TW201409270A - An information safety control system, authentication management module and control method thereof - Google Patents

An information safety control system, authentication management module and control method thereof Download PDF

Info

Publication number
TW201409270A
TW201409270A TW101130251A TW101130251A TW201409270A TW 201409270 A TW201409270 A TW 201409270A TW 101130251 A TW101130251 A TW 101130251A TW 101130251 A TW101130251 A TW 101130251A TW 201409270 A TW201409270 A TW 201409270A
Authority
TW
Taiwan
Prior art keywords
authorization
management module
monitoring system
security monitoring
information security
Prior art date
Application number
TW101130251A
Other languages
Chinese (zh)
Inventor
Chun-Wei Tseng
Original Assignee
Univ Cheng Shiu
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Cheng Shiu filed Critical Univ Cheng Shiu
Priority to TW101130251A priority Critical patent/TW201409270A/en
Publication of TW201409270A publication Critical patent/TW201409270A/en

Links

Abstract

An information safety control system is disclosed. The system comprises a power supply, a terminal apparatus, a sensation interface and an authorizing module. The power supply supplies electric power. The terminal apparatus is used to processing data for users. The sensation interface is used for sensing an authentication data carried by the users. The authorizing module is electrically connected to the power supply, the terminal apparatus and the sensation interface. The authorizing module receives the authentication data to execute a boot procedure and a shutdown procedure. Furthermore, a control method of the information safety control system is disclosed.

Description

資訊安全監控系統、其授權管理模組及控制方法 Information security monitoring system, its authorization management module and control method

本發明係關於一種資訊安全監控系統,尤其是一種兼顧使用安全性及資訊安全性之資訊安全監控系統。 The invention relates to an information security monitoring system, in particular to an information security monitoring system that takes into consideration the use of security and information security.

按,習知資料處理設備(例如:個人電腦或伺服器等)可供使用者用以執行相關資料處理作業,例如:執行「文書處理」、「試算表」、「簡報製作」、「資料庫管理」、「收發郵件」或「電腦軟/硬體研發」等作業,對於習知資料處理設備的安全監控方式通常採用密碼(password)機制,以保護該資料處理設備及其內部資料。當使用者需使用該資料處理設備時,使用者可以啟動該資料處理設備(或稱開機,boot),並手動輸入正確的認證資料(例如:帳號及密碼),在通過身份認證後,方能登入(log-in)該資料處理設備進行相關作業。 According to the conventional data processing equipment (for example, a personal computer or a server), the user can perform related data processing operations, for example, performing "document processing", "trial spreadsheet", "presentation production", "database" Operations such as "management", "sending and receiving mail" or "computer soft/hardware development", the security monitoring method for the conventional data processing equipment usually adopts a password mechanism to protect the data processing device and its internal data. When the user needs to use the data processing device, the user can activate the data processing device (or boot, boot) and manually input the correct authentication data (for example, account number and password), after passing the identity authentication. Log-in the data processing device to perform related operations.

其中,使用者所輸入的帳號及密碼須經過該資料處理設備的作業系統(Operation System,OS)驗證後,才能登入該資料處理設備進行資料存取等作業,當使用者欲離開該資料處理設備時,需要自行登出(log-out)該作業系統、將該資料處理設備關機(shutdown),或將顯示螢幕鎖住(lock)等,以防止該使用者的登入身份被冒用或資料被竄改等情事。 The account and password entered by the user must be verified by the operation system (OS) of the data processing device before logging in to the data processing device for data access and the like, when the user wants to leave the data processing device. When you need to log-out the operating system, shut down the data processing device, or lock the display screen to prevent the user's login identity from being fraudulent or data being used. Tampering and other things.

惟,在使用者手動輸入該認證資料進行認證的過程中,除了使用不便之外,更會面臨下列情形: However, in the process of manually inputting the authentication data for authentication by the user, in addition to the inconvenience of use, the following situations are faced:

(一)倘若使用者忘記該認證資料,將無法登入該資料處理設備進行任何作業,只能求助系統管理員(system administrator)取回或重新設定該帳號或密碼。 (1) If the user forgets the authentication information, he/she will not be able to log in to the data processing device to perform any work. He can only ask the system administrator to retrieve or reset the account or password.

(二)認證使用者身份的帳號及密碼若為他人所知悉或過於簡單,或者,當使用者離開該資料處理設備時,忘記登出該資料處理設備,產生該使用者的登入身份遭他人冒用之疑慮。 (2) If the account and password for authenticating the user's identity are known or too simple for others, or when the user leaves the data processing device, forgetting to log out of the data processing device, the login identity of the user is generated by others. Use doubts.

(三)該資料處理設備係由電源供應器直接供電,並由該作業系統的登入機制進行身分認證,無法強制要求使用者在使用完畢後關機,容易造成不必要的電能浪費。 (3) The data processing equipment is directly powered by the power supply, and is authenticated by the login mechanism of the operating system. It is impossible to force the user to shut down after use, which may cause unnecessary waste of electric energy.

(四)當使用者欲關機時,可能會因為趕時間或操作不當等因素,在該作業系統的關機程序仍未完成前,即切斷該資料處理設備的電源(power off),容易造成該資料處理設備內部的資料毀損,例如:遺失檔案連結或硬碟壞軌等。 (4) When the user wants to turn off the power, the power of the data processing device may be cut off due to factors such as rushing time or improper operation, etc., before the shutdown process of the operating system is still completed. Data corruption within the data processing device, such as missing file links or hard disk bad tracks.

(五)系統未能即時得知使用者的使用情形,例如:使用時間是否過久,因而,無法對於使用時間過久的使用者進行時間限制或發出警示訊號。 (5) The system is unable to know the user's usage situation immediately, for example, whether the usage time is too long, and therefore, it is impossible to time limit or issue a warning signal to the user who has used the time.

綜上所述,習知安全監控方式除了會有「忘記該認證資料」及「登入身份易遭冒用」等系統安全問題,而且會有「浪費電能」、「資料毀損」與「使用時間過久」等疑慮,在實際使用時更衍生不同限制與缺點,確有不便之處,亟需進一步改良,以提升其實用性。 In summary, there are system security issues such as "forget the authentication information" and "login identity is vulnerable to fraudulent use", and there will be "wasted power", "data corruption" and "use time". Doubt and other doubts, in the actual use of different limitations and shortcomings, there are inconveniences, and further improvement is needed to enhance its practicality.

本發明的目的乃改良上述之缺點,以提供一種資訊安全監控系統,藉由無線感測方式識別使用者所攜帶的認證資料,以便自動控制終端設備進行開/關機程序。 The object of the present invention is to improve the above disadvantages, and to provide an information security monitoring system for identifying the authentication data carried by the user by means of wireless sensing, so as to automatically control the terminal device to perform an on/off program.

本發明之次一目的係提供一種資訊安全監控系統之授權管理模組,以識別使用者所攜帶的認證資料,而自動控制終端設備進行開/關機程序。 A second object of the present invention is to provide an authorization management module for an information security monitoring system to identify authentication data carried by a user and automatically control the terminal device to perform an on/off procedure.

本發明之另一目的係提供一種資訊安全監控系統之控制方法,以識別使用者所攜帶的認證資料,而自動控制終端設備進行開/關機程序。 Another object of the present invention is to provide a method for controlling an information security monitoring system to identify authentication data carried by a user and automatically control the terminal device to perform an on/off procedure.

一種資訊安全監控系統,係包含:一電源供應器,用以提供電源;一終端設備,供使用者執行資料處理作業;一感測介面,用以感應使用者所攜帶的認證資料;及一授權管理模組,電性連接該電源供應器、該終端設備及該感測介面,用以接收該認證資料,並依據該認證資料進行一開機程序及一關機程序。 An information security monitoring system includes: a power supply for providing power; a terminal device for performing data processing operations; a sensing interface for sensing authentication data carried by the user; and an authorization The management module is electrically connected to the power supply, the terminal device and the sensing interface for receiving the authentication data, and performing a booting procedure and a shutdown procedure according to the authentication data.

其中,該授權管理模組包含:一讀取單元,電性連接該感測介面;一授權控制單元,電性連接該讀取單元;一電源管理單元,電性連接該授權控制單元、該電源供應器及該終端設備;及一蓄電單元,電性連接該讀取單元、該授權控制單元及該電源管理單元。 The authorization management module includes: a reading unit electrically connected to the sensing interface; an authorization control unit electrically connected to the reading unit; a power management unit electrically connected to the authorization control unit, the power supply a supplier and the terminal device; and a power storage unit electrically connected to the reading unit, the authorization control unit and the power management unit.

一種資訊安全監控系統之授權管理模組,包含:一讀取單元,用以讀取一感測介面所感應的認證資料;一授權控制單元,電性連接該讀取單元,用以執行一控制程式,並依據該認證資料判讀該使用者的授權等級;一電源管理單元,電性連接該授權控制單元,用以依據該授權等級產 生一供電訊號、一開機訊號及一關機訊號;及一蓄電單元,電性連接該讀取單元、該授權控制單元及該電源管理單元,用以供電至該讀取單元、該授權控制單元及該電源管理單元。 An authorization management module for an information security monitoring system, comprising: a reading unit for reading authentication data sensed by a sensing interface; an authorization control unit electrically connected to the reading unit for performing a control a program, and according to the authentication data, the authorization level of the user is read; a power management unit is electrically connected to the authorization control unit for producing the authorization level according to the authorization level Generating a power supply signal, a power-on signal and a power-off signal; and a power storage unit electrically connected to the reading unit, the authorization control unit and the power management unit for supplying power to the reading unit, the authorization control unit, and The power management unit.

其中,該授權管理模組執行一控制程式,依據該感測介面感應到的認證資料確認一授權等級,並供電至該終端設備,待該終端設備進行該開機程序後,依據該授權等級管制該終端設備所執行的資料處理作業,當該授權管理模組無法再收到該認證資料時,進行該關機程序。 The authorization management module executes a control program, confirms an authorization level according to the authentication data sensed by the sensing interface, and supplies power to the terminal device. After the terminal device performs the booting process, the authorization device controls the The data processing operation performed by the terminal device performs the shutdown process when the authorization management module can no longer receive the authentication data.

其中,當該授權管理模組判斷該使用者的使用時間逾一使用時限時,進行該關機程序。 The shutdown process is performed when the authorization management module determines that the usage time of the user exceeds a usage time limit.

其中,該授權管理模組另包含一計時狀態指示單元,該計時狀態指示單元電性連接該授權控制單元。 The authorization management module further includes a timing status indication unit, and the timing status indication unit is electrically connected to the authorization control unit.

其中,該授權管理模組另包含一無線感測網路節點,該無線感測網路節點電性連接該授權控制單元及該蓄電單元。 The authorization management module further includes a wireless sensing network node, and the wireless sensing network node is electrically connected to the authorization control unit and the power storage unit.

其中,該無線感測網路節點為採用ZigBee通訊協定之無線感測網路節點。 The wireless sensing network node is a wireless sensing network node that uses a ZigBee communication protocol.

其中,該授權管理模組另包含一天線,該天線耦接該無線感測網路節點。 The authorization management module further includes an antenna coupled to the wireless sensing network node.

其中該感測介面為短距點對點傳輸之讀取介面,該讀取單元為短距點對點傳輸之讀取裝置。 The sensing interface is a short-point point-to-point transmission reading interface, and the reading unit is a short-distance point-to-point transmission reading device.

其中,該感測介面為生物特徵之掃描介面,該讀取單元為生物特徵之辨識裝置。 The sensing interface is a scanning interface of a biometric feature, and the reading unit is a biometric identification device.

其中,該蓄電單元為一鋰聚合電池。 Wherein, the power storage unit is a lithium polymer battery.

其中,另包含一切換器,該切換器電性連接該授權管理模組。 The switch further includes a switch, and the switch is electrically connected to the authorization management module.

其中,另包含一輸出介面,該輸出介面電性連接該授權管理模組。 The output interface is electrically connected to the authorization management module.

一種資訊安全監控系統之控制方法,係應用於上述資訊安全監控系統,該控制方法係包含:由該資訊安全監控系統之感測介面感應使用者的認證資料,並傳送至該資訊安全監控系統之授權管理模組;由該授權管理模組依據該認證資料確認一授權等級,依據該授權等級驅使該資訊安全監控系統之電源供應器供電至該資訊安全監控系統之終端設備,並指示該終端設備進行一開機程序,及依據該授權等級管制該終端設備所執行的資料處理作業;及由該感測介面持續感應使用者的認證資料並傳送至該授權管理模組,當該授權管理模組無法再收到該認證資料時,指示該終端設備進行一關機程序。 A method for controlling an information security monitoring system is applied to the above information security monitoring system, wherein the control method comprises: sensing the user's authentication data by the sensing interface of the information security monitoring system, and transmitting the authentication data to the information security monitoring system Authorizing the management module; the authorization management module confirms an authorization level according to the certification data, and drives the power supply of the information security monitoring system to the terminal device of the information security monitoring system according to the authorization level, and indicates the terminal device Performing a booting process and controlling the data processing operation performed by the terminal device according to the authorization level; and continuously sensing the user's authentication data by the sensing interface and transmitting the authentication data to the authorization management module, when the authorization management module cannot When receiving the authentication data, the terminal device is instructed to perform a shutdown procedure.

其中,當該授權管理模組判斷該使用者的使用時間逾一使用時限時,進行該關機程序。 The shutdown process is performed when the authorization management module determines that the usage time of the user exceeds a usage time limit.

為讓本發明之上述及其他目的、特徵及優點能更明顯易懂,下文特舉本發明之較佳實施例,並配合所附圖式,作詳細說明如下:本發明全文所述之「耦接」(Coupling),係指二端之間經由無線媒介,例如:電磁感應、光學感應或觸控感應等,使該二端之間可以進行資料通訊,係本發明所屬技術 領域中具有通常知識者可以理解。 The above and other objects, features and advantages of the present invention will become more <RTIgt; "Coupling" refers to the communication between the two ends via a wireless medium, such as electromagnetic induction, optical sensing or touch sensing, so that data communication between the two ends is possible. Those with ordinary knowledge in the field can understand.

本發明全文所述之「開機程序」(boot procedure),係指電腦供電後,由作業系統載入所需資源,以便使用者可以藉由電腦進行資料處理作業的過程,係本發明所屬技術領域中具有通常知識者可以理解。 The "boot procedure" as described in the full text of the present invention refers to a process in which a computer is used to load a required resource by a working system, so that a user can perform a data processing operation by a computer, which is a technical field to which the present invention pertains. Those with ordinary knowledge can understand.

本發明全文所述之「關機程序」(shutdown procedure),係指電腦之作業系統卸載所需資源,以利關閉電腦所需電源的過程,係本發明所屬技術領域中具有通常知識者可以理解。 The "shutdown procedure" as used throughout the present invention refers to the process of unloading the resources required by the operating system of the computer to facilitate the power supply required to shut down the computer, as will be understood by those of ordinary skill in the art to which the present invention pertains.

請參閱第1圖所示,其係本發明資訊安全監控系統較佳實施例之系統示意圖,其係包含一電源供應器1、一終端設備2、一感測介面3及一授權管理模組4,該授權管理模組4電性連接該電源供應器1、該終端設備2及該感測介面3。 Please refer to FIG. 1 , which is a schematic diagram of a system according to a preferred embodiment of the information security monitoring system of the present invention. The system includes a power supply 1 , a terminal device 2 , a sensing interface 3 and an authorization management module 4 . The authorization management module 4 is electrically connected to the power supply 1, the terminal device 2, and the sensing interface 3.

該電源供應器1可選用習知資料處理設備之電源供應裝置,例如:各式電源供應器(power supply)、不斷電系統(UPS)或其組合等,用以提供該終端設備2所需之電源。 The power supply device 1 can select a power supply device of a conventional data processing device, such as various power supply, UPS, or a combination thereof, to provide the terminal device 2 The power supply.

該終端設備2可採用習知資料處理設備加以改裝,例如:不具備電源供應器之個人電腦或伺服器等;或者,選用已具備資料處理及儲存等功能之設備,例如:微電腦系統(Micro-computer system)等;或者,連結一伺服主機之電腦終端設備,該電腦終端設備僅具有資料輸出/入介面之電腦終端設備,例如:電腦螢幕、滑鼠及鍵盤等。該終端設備2供使用者執行資料處理作業,例如:執行「文書 處理」、「試算表」、「簡報製作」、「資料庫管理」、「收發郵件」或「電腦軟/硬體研發」等作業。 The terminal device 2 can be modified by using a conventional data processing device, for example, a personal computer or a server without a power supply, or a device having functions such as data processing and storage, for example, a microcomputer system (Micro- Computer system); or, a computer terminal device connected to a server, the computer terminal device only has a computer terminal device for data output/input interface, such as a computer screen, a mouse, and a keyboard. The terminal device 2 is configured for the user to perform a data processing operation, for example, executing an "instrument Operations such as "processing", "trial spreadsheet", "newsletter production", "database management", "sending and receiving mail" or "computer soft/hardware development".

該感測介面3可選用具有近距離感知已儲存資料或生物特徵之裝置,例如:採用紅外線傳輸(IrDA)、無線射頻辨識系統(RFID)、無線通用序列匯流排(Wireless USB)或近場通訊(NFC)等短距點對點傳輸之讀取介面(interface),或是,採用虹膜掃描、指紋掃描、人臉掃描或聲音感測等生物特徵擷取器(reader)。該感測介面3係用以感應使用者所攜帶的認證資料,例如:已加密儲存於上述讀取介面之使用者帳號(account)及密碼(password),或是,使用者本身特有的生物特徵等可識別不同使用者的資料。在此實施例中,該感測介面3係以RFID讀取介面作為實施態樣,當使用者攜帶RFID晶片時,可以讀取該RFID晶片內的使用者帳號及密碼,惟不以此為限。 The sensing interface 3 may be provided with a device for sensing the stored data or biometrics at close range, for example, using infrared transmission (IrDA), radio frequency identification (RFID), wireless universal serial bus (Wireless USB) or near field communication. (NFC) and other short-range point-to-point transmission reading interface, or use a biometric reader such as iris scanning, fingerprint scanning, face scanning or sound sensing. The sensing interface 3 is used to sense the authentication data carried by the user, for example, a user account (account) and a password (encrypted) stored in the reading interface, or a biometric characteristic unique to the user. Such as to identify different users of the data. In this embodiment, the sensing interface 3 is implemented by using an RFID reading interface. When the user carries the RFID chip, the user account and password in the RFID chip can be read, but not limited thereto. .

該授權管理模組4可採用具有訊號處理功能的裝置,例如:可程式單晶片微處理器(Programmable MCU)、數位訊號處理器(DSP)、特殊功能積體電路(ASIC)或具有訊號處理功能的電路板等,用以接收該認證資料,並依據該認證資料進行一開機程序及一關機程序。在此實施例中,該授權管理模組4係以特殊功能積體電路作為實施態樣,包含一讀取單元41、一授權控制單元42、一電源管理單元43及一蓄電單元44,該讀取單元41係對應該感測介面3,而選用可辨識該感測介面3所傳送資料之裝置,例如:紅外線傳輸(IrDA)、無線射頻辨識系統(RFID)、無線通用序列匯流排(Wireless USB)或近場通訊(NFC)等短 距點對點傳輸之辨識裝置,或是,虹膜掃描、指紋掃描、人臉掃描或聲音感測等生物特徵辨識裝置,該讀取單元41電性連接該感測介面3,用以讀取一感測介面所感應的認證資料,並將該感測介面3傳送的認證資料轉為該授權控制單元42可以接收的格式;該授權控制單元42電性連接該讀取單元41,用以執行該控制程式,並依據該認證資料判讀該使用者的授權等級;該電源管理單元43電性連接該授權控制單元42、該電源供應器1及該終端設備2,以便依據該授權等級產生該供電訊號、開機訊號及關機訊號;該蓄電單元44(例如:鋰聚合電池等高容量電池)電性連接該讀取單元41、該授權控制單元42及該電源管理單元43,以便供電至該讀取單元41、該授權控制單元42及該電源管理單元43。此外,該授權管理模組4另包含一計時狀態指示單元45、一無線感測網路節點46、一天線47,該計時狀態指示單元45(例如:各式指示燈)電性連接該授權控制單元42,用以指示該使用者的剩餘使用時間;該無線感測網路節點46電性連接該授權控制單元42及該蓄電單元44,用以收發其他授權管理模組4的資料;該天線47耦接該無線感測網路節點46,其中,該無線感測網路節點46可採用ZigBee通訊協定之無線感測網路節點(WSN node),並藉由該天線47耦接其他授權管理模組4或中央管理伺服器(圖未繪示),以便形成一個安全監控網路,惟不以此為限。 The authorization management module 4 can be configured with a signal processing function, such as a programmable single chip microprocessor (Programmable MCU), a digital signal processor (DSP), a special function integrated circuit (ASIC), or a signal processing function. The circuit board or the like is configured to receive the authentication data, and perform a booting process and a shutdown process according to the authentication data. In this embodiment, the authorization management module 4 is configured as a special function integrated circuit, and includes a reading unit 41, an authorization control unit 42, a power management unit 43, and a power storage unit 44. The taking unit 41 is corresponding to the sensing interface 3, and the device for recognizing the data transmitted by the sensing interface 3 is selected, for example, infrared transmission (IrDA), radio frequency identification system (RFID), wireless universal serial bus (Wireless USB) ) or near field communication (NFC) The identification device of the point-to-point transmission, or the biometric identification device such as iris scanning, fingerprint scanning, face scanning or sound sensing, the reading unit 41 is electrically connected to the sensing interface 3 for reading a sensing The authentication data sensed by the interface, and the authentication data transmitted by the sensing interface 3 is converted into a format that the authorization control unit 42 can receive; the authorization control unit 42 is electrically connected to the reading unit 41 for executing the control program. And determining, according to the authentication information, the authorization level of the user; the power management unit 43 is electrically connected to the authorization control unit 42, the power supply 1 and the terminal device 2, so as to generate the power supply signal according to the authorization level, booting The power storage unit 44 (for example, a high-capacity battery such as a lithium polymer battery) is electrically connected to the reading unit 41, the authorization control unit 42, and the power management unit 43 to supply power to the reading unit 41. The authorization control unit 42 and the power management unit 43. In addition, the authorization management module 4 further includes a timing state indicating unit 45, a wireless sensing network node 46, and an antenna 47. The timing state indicating unit 45 (for example, various types of indicator lights) is electrically connected to the authorization control. The unit 42 is configured to indicate the remaining usage time of the user; the wireless sensing network node 46 is electrically connected to the authorization control unit 42 and the power storage unit 44 for transmitting and receiving data of other authorization management modules 4; The wireless sensing network node 46 is coupled to the wireless sensing network node 46, wherein the wireless sensing network node 46 can use a wireless sensing network node (WSN node) of the ZigBee protocol, and is coupled to other authorization management by the antenna 47. Module 4 or central management server (not shown) to form a security monitoring network, but not limited to this.

更詳言之,當使用者欲使用該終端設備2時,可由該感測介面3感應該使用者所攜帶的認證資料,例如:由 RFID讀取介面耦接使用者所攜帶RFID晶片,以讀取該RFID晶片內的使用者帳號及密碼。該授權管理模組4執行一控制程式,依據該感測介面3感應到的認證資料確認一授權等級,例如:該使用者帳號屬於管理者(administrator)、用戶(user)、訪客(guest)或非用戶(non-user)等級。同時,該授權管理模組4依據該授權等級送出一供電訊號至該電源供應器1,令該電源供應器1可以供電至該終端設備2,並送出一開機訊號至該終端設備2,令該終端設備2進行該開機程序,待該終端設備2進行該開機程序後,依據該授權等級管制該終端設備2所執行的資料處理作業,例如:管理者權限可以不限時地使用所有資料處理作業,用戶權限可使用部分資料處理作業,訪客權限僅可在一時限內查詢資料處理作業結果,非用戶無權限使用該終端設備2。在該使用者採用該終端設備2進行上述作業時,該授權管理模組4可持續獲取該感測介面3送出的認證資料,倘若該使用者作業完畢後,僅需移除該認證資料,例如:將RFID晶片由RFID讀取介面處移開,使該感測介面3無法再傳送該認證資料至該授權管理模組4,待該授權管理模組4無法再收到該認證資料後,例如,未收到該認證資料已逾一逾時時間(例如:10秒),該授權管理模組4即可傳送一關機訊號至該終端設備2,令該終端設備2進行該關機程序;或者,當該授權管理模組4判斷該使用者的使用時間逾一使用時限(即超過該使用者被授權使用的時限,例如:60分鐘)時,該授權管理模組4亦可傳送該關機訊號至該終端設備2,令該終端設備2進行該關機 程序。其中,該授權管理模組4與該終端設備2可相互整合為一體或分開設置,亦可將該授權管理模組4與習知資料處理設備相互整合,以符合實際應用需求。 In more detail, when the user wants to use the terminal device 2, the authentication interface carried by the user can be sensed by the sensing interface 3, for example: The RFID reading interface is coupled to the RFID chip carried by the user to read the user account and password in the RFID chip. The authorization management module 4 executes a control program to confirm an authorization level according to the authentication data sensed by the sensing interface 3. For example, the user account belongs to an administrator, a user, a guest, or Non-user level. At the same time, the authorization management module 4 sends a power supply signal to the power supply 1 according to the authorization level, so that the power supply 1 can supply power to the terminal device 2, and send a power-on signal to the terminal device 2, so that the The terminal device 2 performs the booting process. After the terminal device 2 performs the booting process, the terminal device 2 controls the data processing operation performed by the terminal device 2 according to the authorization level. For example, the administrator authority may use all data processing operations in an indefinite manner. The user authority can use part of the data processing job, and the guest authority can only query the data processing job result within a time limit, and the non-user has no right to use the terminal device 2. When the user performs the above operation by using the terminal device 2, the authorization management module 4 can continuously obtain the authentication data sent by the sensing interface 3, and if the user finishes the operation, only the authentication data needs to be removed, for example, The RFID chip is removed from the RFID reading interface, so that the sensing interface 3 can no longer transmit the authentication data to the authorization management module 4. After the authorization management module 4 can no longer receive the authentication data, for example, If the authentication data has not been received for more than one time (for example, 10 seconds), the authorization management module 4 can transmit a shutdown signal to the terminal device 2, so that the terminal device 2 performs the shutdown procedure; or When the authorization management module 4 determines that the user's usage time exceeds one usage time limit (ie, exceeds the time limit for which the user is authorized to use, for example, 60 minutes), the authorization management module 4 can also transmit the shutdown signal to The terminal device 2, causing the terminal device 2 to perform the shutdown program. The authorization management module 4 and the terminal device 2 can be integrated into one another or separately. The authorization management module 4 and the conventional data processing device can be integrated with each other to meet actual application requirements.

如此一來,該授權管理模組4不僅可自動控制該終端設備2進行該開/關機程序,防止該使用者「忘記該認證資料」及「登入身份易遭冒用」等系統安全問題。而且,藉由該感應單元3感應該認證資料並傳送至該授權管理模組4,並由該授權管理模組4控制該電源供應器1供電至該終端設備2,可以達到「節省電能」、「防止資料毀損」及「避免使用時間過久」等功效。 In this way, the authorization management module 4 not only automatically controls the terminal device 2 to perform the on/off procedure, but also prevents system security problems such as “forgetting the authentication data” and “logging the identity vulnerable to fraudulent use”. Moreover, the authentication unit 3 senses the authentication data and transmits the authentication data to the authorization management module 4, and the authorization management module 4 controls the power supply 1 to supply power to the terminal device 2, thereby achieving “saving power”. "Prevent data corruption" and "avoid use too long" and other effects.

此外,本發明資訊安全監控系統較佳實施例還可以包含一切換器5(例如:各式開關或切換元件等)及一輸出介面6(例如:各式顯示器),該切換器5及輸出介面6分別電性連接該授權管理模組4,供使用者切換該授權管理模組4之狀態,及顯示該授權管理模組4之狀態。在此實施例中,該切換器5電性連接該電源管理單元43,供使用者手動切換該電源管理單元43,使該終端設備2進行該開/關機程序;該輸出介面6電性連接該授權控制單元42,用以顯示該終端設備2之開/關機狀態。 In addition, the preferred embodiment of the information security monitoring system of the present invention may further include a switch 5 (for example, various switches or switching elements, etc.) and an output interface 6 (for example, various types of displays), the switch 5 and the output interface. 6 is electrically connected to the authorization management module 4, for the user to switch the state of the authorization management module 4, and display the status of the authorization management module 4. In this embodiment, the switch 5 is electrically connected to the power management unit 43 for the user to manually switch the power management unit 43 to enable the terminal device 2 to perform the on/off procedure; the output interface 6 is electrically connected to the The authorization control unit 42 is configured to display an on/off state of the terminal device 2.

請參閱第2圖所示,其係本發明資訊安全監控系統較佳實施例之控制方法流程圖,其中,該資訊安全監控系統之控制方法包含步驟S1、S2及S3。 Please refer to FIG. 2, which is a flowchart of a control method of a preferred embodiment of the information security monitoring system of the present invention, wherein the control method of the information security monitoring system includes steps S1, S2 and S3.

該步驟S1,係由該感測介面3感應使用者的認證資料,並傳送至該授權管理模組4。 In step S1, the user's authentication data is sensed by the sensing interface 3 and transmitted to the authorization management module 4.

該步驟S2,係由該授權管理模組4依據該認證資料確 認該授權等級,依據該授權等級驅使該電源供應器1供電至該終端設備2,並指示該終端設備2進行該開機程序,及依據該授權等級管制該終端設備2所執行的資料處理作業。 The step S2 is performed by the authorization management module 4 according to the authentication data. The authorization level is recognized, and the power supply 1 is driven to the terminal device 2 according to the authorization level, and the terminal device 2 is instructed to perform the booting process, and the data processing operation performed by the terminal device 2 is controlled according to the authorization level.

該步驟S3,係由該感測介面3持續感應使用者的認證資料並傳送至該授權管理模組4,當該授權管理模組4無法再收到該認證資料時,例如:接收該認證資料的時間已中斷,且該中斷時間已逾該逾時時間;或者,在超過使用時間(即使用者被授權的使用時間已超過)的情況下,則該授權管理模組4指示該終端設備2進行該關機程序。 In step S3, the authentication interface is continuously sensed by the sensing interface 3 and transmitted to the authorization management module 4. When the authorization management module 4 can no longer receive the authentication data, for example, receiving the authentication data. The time has been interrupted, and the interruption time has exceeded the timeout period; or, in the case that the usage time (ie, the user's authorized usage time has exceeded), the authorization management module 4 indicates the terminal device 2 Perform this shutdown procedure.

藉由前揭之技術手段,本發明資訊安全監控系統較佳實施例的主要特點列舉如下:當使用者欲使用該終端設備2時,可由該感測介面3讀取該使用者所攜帶的認證資料。該授權管理模組4依據該感測介面3感應到的認證資料確認該授權等級,同時,依據該授權等級令該電源供應器1供電至該終端設備2,及令該終端設備2進行該開機程序,待該終端設備2進行該開機程序後,依據該授權等級管制該終端設備2所執行的資料處理作業。在該使用者採用該終端設備2進行上述作業時,該授權管理模組4可持續獲取該感測介面3送出的認證資料,倘若該使用者作業完畢後,僅需移除該認證資料,使該感測介面3無法再傳送該認證資料至該授權管理模組4,待該授權管理模組4無法感應到該認證資料且逾時後,即傳送一關機訊號至該終端設備2,令該終端設備2進行該關機程序。 The main features of the preferred embodiment of the information security monitoring system of the present invention are as follows: When the user wants to use the terminal device 2, the authentication carried by the user can be read by the sensing interface 3. data. The authorization management module 4 confirms the authorization level according to the authentication data sensed by the sensing interface 3, and simultaneously supplies the power supply 1 to the terminal device 2 according to the authorization level, and causes the terminal device 2 to perform the booting. The program, after the terminal device 2 performs the booting process, controls the data processing operation performed by the terminal device 2 according to the authorization level. When the user performs the above operation by using the terminal device 2, the authorization management module 4 can continuously obtain the authentication data sent by the sensing interface 3, and if the user finishes the operation, only the authentication data needs to be removed. The sensing interface 3 can no longer transmit the authentication data to the authorization management module 4. After the authorization management module 4 cannot sense the authentication data and timeout, a shutdown signal is transmitted to the terminal device 2, so that the The terminal device 2 performs the shutdown procedure.

綜上所述,該授權管理模組4不僅可自動控制該終端 設備2進行該開/關機程序,以防止該使用者「忘記該認證資料」及「登入身份易遭冒用」等系統安全問題,而且,可以免除「浪費電能」、「資料毀損」及「使用時間過久」等疑慮,此乃本發明之功效。 In summary, the authorization management module 4 can not only automatically control the terminal. The device 2 performs the on/off procedure to prevent system security problems such as "forget the authentication data" and "login identity is vulnerable to fraudulent use", and it is possible to dispense with "wasted power", "data corruption" and "use". This is the effect of the present invention.

雖然本發明已利用上述較佳實施例揭示,然其並非用以限定本發明,任何熟習此技藝者在不脫離本發明之精神和範圍之內,相對上述實施例進行各種更動與修改仍屬本發明所保護之技術範疇,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。 While the invention has been described in connection with the preferred embodiments described above, it is not intended to limit the scope of the invention. The technical scope of the invention is protected, and therefore the scope of the invention is defined by the scope of the appended claims.

〔本發明〕 〔this invention〕

1‧‧‧電源供應器 1‧‧‧Power supply

2‧‧‧終端設備 2‧‧‧ Terminal equipment

3‧‧‧感測介面 3‧‧‧Sense interface

4‧‧‧授權管理模組 4‧‧‧Authorization Management Module

41‧‧‧讀取單元 41‧‧‧Reading unit

42‧‧‧授權控制單元 42‧‧‧Authorized Control Unit

43‧‧‧電源管理單元 43‧‧‧Power Management Unit

44‧‧‧蓄電單元 44‧‧‧Power storage unit

45‧‧‧計時狀態指示單元 45‧‧‧Timekeeping indicator unit

46‧‧‧無線感測網路節點 46‧‧‧Wireless sensing network node

47‧‧‧天線 47‧‧‧Antenna

5‧‧‧切換器 5‧‧‧Switcher

6‧‧‧輸出介面 6‧‧‧Output interface

S1,S2,S3‧‧‧步驟 S1, S2, S3‧‧ steps

第1圖:本發明資訊安全監控系統較佳實施例之系統示意圖。 Figure 1 is a schematic diagram of a system of a preferred embodiment of the information security monitoring system of the present invention.

第2圖:本發明資訊安全監控系統較佳實施例之控制方法流程圖。 Figure 2 is a flow chart showing the control method of the preferred embodiment of the information security monitoring system of the present invention.

1‧‧‧電源供應器 1‧‧‧Power supply

2‧‧‧終端設備 2‧‧‧ Terminal equipment

3‧‧‧感測介面 3‧‧‧Sense interface

4‧‧‧授權管理模組 4‧‧‧Authorization Management Module

41‧‧‧讀取單元 41‧‧‧Reading unit

42‧‧‧授權控制單元 42‧‧‧Authorized Control Unit

43‧‧‧電源管理單元 43‧‧‧Power Management Unit

44‧‧‧蓄電單元 44‧‧‧Power storage unit

45‧‧‧計時狀態指示單元 45‧‧‧Timekeeping indicator unit

46‧‧‧無線感測網路節點 46‧‧‧Wireless sensing network node

47‧‧‧天線 47‧‧‧Antenna

5‧‧‧切換器 5‧‧‧Switcher

6‧‧‧輸出介面 6‧‧‧Output interface

Claims (21)

一種資訊安全監控系統,係包含:一電源供應器,用以提供電源;一終端設備,供使用者執行資料處理作業;一感測介面,用以感應使用者所攜帶的認證資料;及一授權管理模組,電性連接該電源供應器、該終端設備及該感測介面,用以接收該感測介面所感應的認證資料,並依據該認證資料進行一開機程序及一關機程序。 An information security monitoring system includes: a power supply for providing power; a terminal device for performing data processing operations; a sensing interface for sensing authentication data carried by the user; and an authorization The management module is electrically connected to the power supply, the terminal device and the sensing interface for receiving the authentication data sensed by the sensing interface, and performing a booting procedure and a shutdown procedure according to the authentication data. 如申請專利範圍第1項所述之資訊安全監控系統,其中該授權管理模組執行一控制程式,依據該感測介面感應到的認證資料確認一授權等級,並供電至該終端設備,待該終端設備進行該開機程序後,依據該授權等級管制該終端設備所執行的資料處理作業,當該授權管理模組無法再收到該認證資料時,進行該關機程序。 The information security monitoring system of claim 1, wherein the authorization management module executes a control program, confirms an authorization level according to the authentication data sensed by the sensing interface, and supplies power to the terminal device, waiting for the After the terminal device performs the booting process, the data processing operation performed by the terminal device is controlled according to the authorization level, and when the authorization management module can no longer receive the authentication data, the shutdown process is performed. 如申請專利範圍第2項所述之資訊安全監控系統,其中當該授權管理模組判斷該使用者的使用時間逾一使用時限時,進行該關機程序。 The information security monitoring system of claim 2, wherein the shutdown management procedure is performed when the authorization management module determines that the user's usage time exceeds a usage time limit. 如申請專利範圍第1項所述之資訊安全監控系統,其中該授權管理模組包含:一讀取單元,電性連接該感測介面;一授權控制單元,電性連接該讀取單元;一電源管理單元,電性連接該授權控制單元、該電源供應器及該終端設備;及一蓄電單元,電性連接該讀取單元、該授權控制單元及 該電源管理單元。 The information security monitoring system of claim 1, wherein the authorization management module comprises: a reading unit electrically connected to the sensing interface; an authorization control unit electrically connected to the reading unit; a power management unit electrically connected to the authorization control unit, the power supply and the terminal device; and a power storage unit electrically connected to the reading unit, the authorization control unit, and The power management unit. 如申請專利範圍第4項所述之資訊安全監控系統,其中該授權管理模組另包含一計時狀態指示單元,該計時狀態指示單元電性連接該授權控制單元。 The information security monitoring system of claim 4, wherein the authorization management module further comprises a timing status indicating unit electrically connected to the authorization control unit. 如申請專利範圍第4項所述之資訊安全監控系統,其中該授權管理模組另包含一無線感測網路節點,該無線感測網路節點電性連接該授權控制單元及該蓄電單元。 The information security monitoring system of claim 4, wherein the authorization management module further comprises a wireless sensing network node, the wireless sensing network node being electrically connected to the authorization control unit and the power storage unit. 如申請專利範圍第6項所述之資訊安全監控系統,其中該無線感測網路節點為採用ZigBee通訊協定之無線感測網路節點。 The information security monitoring system of claim 6, wherein the wireless sensing network node is a wireless sensing network node that uses a ZigBee communication protocol. 如申請專利範圍第6項所述之資訊安全監控系統,其中該授權管理模組另包含一天線,該天線耦接該無線感測網路節點。 The information security monitoring system of claim 6, wherein the authorization management module further comprises an antenna coupled to the wireless sensing network node. 如申請專利範圍第4項所述之資訊安全監控系統,其中該感測介面為短距點對點傳輸之讀取介面,該讀取單元為短距點對點傳輸之讀取裝置。 The information security monitoring system of claim 4, wherein the sensing interface is a short-range point-to-point transmission reading interface, and the reading unit is a short-range point-to-point transmission reading device. 如申請專利範圍第4項所述之資訊安全監控系統,其中該感測介面為生物特徵之掃描介面,該讀取單元為生物特徵之辨識裝置。 The information security monitoring system of claim 4, wherein the sensing interface is a scanning interface of a biometric feature, and the reading unit is a biometric identification device. 如申請專利範圍第1項所述之資訊安全監控系統,另包含一切換器,該切換器電性連接該授權管理模組。 The information security monitoring system of claim 1, further comprising a switch, the switch electrically connected to the authorization management module. 如申請專利範圍第1項所述之資訊安全監控系統,另包含一輸出介面,該輸出介面電性連接該授權管理模組。 The information security monitoring system of claim 1, further comprising an output interface electrically connected to the authorization management module. 一種資訊安全監控系統之授權管理模組,包含:一讀取單元,用以讀取一感測介面所感應的認證資料; 一授權控制單元,電性連接該讀取單元,用以執行一控制程式,並依據該認證資料判讀該使用者的授權等級;一電源管理單元,電性連接該授權控制單元,用以依據該授權等級產生一供電訊號、一開機訊號及一關機訊號;及一蓄電單元,電性連接該讀取單元、該授權控制單元及該電源管理單元,用以供電至該讀取單元、該授權控制單元及該電源管理單元。 An authorization management module of an information security monitoring system, comprising: a reading unit for reading authentication data sensed by a sensing interface; An authorization control unit is electrically connected to the reading unit for executing a control program, and the authorization level of the user is determined according to the authentication data; a power management unit is electrically connected to the authorization control unit for The authorization level generates a power supply signal, a power-on signal and a power-off signal; and an power storage unit electrically connected to the reading unit, the authorization control unit and the power management unit for supplying power to the reading unit, the authorization control Unit and the power management unit. 如申請專利範圍第13項所述之資訊安全監控系統之授權管理模組,另包含一計時狀態指示單元,該計時狀態指示單元電性連接該授權控制單元。 The authorization management module of the information security monitoring system of claim 13 further includes a timing status indicating unit electrically connected to the authorization control unit. 如申請專利範圍第13項所述之資訊安全監控系統之授權管理模組,另包含一無線感測網路節點,該無線感測網路節點電性連接該授權控制單元及該蓄電單元。 The authorization management module of the information security monitoring system of claim 13 further includes a wireless sensing network node, the wireless sensing network node being electrically connected to the authorization control unit and the power storage unit. 如申請專利範圍第15項所述之資訊安全監控系統之授權管理模組,其中該無線感測網路節點為採用ZigBee通訊協定之無線感測網路節點。 The authorization management module of the information security monitoring system according to claim 15, wherein the wireless sensing network node is a wireless sensing network node adopting a ZigBee communication protocol. 如申請專利範圍第15項所述之資訊安全監控系統之授權管理模組,另包含一天線,該天線耦接該無線感測網路節點。 The authorization management module of the information security monitoring system of claim 15 further includes an antenna coupled to the wireless sensing network node. 如申請專利範圍第13項所述之資訊安全監控系統之授權管理模組,其中該讀取單元為短距點對點傳輸之讀取裝置。 For example, the authorization management module of the information security monitoring system described in claim 13 is wherein the reading unit is a short-distance point-to-point transmission reading device. 如申請專利範圍第13項所述之資訊安全監控系統之授權管理模組,其中該讀取單元為生物特徵之辨識裝置。 For example, the authorization management module of the information security monitoring system described in claim 13 wherein the reading unit is a biometric identification device. 一種資訊安全監控系統之控制方法,係應用於如申請專利範圍第1項所述之資訊安全監控系統,該控制方法係包含:由該資訊安全監控系統之感測介面感應使用者的認證資料,並傳送至該資訊安全監控系統之授權管理模組;由該授權管理模組依據該認證資料確認一授權等級,依據該授權等級驅使該資訊安全監控系統之電源供應器供電至該資訊安全監控系統之終端設備,並指示該終端設備進行一開機程序,及依據該授權等級管制該終端設備所執行的資料處理作業;及由該感測介面持續感應使用者的認證資料並傳送至該授權管理模組,當該授權管理模組無法再收到該認證資料時,指示該終端設備進行一關機程序。 A method for controlling an information security monitoring system is applied to an information security monitoring system as described in claim 1, wherein the control method comprises: sensing information of a user by a sensing interface of the information security monitoring system, And transmitting to the authorization management module of the information security monitoring system; the authorization management module confirms an authorization level according to the certification data, and drives the power supply of the information security monitoring system to the information security monitoring system according to the authorization level The terminal device, and instructing the terminal device to perform a booting process, and controlling the data processing operation performed by the terminal device according to the authorization level; and continuously sensing the user's authentication data by the sensing interface and transmitting the authentication data to the authorized management module The group, when the authorization management module can no longer receive the authentication data, instructs the terminal device to perform a shutdown procedure. 如申請專利範圍第20項所述之資訊安全監控系統之控制方法,其中當該授權管理模組判斷該使用者的使用時間逾一使用時限時,進行該關機程序。 The method for controlling an information security monitoring system according to claim 20, wherein the shutdown management procedure is performed when the authorization management module determines that the usage time of the user exceeds a usage time limit.
TW101130251A 2012-08-21 2012-08-21 An information safety control system, authentication management module and control method thereof TW201409270A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101130251A TW201409270A (en) 2012-08-21 2012-08-21 An information safety control system, authentication management module and control method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101130251A TW201409270A (en) 2012-08-21 2012-08-21 An information safety control system, authentication management module and control method thereof

Publications (1)

Publication Number Publication Date
TW201409270A true TW201409270A (en) 2014-03-01

Family

ID=50820396

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101130251A TW201409270A (en) 2012-08-21 2012-08-21 An information safety control system, authentication management module and control method thereof

Country Status (1)

Country Link
TW (1) TW201409270A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107168164A (en) * 2017-05-27 2017-09-15 国家电网公司 The live double authoring systems of Practical training equipment safety

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107168164A (en) * 2017-05-27 2017-09-15 国家电网公司 The live double authoring systems of Practical training equipment safety
CN107168164B (en) * 2017-05-27 2023-06-02 国家电网公司 Safety double-authorization system for field training equipment

Similar Documents

Publication Publication Date Title
CN104798410B (en) It clicks and wakes up and click near-field communication (NFC) equipment logged in
US8312559B2 (en) System and method of wireless security authentication
US8332915B2 (en) Information processing system, information processing apparatus, mobile terminal and access control method
US9450949B2 (en) Method for computer access control by means of mobile end device
US11516212B2 (en) Multi-functional authentication apparatus and operating method for the same
US20160110532A1 (en) User Authorization And Presence Detection In Isolation From Interference From And Control By Host Central Processing Unit And Operating System
US8266717B2 (en) Monitoring device for a computing device of a computer system, the computer system, and method for monitoring the computing device of the computer system
CN203746071U (en) Security computer based on encrypted hard disc
US11798327B2 (en) Universal smart interface for electronic locks
CN205382823U (en) Intelligent safe
US11381561B2 (en) Operation authentication relay apparatus, method, and program
KR100991191B1 (en) Computer security module and computer apparatus using the same
CN100585575C (en) System and method for ensuring safety use of storage device
KR20070076317A (en) Apparatus and method for attesting use of computer
EP1759485A2 (en) A method and system for securing a device
TW201409270A (en) An information safety control system, authentication management module and control method thereof
KR102248132B1 (en) Method, apparatus and program of log-in using biometric information
CN103632110A (en) Electronic device and method for starting same
US20200184116A1 (en) Computer lock system
TW201426382A (en) System for controlling computer and computer
CN104079411A (en) Composite type password device and method for allowing composite type password device to share display screen and keys
WO2018090213A1 (en) Computer-based encryption and decryption system and encryption and decryption method
TW200811682A (en) Centralized transmission restriction management device and method of a computer via remote cipher handling
JP6344658B2 (en) Image forming apparatus, image forming method, and image forming program
CN213458033U (en) Quick identity authentication equipment based on fingerprint authorization