TWI640886B - Login method and login authentication device - Google Patents

Login method and login authentication device Download PDF

Info

Publication number
TWI640886B
TWI640886B TW106101972A TW106101972A TWI640886B TW I640886 B TWI640886 B TW I640886B TW 106101972 A TW106101972 A TW 106101972A TW 106101972 A TW106101972 A TW 106101972A TW I640886 B TWI640886 B TW I640886B
Authority
TW
Taiwan
Prior art keywords
login
data
identification code
user data
verification device
Prior art date
Application number
TW106101972A
Other languages
Chinese (zh)
Other versions
TW201828132A (en
Inventor
江俊霖
黃志維
Original Assignee
富邦人壽保險股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 富邦人壽保險股份有限公司 filed Critical 富邦人壽保險股份有限公司
Priority to TW106101972A priority Critical patent/TWI640886B/en
Publication of TW201828132A publication Critical patent/TW201828132A/en
Application granted granted Critical
Publication of TWI640886B publication Critical patent/TWI640886B/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

一種系統登入方法,包括下列步驟:當前系統發送一使用者資料至登入驗證裝置;登入驗證裝置接收該使用者資料,並產生一識別碼,登入驗證裝置並將該識別碼輸出至當前系統,且傳輸識別碼及使用者資料至一暫存資料庫中儲存;當前系統發送該識別碼至目標系統;目標系統發送該識別碼至登入驗證裝置;以及,登入驗證裝置自暫存資料庫中取得識別碼,並與自目標系統取得之識別碼進行比對驗證;如驗證結果為相同,登入驗證裝置自暫存資料庫中取得相應之使用者資料作為目標系統之登入資料,並提供登入資料給目標系統,以使目標系統根據登入資料而啟動登入作業。A system login method includes the following steps: the current system sends a user data to the login verification device; the login verification device receives the user data, generates an identification code, logs in the verification device, and outputs the identification code to the current system, and Transmitting the identification code and the user data to a temporary storage database; the current system sends the identification code to the target system; the target system sends the identification code to the login verification device; and the login verification device obtains the identification from the temporary storage database The code is compared with the identification code obtained from the target system; if the verification result is the same, the login verification device obtains the corresponding user data from the temporary storage database as the login data of the target system, and provides the login data to the target. The system is such that the target system initiates the login operation based on the login data.

Description

系統登入方法及登入驗證裝置System login method and login verification device

本發明係關於一種系統登入方法,特別是一種關於單點登入之系統登入方法。The present invention relates to a system login method, and more particularly to a system login method for single sign-on.

傳統在登入不同系統時,使用者必須透過各系統提供之登入介面輸入帳號及密碼才能登入。又使用者基於安全性考量,往往在不同系統中會設置不同的帳號及密碼。隨著所要登入的系統越來越多,使用者除了要記憶大量的帳號及密碼外,其在登入某一系統後欲切換到其他系統時,均要重新輸入帳號及密碼,造成使用上的不方便。Traditionally, when logging in to different systems, users must log in by entering the account number and password through the login interface provided by each system. Users also set different accounts and passwords in different systems based on security considerations. With more and more systems to be logged in, in addition to memorizing a large number of accounts and passwords, users must re-enter their accounts and passwords when they want to switch to other systems after logging in to a certain system, resulting in no use. Convenience.

因此,有必要思考一種新的登入系統方法,以改善上述缺失。Therefore, it is necessary to think about a new login system method to improve the above-mentioned shortcomings.

本發明之主要目的係在提供一種允許使用者於不同系統間切換登入之系統登入方法。The main object of the present invention is to provide a system login method that allows a user to switch between different systems.

本發明之另一主要目的係在提供一種跨系統登入驗證之登入驗證裝置。Another main object of the present invention is to provide a login verification device for cross-system login verification.

為達成上述之目的,本發明揭示一種系統登入方法,其允許一使用者裝置由目前登入的當前系統切換登入到一目標系統,其中當前系統及目標系統連線一登入驗證裝置。本發明之系統登入方法包括下列步驟:當前系統發送一使用者資料至登入驗證裝置;登入驗證裝置接收該使用者資料,並產生一識別碼,且登入驗證裝置並將產生之識別碼輸出至當前系統,並傳輸識別碼及使用者資料至一暫存資料庫中儲存;當前系統發送該識別碼至目標系統;目標系統發送該識別碼至登入驗證裝置;以及,登入驗證裝置自暫存資料庫中取得識別碼,並與自目標系統取得之識別碼進行比對驗證,如驗證結果為相同,登入驗證裝置自暫存資料庫取得相應之使用者資料作為目標系統之登入資料,並提供該登入資料給目標系統,以使目標系統根據登入資料而啟動登入作業。To achieve the above object, the present invention discloses a system login method that allows a user device to log in to a target system from the current system currently logged in, wherein the current system and the target system are connected to a login verification device. The system login method of the present invention includes the following steps: the current system sends a user data to the login verification device; the login verification device receives the user data, generates an identification code, and logs in the verification device and outputs the generated identification code to the current System, and transmitting the identification code and user data to a temporary database for storage; the current system sends the identification code to the target system; the target system sends the identification code to the login verification device; and the login verification device self-deposited database Obtain an identification code and compare it with the identification code obtained from the target system. If the verification result is the same, the login verification device obtains the corresponding user data from the temporary storage database as the login data of the target system, and provides the login. The data is sent to the target system so that the target system initiates the login operation based on the login data.

本發明另揭示一種登入驗證裝置,其連線當前系統及目標系統,可允許一使用者裝置由目前登入的當前系統切換登入到目標系統。本發明之登入驗證裝置包括有暫存資料庫、資料傳輸模組、識別碼產生模組、驗證模組及資料提供模組。資料傳輸模組用以接收來自當前系統之使用者資料,並將該使用者資料傳輸至暫存資料庫中儲存。識別碼產生模組用以產生一識別碼,其中該識別碼透過資料傳輸模組發送至當前系統,並傳輸到暫存資料庫中儲存。驗證模組用以自暫存暫存資料庫取得識別碼,並與自目標系統取得之識別碼進行比對驗證。資料提供模組用以在比對驗證結果為相同時,自暫存資料庫取得相應之使用者資料作為目標系統之登入資料,並透過資料傳輸模組提供該登入資料給目標系統,以使目標系統根據登入資料而啟動登入作業。The invention further discloses a login verification device that connects the current system and the target system, and allows a user device to switch to the target system by the current system currently logged in. The login verification device of the present invention comprises a temporary storage database, a data transmission module, an identification code generation module, a verification module and a data providing module. The data transmission module is configured to receive user data from the current system and transmit the user data to the temporary storage database for storage. The identifier generation module is configured to generate an identification code, wherein the identification code is sent to the current system through the data transmission module, and is transmitted to the temporary storage database for storage. The verification module is configured to obtain an identification code from the temporary storage database and compare and verify the identification code obtained from the target system. The data providing module is configured to obtain the corresponding user data from the temporary storage database as the login data of the target system when the comparison verification result is the same, and provide the login data to the target system through the data transmission module to make the target The system starts the login operation based on the login data.

為能更瞭解本發明之技術內容,特舉較佳具體實施例說明如下。In order to better understand the technical contents of the present invention, a preferred embodiment will be described below.

以下請先參考圖1關於本發明之系統登入方法之使用環境示意圖。Please refer to FIG. 1 for a schematic diagram of the usage environment of the system login method of the present invention.

如圖1所示,在本發明之一實施例中,本發明之系統登入方法可允許使用者U操作一使用者裝置70由一目前登入的當前系統90切換登入到一目標系統80,其中當前系統90及目標系統80皆透過網路與一登入驗證裝置1連線。需注意的是,以下雖僅以兩系統間之切換為例,說明本發明之系統登入方法,惟本發明不以此為限,此處與登入驗證裝置1連線之系統可為更多,以供使用者U可於多系統間進行切換登入。As shown in FIG. 1, in an embodiment of the present invention, the system login method of the present invention allows a user U to operate a user device 70 to be logged into a target system 80 by a currently logged-in current system 90, where Both the system 90 and the target system 80 are connected to a login verification device 1 via the network. It should be noted that the system login method of the present invention is described below by taking only the switching between the two systems as an example. However, the present invention is not limited thereto, and the system connected to the login verification device 1 may be more. For the user U to switch between multiple systems to log in.

在本發明之一實施例中,登入驗證裝置1譬如是一台或數台電腦伺服器,包括資料傳輸模組10、識別碼產生模組20、驗證模組30、資料提供模組40、資料刪除模組50及暫存資料庫60。需注意的是,上述各個模組除可配置為硬體裝置、軟體程式、韌體或其組合外,亦可藉電路迴路或其他適當型式配置;並且,各個模組除可以單獨之型式配置外,亦可以結合之型式配置。一個較佳實施例是各模組皆為軟體程式儲存於記憶體上,藉由登入驗證裝置1中的一處理器(圖未示)執行各模組以達成本發明之功能。此外,本實施方式僅例示本發明之較佳實施例,為避免贅述,並未詳加記載所有可能的變化組合。然而,本領域之通常知識者應可理解,上述各模組或元件未必皆為必要。且為實施本發明,亦可能包含其他較細節之習知模組或元件。各模組或元件皆可能視需求加以省略或修改,且任兩模組間未必不存在其他模組或元件。In an embodiment of the present invention, the login verification device 1 is, for example, one or several computer servers, including a data transmission module 10, an identification code generation module 20, a verification module 30, a data providing module 40, and a data. The module 50 and the temporary database 60 are deleted. It should be noted that, in addition to being configurable as a hardware device, a software program, a firmware, or a combination thereof, each of the above modules may also be configured by a circuit loop or other suitable type; and, in addition, each module may be configured in a separate type. It can also be combined with the type configuration. In a preferred embodiment, each module is stored in a software program on a memory, and each module is executed by a processor (not shown) in the login verification device 1 to achieve the functions of the present invention. In addition, the present embodiment is merely illustrative of preferred embodiments of the present invention, and in order to avoid redundancy, all possible combinations of variations are not described in detail. However, those of ordinary skill in the art will appreciate that the various modules or components described above are not necessarily required. In order to implement the invention, other well-known modules or elements of more detail may also be included. Each module or component may be omitted or modified as needed, and no other modules or components may exist between any two modules.

在本發明之實施例中,資料傳輸模組10用以接收來自當前系統90傳來之使用者資料(及補充使用者資料),並於接收後,將使用者資料(及補充使用者資料)傳輸至暫存資料庫50中儲存。使用者資料係當前系統90根據使用者U輸入之一身分驗證資料而取得,該身分驗證資料為使用者登入當前系統90前所須輸入的驗證資料,此驗證資料為用以驗證使用者身分之資料,係為避免請求登入者非真正有權登入者,其並非是作為啟動登入作業之資料,一般而言,係由一帳號及一密碼所組成,但不以此為限。在具體實施例中,使用者資料可至少包含一選自身份證號、代號、名稱、密碼、地址、電子郵件地址、電話或行動電話。補充使用者資料為要登入目標系統80所需要但為使用者資料所欠缺的資料;舉例而言,假設登入目標系統80所需資料包含姓名資料、電話資料及電子信箱資料,而登入當前系統90需要的資料(即使用者資料)只包含姓名資料及電話資料時,則電子信箱資料即為本發明所指的補充使用者資料。在本實施例中,補充使用者資料係當前系統90根據使用者資料自系統資料庫D1或D2中取得,惟補充使用者資料之取得方式並不以此為限,且本發明亦未必要取得補充使用者資料。舉例來說,當登入當前系統90需要的資料(即使用者資料)已可滿足登入目標系統80所需要的資料時,亦即使用者資料包含有登入到目標系統80所需的全部資料時,此時即無須再另取得補充使用者資料。此外,在其他實施例中,補充使用者資料也可由目標系統80來取得;詳言之,即便使用者資料欠缺了登入目標系統80所需的資料,當前系統90也可只傳送使用者資料至資料傳輸模組10,而由目標系統80在如後述取得使用者資料後,再依據該使用者資料去查找取得補充使用者資料,查找方式係可由目標系統80直接查找資料自系統資料庫D1或D2,亦可由目標系統80指示當前系統90查找資料自系統資料庫D1。另需注意的是,本實施例中,用於提供補充使用者資料之系統資料庫D1、D2雖為在當前系統90及目標系統80中之資料庫,但本發明不以此為限,在其他實施例中,用於提供補充使用者資料之系統資料庫也可為第三方之資料庫,即可為獨立設置在目標系統80及當前系統90外而儲存有使用者資料之資料庫。In the embodiment of the present invention, the data transmission module 10 is configured to receive user data (and supplementary user data) transmitted from the current system 90, and after receiving, the user data (and supplementary user data). Transfer to the temporary repository 50 for storage. The user data is obtained by the current system 90 based on the identity verification data input by the user U. The identity verification data is the verification data that the user must input before logging in to the current system 90. The verification data is used to verify the identity of the user. In order to avoid requesting the registrant to be non-authenticated, it is not the information for starting the login operation. Generally speaking, it consists of an account number and a password, but not limited to this. In a particular embodiment, the user profile may include at least one selected from an identification number, a code name, a name, a password, an address, an email address, a phone call, or a mobile phone. The user data is required to be logged into the target system 80 but is missing from the user data; for example, it is assumed that the information required to log in to the target system 80 includes name data, telephone data and email information, and is logged into the current system 90. When the required information (ie user data) only contains name information and telephone data, the electronic mail information is the supplementary user data referred to in the present invention. In this embodiment, the supplementary user data system is obtained from the system database D1 or D2 according to the user data, but the manner of obtaining the supplementary user data is not limited thereto, and the present invention does not need to obtain Supplement user data. For example, when the data (ie, user data) required to log in to the current system 90 can satisfy the information required to log in to the target system 80, that is, when the user data includes all the materials required to log in to the target system 80, At this point, there is no need to obtain additional user information. In addition, in other embodiments, the supplemental user profile may also be obtained by the target system 80; in detail, even if the user profile lacks the information required to log in to the target system 80, the current system 90 may only transmit the user profile to The data transmission module 10, after the user system 80 obtains the user data as described later, and then searches for the supplementary user data according to the user data, and the search mode can directly find the data from the system database D1 or the target system 80. D2, the target system 80 may also indicate that the current system 90 is looking for data from the system database D1. It should be noted that, in this embodiment, the system databases D1 and D2 for providing supplementary user data are databases in the current system 90 and the target system 80, but the present invention is not limited thereto. In other embodiments, the system database for providing supplementary user data may also be a third-party database, that is, a database for storing user data independently of the target system 80 and the current system 90.

在本發明之實施例中,識別碼產生模組20用以在資料傳輸模組10接收使用者資料(及補充使用者資料)後,產生識別碼,該識別碼並可透過資料傳輸模組10回傳至當前系統90,且傳輸到暫存資料庫50中儲存。其中產生的識別碼會與接收到的使用者資料(及補充使用者資料)建立一配對關係,且登入驗證裝置1會記錄該識別碼與該使用者資料(及補充使用者資料)間的配對關係。In the embodiment of the present invention, the identification code generating module 20 is configured to generate an identification code after the data transmission module 10 receives the user data (and the supplementary user data), and the identification code can be transmitted through the data transmission module 10 It is passed back to the current system 90 and transferred to the temporary repository 50 for storage. The generated identification code establishes a pairing relationship with the received user data (and supplementary user data), and the login verification device 1 records the pairing between the identification code and the user data (and supplementary user data). relationship.

在本發明之一實施例中,資料傳輸模組10更能用以接收由目標系統80傳來之識別碼,其中該識別碼係由目標系統80自當前系統90處取得。更具體而言,當前系統90在取得來自登入驗證裝置1傳來之識別碼後,會將該識別碼發送至目標系統80,再由目標系統80發送至登入驗證裝置1,而由資料傳輸模組10所接收。In an embodiment of the present invention, the data transmission module 10 is further configured to receive an identification code transmitted by the target system 80, wherein the identification code is obtained by the target system 80 from the current system 90. More specifically, after the current system 90 obtains the identification code from the login verification device 1, the identification code is sent to the target system 80, and then sent by the target system 80 to the login verification device 1, and the data transmission mode is used. Group 10 is received.

在本發明之實施例中,驗證模組30用以自暫存資料庫60中取得識別碼,並將之與自目標系統80取得之識別碼進行比對驗證。In the embodiment of the present invention, the verification module 30 is configured to obtain an identification code from the temporary storage database 60 and compare it with the identification code obtained from the target system 80.

在驗證模組30比對出自暫存資料庫60中取得的識別碼與自目標系統80取得之識別碼為相同時,該結果會提供給資料提供模組40,此時,資料提供模組40會將自當前系統90所取得並儲存於暫存資料庫60中的使用者資料(及補充使用者資料)作為目標系統80之登入資料,並透過資料傳輸模組10提供該登入資料給目標系統80,以使目標系統80根據該登入資料而啟動登入作業。When the verification module 30 compares the identification code obtained from the temporary storage database 60 with the identification code obtained from the target system 80, the result is provided to the data providing module 40. At this time, the data providing module 40 The user data (and the supplementary user data) obtained from the current system 90 and stored in the temporary storage database 60 are used as the login data of the target system 80, and the login data is provided to the target system through the data transmission module 10. 80, to enable the target system 80 to initiate a login operation based on the login data.

在本發明之實施例中,資料刪除模組50用以在提供使用者資料(及補充使用者資料)給目標系統80後,將該使用者資料(及補充使用者資料)自暫存資料庫60中刪除。In the embodiment of the present invention, the data deletion module 50 is configured to provide the user data (and the supplementary user data) from the temporary storage database after providing the user data (and the supplementary user data) to the target system 80. 60 is deleted.

接著,請一併參考圖1至圖5。其中圖2、3係本發明之系統登入方法之步驟流程圖。以下將配合圖1及圖3至圖5,依序說明圖2、3中所示之各步驟。Next, please refer to FIG. 1 to FIG. 5 together. 2 and 3 are flowcharts showing the steps of the system login method of the present invention. Hereinafter, the steps shown in FIGS. 2 and 3 will be sequentially described with reference to FIGS. 1 and 3 to 5.

首先,步驟S1:當前系統接收一身分驗證資料,並根據身分驗證資料取得使用者資料。First, step S1: the current system receives an identity verification data, and obtains user data according to the identity verification data.

如圖1所示,在本發明之實施例中,當使用者U操作使用者裝置70(例如:平板電腦)透由網路以連線至當前系統90時,當前系統90會先行提供一例如圖4所示之登入介面L顯示於該使用者裝置70之螢幕(圖未示)上。如圖4所示,登入介面L包含有帳號欄位L1及密碼欄位L2,使用者U可透過該些欄位輸入包含帳號及密碼在內之身分驗證資料至當前系統90。當前系統1接收由使用者U輸入之身分驗證資料後,會先行判斷使用者U所輸入的帳號及密碼是否正確,並在判斷為正確時,進一步地根據輸入的帳號及/或密碼取得一使用者資料,例如使用者U的姓名、電話等個人資料,並根據該使用者資料啟動登入作業,即令使用者U登入至當前系統90中。在具體實施例中,使用者資料可至少包含一選自身份證號、代號、名稱、密碼、地址、電子郵件地址、電話或行動電話。As shown in FIG. 1, in the embodiment of the present invention, when the user U operates the user device 70 (for example, a tablet computer) to connect to the current system 90 through the network, the current system 90 provides a first example. The login interface L shown in FIG. 4 is displayed on a screen (not shown) of the user device 70. As shown in FIG. 4, the login interface L includes an account field L1 and a password field L2, through which the user U can input the identity verification data including the account number and the password to the current system 90. After receiving the identity verification data input by the user U, the current system 1 first determines whether the account and password input by the user U are correct, and further determines the use of the account and/or password according to the input account and/or password. The user profile, such as the user U's name, phone number, and the like, and initiates the login operation based on the user profile, so that the user U logs into the current system 90. In a particular embodiment, the user profile may include at least one selected from an identification number, a code name, a name, a password, an address, an email address, a phone call, or a mobile phone.

舉例而言,在此的當前系統90可為某公司內部的線上辦公系統,使用者U為該公司之員工,可在透過該線上辦公系統提供之登入介面輸入其預先設定的帳號及密碼後,登入至該線上辦公系統中辦理特定業務,但本發明之應用不以此為限。For example, the current system 90 here may be an online office system within a company, and the user U is an employee of the company, and after inputting a preset account number and password through a login interface provided by the online office system, Log in to the online office system for specific services, but the application of the present invention is not limited thereto.

步驟S2:當前系統接收一系統切換指令,並根據系統切換指令判斷使用者資料是否欠缺登入目標系統所需之資料。Step S2: The current system receives a system switching instruction, and determines, according to the system switching instruction, whether the user data lacks the information required to log in to the target system.

當使用者U登入到當前系統90後,如欲登入至其他系統時,可藉由輸入一系統切換指令以切換至所欲登入之系統。具體實施方式之一但不以此為限的是,可在當前系統90的當前操作介面91上顯示其他系統之連結,以供使用者點選輸入系統切換指令(如圖5所示)。以前揭例子為例,如使用者U於利用線上辦公系統辦公過程中,如突然想起後天有事要請假時,即可點選請假系統之連結,以輸入要求登入到請假系統(即目標系統80)之系統切換指令。When the user U logs in to the current system 90, if he wants to log in to other systems, he can switch to the system to be logged in by inputting a system switching command. One of the specific embodiments, but not limited thereto, may display a connection of other systems on the current operating interface 91 of the current system 90 for the user to select an input system switching instruction (as shown in FIG. 5). For example, if the user U used the online office system to work, if he suddenly remembered that he had to take time off, he could click the link of the leave system and enter the request to log in to the leave system (ie, target system 80). System switching instructions.

在本發明之實施例中,當前系統90於接收使用者U輸入之系統切換指令後,將會根據系統切換指令判斷先前取得的使用者資料是否欠缺登入目標系統80所需之資料。舉例來說,包含當前系統90及目標系統80在內之各系統皆會儲存登入其他系統時所需要的資料;假設登入線上辦公系統所需之使用者資料包含使用者的姓名資料及電話資料,而登入請假系統所需之資料須包含使用者姓名資料、電話資料及電子信箱資料,則當使用者於線上辦公系統(當前系統90)中點選請假系統(目標系統80)之連結時,線上辦公系統(當前系統90)即會根據系統切換指令判斷出使用者U欲切換登入之系統為請假系統,並判斷出使用者資料欠缺了登入請假系統(目標系統80)所需的電子信箱資料。In the embodiment of the present invention, after receiving the system switching instruction input by the user U, the current system 90 determines whether the previously obtained user data lacks the information required to log in to the target system 80 according to the system switching instruction. For example, each system including the current system 90 and the target system 80 stores the data required to log in to other systems; it is assumed that the user data required to log in to the online office system includes the user's name information and telephone data. The information required to log in to the leave system must include the user's name information, telephone data and e-mail information. When the user clicks on the link to the leave system (target system 80) in the online office system (current system 90), online The office system (current system 90) determines that the user U wants to switch the login system to the leave system according to the system switching instruction, and determines that the user information lacks the e-mail data required for the login leave system (target system 80).

步驟S301:當前系統發送使用者資料至登入驗證裝置。Step S301: The current system sends the user data to the login verification device.

一旦判斷出登入當前系統90所需之使用者資料未欠缺登入目標系統80所需的資料,亦即使用者資料中已包含登入目標系統80所需的資料時,當前系統90便會直接將目前已取得的使用者資料發送到登入驗證裝置1,由登入驗證裝置1之資料傳輸模組10接收,該資料傳輸模組10並會傳輸使用者資料至暫存資料庫60中儲存(即步驟S401)。Once it is determined that the user data required to log in to the current system 90 does not lack the information required to log in to the target system 80, that is, the user profile already contains the information required to log in to the target system 80, the current system 90 will directly The obtained user data is sent to the login verification device 1 and received by the data transmission module 10 of the login verification device 1. The data transmission module 10 also transmits the user data to the temporary storage database 60 for storage (ie, step S401). ).

步驟S302:當前系統根據使用者資料自系統資料庫中取得一補充使用者資料,並發送使用者資料及補充使用者資料至登入驗證裝置。Step S302: The current system obtains a supplementary user data from the system database according to the user data, and sends the user data and the supplementary user data to the login verification device.

反之,一旦判斷出登入當前系統90所需之使用者資料缺少了登入目標系統80所需的資料時,當前系統90便會依據使用者資料,自系統資料庫D1或D2中取得一補充使用者資料。其中補充使用者資料即為要登入目標系統80所需但為使用者資料所缺少的資料,其係可由當前系統90自儲存於本身中之系統資料庫D1中取得,也可以由當前系統90自儲存於目標系統80中之系統資料庫D2中取得,但不以此為限。舉例言之,承前揭所述例子,由於登入請假系統(目標系統80)所需的資料包含有使用者的姓名、電話及電子信箱等資料,其中電子信箱資料為使用者資料中所無,因此,當前系統90便會先根據該使用者資料自系統資料庫D1中去查找出對應姓名資料及電話資料的電子信箱資料(即補充使用者資料)。如果本身的系統資料庫D1未儲存有使用者的電子信箱資料時,當前系統90進一步地會連線至目標系統80,以自系統資料庫D2查找出該電子信箱資料(即補充使用者資料)。On the other hand, once it is determined that the user data required to log in to the current system 90 lacks the information required to log in to the target system 80, the current system 90 will obtain a supplementary user from the system database D1 or D2 based on the user data. data. The supplementary user data is the information that is required to be logged into the target system 80 but is missing from the user data, and may be obtained by the current system 90 from the system database D1 stored in itself, or may be obtained by the current system 90. It is stored in the system database D2 in the target system 80, but is not limited thereto. For example, as mentioned above, since the information required for the login and leave system (target system 80) includes the user's name, telephone number, and e-mail address, the e-mail information is not included in the user data. The current system 90 will first search for the corresponding email address of the name data and telephone data (ie, supplement the user data) from the system database D1 according to the user data. If the user's e-mail data is not stored in the system database D1, the current system 90 is further connected to the target system 80 to find the e-mail data (ie, supplemental user data) from the system database D2. .

取得補充使用者資料後,當前系統90便會將補充使用者資料連同原先已取得的使用者資料發送至登入驗證裝置1,由登入驗證裝置1之資料傳輸模組10接收,資料傳輸模組10並會將使用者資料傳輸至暫存資料庫60中儲存(即步驟S402)。After the user data is obtained, the current system 90 sends the supplementary user data together with the previously obtained user data to the login verification device 1 and receives it by the data transmission module 10 of the login verification device 1. The data transmission module 10 The user data is transferred to the temporary database 60 for storage (ie, step S402).

惟需注意的是,在其他實施例中,即便使用者資料未包含有登入目標系統80所需的全部資料,當前系統90也可僅發送使用者資料至登入驗證裝置1,而由目標系統80在如後所述取得使用者資料(即後述提到的登入資料)後,判斷所接收到的使用者資料是否欠缺登入所需的資料,並在判斷使用者資料欠缺登入所需的資料時,依據使用者資料查找取得補充使用者資料,之後再利用使用者資料及補充使用者資料啟動登入驗證作業。換句話說,本發明所述之補充使用者資料可由當前系統90或目標系統80來取得。It should be noted that in other embodiments, even if the user profile does not include all the information required to log in to the target system 80, the current system 90 may only send the user profile to the login verification device 1, but by the target system 80. After obtaining the user data (that is, the login information mentioned later) as described later, it is judged whether the received user data lacks the information required for login, and when it is determined that the user data lacks the information required for login, The user data is searched for the supplementary user data, and then the user data and the supplementary user data are used to initiate the login verification operation. In other words, the supplemental user profile of the present invention can be obtained by the current system 90 or the target system 80.

步驟S5:登入驗證裝置產生一識別碼,並傳輸識別碼至暫存資料庫中儲存。Step S5: The login verification device generates an identification code and transmits the identification code to the temporary storage database for storage.

在步驟S401或S402完成後,登入驗證裝置1之識別碼產生模組20會產生一識別碼,該識別碼會透過資料傳輸模組10以輸出至當前系統,並傳輸到暫存資料庫60中儲存。其中產生之識別碼為一次性使用代碼,其會和在步驟S401或S402中所接收到的使用者資料(及補充使用者資料)具有一配對關係,換言之,每次產生的識別碼為用以作為識別不同使用者資料(及補充使用者資料)的專屬代碼。登入驗證裝置1並會記錄產生之識別碼與所接收到的使用者資料(及補充使用者資料)間之配對關係。After the step S401 or S402 is completed, the identification code generating module 20 of the login verification device 1 generates an identification code, which is transmitted to the current system through the data transmission module 10 and transmitted to the temporary storage database 60. Store. The identification code generated therein is a one-time use code, which has a pairing relationship with the user data (and supplementary user data) received in step S401 or S402. In other words, each generated identification code is used to A unique code that identifies different user profiles (and supplements user profiles). The verification device 1 is logged in and records the pairing relationship between the generated identification code and the received user data (and supplementary user data).

如圖3所示,接著執行步驟S6:當前系統發送識別碼至目標系統。As shown in FIG. 3, step S6 is next performed: the current system transmits an identification code to the target system.

當前系統90在取得來自登入驗證裝置1之識別碼後,接著便會將該識別碼發送至目標系統80。The current system 90, after obtaining the identification code from the login verification device 1, then transmits the identification code to the target system 80.

步驟S7:目標系統發送識別碼至登入驗證裝置。Step S7: The target system sends the identification code to the login verification device.

目標系統80在取得識別碼後,接著會將取得的識別碼發送到登入驗證裝置1,以向登入驗證裝置1領取登入所需的資料。After obtaining the identification code, the target system 80 then transmits the obtained identification code to the login verification device 1 to collect the information required for login from the login verification device 1.

步驟S8:登入驗證裝置自暫存資料庫中取得識別碼,並與自目標系統取得之識別碼進行比對驗證。Step S8: The login verification device obtains the identification code from the temporary storage database, and performs comparison verification with the identification code obtained from the target system.

登入驗證裝置1一旦自目標系統80取得識別碼後,驗證模組30便會自暫存資料庫60中取得先前儲存之識別碼,並以之和自目標系統80取得識別碼相比對,以驗證來自目標系統80之識別碼是否正確。如驗證結果為相同,登入驗證裝置1之資料提供模組40便會根據識別碼以將與該識別碼具配對關係的使用者資料(及補充使用者資料)作為目標系統80之登入資料,並提供該登入資料給目標系統80(即執行步驟S9),以使目標系統80根據該登入資料而啟動登入作業(即執行步驟S10)。登入作業完成後,使用者裝置70便可成功切換登入至目標系統80中。以前揭例子為例,即是會登入到請假系統中,此時使用者裝置70之螢幕上會直接顯示請假系統(目標系統80)之操作介面81(如圖6所示),而不會再先顯示登入頁面來要求使用者輸入身分驗證資料。Once the login verification device 1 obtains the identification code from the target system 80, the verification module 30 retrieves the previously stored identification code from the temporary storage database 60 and compares it with the identification code obtained from the target system 80. Verify that the identification code from the target system 80 is correct. If the verification result is the same, the data providing module 40 of the login verification device 1 uses the user data (and the supplementary user data) that is paired with the identification code as the login data of the target system 80 according to the identification code, and The login data is provided to the target system 80 (ie, step S9 is performed) to cause the target system 80 to initiate a login operation based on the login data (ie, perform step S10). After the login operation is completed, the user device 70 can successfully switch to the target system 80. For example, in the previous example, the user interface 70 is displayed in the leave system. At this time, the operation interface 81 (shown in FIG. 6) of the leave system (target system 80) is directly displayed on the screen of the user device 70, and no longer. The login page is displayed first to ask the user to enter the identity verification data.

步驟S11:登入驗證裝置刪除使用者資料(及補充使用者資料)。Step S11: The login verification device deletes the user data (and the supplementary user data).

在將使用者資料(及補充使用者資料)提供給目標系統80後,為避免登入驗證裝置遭駭而有個人資料被盜的風險,每次提供完使用者資料(及補充使用者資料)後,登入驗證裝置1之資料刪除模組50便會將該使用者資料(及補充使用者資料)自暫存資料庫60中刪除。After the user data (and supplementary user data) is provided to the target system 80, in order to avoid the risk of the personal data being stolen after the login verification device is compromised, each time the user data (and the supplementary user data) is provided The data deletion module 50 of the login verification device 1 deletes the user data (and supplementary user data) from the temporary storage database 60.

綜上所陳,上述諸多實施例僅係為了便於說明而舉例而已,本發明所主張之權利範圍自應以申請專利範圍所述為準,而非僅限於上述實施例。In the above, the above-mentioned embodiments are only for the convenience of the description, and the scope of the claims should be based on the scope of the patent application, and not limited to the above embodiments.

登入驗證裝置1 資料傳輸模組10 識別碼產生模組20 驗證模組30 資料提供模組40 資料刪除模組50 暫存資料庫60 使用者裝置70 目標系統80 當前系統90 當前操作介面91 系統資料庫D1、D2 使用者U 登入介面L 帳號欄位L1 密碼欄位L2Login verification device 1 data transmission module 10 identification code generation module 20 verification module 30 data providing module 40 data deletion module 50 temporary storage database 60 user device 70 target system 80 current system 90 current operation interface 91 system data Library D1, D2 User U Login Interface L Account Field L1 Password Field L2

圖1係本發明之登入驗證裝置之使用環境示意圖。 圖2係本發明之系統登入方法之第一步驟流程圖。 圖3係本發明之系統登入方法之第二步驟流程圖。 圖4係表示當前系統提供之一登入介面之示意圖。 圖5係表示當前系統提供之一操作介面之示意圖。 圖6係表示目標系統提供之一操作介面之示意圖。1 is a schematic diagram of a usage environment of a login verification device of the present invention. 2 is a flow chart showing the first step of the system login method of the present invention. 3 is a flow chart showing the second step of the system login method of the present invention. FIG. 4 is a schematic diagram showing one of the login interfaces provided by the current system. Figure 5 is a schematic diagram showing one of the operating interfaces provided by the current system. Figure 6 is a schematic diagram showing one of the operational interfaces provided by the target system.

Claims (17)

一種系統登入方法,允許一使用者裝置由一當前系統切換登入到一目標系統,其中該當前系統及該目標系統連線至一登入驗證裝置,該系統登入方法包括下列步驟:該當前系統判斷一使用者資料是否欠缺登入該目標系統所需之資料;若否,該當前系統發送該使用者資料至該登入驗證裝置;若是,該當前系統根據該使用者資料自一系統資料庫中取得一補充使用者資料,並發送該使用者資料及該補充使用者資料至該登入驗證裝置;該登入驗證裝置接收該使用者資料、或該使用者資料及該補充使用者資料,並產生一識別碼,該登入驗證裝置並將該識別碼輸出至該當前系統,且傳輸該識別碼及該使用者資料至一暫存資料庫中儲存;該當前系統發送該識別碼至該目標系統;該目標系統發送該識別碼至該登入驗證裝置;以及該登入驗證裝置自該暫存資料庫中取得該識別碼,並與自該目標系統取得之該識別碼進行比對驗證,如驗證結果為相同,該登入驗證裝置自該暫存資料庫取得相應之該使用者資料作為該目標系統之一登入資料,並提供該登入資料給該目標系統,以使該目標系統根據該登入資料而啟動登入作業。A system login method for allowing a user device to switch to a target system by a current system, wherein the current system and the target system are connected to a login verification device, the system login method comprising the following steps: the current system determines a Whether the user profile lacks the information required to log in to the target system; if not, the current system sends the user profile to the login verification device; if so, the current system obtains a supplement from a system database based on the user profile User data, and the user data and the supplementary user data are sent to the login verification device; the login verification device receives the user data, or the user data and the supplementary user data, and generates an identification code. The login verification device outputs the identification code to the current system, and transmits the identification code and the user data to a temporary storage database; the current system sends the identification code to the target system; the target system sends The identification code to the login verification device; and the login verification device is taken from the temporary storage database The identification code is compared with the identification code obtained from the target system. If the verification result is the same, the login verification device obtains the corresponding user data from the temporary storage database as one of the target systems. Information and providing the login information to the target system to enable the target system to initiate a login operation based on the login data. 如申請專利範圍第1項所述之系統登入方法,其中該登入驗證裝置係透過一資料傳輸模組接收該使用者資料。The system login method of claim 1, wherein the login verification device receives the user profile through a data transmission module. 如申請專利範圍第1項所述之系統登入方法,其中該登入驗證裝置接收該使用者資料後,由一識別碼產生模組產生一識別碼,且該識別碼透過一資料傳輸模組輸出至該當前系統,並且傳輸至該暫存資料庫中儲存。The system login method of claim 1, wherein the login verification device receives the user data, and an identification code generation module generates an identification code, and the identification code is output through a data transmission module to The current system is transferred to the temporary repository for storage. 如申請專利範圍第1項所述之系統登入方法,其中該登入驗證裝置透過一資料提供模組自該暫存資料庫中取得相應之該使用者資料作為該登入資料。The system login method of claim 1, wherein the login verification device obtains the corresponding user data from the temporary storage database as the login data through a data providing module. 如申請專利範圍第1項所述之系統登入方法,其中該登入驗證裝置透過一資料傳輸模組接收自該目標系統發送而來之該識別碼。The system login method of claim 1, wherein the login verification device receives the identification code sent from the target system through a data transmission module. 如申請專利範圍第1項所述之系統登入方法,其中該登入驗證裝置透過一驗證模組自該暫存料庫中取得該識別碼,並與該目標系統發送而來之該識別碼進行比對驗證。The system login method of claim 1, wherein the login verification device obtains the identification code from the temporary storage database through a verification module, and compares the identification code sent by the target system. For verification. 如申請專利範圍第1項所述之系統登入方法,其中該登入資料係透過一資料傳輸模組提供至該目標系統。The system login method of claim 1, wherein the login data is provided to the target system via a data transmission module. 如申請專利範圍第1項所述之系統登入方法,其中該當前系統更將該補充使用者資料發送至該登入驗證裝置,以在驗證結果為相同時,更將該補充使用者資料作為該登入資料。The system login method of claim 1, wherein the current system further sends the supplementary user data to the login verification device, so that the supplementary user data is used as the login when the verification result is the same. data. 如申請專利範圍第8項所述之系統登入方法,更包括下列步驟:該當前系統接收一系統切換指令,以根據該系統切換指令判斷該使用者資料是否欠缺登入該目標系統所需之資料。The system login method of claim 8, further comprising the step of: receiving, by the current system, a system switching instruction to determine, according to the system switching instruction, whether the user data lacks information required to log in to the target system. 如申請專利範圍第1項所述之系統登入方法,其中該登入驗證裝置提供該登入資料給該目標系統後,更包括下列步驟:該目標系統判斷該使用者資料是否欠缺登入該目標系統所需之資料;以及若是,該目標系統根據該使用者資料自一系統資料庫中取得一補充使用者資料,藉以根據該使用者資料及該補充使用者資料啟動登入作業。The system login method of claim 1, wherein the login verification device provides the login information to the target system, and further includes the following steps: the target system determines whether the user profile lacks the required login to the target system And if the target system obtains a supplementary user profile from a system database based on the user data, thereby initiating the login operation based on the user profile and the supplementary user profile. 如申請專利範圍第8或10項所述之系統登入方法,其中該系統資料庫儲存於該當前系統。The system login method of claim 8 or 10, wherein the system database is stored in the current system. 如申請專利範圍第8或10項所述之系統登入方法,其中該系統資料庫儲存於該目標系統。The system login method of claim 8 or 10, wherein the system database is stored in the target system. 如申請專利範圍第1項所述之系統登入方法,其中該使用者資料係至少包含一選自身份證號、代號、名稱、密碼、地址、電子郵件地址、電話或行動電話。The system login method of claim 1, wherein the user profile comprises at least one selected from the group consisting of an ID number, a code name, a password, an address, an email address, a telephone number, or a mobile phone number. 如申請專利範圍第1項所述之系統登入方法,更包括下列步驟:透過一資料刪除模組,以在該資料提供模組提供該使用者資料給該目標系統後,刪除儲存在該暫存資料庫中之該使用者資料。The system login method as described in claim 1 further includes the following steps: deleting the storage in the temporary storage system after the data providing module provides the user data to the target system through a data deletion module The user profile in the database. 一種登入驗證裝置,可允許一使用者裝置由一當前系統切換登入至一目標系統,該登入驗證裝置包括:一暫存資料庫;一資料傳輸模組,用以接收來自該當前系統之一使用者資料,並將該使用者資料傳輸至該暫存資料庫中儲存,該資料傳輸模組更用以接收來自該當前系統之一補充使用者資料,該補充使用者資料係由該當前系統在該使用者資料欠缺登入該目標系統所需之資料時,自一系統資料庫中取得;一識別碼產生模組,用以產生一識別碼,其中該識別碼透過該資料傳輸模組發送至該當前系統,並傳輸到該暫存資料庫中儲存;一驗證模組,用以自該目標系統取得之該識別碼,並與自該暫存暫存資料庫取得該識別碼進行比對驗證;以及一資料提供模組,用以自該驗證模組取得比對驗證結果,該比對驗證結果為相同時,該資料提供模組自該暫存資料庫取得相應之該使用者資料作為該目標系統之一登入資料,並透過該資料傳輸模組提供該登入資料給該目標系統,以使該目標系統根據該登入資料而啟動登入作業。A login verification device that allows a user device to be logged into a target system by a current system, the login verification device comprising: a temporary storage database; and a data transmission module for receiving usage from one of the current systems And transmitting the user data to the temporary storage database, the data transmission module is further configured to receive supplementary user data from the current system, the supplementary user data is The user data is obtained from a system database when the information required for logging in to the target system is lacking; an identification code generating module is configured to generate an identification code, wherein the identification code is sent to the data transmission module The current system is transmitted to the temporary storage database for storage; a verification module is configured to obtain the identification code from the target system, and obtain the identification code from the temporary storage temporary storage database for comparison verification; And a data providing module for obtaining the comparison verification result from the verification module, wherein the data providing module is from the temporary storage database when the comparison verification result is the same To give the corresponding one of the user data to the target system as the login information, and providing the sign data through the data transmission module to the target system, so that the target operating system boot based on the sign in sign information. 如申請專利範圍第15項所述之登入驗證裝置,其中該使用者資料係至少包含一選自身份證號、代號、名稱、密碼、地址、電子郵件地址、電話或行動電話。The login verification device of claim 15, wherein the user profile comprises at least one selected from the group consisting of an identification number, a code name, a name, a password, an address, an email address, a telephone call, or a mobile phone. 如申請專利範圍第15項所述之登入驗證裝置,更包括一資料刪除模組,用以在回傳該使用者資料至該目標系統後,刪除該使用者資料。The login verification device of claim 15 further includes a data deletion module for deleting the user data after the user data is returned to the target system.
TW106101972A 2017-01-19 2017-01-19 Login method and login authentication device TWI640886B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106101972A TWI640886B (en) 2017-01-19 2017-01-19 Login method and login authentication device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106101972A TWI640886B (en) 2017-01-19 2017-01-19 Login method and login authentication device

Publications (2)

Publication Number Publication Date
TW201828132A TW201828132A (en) 2018-08-01
TWI640886B true TWI640886B (en) 2018-11-11

Family

ID=63960528

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106101972A TWI640886B (en) 2017-01-19 2017-01-19 Login method and login authentication device

Country Status (1)

Country Link
TW (1) TWI640886B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI241497B (en) * 2001-09-25 2005-10-11 Taiwan Semiconductor Mfg Operation method of single sign on system
TW201004267A (en) * 2008-07-15 2010-01-16 Data Systems Consulting Co Ltd Single sign-on method for web and non-web applications
TW201403370A (en) * 2012-07-02 2014-01-16 Chunghwa Telecom Co Ltd Identity simulation integrated with verification and authentication and dynamic identity switching method and system
TW201438451A (en) * 2013-03-18 2014-10-01 Chunghwa Telecom Co Ltd Authentication method and system for backend service integration by proxy server
TWM542301U (en) * 2017-01-19 2017-05-21 Fubon Life Insurance Co Ltd Login verification device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI241497B (en) * 2001-09-25 2005-10-11 Taiwan Semiconductor Mfg Operation method of single sign on system
TW201004267A (en) * 2008-07-15 2010-01-16 Data Systems Consulting Co Ltd Single sign-on method for web and non-web applications
TW201403370A (en) * 2012-07-02 2014-01-16 Chunghwa Telecom Co Ltd Identity simulation integrated with verification and authentication and dynamic identity switching method and system
TW201438451A (en) * 2013-03-18 2014-10-01 Chunghwa Telecom Co Ltd Authentication method and system for backend service integration by proxy server
TWM542301U (en) * 2017-01-19 2017-05-21 Fubon Life Insurance Co Ltd Login verification device

Also Published As

Publication number Publication date
TW201828132A (en) 2018-08-01

Similar Documents

Publication Publication Date Title
US11924214B2 (en) Systems and methods for accessing cloud resources from a local development environment
CN109600306B (en) Method, device and storage medium for creating session
US8826398B2 (en) Password changing
US10021098B2 (en) Account login method, device, and system
US10742649B1 (en) Secure authentication and virtual environment setup
US8955076B1 (en) Controlling access to a protected resource using multiple user devices
US9645966B2 (en) Synchronizing handles for user accounts across multiple electronic devices
WO2017193863A1 (en) Customized device registration method, server, and terminal
US20130212653A1 (en) Systems and methods for password-free authentication
US9742784B2 (en) Account registration and login method, and network attached storage system using the same
JP2010026936A (en) Terminal device and system for searching personal information
US20180343309A1 (en) Migrating sessions using a private cloud - cloud technology
JP2006527432A (en) Login method with multiple identifiers for instant messaging system
US20220027429A1 (en) Dynamically determining a server for enrollment with management system
US10320920B2 (en) Automatic migration of communication sessions using a private cloud-cloud technology
CN116743496A (en) Device remote operation method, device, computer device and storage medium
TWI640886B (en) Login method and login authentication device
TWM542301U (en) Login verification device
JP6848275B2 (en) Program, authentication system and authentication cooperation system
JP2009260846A (en) Network operation monitoring system, manager device, and network operation monitoring method
CN117579402B (en) Platform secondary authentication login system and method
US12126612B2 (en) User authentication via telephonic communication
US20240305718A1 (en) User-Specific Security Credential Bypass For Shared Device Voicemail
US20230396618A1 (en) Token based identity verification and consent management
US20220400103A1 (en) User authentication via telephonic communication