example, the login component 118 can receive a username and password via a login window displayed on the screen of the network device 110. In addition, the registration element 0647-TW-CH Spec+C laim(fi!ed-20100716).doc 8 201206138 :118 can also receive facial feature data or fingerprint features through _ facial software or through fingerprint identification software data. In another real estate, the login component 118 can receive the user's default voucher 12 through the credential providing component 112. Specifically, the network device ιι〇 includes a communication interface that interfaces to the processor (eg, a Bluetooth interface, not shown in FIG. 1). The Dgj age-aged surface can receive pre-identification from the portable device 1〇2. The information 106, and the preset identification information 1〇6 is passed to the element 112. The processor will then execute the credential providing component 112 such that the credential providing component 112 verifies the pre-set identification information 106 on a verification platform 114 to generate a verification result, and automatically provides the user's default credential 120 to the login component based on the verification result. 118. Next, the processor executes the login component 118 such that the login component ι 18 verifies the default credentials 12〇, for example, the login component 118 can search for a list of preset credentials (not shown in FIG. 1) if the login component U8 is When the voucher corresponding to or corresponding to the preset voucher 120 is found in the preset voucher list (the default voucher 12 is valid), then the login component 118 will utilize the preset voucher 12 to allow the user (eg, the portable device 102) Logging in to the network device 11; otherwise, the login component 118 will discard the default credentials 120. The advantage is that the user can choose to automatically log in to the network device 11 so that the user does not need to enter credentials such as the user name and password each time the network device 110 is logged into. Therefore, the user can use the network device 110 more conveniently and reduce the chance that the user name and password are successfully obtained (or stolen) by the unauthorized user. The database 116 includes a plurality of data pairs. Each of the data includes a preset identification information and a preset 0647-TW-CH Spec+Claim(filed-20100716).doc 9 201206138 certificate associated with the preset identification information. After the network device 110 receives the preset identification information 106 from the portable device 102, the network device no will verify whether the preset identification information 1〇6 is valid on the verification platform 114 based on the database 116, and generate a verification result. For example, the network device 110 searches for the preset identification information 106 by searching a plurality of data pairs in the database 116 to verify whether the preset identification information 106 is valid. If the same or corresponding information as the preset identification information ι 6 is found in the database 116, the preset identification information 1 〇 6 is regarded as valid. In the database 116, a pair of data consisting of the preset identification information 1〇6 and the preset voucher 120 associated with the preset identification information 106 can be found. Next, the credential providing component 112 will control the repository 116 to provide a preset credential 120 to the login component 118. In one embodiment, the credential providing component U2 mines the default credential 12 from the repository 116 and passes the default credential 12〇 to the login component 118. In another embodiment, the login component ι 18 retrieves the default credential no directly from the repository 116. If the same or corresponding information as the preset identification information 1〇6 is not found in the database 116, the preset identification information 106 is regarded as invalid. At this time, the network device 11〇 discards the preset identification information 106. 2 is a flow chart 20 of an exemplary method of logging in to a network device in accordance with an embodiment of the present invention (the steps in flowchart 200 can be performed by computer executing instructions stored in a non-transitory computer readable medium, 2 will be described in conjunction with Figure 1. In step 202, the network device 11 starts a login process (automatic login process). In step 204, the network device 11 detects the portable device 102 (e.g., action) Telephone, personal digital assistant, portable media player, earphone, etc.) 〇0647-TW-CH Spec+Claim(filed-20100716).d〇i 10 201206138 In step 206, network device 110 detects whether a pre-receive is received. The identification information 106 is set. If the network device 110 receives the preset identification information 1〇6, the network device 110 performs step 208. In step 208, the network device 110 verifies whether the preset identification information 1〇6 is Valid, for example, searching in the database 116 for information having the same or corresponding information as the preset identification information 1 〇 6. In step 210, if the preset identification information 1 〇 6 is invalid, for example, in the database 116 No preset knowledge found When the information is 1〇6, the network device 110 will perform step 220 to discard the preset identification information 1〇6. If the pre-pre-δ and the identification information 1 〇6 are valid, for example, the preset identification information is found in the database 116. When the same or corresponding information is 106, step 212 is performed. In step 212, the credential providing component 112 reads the corresponding pre-request credential 120' from the repository 116 and passes the preset credential 120 to the login component 118. In step 214, the login component 118 verifies the preset credential 12, for example, the login component 118 searches the preset credential list for the preset credential 12〇. In step 216, if the default credential π〇 is invalid, for example, in the pre- If the preset voucher 12 is not found in the voucher list, the network device u executes step φ 220 ' to discard the preset identification information 106 and the preset voucher 120. If the preset voucher 120 is valid 'for example' If the same or corresponding credentials are found in the voucher list, then step 218 is followed. In step 218, the login component U8 uses the default voucher 12 to enable the portable device 102 to log in to the network device. 3 is shown as EMBODIMENT OF THE INVENTION An exemplary block diagram of a network system 300. The same elements are identified in Figure 3 and Figure 301 having similar functions. As shown in Figure 3, the network device 11 further includes a detection component 322, a plus A program module such as a lock/unlock component 324 and a registration component 326. 0647-TW-CHSpec+Claim(filed-20100716).doc 11 201206138 These program modules can be stored in a computer readable medium. The network device 11 further includes a storage unit 316 that is separate from the computer readable medium or implemented in a computer readable medium. The storage unit 316 can store the figure! The database 116 shown. The detecting component 322 receives the data packet from the portable device 1〇2 and detects the state of the portable device 1()2. For example, the detecting component 322 detects whether the portable device 102 is located within a certain range, for example, < Whether the distance between the portable device 102 and the network device U is less than a certain length. Specifically, the removable device 1() 2 includes a wireless communication module (e.g., a Bluetooth communication module) for short-distance data exchange. If the wireless communication module (for example, the Bluetooth communication module) is activated, and the distance between the portable device 102 and the network device 11〇 is less than a certain length, then the network is further configured to receive the portability The device 102 forces the data packet of the identification information 106 (eg, a Bluetooth address) to be preset. If the wireless communication module is disabled or the distance between the portable device 102 and the network device is greater than a certain length, then the network device 110 cannot receive the data including the preset identification information 106 of the portable device 102. Packet. The registration component 326 registers the voucher and identification information into a database 116 as shown in Figure ,, for example, by writing the voucher and identification information into the storage unit 316. Specifically, in the registration process, when the network device 110 receives the preset identification information 1〇6 from the portable device 102, the user can provide the preset voucher 120 to the registration component 326. For example, the user enters the username and password in the registration window displayed on the screen of the network device 110. For another example, the user utilizes the face recognition software to capture the user's facial features or use the fingerprint recognition software to retrieve the user's fingerprint features. Therefore, 0647-TW-CH Spec+Claim(filed-20100716).doc 12 201206138 The registration component 326 writes the preset identification information ι6 and the preset voucher 12〇 into the casting unit 316. In this embodiment, each piece of identification information corresponds to one voucher, but each voucher may be corresponding to a plurality of pieces of identification information according to actual needs. The storage unit 316 stores the data repository 116. For example, the storage unit stores a plurality of data pairs including a plurality of credentials and corresponding plurality of identification information. The storage unit 310 can temporarily store a preset identification information. Specifically, when the network device 110 receives the preset identification information 1〇6 from the portable device 1〇2, the storage unit 316 temporarily stores the preset identification information 1〇6. The lock/unlock element 324 performs the lock/unlock according to the temporary preset identification information 1〇6. Specifically, the detecting component 322 detects the state of the portable device 1〇2 during the time when the portable device 1〇2 logs in to the network device 11〇. If the portable device 102 is powered off or the portable device 1〇2 is moved out of the specified range, the detecting component 322 will not be able to receive the preset identification information 106 from the portable device 1〇2. Therefore, the detecting component 322 (4) generates a locking signal to the locking/unlocking component 324, so that the locking/unlocking component 324 locks the network device 11 to the network 3 and is locked. Μ] will continue to detect the status of the portable device 102. If the detecting component 322 receives the same or corresponding identification information as the preset identification information (10) temporarily stored in the storage unit 3丨6, then the portable device 1〇2 is considered to be within a specific range, and the detecting component 322 is correspondingly generated. The unlock signal is applied to the lock/unlock element 324. The lock/unlock element 324 will perform an unlocking process to unlock the network device 11 using the preset credentials 120. However, if the detecting component 322 receives the identification 0647-TW-CH Spec+Claim(filed-20100716).doc 13 201206138 information different from the preset identification information 1〇6 temporarily stored in the storage unit 316, it represents another Portable devices are located within this specific range. The network device 110 will discard the previously received identification information and continue to detect the status of the portable device. 4 is a flow chart diagram 400 of an exemplary method for a network device to perform a registration process in accordance with an embodiment of the present invention. The steps in method flow diagram 400 can be performed by a computer executing instructions stored on a non-transitory computer readable medium. 4 will be described below in conjunction with FIGS. 1 and 3. In step 402, the network device 110 begins the registration process. In step 404, network device 110 searches for target portable device 102. In step 406, the detecting component 322 detects whether the preset identification information 106 of the target portable device ι2 is received. If the network device 110 receives the preset identification information 106 from the target portable device 102, the network device 11 performs step 408' to wait for the user to input the preset credentials 12 (eg, user name, password, face). When the registration component 326 receives the preset voucher 120, the network device 11 executes step 410 to store the preset voucher 120 and the preset identification information 1〇6, for example, the preset The voucher 120 and the preset identification information 106 are written into the storage unit 316. In step 412, the network device 110 receives an instruction/command from the user. If the user commands the network device 110 to continue performing the registration process, then step 404 is performed; Otherwise, the network device 11 will perform step 414 to end the registration process. Figure 5 is a flow chart 500 of an exemplary method for a network device to perform an automatic force lock/unlock process in accordance with an embodiment of the present invention. The step of ^ can be performed by a computer executing instructions stored in a non-transitory computer readable medium. The following will describe Figure 5 in conjunction with Figure 丨 and Figure 3: 0647-TW-CH Spec+Claim(filed- 20100716).doc 14 201206138. During the period when the portable device 102 logs in to the network device ,ι〇, the network δ further executes step 502' to start the automatic locking process. Specifically, in step 504 The detecting component 322 detects the state of the portable device 102, for example, detecting whether the preset identification information 106 associated with the portable device 102 is received. In step 506, if the portable device 1〇2 is located in the network device Within a specific range around 110, such that detection component 322 can receive preset identification information 1() 6 from portable device 102, then network device 110 will perform step 508' to initiate a timer (not shown) In FIG. 1 and 3), in step 510, if a predetermined time is exceeded, the network device 110 will perform step 504 to continue detecting the state of the portable device 1 。 2. In step 506, When the portable device ι〇2 is located outside the specific range around the network device 11〇, such that the detecting component 322 cannot receive the preset identification information 106 from the portable device 102, the network device 10 will perform step 512. 'To lock the network device Η0 While the network device 110 is locked, the network device 11 will perform step 514 to begin the automatic unlocking process. Similar to step 5〇4, the detecting component 322 detects the portable device 1〇2 in step 516. In step 520 of the embodiment shown in FIG. 5, if the portable device 102 is outside the specified range, the network device 110 will perform step 516 to continue detecting the status of the portable device 102. In an embodiment, if the portable device 102 is outside a certain range, the network device 110 will start a timer and perform step 516 when a predetermined time is exceeded. If the portable device 1 is located within a specific range, step 522 is performed. In step 522, the lock/unlock element 324 reads the preset voucher 120 from the storage unit 316, and 0647-TW-CH Spec+Claim(filed-2〇1 〇〇716).d〇t 201206138 utilizes the preset The credential 120 unlocks the network device lio. After step 522 is completed, step 502 will be performed. In the detection process of an embodiment (for example, step 504), the portable device 102 can periodically send a data packet containing the preset identification information 1〇6 to the network device 110, so that the network device 11〇 remains unlocked. status. The portable device 102 can lock the network device 110 by stopping sending data packets to the network device no. In another embodiment, the network device 110 may periodically send a request for the preset identification information 1 to 6 to the portable device 102. If the portable device 102 is within a certain range, the portable device 102 will respond to the request to send a data packet containing the preset identification information 1〇6 to the network device 110. If the portable device 102 is outside a certain range, then the network device 110 will not be able to receive a response from the portable device 1〇2. Figure 6 is a block diagram showing an exemplary network system 6A in accordance with an embodiment of the present invention. Elements identified by the same in Figures 1, 3 and Figure have similar functions. In the embodiment of FIG. 6, network device 11() may be a router or gateway coupled to an internal network 628. The internal network 628 can be a company that includes multiple applications (eg, data backup 63, user management 632, domain management 634, notebook 636, desktop 638, workstation 640, server 642, etc.) Internal network, but not limited to this. In this embodiment, the portable device 1〇2 logs into the internal network 628 through the network device 11(). For example, the network device 11 receives the preset identification information 1〇6 of the portable device 102, and verifies whether the preset identification information 1〇6 is valid. If the preset identification information 106 is valid, the voucher providing component 0647-TW-CH Spec+Claim(filed-20100716).doc 16 201206138 Π2 reads the preset associated with the preset identification information 1〇6 from the database ι16 The voucher 120, and the default voucher 12〇 is passed to the login component 118, so the login component 118 enables the portable device 102 to log into the internal network 628 using the pre-set credentials 120. In this embodiment, if the portable device 1〇2 does not log in to the network device 1', the internal network 628 cannot be accessed. In the embodiment shown in FIG. 6, the portable device 102 further includes an access control component (not shown) for controlling access to applications in the internal network 628. When the portable device 1〇2 successfully logs into the network device 110, the portable device 1〇2 accesses the application in the internal network 628 using the access control element. In one embodiment, when the portable device 102 successfully logs in (using the first successful login as an example) the network device 110, the portable device 102 downloads the access control component from the network device 110. In one embodiment, the portable device 102 can also utilize an installation disc to mount the access control components. Of course, access control components can also be installed by other means. FIG. 7 shows an exemplary method flow diagram 700 for providing credentials in accordance with an embodiment of the present invention. FIG. 7 will be described below in conjunction with FIGS. 1, 3, and 6. In step 702, the credential providing component 112 receives the preset identification information 106 from the portable device 102. The preset identification information 1〇6 includes a serial number and/or an address. In particular, in one embodiment, the serial number is the IMSI code of the SIM card inserted into the portable device 102. In one embodiment, the address is the network address of the communication module in the portable device 102. For example, the network address is the Bluetooth address of the Bluetooth communication module or the MAC address of the wired/wireless communication module. 0647-TW-CH Spec+Claim(filed-20100716).doc 17 201206138 In step 704, if the preset identification information 106 matches the content in the database 116, the voucher providing component U2 controls the database u6 to provide a preset. The voucher 120 is given to the login element U8. Specifically, the network device u searches for a plurality of data pairs stored in the database 116 for the preset identification information 106. If the preset identification information 1〇6 is found in the data library ι16, the preset s-line-be §fl 106 matches a pair of data in the database 116. The data pair further includes a preset voucher 12 associated with the preset identification information 1〇6. In step 706, if the default credential 120 is valid, the login component 118 permits the portable device ι2 to log into the network device 110 using the preset credential 12〇. The preset voucher 12 includes at least one of a user name, a password, a face feature data, a fingerprint profile, and the like, and a voucher associated with the user having the portable device 102 or authorized to use the portable device 102. The above embodiments of the present invention provide a network device including a login interface and/or an unlock interface. The network device automatically logs in or unlocks the network device using the credentials associated with the user. For example, the credentials are associated with the security credentials of the portable device (e. g., identification information), e.g., the credentials and identification information are paired and stored in the database towel. The Kawasaki device receives the identification information from the portable device and reads the voucher associated with the identification information from the database. Network equipment can be widely used in such fields as computers, routers, and gateways. In an embodiment, the network device can be a computer system. When the portable device successfully logs in, the phone can be (4) face recognition login website. Figure 8 is a block diagram showing an exemplary computer system 8GG for enabling website login via face recognition in accordance with an embodiment of the present invention. Computer system 8〇〇 Automatically fill in the user's login ID and password. If the user passes the face recognition 0647-TW-CH Spec+Claim(filed-20100716).doc 201206138, the website login is started. The computer system 80A includes a client 82A and a remote server 840. The client 820 can be a computer, a personal digital assistant, or the like. The client 820 includes a processor 8.4 (e.g., a central processing unit) and a computer readable medium (e.g., storage device 83). The beta 820 is coupled to a camera 820. The processor 8.4 can control the camera 802 to capture an optical image and generate an electronic signal associated with the captured optical image. The processor 804 receives the electronic signal from the camera 8A and transmits the electronic signal to the corresponding module in the storage device 83. In another embodiment, the camera 802 is integrated in the user terminal 82. In an embodiment, the storage device 83 includes an image recognition module 832, a receiving module 834, and a management module 836. A database 838, and a backup and synchronization module 85. The image recognition module 832 can execute instructions through a computer executed by the processor 804 to perform image recognition (e.g., face recognition). The image recognition module 832 compares the user's face image captured by the camera 8〇2 with one or more facial templates stored in the database 838. If the captured user face image matches at least one face template stored in the database 838, the user passes the verification. Otherwise, the user has not verified. The receiving module 834 can be implemented by a computer executing instructions executed by the processor 804. The receiving module 834 can be a web page browser receiving module embedded in a web page browser. The receiving module 834 can execute the instruction through the processor 8〇4 to cooperate with the network thief to automatically capture 2 login credentials (for example, login identity and password) entered on the webpage. In addition, the receiving module 834 can execute the computer execution through the processor 8〇4, and then, the user login credential of the webpage and the face template corresponding to the user^0647-TW-CH Spec+Claim(filed-201〇〇716) Tdoc 19 201206138 联, and if the user passes the verification (for example, μ and risk: template matching), then the face image on page 2::: (for example, one to face template, at least - login credentials: two =:: The buffer 804 will perform a receive mode pass verification. If the processor 804 can detect that the user is the face m processor 804 detects the face signal captured by the camera 802 and the face stored in the database W = ^ When this match, the processor_ executes the receiving module 834 to check if the login credentials associated with 2 = and the matching image template store the day hi* 838 towel. If such a login is found in the f library 838 The processor 804 executes the receiving module 834 to automatically enter the login credentials of the user in the web page. Therefore, the user does not need to manually input the login certificate. If the user passes the verification, the processor 8〇4 executes. Receive module Magic 4 to automatically fill in user login The processor 804 executes a management module 836 including a computer execution instruction, and the member indicates that the information includes a webpage address and a user login credential respectively associated with the webpage address, but not as a user. The user's login credentials can be managed, for example, to view, edit, add, or delete one or more login credentials in the repository 838. The backup and synchronization module 850 implements the instructions through the computer executed by the processor 804. The data stored in the library 838 is backed up to the remote feeder 840, and the data in the remote server 84 is synchronized to the database 838. Therefore, when the client 82 is coupled to the remote server 84. The backup and synchronization module 850 will automatically store the data stored in the remote server 84〇 647-TW-CHSpec+Claim(f, led-201〇〇7l6).doc 20 201206138 to the user terminal 820. Figure 9 is a flow chart diagram 900 of an exemplary method for extracting user login credentials in accordance with an embodiment of the present invention. Although Figure 9 depicts some specific steps, these steps are merely illustrative and additional aspects of the present invention. Various other steps may be performed or steps that have been changed in the steps illustrated in Figure 9. The steps in method flow diagram 900 may be implemented by a computer executing instructions stored on a computer readable medium. Figure 9 will be described below in conjunction with Figure 8. When the user logs in to the web page for the first time, the user needs to register an account to save the web page and manually input the user login credentials (including the user identity and password). In step 902, the login credentials entered by the user are retrieved ( Including the user identity and password. Specifically, the processor 8〇4 executes the receiving module 834 to cooperate with the webpage browser to automatically retrieve the user login credentials (including the user identity and password) entered by the user in the webpage. . In step 9〇4, the processor 804 determines if the user has passed the face verification. If the user has passed the face verification, step 91 is performed; otherwise, step 906 is performed. In step 906, processor 8〇4 will trigger image recognition module φ 832 to initiate face recognition. In one embodiment, one or more facial images of the user are captured by camera 802. In step 〇8, the processor 8〇4 executes the image recognition module 832 to determine whether the face image captured by the camera 8〇2 matches the face image template stored in the database 838 (user Whether it is authorized). If the user passes the verification, for example, the captured facial image matches the facial image template stored in the database 838, step 910 is performed; otherwise step 916 is executed to end the registration. In step 910, the processor 8G4 executes the receiving module state to determine whether or not the page __ household (four) certificate has been stored in the f library 838. 0647-TW-CH Spec+Claim(filed-201〇〇7i6).d 〇i 21 201206138 at. If the login credentials already exist in the repository 838, then step 916' is performed to end the registration. No. 1B, as described in step 912, the processor 8〇4 executes the reception 834' to deposit the aged silk certificate in the database. The advantage is that the processor 8〇4 executes the receiving module to bind the user login credentials and the corresponding facial image template or _. As a result, the login voucher is associated with the corresponding web page and the dragon's facial image template. In step 914, the backup and synchronization module 85 copies the data of the database (10) to the remote server 840. Figure 1A is a flow chart showing an exemplary method for automatically filling in user login credentials in accordance with an embodiment of the present invention. Although Figure 1() describes some specific steps, these steps are hoisting. Furthermore, the present invention can also perform various other steps or steps that have been changed as shown in Fig. 1G. The steps in method flow chart 1_ can be performed by executing instructions on a computer stored in a computer readable medium. Description will be made below with reference to Fig. 8 and Fig. 10. In step 1002+, when the user opens the webpage, the processor_ executes the receiving module 834 to capture the address of the webpage. In step 丽, the processor_judges whether the household passes the face verification. If the user passes the face verification, the face is executed; otherwise, the step is executed. In the step vine, the processing (4) 4 triggers the image recognition module to activate the face recognition. In the embodiment, an image of the user is taken by the camera 8 〇 2 . At the step side, the processor 8〇4 performs image recognition, and the attached face image template matches (the user is like the image=the right user passes the verification, for example, the captured face image is stored in the data 0647 -TW-CH Spec+Claim(filed-20100716).doc 22 201206138 When the face image template in library 838 is matched, step 1〇1〇 is performed; otherwise, step 1014 is executed to exit the automatic filling process. The processor 804 executes the receiving module 834 to determine whether the user login credential associated with the web page and the facial image template exists in the database 838. If such a login token is not found in the repository 838, then execution is performed. Step 1016, to perform the s main volume flow of the method flow chart 9 in FIG. 9, otherwise, as described in step 1 〇12, the processor 8.4 executes the receiving module 834 to automatically fill in the login credential in the web page. Therefore, the user does not need to manually enter the login credentials. In step 1 , 14, the method flowchart 1000 ends the automatic filling. Although the embodiment described herein is based on a web page, the present invention is not limited thereto. This publication is based on Other types of software that require user identity and password access (for example, instant messaging software 'Instant Messenger, etc.) automatically fill in the login credentials. - π sister only 附f attached value is a common embodiment of the present invention. Obviously, Various additions, modifications and substitutions are possible without departing from the spirit and scope of the invention as defined by the appended claims. Those skilled in the art will understand that the present invention can be practiced in accordance with specific and operational requirements.卿 妓 丝 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 、 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 The mouse is legally defined, and is not limited to the foregoing description. [Simple description of the drawing] 0647-TW-CH Spec+Claim(filed-20100716).doc 23 201206138 The technical method of the present invention will be described below with reference to the accompanying drawings and specific embodiments. The detailed description is made to make the features and advantages of the present invention more apparent. 1 is an exemplary block diagram of a network system according to an embodiment of the present invention; FIG. 2 is a flow chart showing an exemplary method of logging in to a network device according to an embodiment of the present invention; An exemplary block diagram of a network system in accordance with an embodiment of the present invention; Tudor is not an exemplary method flowchart for registering identification information and credentials in accordance with an embodiment of the present invention; An exemplary method flow diagram for automatically locking/unlocking a network device in accordance with an embodiment of the present invention; FIG. 6 is an exemplary block diagram of a network system in accordance with an embodiment of the present invention; Example of Voucher Figure 7 is a flowchart of an exemplary method in accordance with the present invention; Figure 8 is an exemplary block diagram of a computer system for initiating website login via face recognition, in accordance with an embodiment of the present invention; An exemplary method flow diagram for a self-logged-in credential according to the present invention is shown in FIG. 10 as a flow chart of an exemplary method in accordance with the present invention. [Main component symbol description] 100: Network system 0647-TW-CH Spec+Claim(filed-20100716).doc 24 201206138 102: Portable device 106: Preset identification information 110: Network device 112: Credential providing component 114: verification platform 116: database 118: login component 120: default credentials
200 :登錄網路設備的示例性方法流程 202〜220 :步驟 300 :網路系統 316 :儲存單元 322 :檢測元件 324 :加鎖/解鎖元件 326 :登記元件 400 :登記識別資訊和憑證的示例性方法流程圖 402〜414 :步驟200: Exemplary Method Flow for Logging In to a Network Device 202-220: Step 300: Network System 316: Storage Unit 322: Detection Element 324: Lock/Unlock Element 326: Registration Element 400: An Example of Registering Identification Information and Credentials Method Flowchart 402~414: Steps
500 :自動將網路設備加鎖/解鎖的示例性方法流程圖 502〜522 :步驟 600 .網路系統 628 :内部網路 630 :資料備份 632 :用戶管理 634 :網域管理 636 :筆記型電腦 0647-TW-CH Spec+Claim(filed-20100716).doc 25 201206138 638 :桌上型電腦 640 :工作站 642 :伺服器 700 :提供憑證的示例性方法流程圖 702〜706 :步驟 800 :電腦系統 802 :照相機 , 804 :處理器 820 :用戶端 830 :儲存設備 832 :圖像識別模組 834 :接收模組 836 :管理模組 838 :資料庫 840 :遠端伺服器 850 :備份與同步模組 900 :擷取用戶登錄憑證的示例性方法流程圖 902〜916 :步驟 1000 :自動填寫用戶登錄憑證的示例性方法流程圖 1002〜1016 :步驟 0647-TW-CH Spec+Claim(filed-20100716).doc 26500: Exemplary Method of Automatically Locking/Unlocking Network Devices Flowcharts 502-522: Step 600. Network System 628: Internal Network 630: Data Backup 632: User Management 634: Domain Management 636: Notebook Computer 0647-TW-CH Spec+Claim(filed-20100716).doc 25 201206138 638: Desktop 640: Workstation 642: Server 700: Exemplary Method of Providing Credentials Flowcharts 702-706: Step 800: Computer System 802 Camera, 804: Processor 820: Client 830: Storage Device 832: Image Recognition Module 834: Receive Module 836: Management Module 838: Database 840: Remote Server 850: Backup and Synchronization Module 900 : Exemplary Method for Retrieving User Login Credentials Flowcharts 902-916: Step 1000: Exemplary Method Flowchart for Automatically Filling in User Login Credentials 1002~1016: Step 0647-TW-CH Spec+Claim(filed-20100716).doc 26