TWI414997B - Kvm remote management system providing customized certificate, signature and methoe thereof - Google Patents

Kvm remote management system providing customized certificate, signature and methoe thereof Download PDF

Info

Publication number
TWI414997B
TWI414997B TW98127954A TW98127954A TWI414997B TW I414997 B TWI414997 B TW I414997B TW 98127954 A TW98127954 A TW 98127954A TW 98127954 A TW98127954 A TW 98127954A TW I414997 B TWI414997 B TW I414997B
Authority
TW
Taiwan
Prior art keywords
program
user
remote control
computer
control device
Prior art date
Application number
TW98127954A
Other languages
Chinese (zh)
Other versions
TW201108111A (en
Inventor
Sheng-Peng Lin
Original Assignee
Aten Int Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aten Int Co Ltd filed Critical Aten Int Co Ltd
Priority to TW98127954A priority Critical patent/TWI414997B/en
Publication of TW201108111A publication Critical patent/TW201108111A/en
Application granted granted Critical
Publication of TWI414997B publication Critical patent/TWI414997B/en

Links

Abstract

Disclosed is a KVM remote management system providing customized certificate, signature and method thereof to allow a first computer and a second computer to control at least one accessed computer via a network. The KVM remote system includes a remote control apparatus and a first user terminal program. The remote control apparatus is coupled with the accessed computers. The first user terminal program is loaded on a first computer to provide a user interface. Through the user interface, the first user can combine certificate with a second user terminal program downloaded fro the remote control apparatus or create a signature to accomplish a third user terminal program. The third user terminal program is transmitted to the remote control apparatus via a network and stored. Accordingly, the third user terminal program can be utilized by a second user to manipulate the remote control apparatus.

Description

遠端操控系統及提供使用者客製化憑證與簽名之方法Remote control system and method for providing user customized credential and signature

本發明關於一種遠端操控系統,特別是關於一種遠端操控系統及提供使用者客製化憑證與簽名之方法。The present invention relates to a remote control system, and more particularly to a remote control system and method for providing a user customized credential and signature.

請參考第1圖,係一般網頁需要使用者使用憑證或簽名的簡單流程之說明圖。簽名是嵌入軟體內的程式碼,用以供使用者判斷安全性或是表明軟體發行者身分的工具。憑證一般是由可信賴之第三方機構(例如:VeriSign)針對發行者簽名所頒發之認證,以證明此簽名屬實及此軟體在簽名後未被竄改。同時,當使用者存取網頁伺服器所提供之網頁時,若網頁之呈現需要對使用者之電腦具有更多操控之權限時,便需要對此簽名或憑證進行確認。此簽名或憑證亦是使用者允許網頁伺服器能否對使用者電腦進行進一步執行具多操控權程式的判斷依據手段之一。例如:微軟(Microsoft)公司的Active X client program或者昇陽(Sun Microsystems)公司的Java client program。Active X控制項是用於網際網路上的小型程式,有時候稱為「附加元件」。透過容許動畫,ActiveX控制項可增強使用者的瀏覽體驗,或者,可協助使用者處理如在“Microsoft Update”安裝”安全更新”等工作。部分網站需要使用者先安裝ActiveX控制項,才能查看網頁或在其上執行某些工作。瀏覽此類網站時,微軟公司的Internet Explorer會先詢問使用者是否要安裝ActiveX控制項。不幸的是,ActiveX控制項類似於任何其他程式,它們可能被濫用。其可能會導致電腦無法正常運作,在未獲得同意下收集使用者的瀏覽習慣和個人資訊,或提供使用者不想要的內容,如快顯廣告。同時ActiveX控制項可能容許某些不良的網站將其用於惡意目的。Please refer to Figure 1, which is an explanatory diagram of a simple process in which a general web page requires a user to use a voucher or a signature. A signature is a code embedded in a software that is used by the user to determine security or a tool that indicates the identity of the software publisher. A voucher is generally a certificate issued by a trusted third party (eg, VeriSign) against the issuer's signature to prove that the signature is true and that the software has not been tampered with after the signature. At the same time, when the user accesses the webpage provided by the web server, if the webpage presentation needs to have more control over the user's computer, the signature or the credential needs to be confirmed. The signature or the voucher is also one of the means by which the user allows the web server to perform further control on the user's computer. For example: Microsoft's Active X client program or Sun Microsystems' Java client program. Active X controls are small programs used on the Internet, sometimes called "add-ons." By allowing animations, ActiveX controls can enhance the user's browsing experience, or they can assist users with things like installing "security updates" in "Microsoft Update". Some websites require users to install ActiveX controls before they can view or perform certain tasks on them. When browsing such sites, Microsoft Internet Explorer will first ask the user if they want to install ActiveX controls. Unfortunately, ActiveX controls are similar to any other program and they can be abused. It may cause the computer to malfunction, collect the user's browsing habits and personal information without consent, or provide content that the user does not want, such as a quick advertisement. At the same time, ActiveX controls may allow certain bad websites to use them for malicious purposes.

如第1圖所示,電腦10為使用者操控,網頁資料係儲存在一網頁伺服器20內,兩者透過網路30連接。於使用者欲瀏覽網頁時,首先,步驟1:使用者操控電腦10係透過網路30存取網頁伺服器20。接著,當使用者對伺服器20存取如Active X client program或Java client program時,因安全理由或者是伺服器需要對操控電腦10取得更進一步的操控權時,步驟2:電腦10之作業系統或網頁瀏覽器會提醒電腦10之使用者,如第2圖所示,需要憑證或簽名,方能進行下一步存取動作。步驟3:使用者需確認、下載並安裝憑證。步驟4:進行存取或操作。As shown in FIG. 1, the computer 10 is controlled by the user, and the webpage data is stored in a web server 20, and the two are connected through the network 30. When the user wants to browse the webpage, first, step 1: the user controls the computer 10 to access the web server 20 through the network 30. Then, when the user accesses the server 20 such as the Active X client program or the Java client program, for security reasons or the server needs to obtain further control over the computer 10, step 2: the operating system of the computer 10. Or the web browser will remind the user of the computer 10 that, as shown in Fig. 2, a voucher or signature is required to perform the next access action. Step 3: The user needs to confirm, download and install the voucher. Step 4: Perform an access or operation.

而在遠端網路型多電腦切換器操控系統架構(Over-IP KVM system)下,遠端操控裝置會提供使用者端程式給操控電腦利用,操控電腦安裝此使用者端程式後才能透過網路以網頁形式對被控電腦進行存取及操控。然而這些使用者端程式可能包含微軟公司的Active X client program或者昇陽公司的Java client program。同樣地,而由於原本的使用者端程式均為遠端操控系統之製造商所編寫,預載於遠端操控裝置中,供使用者所使用之電腦存取使用,因此憑證(certificate)亦均為遠端操控系統製造商所有。當使用者端程式需要確認憑證或簽名時,使用者會看到跳出如第2圖所示之警告對話方塊,所需確認之憑證或簽名亦為遠端操控系統之製造商所有,對使用者而言,可能會造成某些使用上之疑慮。如使用者欲使用自有之憑證,甚至以自有之憑證對使用者端程式進行簽名,則必須具備資訊工程技術及相關知識,其程序亦不簡單,在目前現有以網路型多電腦切換器為架構的遠端管理系統中亦不被允許。In the remote network-based KVM system, the remote control device provides a user-side program for controlling the computer to use the computer to install the user-side program. The road accesses and controls the controlled computer in the form of a web page. However, these client programs may include Microsoft's Active X client program or Sun's Java client program. Similarly, since the original user terminal program is written by the manufacturer of the remote control system and preloaded in the remote control device for use by the computer used by the user, the certificate is also It is owned by the remote control system manufacturer. When the client program needs to confirm the certificate or signature, the user will see the warning dialog box as shown in Figure 2, and the required confirmation certificate or signature is also owned by the manufacturer of the remote control system. In terms of it, it may cause some doubts about its use. If the user wants to use his or her own voucher and even sign the user-side program with his or her own voucher, he must have information engineering technology and related knowledge. The program is not simple. At present, there is a network-based multi-computer switch. It is also not allowed in the remote management system of the architecture.

本發明之一主要目的在於提供一遠端操控系統,遠端操控系統之使用者能以簡單且安全之方式,使用自有之憑證及利用該憑證對遠端操控系統之使用者端程式進行簽名。One of the main objects of the present invention is to provide a remote control system in which a user of the remote control system can use its own credentials and use the credentials to sign the user program of the remote control system in a simple and secure manner. .

本發明之又一目的在於提供使用者在遠端操控系統中,客製化使用者端程式憑證與簽名之方法。It is still another object of the present invention to provide a method for a user to customize a client-side program credential and signature in a remote control system.

依據本發明,遠端操控系統係用於使第一電腦及第二電腦經由網路控制至少一被控電腦。本發明之遠端操控系統包含遠端操控裝置及第一使用者端程式。遠端操控裝置耦接於前述至少一被控電腦。第一使用者端程式設置於第一電腦,第一使用者端程式為使用者提供一使用者介面,使第一使用者對自遠端操控裝置下載之第二使用者端程式進行憑證結合或簽名而得到第三使用者端程式,且第一使用者端程式將第三使用者端程式經由網路上傳至遠端操控裝置儲存。上傳之第三使用者端程式可供使用第一電腦或第二電腦之第二使用者下載,以操控遠端操控裝置。According to the present invention, the remote control system is for causing the first computer and the second computer to control at least one controlled computer via the network. The remote control system of the present invention comprises a remote control device and a first user program. The remote control device is coupled to the at least one controlled computer. The first user program is disposed on the first computer, and the first user program provides a user interface for the user to perform a voucher combination on the second user program downloaded from the remote control device or The third user program is obtained by signing, and the first user program uploads the third user program to the remote control device via the network. The uploaded third user program can be downloaded by the second user of the first computer or the second computer to operate the remote control device.

本發明亦提供使用者在遠端操控系統中,使用憑證(certificate)與客製化簽名(signature)之方法,本發明之方法包含下列步驟:於第一電腦執行該第一使用者端程式,其提供一使用者介面;透過該使用者介面選擇一憑證;自該遠端操控裝置下載一第二使用者端程式至該第一電腦;將該憑證結合於該第二使用者端程式或者利用該憑證,對該第二使用者端程式客製化簽名,得到第三使用者端程式;以及上傳該第三使用者端程式至該遠端操控裝置中儲存以供後續使用。The present invention also provides a method for a user to use a certificate and a customized signature in a remote control system. The method of the present invention includes the following steps: executing the first user program on a first computer, Providing a user interface; selecting a credential through the user interface; downloading a second user program from the remote control device to the first computer; binding the credential to the second user program or utilizing The voucher, the second user end program is customized to obtain a third user end program; and the third user end program is uploaded to the remote control device for storage for subsequent use.

請參考第3圖,係本發明遠端操控系統之說明圖。本發明之遠端操控系統包含遠端操控裝置100以及第一使用者端程式。遠端操控裝置100與第一電腦202及第二電腦204間係透過網路300連接。遠端操控裝置100可包含網路介面裝置400及多電腦切換器500(此多電腦切換器500不具有網路介面),透過多電腦切換器500連接被控電腦501~504,使第一電腦202及/或第二電腦204能經由網路300及遠端操控裝置100,控制及管理複數台被控電腦501~504。此網路介面裝置400之硬體架構可由宏正自動科技股份有限公司所提供之CN6000或是CN8000所實現。或者是,在另一實施例中,此遠端操控裝置100係為一具有網路介面之多電腦切換器(KVM-over-IP),第一電腦202或第二電腦204能經由網路300及遠端操控裝置100控制被控電腦501~504。又或者是,此遠端操控裝置100直接連接被控電腦501~504之其中之一(例如501),使第一電腦202或第二電腦204能經由網路300及遠端操控裝置100控制及管理被控電腦501。此遠端操控裝置100之硬體架構可由宏正自動科技股份有限公司所提供之KN9108、KN9116、KN2108、KN2116、KN4132、KH1508i或是KH1516i所實現。Please refer to FIG. 3, which is an explanatory diagram of the remote control system of the present invention. The remote control system of the present invention includes a remote control device 100 and a first user program. The remote control device 100 is connected to the first computer 202 and the second computer 204 via the network 300. The remote control device 100 can include a network interface device 400 and a KVM switch 500 (the KVM switch 500 does not have a network interface), and connects the controlled computers 501 to 504 through the KVM switch 500 to make the first computer. 202 and/or the second computer 204 can control and manage the plurality of controlled computers 501-504 via the network 300 and the remote control device 100. The hardware architecture of the network interface device 400 can be implemented by the CN6000 or CN8000 provided by Acer Automation Technology Co., Ltd. Alternatively, in another embodiment, the remote control device 100 is a KVM-over-IP with a network interface, and the first computer 202 or the second computer 204 can pass through the network 300. And the remote control device 100 controls the controlled computers 501 to 504. Alternatively, the remote control device 100 is directly connected to one of the controlled computers 501-504 (for example, 501), so that the first computer 202 or the second computer 204 can be controlled via the network 300 and the remote control device 100. The controlled computer 501 is managed. The hardware architecture of the remote control device 100 can be implemented by KN9108, KN9116, KN2108, KN2116, KN4132, KH1508i or KH1516i provided by Acer Automation Technology Co., Ltd.

前述第一使用者端程式係由使用第一電腦202之使用者自遠端操控裝置100或是某一伺服器(未顯示)所下載。第一使用者端程式可包含Java client program或Active X client program。使用者能利用瀏覽器啟動第一使用者端程式,透過第一使用者端程式對被控電腦501~504進行操控。第一使用者端程式亦使第一電腦202與此遠端操控裝置100或網路介面裝置400可進行網路通訊。The first user terminal program is downloaded from the remote control device 100 or a server (not shown) by the user using the first computer 202. The first client program can include a Java client program or an Active X client program. The user can start the first user program by using the browser, and control the controlled computers 501~504 through the first user program. The first user program also enables the first computer 202 to communicate with the remote control device 100 or the network interface device 400.

請一併參考第3圖至第6圖。第4圖係本發明提供使用者在遠端操控系統中使用客製化憑證(certificate)之方法流程圖。使用第一電腦202之使用者已具有其公司或個人所有之憑證(certificate),且已儲存在第一電腦202或是其他儲存裝置(例如一網路磁碟機)內。則根據本發明之一實施例,首先使用者下載並執行第一使用者端程式,如第6圖所示,在下載此第一使用者端程式時,網頁瀏覽器會彈出一警告對話窗(Security Warning),此警告對話窗主要是提醒使用者注意此程式之發行者,並要求使用者選擇是否繼續安裝此程式(可選擇永遠安裝/拒絕安裝/每次都詢問),此時之程式發行者仍然為此遠端操控裝置100之製造商。此第一使用者端程式提供了一使用者介面(User Interface),對於使用者而言,此使用者介面可類似於一微軟作業系統之檔案總管(Start/My Computer/Explore),使用者可由其中選擇一檔案作為憑證之來源。使用者僅需透過前述使用者介面選取已儲存在第一電腦202內之前述自有憑證(certificate),之後本發明之使用者即可自遠端操控裝置100或是網路介面裝置400下載一第二使用者端程式至第一電腦202。Please refer to Figures 3 to 6 together. Figure 4 is a flow diagram of a method of providing a user with a customized certificate in a remote control system. The user using the first computer 202 already has a certificate owned by his company or individual and has been stored in the first computer 202 or other storage device (e.g., a network drive). According to an embodiment of the present invention, the user first downloads and executes the first user terminal program. As shown in FIG. 6, when downloading the first user terminal program, the web browser pops up a warning dialog window ( Security Warning), this warning dialog window is mainly to remind users to pay attention to the publisher of this program, and ask the user to choose whether to continue to install this program (optional to install / refuse to install / ask every time), the program is released at this time Still the manufacturer of the remote control device 100 for this purpose. The first user program provides a user interface. For the user, the user interface can be similar to a file manager (Start/My Computer/Explore) of the Microsoft operating system. One of them is selected as the source of the voucher. The user only needs to select the above-mentioned own certificate stored in the first computer 202 through the user interface, and then the user of the present invention can download one from the remote control device 100 or the network interface device 400. The second client program is to the first computer 202.

此第二使用者端程式與第一使用者端程式可能完全相同,因為此時第一使用者端程式正被第一電腦202之作業系統使用中所以無法進行簽名。使用者可將前述自有之憑證(certificate)結合於第二使用者端程式,得到一第三使用者端程式。接著,可將第三使用者端程式上傳至遠端操控裝置100或是網路介面裝置400以供下次下載使用。或者是,可將第三使用者端程式上傳至前述下載第一使用者端程式之伺服器,之後第二使用者可自此伺服器下載第三使用者端程式,並且第二使用者可由此伺服器進行對遠端操控裝置100或是網路介面裝置400之登入。在第一使用者或第二使用者下載此第三使用者端程式時,網頁瀏覽器可能仍會彈出一警告對話窗(Security Warning),此警告對話窗主要是提醒使用者注意此程式之發行者,並要求使用者選擇是否繼續安裝此程式(可選擇永遠安裝/拒絕安裝/每次都詢問),然而此時之程式發行者已經被改為此第一使用者。The second client program may be identical to the first client program because the first user program is being used by the operating system of the first computer 202 and cannot be signed. The user can combine the above-mentioned own certificate (certificate) with the second client program to obtain a third client program. Then, the third user program can be uploaded to the remote control device 100 or the network interface device 400 for use in the next download. Alternatively, the third user program can be uploaded to the server for downloading the first user program, and then the second user can download the third user program from the server, and the second user can thereby The server performs login to the remote control device 100 or the network interface device 400. When the first user or the second user downloads the third user program, the web browser may still pop up a warning warning window (Security Warning), which mainly reminds the user to pay attention to the release of the program. And ask the user to choose whether to continue to install this program (optional to install / refuse to install / ask every time), but at this time the program publisher has been changed to this first user.

本發明之方法係具有後台執行之屬性,是以前述之處理過程中,透過本發明之使用者介面,使用者無須具備相關資訊工程知識及技術,即可讓遠端操控系統使用自有之憑證(certificate)完成簽名過程。並且,當使用第二電腦204之另一使用者(第二使用者),欲利用瀏覽器,對被控電腦501~504進行操控時,所啟動的即為網路介面裝置400提供之第三使用者端程式,亦即已具備自有憑證(certificate)之使用者端程式,如此第二使用者將可放心地允許此第三使用者端程式在第二電腦204上執行。本發明有關客製化憑證(certificate)方法流程之詳細步驟描述如下:步驟210,於第一電腦202執行第一使用者端程式,提供使用者介面;步驟220,透過使用者介面選擇第一電腦具有之憑證(certificate);步驟230,自網路介面裝置400下載第二使用者端程式至第一電腦202;步驟240,將憑證(certificate)結合於第二使用者端程式,得到第三使用者端程式;步驟250,上傳第三使用者端程式至網路介面裝置400;步驟260,重新啟動網路介面裝置400,第一使用者端程式可被第三使用者端程式所替換;以及步驟270,之後,本發明之網路介面裝置400即可供另一使用者在第一電腦202或第二電腦204下載並執行具有憑證(certificate)之第三使用者端程式。The method of the present invention has the property of executing in the background. In the foregoing process, through the user interface of the present invention, the user does not need to have relevant information engineering knowledge and technology, so that the remote control system can use its own certificate. (certificate) complete the signing process. Moreover, when another user (second user) of the second computer 204 is used to use the browser to control the controlled computers 501 to 504, the third device provided by the network interface device 400 is activated. The user terminal program, that is, the user terminal program that has its own certificate, so that the second user can safely allow the third user program to execute on the second computer 204. The detailed steps of the process of the customized method of the present invention are as follows: Step 210, the first computer 202 executes the first user program to provide a user interface; and in step 220, the first computer is selected through the user interface. The certificate is provided; in step 230, the second user program is downloaded from the network interface device 400 to the first computer 202; in step 240, the certificate is combined with the second user program to obtain the third use. Step 250, uploading the third user program to the network interface device 400; step 260, restarting the network interface device 400, the first user program can be replaced by the third user program; Step 270, after which the network interface device 400 of the present invention is available for another user to download and execute a third user program with a certificate at the first computer 202 or the second computer 204.

於步驟230中,第二使用者端程式的來源並非僅限於網路介面裝置400,透過網路自製造商之網頁下載亦可。此外,步驟260中,重新啟動網路介面裝置400係為實際操作之方式之一,並非本發明之方法所必需之動作。如同在個人電腦中安裝新軟體程式一般,可視本發明客製化憑證(certificate)之方法於遠端操控系統中之重要程度而認定是否需要重新啟動。並且,亦可不進行前述以第二使用者端程式替換第一使用者端程式之動作,仍然保留第一使用者端程式,作為網路介面裝置400之預設值。當第三使用者端程式尚未上傳至網路介面裝置400之前,網路介面裝置400提供第一使用者端程式或第二使用者端程式供使用者下載,當第三使用者端程式已經上傳至網路介面裝置400之後,網路介面裝置400便提供第三使用者端程式供使用者下載。In step 230, the source of the second user program is not limited to the network interface device 400, and may be downloaded from the manufacturer's webpage through the network. Moreover, in step 260, restarting the network interface device 400 is one of the actual modes of operation and is not an operation necessary for the method of the present invention. As with the installation of new software programs in a personal computer, it is possible to determine whether a restart is required by the method of customizing the certificate of the present invention in the remote control system. Moreover, the action of replacing the first user terminal program with the second user end program may not be performed, and the first user terminal program is still retained as the preset value of the network interface device 400. Before the third user program has not been uploaded to the network interface device 400, the network interface device 400 provides the first user program or the second user program for the user to download, when the third user program has been uploaded. After the network interface device 400, the network interface device 400 provides a third user program for the user to download.

如前述第一使用者端程式、第二使用者端程式及第三使用者端程式皆可包含Java client program或Active X client program。如第一使用者端程式包含Java client program時,自網路介面裝置400下載之第二使用者端程式可為Active X client program,反之亦然。For example, the first client program, the second client program, and the third client program may include a Java client program or an Active X client program. If the first client program includes the Java client program, the second client program downloaded from the network interface device 400 may be an Active X client program, and vice versa.

請一併參考第3圖、第4圖以及第5圖。第5圖係本發明客製化遠端操控系統簽名之方法流程圖。使用第一電腦202之使用者已具有其公司或個人所有之憑證(certificate),且已儲存在第一電腦202內。則根據本發明,使用者不僅能結合憑證(certificate)於第一使用者端程式,更能利用前述自有之憑證(certificate),對第二使用者端程式進行簽名(signature),得到一第三使用者端程式。此簽名過程會使用到微軟公司所提供之簽名軟體或是工具,但是使用者不需過度參與。同樣地,本發明之方法係具有後台執行之屬性,是以透過本發明之使用者介面,使用者無須具備相關資訊工程知識及技術,即能客製化遠端操控系統之簽名(signature)。有關本發明客製化簽名(signature)方法之步驟詳細描述如下:步驟310,於第一電腦202執行第一使用者端程式,提供使用者介面;步驟320,透過使用者介面選擇一憑證;步驟330,自網路介面裝置400下載第二使用者端程式至第一電腦202;步驟340,利用憑證,對第二使用者端程式客製化簽名(signature),得到第三使用者端程式;步驟350,第三使用者端程式上傳至網路介面裝置400;步驟360,重新啟動網路介面裝置400,第一使用者端程式可被第三使用者端程式所替換;以及步驟370,該第一電腦202或一第二電腦204下載並執行具有簽名(signature)之第三使用者端程式。當使用第二電腦204之第二使用者,或是第一電腦之使用者之後欲利用瀏覽器,對被控電腦501~504進行操控時,所啟動的即為網路介面裝置400提供之第三使用者端程式,亦即已具備自有簽名(signature)之使用者端程式。由於此自有簽名係由使用者自行提供,並非遠端操控系統製造商所提供,所以使用者在使用上會感覺比較安心。在本發明之較佳實施例中,步驟340之簽名過程可藉由微軟公司所提供之簽名工具Signtool或是Keytool(適用於Java)達成,這些簽名工具可以對檔案進行數位簽名,驗證檔案中的簽名以及為檔案加上時間戳記(time stamp),但是亦可以其他任何適當之簽名工具達成。前述之第一使用者端程式會在背景執行此簽名工具以完成簽名,所以使用者不需過度參與。Please refer to Figure 3, Figure 4, and Figure 5 together. Figure 5 is a flow chart of the method for authorizing the remote control system signature of the present invention. The user using the first computer 202 already has a certificate owned by his company or individual and has been stored in the first computer 202. According to the present invention, the user can not only use the certificate to authenticate the first user program, but also use the above-mentioned own certificate to sign the second user program to obtain a first Three user-side programs. This signature process uses the signature software or tools provided by Microsoft, but the user does not need to participate excessively. Similarly, the method of the present invention has the property of background execution, that is, through the user interface of the present invention, the user can customize the signature of the remote control system without having relevant information engineering knowledge and technology. The steps of the customized signature method of the present invention are described in detail as follows: Step 310, the first computer 202 executes a first user program to provide a user interface; Step 320, selects a credential through the user interface; 330, downloading the second user terminal program from the network interface device 400 to the first computer 202; step 340, using the credentials, customizing the signature of the second user terminal program to obtain a third user terminal program; Step 350, the third user program is uploaded to the network interface device 400; in step 360, the network interface device 400 is restarted, the first user program can be replaced by the third user program; and step 370, The first computer 202 or a second computer 204 downloads and executes a third user program with a signature. When the second user of the second computer 204 is used, or the user of the first computer wants to use the browser to control the controlled computers 501 to 504, the network interface device 400 is activated. The three-user program, that is, the user-side program that has its own signature. Since this self-signed signature is provided by the user and is not provided by the manufacturer of the remote control system, the user will feel more comfortable using it. In the preferred embodiment of the present invention, the signing process of step 340 can be achieved by the signature tool Signtool or Keytool (for Java) provided by Microsoft Corporation. These signature tools can digitally sign the file and verify the file. Signing and time stamping the file, but it can also be done with any other suitable signing tool. The first user program described above executes the signature tool in the background to complete the signature, so the user does not need to participate excessively.

亦如前述,步驟360中,重新啟動網路介面裝置400係為實際操作之方式之一,並非必需之動作。如同在個人電腦中安裝新軟體程式一般,可視本發明客製化簽名(signature)之方法於遠端操控系統中之重要程度而認定是否需要重新啟動。並且,亦可不進行前述替換之動作,保留第一使用者端程式,作為網路介面裝置400之預設值。第一使用者端程式、第二使用者端程式及第三使用者端程式皆可為Java client program或Active X client program。如第一使用者端程式為Java client program時,自網路介面裝置400下載之第二使用者端程式可為Active X client program,反之亦然。As also mentioned above, in step 360, restarting the network interface device 400 is one of the actual modes of operation, and is not an essential action. As with the installation of new software programs in a personal computer, it is possible to determine whether a restart is required by the method of customizing the signature of the present invention in the remote control system. Moreover, the first user terminal program may be retained as the preset value of the network interface device 400 without performing the foregoing replacement operation. The first client program, the second client program, and the third client program can both be a Java client program or an Active X client program. If the first client program is a Java client program, the second user program downloaded from the network interface device 400 may be an Active X client program, and vice versa.

雖然本發明已就較佳實施例揭露如上,然其並非用以限定本發明。本發明所屬技術領域中具有通常知識者,在不脫離本發明之精神和範圍內,當可作各種之變更和潤飾。因此,本發明之保護範圍當視後附之申請專利範圍所界定者為準。While the invention has been described above in terms of preferred embodiments, it is not intended to limit the invention. Various changes and modifications may be made without departing from the spirit and scope of the invention. Therefore, the scope of the invention is defined by the scope of the appended claims.

10...電腦10. . . computer

20...網頁伺服器20. . . Web server

30...網路30. . . network

100...遠端操控系統100. . . Remote control system

202...第一電腦202. . . First computer

204...第二電腦204. . . Second computer

300...網路300. . . network

400...網路介面裝置400. . . Network interface device

500...多電腦切換器500. . . KVM switch

501、502、503、504...被控電腦501, 502, 503, 504. . . Controlled computer

第1圖係一般網頁需使用者使用憑證或簽名之說明圖。Figure 1 is an illustration of a general web page requiring the user to use a voucher or signature.

第2圖係電腦之作業系統會提醒使用者確認是否接受之憑證對話方塊圖。Figure 2 is a computer operating system that will remind the user to confirm whether or not to accept the voucher dialog box.

第3圖係本發明遠端操控系統之系統關係說明圖。Figure 3 is a diagram showing the system relationship of the remote control system of the present invention.

第4圖係本發明提供使用者在遠端操控系統中使用客製化憑證(certificate)之方法流程圖。Figure 4 is a flow diagram of a method of providing a user with a customized certificate in a remote control system.

第5圖係本發明客製化遠端操控系統簽名之方法流程圖。Figure 5 is a flow chart of the method for authorizing the remote control system signature of the present invention.

第6圖係下載使用者端程式時,網頁瀏覽器會彈出之一警告對話窗。Figure 6 shows that when downloading the client program, the web browser will pop up a warning dialog window.

Claims (29)

一種提供一第一使用者在一遠端操控系統中使用憑證(certificate)之方法,該遠端操控系統具有一遠端操控裝置及一第一使用者端程式,該方法至少包含:於一第一電腦執行該第一使用者端程式,以提供一使用者介面;經由該使用者介面選擇一憑證;自該遠端操控裝置下載一第二使用者端程式至該第一電腦;將該憑證結合於該第二使用者端程式,得到一第三使用者端程式;以及上傳該第三使用者端程式至該遠端操控裝置。A method for providing a first user to use a certificate in a remote control system, the remote control system having a remote control device and a first user program, the method comprising at least: a computer executing the first user program to provide a user interface; selecting a credential via the user interface; downloading a second user program from the remote control device to the first computer; And combining the second user program to obtain a third user program; and uploading the third user program to the remote control device. 如申請專利範圍第1項所述之方法,其中該憑證係由該第一使用者所提供。The method of claim 1, wherein the voucher is provided by the first user. 如申請專利範圍第1項所述之方法,於下載該第二使用者端程式之步驟後,更包括利用該憑證,對該第二使用者端程式進行數位簽名之步驟。The method of claim 1, after the step of downloading the second client program, further comprising the step of digitally signing the second client program by using the credential. 如申請專利範圍第3項所述之方法,於上傳該第三使用者端程式之步驟中,係上傳具有該數位簽名之該第三使用者端程式,以客製化該遠端操控裝置之簽名。The method of claim 3, in the step of uploading the third user program, uploading the third user program having the digital signature to customize the remote control device signature. 如申請專利範圍第4項所述之方法,於上傳該第三使用者端程式之步驟後,更包括重新啟動該遠端操控裝置,以供一第二電腦下載具有該簽名之該第三使用者端程式之步驟。The method of claim 4, after the step of uploading the third user program, further comprising restarting the remote control device for a second computer to download the third use having the signature The steps of the program. 如申請專利範圍第5項所述之方法,其中於重新啟動該遠端操控裝置後,該第一使用者端程式係被該第三使用者端程式所替換。The method of claim 5, wherein the first user program is replaced by the third user program after the remote control device is restarted. 如申請專利範圍第1項所述之方法,於上傳該第三使用者端程式之步驟後,更包括重新啟動該遠端操控裝置,以供一第二電腦下載具有該憑證之該第三使用者端程式之步驟。The method of claim 1, after the step of uploading the third user program, further comprising restarting the remote control device for a second computer to download the third use having the certificate The steps of the program. 如申請專利範圍第1項所述之方法,其中該遠端操控裝置係為一網路型多電腦切換器(Over-IP KVM)The method of claim 1, wherein the remote control device is a network type KVM switch (Over-IP KVM). 如申請專利範圍第1項所述之方法,其中將該憑證結合於該第二使用者端程式之步驟係以一簽名工具對該第二使用者端程式進行數位簽名。The method of claim 1, wherein the step of binding the voucher to the second client program is to digitally sign the second client program with a signature tool. 如申請專利範圍第1項所述之方法,其中該第一使用者端程式包含Java client program或Active X client program。The method of claim 1, wherein the first client program comprises a Java client program or an Active X client program. 如申請專利範圍第1項所述之方法,其中該第二使用者端程式包含Java client program或Active X client program。The method of claim 1, wherein the second client program comprises a Java client program or an Active X client program. 如申請專利範圍第1項所述之方法,其中該第三使用者端程式包含Java client program或Active X client program。The method of claim 1, wherein the third client program comprises a Java client program or an Active X client program. 如申請專利範圍第1項所述之方法,其中該憑證為web server certificate。The method of claim 1, wherein the certificate is a web server certificate. 一種客製化遠端操控系統之簽名的方法,該遠端操控系統具有遠端操控裝置及一第一使用者端程式,該方法至少包含:於一第一電腦執行該第一使用者端程式;透過該第一使用者端程式所提供之一使用者介面選擇一憑證;自該遠端操控裝置下載一第二使用者端程式至該第一電腦;利用該憑證,對該第二使用者端程式簽名,得到一第三使用者端程式;以及上傳該第三使用者端程式至該遠端操控裝置。A method for customizing a signature of a remote control system, the remote control system having a remote control device and a first user program, the method comprising: executing the first user program on a first computer Selecting a credential through a user interface provided by the first user program; downloading a second user program from the remote control device to the first computer; using the credential, the second user End program signature, obtaining a third user program; and uploading the third user program to the remote control device. 如申請專利範圍第14項所述之方法,於上傳該第三使用者端程式之步驟後,更包括重新啟動該遠端操控裝置,以供一第二電腦下載該第三使用者端程式之步驟。The method of claim 14, after the step of uploading the third user program, the method further includes restarting the remote control device for downloading the third user program by a second computer. step. 如申請專利範圍第15項所述之方法,其中於重新啟動該遠端操控裝置後,該第一使用者端程式係為該第三使用者端程式所替換。The method of claim 15, wherein the first user program is replaced by the third user program after the remote control device is restarted. 如申請專利範圍第14項所述之方法,其中該第一使用者端程式包含Java client program或Active X client program。The method of claim 14, wherein the first client program comprises a Java client program or an Active X client program. 如申請專利範圍第14項所述之方法,其中該第二使用者端程式包含Java client program或Active X client program。The method of claim 14, wherein the second client program comprises a Java client program or an Active X client program. 如申請專利範圍第14項所述之方法,其中該第三使用者端程式包含Java client program或Active X client program。The method of claim 14, wherein the third client program comprises a Java client program or an Active X client program. 如申請專利範圍第14項所述之方法,其中該客製化憑證為web server certificate。The method of claim 14, wherein the customized voucher is a web server certificate. 如申請專利範圍第14項所述之方法,其中該遠端操控裝置係為一網路型多電腦切換器(Over-IP KVM)。The method of claim 14, wherein the remote control device is a network-based multi-computer switch (Over-IP KVM). 一種遠端操控系統,至少包含:一遠端操控裝置,使一第一電腦及一第二電腦經由一網路耦接於至少一被控電腦;一第一使用者端程式,執行於該第一電腦上,該第一使用者端程式提供一使用者介面,使一第一使用者對一第二使用者端程式進行簽名而得到一第三使用者端程式,且該第一使用者端程式將該第三使用者端程式經由該網路上傳至該遠端操控裝置中儲存。A remote control system includes: a remote control device configured to couple a first computer and a second computer to at least one controlled computer via a network; a first user program executed on the first In a computer, the first user program provides a user interface, so that a first user signs a second user program to obtain a third user program, and the first user terminal The program uploads the third user program to the remote control device via the network for storage. 如申請專利範圍第22項所述之遠端操控系統,其中該第一使用者端程式係以該第一使用者所提供之一憑證(certificate)對該第二使用者端程式進行簽名。The remote control system of claim 22, wherein the first user program signs the second user program with a certificate provided by the first user. 如申請專利範圍第22項所述之遠端操控系統,其中該第二使用者端程式係由該遠端操控裝置所提供。The remote control system of claim 22, wherein the second user terminal program is provided by the remote control device. 如申請專利範圍第22項所述之遠端操控系統,其中該遠端操控裝置包含一網路介面裝置及一多電腦切換器。The remote control system of claim 22, wherein the remote control device comprises a network interface device and a KVM switch. 如申請專利範圍第22項所述之遠端操控系統,其中該第三使用者端程式可供使用該第二電腦之一第二使用者下載,以使該第二電腦可操控該遠端操控裝置。The remote control system of claim 22, wherein the third user program is available for downloading by a second user of the second computer, so that the second computer can manipulate the remote control Device. 如申請專利範圍第22項所述之遠端操控系統,其中該第一使用者端程式包含Java client program或Active X client program。The remote control system of claim 22, wherein the first client program comprises a Java client program or an Active X client program. 如申請專利範圍第22項所述之遠端操控系統,其中該第二使用者端程式包含Java client program或Active X client program。The remote control system of claim 22, wherein the second client program comprises a Java client program or an Active X client program. 如申請專利範圍第22項所述之遠端操控系統,其中該第三使用者端程式包含Java client program或Active X client program。The remote control system of claim 22, wherein the third client program comprises a Java client program or an Active X client program.
TW98127954A 2009-08-19 2009-08-19 Kvm remote management system providing customized certificate, signature and methoe thereof TWI414997B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98127954A TWI414997B (en) 2009-08-19 2009-08-19 Kvm remote management system providing customized certificate, signature and methoe thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98127954A TWI414997B (en) 2009-08-19 2009-08-19 Kvm remote management system providing customized certificate, signature and methoe thereof

Publications (2)

Publication Number Publication Date
TW201108111A TW201108111A (en) 2011-03-01
TWI414997B true TWI414997B (en) 2013-11-11

Family

ID=44835522

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98127954A TWI414997B (en) 2009-08-19 2009-08-19 Kvm remote management system providing customized certificate, signature and methoe thereof

Country Status (1)

Country Link
TW (1) TWI414997B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201502851A (en) 2013-07-05 2015-01-16 Think Cloud Digital Technology Co Ltd Digital signature method
CN105934751B (en) 2014-01-30 2020-02-07 惠普发展公司,有限责任合伙企业 Data erasure for target devices

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW497040B (en) * 2000-02-25 2002-08-01 Reveo Inc Globally time-synchronized systems, devices and methods
TW559708B (en) * 1999-02-26 2003-11-01 Reveo Inc Globally time-synchronized systems, devices and methods
CN1156759C (en) * 2000-01-06 2004-07-07 国际商业机器公司 Method and system of forming and using virus free document certificate
EP0833241B1 (en) * 1996-09-27 2005-05-11 Mitsubishi Corporation Secure data management system
TWI235584B (en) * 2001-07-12 2005-07-01 Atrua Technologies Inc System, method, and operating model for mobile wireless network-based transaction authentication and non-repudiation
US20050149738A1 (en) * 2004-01-02 2005-07-07 Targosky David G. Biometric authentication system and method for providing access to a KVM system
US20060161972A1 (en) * 2005-01-19 2006-07-20 Cromer Daryl C System and method for license management in blade server system
US20070022176A1 (en) * 2005-07-22 2007-01-25 Fujitsu Component Limited Switching device for remotely controlling connections of a computer and peripherals over networks
US20070261097A1 (en) * 2006-05-03 2007-11-08 Avocent Corporation Remote session recording apparatus and method
US7429991B2 (en) * 2004-06-04 2008-09-30 Aten International Co., Ltd. Video card
US20080244257A1 (en) * 2007-03-30 2008-10-02 Kushagra Vaid Server active management technology (AMT) assisted secure boot
TW200907697A (en) * 2007-06-18 2009-02-16 Avocent Huntsville Corp System and method for providing multi-protocol access to remote computers
US20090150580A1 (en) * 2007-12-06 2009-06-11 Aten International Co., Ltd. Method and system for computer management
US7552213B2 (en) * 2005-05-12 2009-06-23 Avocent Fremont Corp. Remote network node management system and method
US20090177901A1 (en) * 2008-01-08 2009-07-09 Aten International Co., Ltd. Kvm management system capable of controlling computer power

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0833241B1 (en) * 1996-09-27 2005-05-11 Mitsubishi Corporation Secure data management system
TW559708B (en) * 1999-02-26 2003-11-01 Reveo Inc Globally time-synchronized systems, devices and methods
CN1156759C (en) * 2000-01-06 2004-07-07 国际商业机器公司 Method and system of forming and using virus free document certificate
TW497040B (en) * 2000-02-25 2002-08-01 Reveo Inc Globally time-synchronized systems, devices and methods
TWI235584B (en) * 2001-07-12 2005-07-01 Atrua Technologies Inc System, method, and operating model for mobile wireless network-based transaction authentication and non-repudiation
US20050149738A1 (en) * 2004-01-02 2005-07-07 Targosky David G. Biometric authentication system and method for providing access to a KVM system
US7429991B2 (en) * 2004-06-04 2008-09-30 Aten International Co., Ltd. Video card
US20060161972A1 (en) * 2005-01-19 2006-07-20 Cromer Daryl C System and method for license management in blade server system
US7552213B2 (en) * 2005-05-12 2009-06-23 Avocent Fremont Corp. Remote network node management system and method
US20070022176A1 (en) * 2005-07-22 2007-01-25 Fujitsu Component Limited Switching device for remotely controlling connections of a computer and peripherals over networks
US20070261097A1 (en) * 2006-05-03 2007-11-08 Avocent Corporation Remote session recording apparatus and method
US20080244257A1 (en) * 2007-03-30 2008-10-02 Kushagra Vaid Server active management technology (AMT) assisted secure boot
TW200907697A (en) * 2007-06-18 2009-02-16 Avocent Huntsville Corp System and method for providing multi-protocol access to remote computers
US20090150580A1 (en) * 2007-12-06 2009-06-11 Aten International Co., Ltd. Method and system for computer management
US20090177901A1 (en) * 2008-01-08 2009-07-09 Aten International Co., Ltd. Kvm management system capable of controlling computer power

Also Published As

Publication number Publication date
TW201108111A (en) 2011-03-01

Similar Documents

Publication Publication Date Title
US9135433B2 (en) Identifying reputation and trust information for software
US10459711B2 (en) Updating applications using migration signatures
JP6318940B2 (en) Service providing system, data providing method and program
JP2003050781A (en) Device and method for authenticating individuals, device and method for managing version, program for making computer execute individual authenticating method and program for making computer execute the version managing method
JP2009533722A (en) Communication device that emulates the behavior of navigation devices
JP2013539084A (en) Web-based electronic signature document
US20180039787A1 (en) Information processing apparatus, application management method, and image forming apparatus
JP6914436B2 (en) Systems and methods for authentication
TWI414997B (en) Kvm remote management system providing customized certificate, signature and methoe thereof
JP6303312B2 (en) Service providing system and image providing method
JP5838248B1 (en) System and method for providing a predetermined service to a user
JP6447766B2 (en) Service providing system, data providing method and program
US20210006634A1 (en) Secure and private web browsing system and method
JP4825566B2 (en) Electronic report data download system
JP2004054502A (en) Information terminal device, program for purchasing additional function, and method for adding program function
JP2012123494A (en) Client control method and client control system
JP2006253769A (en) Information processing system and method
JP3783000B2 (en) Program start control device, method and program
Tamboli et al. Here We Go!
JP5365398B2 (en) Security management program management method, computer program, and information recording medium
Chitre Installing and configuring MIT Kerberos for Windows
JP5904443B2 (en) Software system
Ewart Managing Windows Servers with Chef
JP2015176482A (en) Information processor, information processing system, information processing method, and program
JP2015026288A (en) Service provision system, service provision method, and program