TWI680658B - Single-user login system with allows network address changes and method thereof - Google Patents

Single-user login system with allows network address changes and method thereof Download PDF

Info

Publication number
TWI680658B
TWI680658B TW107145605A TW107145605A TWI680658B TW I680658 B TWI680658 B TW I680658B TW 107145605 A TW107145605 A TW 107145605A TW 107145605 A TW107145605 A TW 107145605A TW I680658 B TWI680658 B TW I680658B
Authority
TW
Taiwan
Prior art keywords
client
token information
server
request
echo request
Prior art date
Application number
TW107145605A
Other languages
Chinese (zh)
Other versions
TW202025669A (en
Inventor
陳龍
Long Chen
Original Assignee
英業達股份有限公司
Inventec Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英業達股份有限公司, Inventec Corporation filed Critical 英業達股份有限公司
Priority to TW107145605A priority Critical patent/TWI680658B/en
Application granted granted Critical
Publication of TWI680658B publication Critical patent/TWI680658B/en
Publication of TW202025669A publication Critical patent/TW202025669A/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

一種允許網路位址變動的單機登入系統及其方法,透過在客戶端登入伺服端時,由伺服端產生相應的權杖信息並提供給客戶端,以便客戶端在傳送客戶端請求時,嵌入此權杖信息作為單機登入的用戶識別之用,以及由客戶端以固定的發送週期持續發送包含權杖信息的回音信息至伺服端,以便在權杖信息失效時,使客戶端能夠即時得到伺服端的反饋,以及在伺服端提前接收到回音請求時,更新權杖信息以確保單機登入,用以達成提高單機登入的可適用性之技術功效。A stand-alone login system and method allowing network address changes. When a client logs in to a server, the server generates corresponding token information and provides it to the client, so that the client can embed it when transmitting the client request. This token information is used for user identification of single sign-on, and the client continuously sends echo information containing token information to the server at a fixed sending cycle, so that when the token information is invalid, the client can get the server immediately The feedback from the client and when the server receives an echo request in advance, the token information is updated to ensure a single login, which is used to achieve the technical effect of improving the applicability of the single login.

Description

允許網路位址變動的單機登入系統及其方法Single machine login system and method for allowing network address change

本發明涉及一種單機登入系統及其方法,特別是允許網路位址變動的單機登入系統及其方法。The invention relates to a stand-alone login system and a method thereof, in particular to a stand-alone login system and a method thereof that allow a network address to be changed.

近年來,隨著網際網路的普及與蓬勃發展,各種系統或網站便如雨後春筍般地湧現,而為了解決一個帳號同時有多人操作,造成資安、授權或消耗硬體資源的問題,單機登入便成為最受矚目的解決方案之一。In recent years, with the popularity and vigorous development of the Internet, various systems or websites have sprung up. In order to solve the problem of multiple users operating an account at the same time, causing security, authorization, or consumption of hardware resources, a single machine Login becomes one of the most watched solutions.

一般而言,傳統的單機登入方式通常會在登入成功時,記錄帳號的網路位址(IP Address),並且在收到後續的請求時,檢查網路位址是否一致,倘若不一致則強制登出。然而,此方式的單機登入僅適用於單純的網路環境,當客戶端所處的網路環境經常發生網路位址飄移時,將會導致誤判的情況發生,使得客戶端仍然需要頻繁地重新進行登入,也就是說,無法適用於較複雜的網路環境,故具有單機登入的可適用性不佳的問題。Generally speaking, the traditional single sign-on method usually records the IP address of the account when the login is successful, and checks whether the network addresses are consistent when receiving subsequent requests. Out. However, this method of single sign-on is only applicable to a simple network environment. When the network address drift often occurs in the network environment where the client is located, it will cause a misjudgment situation, so that the client still needs to frequently restart Sign in, that is, it cannot be applied to more complicated network environments, so it has the problem of poor applicability of single sign-on.

有鑑於此,便有廠商提出以硬體金鑰作為單機登入的技術手段,其透過設置在晶片中的金鑰作為驗證的憑證,無需使用傳統的帳號密碼進行登入。然而,此方式由於不需要輸入帳號密碼,所以需要在伺服端的登入機制做相應的調整,無法直接適用於未經調整的網路環境,而且硬體金鑰存在遺失或損毀的可能性,故仍然存在單機登入的可適用性不佳的問題。In view of this, some manufacturers have proposed using a hardware key as a single sign-on technology, which uses the key set in the chip as a verification certificate, and does not need to use a traditional account password to log in. However, this method does not need to enter the account password, so the login mechanism on the server side needs to be adjusted accordingly. It cannot be directly applied to the unadjusted network environment, and the hardware key may be lost or damaged, so it is still There is a problem that the applicability of single sign-on is not good.

綜上所述,可知先前技術中長期以來一直存在單機登入的可適用性不佳之問題,因此實有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the applicability of single sign-on has been poor in the prior art for a long time, so it is necessary to propose improved technical means to solve this problem.

本發明揭露一種允許網路位址變動的單機登入系統及其方法。The invention discloses a stand-alone login system and method for allowing network address changes.

首先,本發明揭露一種允許網路位址變動的單機登入系統,此系統包含:客戶端及伺服端。在客戶端的部分,其包含:傳輸模組及執行模組。其中,所述傳輸模組用以接收權杖信息以進行儲存,以及傳送多個客戶端請求,其中,每一客戶端請求在傳送時均嵌入儲存的權杖信息;執行模組用以在成功登入後,以固定的發送週期持續發送回音請求,所述回音請求包含權杖信息。First, the present invention discloses a stand-alone login system that allows a network address to change. The system includes a client and a server. On the client side, it includes: a transmission module and an execution module. The transmission module is used for receiving token information for storage, and transmitting multiple client requests, wherein each client request embeds the stored token information when transmitting; the execution module is used for successful After logging in, an echo request is continuously sent at a fixed sending cycle, and the echo request includes token information.

在伺服端的部分,其包含:登入模組及更新模組。其中,登入模組用以允許客戶端進行登入,並且在客戶端成功登入後,生成對應的權杖信息以傳送至對應的客戶端;更新模組用以在非發送週期提前接收到回音請求時,更新權杖信息,並且將更新後的權杖信息傳送至發送回音請求的客戶端,使此客戶端儲存更新後的權杖信息。On the server side, it includes: a login module and an update module. The login module is used to allow the client to log in, and after the client successfully logs in, the corresponding token information is generated to be transmitted to the corresponding client; the update module is used to receive the echo request in advance during the non-sending period. , Update the token information, and send the updated token information to the client that sent the echo request, so that this client stores the updated token information.

另外,本發明揭露一種允許網路位址變動的單機登入方法,應用在具有客戶端及伺服端的網路環境,其步驟包括:伺服端提供客戶端進行登入,並且在客戶端成功登入後,生成對應的權杖信息以傳送至對應的客戶端;客戶端自伺服端接收對應的權杖信息以進行儲存,並且在傳送多個客戶端請求至伺服端時,將權杖信息嵌入每一客戶端請求中;客戶端以固定的發送週期持續發送回音請求至伺服端,其中,所述回音請求包含權杖信息;當伺服端在非發送週期提前接收到回音請求時,伺服端更新權杖信息,並且將更新後的權杖信息傳送至發送回音請求的客戶端,使此客戶端以更新後的權杖信息嵌入欲傳送的客戶端請求。In addition, the present invention discloses a stand-alone login method that allows a network address to be changed. The method is applied to a network environment with a client and a server. The steps include: the server provides the client to log in, and after the client successfully logs in, generates The corresponding token information is transmitted to the corresponding client; the client receives the corresponding token information from the server for storage, and embeds the token information into each client when sending multiple client requests to the server In the request; the client continuously sends an echo request to the server with a fixed sending cycle, wherein the echo request includes token information; when the server receives the echo request in advance in a non-sending period, the server updates the token information, And the updated token information is transmitted to the client that sent the echo request, so that this client embeds the updated token information into the client request to be transmitted.

本發明所揭露之系統與方法如上,與先前技術的差異在於本發明是透過在客戶端登入伺服端時,由伺服端產生相應的權杖信息並提供給客戶端,以便客戶端在傳送客戶端請求時,嵌入此權杖信息作為單機登入的用戶識別之用,以及由客戶端以固定的發送週期持續發送包含權杖信息的回音信息至伺服端,以便在權杖信息失效時,使客戶端能夠即時得到伺服端的反饋,以及在伺服端提前接收到回音請求時,更新權杖信息以確保單機登入。The system and method disclosed in the present invention are as above. The difference from the prior art is that the present invention generates corresponding token information from the server and provides it to the client when the client logs in to the server, so that the client transmits the client. When requested, the token information is embedded for user identification of single sign-on, and the client continuously sends echo messages containing token information to the server at a fixed sending cycle, so that when the token information becomes invalid, the client It can get feedback from the server in real time, and update the token information to ensure a single machine login when the server receives an echo request in advance.

透過上述的技術手段,本發明可以達成提高單機登入的可適用性之技術功效。Through the above technical means, the present invention can achieve the technical effect of improving the applicability of single sign-on.

以下將配合圖式及實施例來詳細說明本發明之實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。In the following, the embodiments of the present invention will be described in detail with reference to the drawings and examples, so as to fully understand and implement the implementation process of how the present invention applies technical means to solve technical problems and achieve technical effects.

在說明本發明所揭露之允許網路位址變動的單機登入系統及其方法之前,先對本發明所應用的網路環境作說明,所述網路環境包含有線網路或無線網路或兩者組合,以便客戶端與伺服端之間相互通訊。其中,有線網路可使用電話線、雙絞線、電纜線、光纖等方式連接;無線網路可透過藍牙(Bluetooth)、Wi-Fi、LoRa、ZigBee、CoAP(Constrained Application Protocol)或MQTT(Message Queuing Telemetry Transport)等無線通訊技術來實現。在實際實施上,客戶端及伺服端皆可使用計算機裝置來實現,如:個人電腦、筆記型電腦、平板電腦、智慧型手機、伺服器等等。Before describing the stand-alone login system and method for allowing network address changes disclosed in the present invention, the network environment to which the present invention is applied will be described. The network environment includes a wired network, a wireless network, or both. Combination so that the client and server can communicate with each other. Among them, the wired network can be connected using telephone lines, twisted pairs, cables, optical fibers, etc .; the wireless network can be connected via Bluetooth, Wi-Fi, LoRa, ZigBee, CoAP (Constrained Application Protocol), or MQTT (Message Queuing Telemetry Transport). In actual implementation, both the client and the server can be implemented using computer devices, such as: personal computers, notebook computers, tablet computers, smart phones, servers, and so on.

以下配合圖式對本發明允許網路位址變動的單機登入系統及其方法做進一步說明,請參閱「第1圖」,「第1圖」為本發明允許網路位址變動的單機登入系統之系統方塊圖,此系統包含:客戶端110及伺服端120。在客戶端110的部分,其包含:傳輸模組111及執行模組112。其中,傳輸模組111用以接收權杖(Token)信息以進行儲存,以及傳送客戶端請求,每一客戶端請求在傳送時均嵌入儲存的權杖信息。在實際實施上,傳輸模組111還可接收錯誤信息,並且在接收到錯誤信息時,產生提示區塊以提示使用者重新登入伺服端120。The following describes the stand-alone login system and method of the present invention that allow network address changes according to the drawings. Please refer to "Figure 1". "Figure 1" shows the stand-alone login system that allows network address changes according to the present invention. System block diagram. This system includes: client 110 and server 120. The client 110 includes a transmission module 111 and an execution module 112. The transmission module 111 is used for receiving token information for storage, and transmitting client requests. Each client request embeds the stored token information when transmitting. In actual implementation, the transmission module 111 can also receive error information, and when receiving the error information, it generates a prompt block to prompt the user to log in to the server 120 again.

執行模組112用以在成功登入伺服端120後,以固定的發送週期持續發送回音請求,所述回音請求包含權杖信息。在實際實施上,所述固定的發送週期是指每隔幾秒發送一次回音請求,例如:每隔2秒發送一次、每隔3秒發送一次等等。特別要說明的是,為了避免客戶端110因重新載入網頁而影響發送週期,導致出現提前向伺服端120發送回音請求的情況,因此,客戶端110在重新載入同一網頁時,在發送週期中停止發送第一個回音請求(即:輪空第一次的回音請求)。The execution module 112 is configured to continuously send an echo request at a fixed sending period after successfully logging in to the server 120, and the echo request includes token information. In actual implementation, the fixed sending cycle refers to sending an echo request every few seconds, for example, sending every 2 seconds, sending every 3 seconds, and so on. In particular, in order to avoid that the client 110 affects the sending cycle due to reloading the webpage, which causes the echo request to be sent to the server 120 in advance, therefore, when the client 110 reloads the same webpage, the sending cycle is To stop sending the first echo request (that is, the first echo request by turns).

在伺服端120的部分,其包含:登入模組121及更新模組122。其中,登入模組121用以允許客戶端110進行登入,並且在客戶端110成功登入後,生成對應的權杖信息以傳送至對應的客戶端110。在實際實施上,使用者需要以自己的帳號登入伺服端120,而伺服端120則會為每一個登入的帳號產生對應的權杖信息。另外,同一個客戶端110可以允許不同的帳號登入伺服端120,而同一個帳號也可以透過不同的客戶端110登入伺服端120,只不過如果是同一個帳號透過不同的客戶端110登入伺服端120時,只有最後登入的客戶端110會獲得伺服端120所更新的權杖信息,至於先前使用同一帳號登入的客戶端110則會得到伺服端120傳送的錯誤信息,提示使用者需要重新登入。特別要說明的是,權杖信息可以是伺服端120產生的隨機字符串,並且同時儲存在伺服端120及客戶端110,其中,所述客戶端110以網路餅乾(Cookie)儲存權杖信息。The server 120 includes a login module 121 and an update module 122. The login module 121 is used to allow the client 110 to log in, and after the client 110 successfully logs in, the corresponding token information is generated and transmitted to the corresponding client 110. In actual implementation, the user needs to log in to the server 120 with his own account, and the server 120 will generate corresponding token information for each login account. In addition, the same client 110 can allow different accounts to log in to the server 120, and the same account can also log in to the server 120 through different clients 110, but if the same account is used to log in to the server through different clients 110 At 120 hours, only the client 110 who last logged in will get the token information updated by the server 120, and the client 110 who previously logged in with the same account will get the error message sent by the server 120, prompting the user to log in again. It should be particularly noted that the token information may be a random string generated by the server 120 and stored at the server 120 and the client 110 at the same time, wherein the client 110 stores the token information in a cookie. .

更新模組122用以在非發送週期提前接收到回音請求時,更新權杖信息,並且將更新後的權杖信息傳送至發送此回音請求的客戶端110,使此客戶端110儲存更新後的權杖信息。舉例來說,假設原客戶端110的發送週期為每隔5秒發送一次,當間隔3秒便提前收到同一用戶的回音請求時,代表該用戶可能在新客戶端110進行登入,所以更新模組122重新產生權杖信息,並且傳送至發送此回音請求的新客戶端110。之後,即使原客戶端110仍然傳送回音請求,但是因為其回音請求內的權杖信息已經與伺服端120的權杖信息不匹配,故伺服端120會丟棄此回音請求,並且傳送錯誤信息至對應的客戶端110提示重新登入。換句話說,伺服端120在更新過權杖信息後,接收到嵌入未更新過的權杖信息的客戶端請求或回音請求時,將丟棄嵌入未更新過的權杖信息的客戶端請求或回音請求,並且傳送錯誤信息至對應的客戶端110。The update module 122 is configured to update the token information when the echo request is received in advance in a non-sending period, and transmit the updated token information to the client 110 that sends the echo request, so that the client 110 stores the updated Scepter information. For example, suppose that the sending period of the original client 110 is to send every 5 seconds. When an echo request from the same user is received in advance at an interval of 3 seconds, the user may log in at the new client 110, so the update mode is updated. The group 122 regenerates the token information and transmits it to the new client 110 sending this echo request. After that, even if the original client 110 still sends an echo request, because the token information in the echo request does not match the token information of the server 120, the server 120 will discard the echo request and send an error message to the corresponding Client 110 prompts to log in again. In other words, when the server 120 receives the client request or the echo request embedded with the non-updated token information after updating the token information, it will discard the client request or the echo embedded with the token information that has not been updated. Request and send error information to the corresponding client 110.

特別要說明的是,在實際實施上,本發明所述的各模組皆可利用各種方式來實現,包含軟體、硬體或其任意組合,例如,在某些實施方式中,模組可利用軟體及硬體或其中之一來實現,除此之外,本發明亦可部分地或完全地基於硬體來實現,例如,系統中的一個或多個模組可以透過積體電路晶片、系統單晶片(System on Chip, SoC)、複雜可程式邏輯裝置(Complex Programmable Logic Device, CPLD)、現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)等等來實現。本發明可以是系統、方法及/或電腦程式。電腦程式可以包括電腦可讀儲存媒體,其上載有用於使處理器實現本發明的各個方面的電腦可讀程式指令,電腦可讀儲存媒體可以是可以保持和儲存由指令執行設備使用的指令的有形設備。電腦可讀儲存媒體可以是但不限於電儲存設備、磁儲存設備、光儲存設備、電磁儲存設備、半導體儲存設備或上述的任意合適的組合。電腦可讀儲存媒體的更具體的例子(非窮舉的列表)包括:硬碟、隨機存取記憶體、唯讀記憶體、快閃記憶體、光碟、軟碟以及上述的任意合適的組合。此處所使用的電腦可讀儲存媒體不被解釋爲瞬時信號本身,諸如無線電波或者其它自由傳播的電磁波、通過波導或其它傳輸媒介傳播的電磁波(例如,通過光纖電纜的光信號)、或者通過電線傳輸的電信號。另外,此處所描述的電腦可讀程式指令可以從電腦可讀儲存媒體下載到各個計算/處理設備,或者通過網路,例如:網際網路、區域網路、廣域網路及/或無線網路下載到外部電腦設備或外部儲存設備。網路可以包括銅傳輸電纜、光纖傳輸、無線傳輸、路由器、防火牆、交換器、集線器及/或閘道器。每一個計算/處理設備中的網路卡或者網路介面從網路接收電腦可讀程式指令,並轉發此電腦可讀程式指令,以供儲存在各個計算/處理設備中的電腦可讀儲存媒體中。執行本發明操作的電腦程式指令可以是組合語言指令、指令集架構指令、機器指令、機器相關指令、微指令、韌體指令、或者以一種或多種程式語言的任意組合編寫的原始碼或目的碼(Object Code),所述程式語言包括物件導向的程式語言,如:Common Lisp、Python、C++、Objective-C、Smalltalk、Delphi、Java、Swift、C#、Perl、Ruby與PHP等等,以及常規的程序式(Procedural)程式語言,如:C語言或類似的程式語言。計算機可讀程式指令可以完全地在電腦上執行、部分地在電腦上執行、作爲一個獨立的軟體執行、部分在客戶端電腦上部分在遠端電腦上執行、或者完全在遠端電腦或伺服器上執行。It should be particularly noted that, in actual implementation, the modules described in the present invention can be implemented in various ways, including software, hardware, or any combination thereof. For example, in some embodiments, the modules can be used Software or hardware or one of them can be implemented. In addition, the present invention can also be implemented partially or completely based on hardware. For example, one or more modules in a system can be implemented through integrated circuit chips, systems System on Chip (SoC), Complex Programmable Logic Device (CPLD), Field Programmable Gate Array (FPGA), and so on. The invention may be a system, a method, and / or a computer program. The computer program may include a computer-readable storage medium having computer-readable program instructions for enabling a processor to implement various aspects of the present invention. The computer-readable storage medium may be a tangible computer that can hold and store instructions used by the instruction execution device. device. The computer-readable storage medium may be, but is not limited to, an electric storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (non-exhaustive list) of computer-readable storage media include: hard disks, random access memory, read-only memory, flash memory, optical disks, floppy disks, and any suitable combination of the foregoing. Computer-readable storage media used herein are not to be interpreted as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (for example, optical signals via fiber optic cables), or via electrical wires Electrical signal transmitted. In addition, the computer-readable program instructions described herein can be downloaded from computer-readable storage media to various computing / processing devices, or downloaded via a network such as the Internet, a local area network, a wide area network, and / or a wireless network To an external computer device or external storage device. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, hubs, and / or gateways. The network card or network interface in each computing / processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for computer-readable storage media stored in each computing / processing device in. The computer program instructions for performing the operations of the present invention may be combined language instructions, instruction set architecture instructions, machine instructions, machine-related instructions, microinstructions, firmware instructions, or source code or object code written in any combination of one or more programming languages. (Object Code), the programming language includes object-oriented programming languages, such as: Common Lisp, Python, C ++, Objective-C, Smalltalk, Delphi, Java, Swift, C #, Perl, Ruby, PHP, etc., as well as regular Procedural programming languages, such as C or similar programming languages. Computer-readable program instructions can be executed entirely on a computer, partly on a computer, as a stand-alone software, partly on a client computer, partly on a remote computer, or entirely on a remote computer or server On.

接著,請參閱「第2圖」,「第2圖」為本發明允許網路位址變動的單機登入方法之方法流程圖,應用在具有客戶端110及伺服端120的網路環境,其步驟包括:伺服端120提供客戶端110進行登入,並且在客戶端110成功登入後,生成對應的權杖信息以傳送至對應的客戶端110(步驟210);客戶端110自伺服端120接收對應的權杖信息以進行儲存,並且在傳送客戶端請求至伺服端120時,將儲存的權杖信息嵌入每一客戶端請求中(步驟220);客戶端110以固定的發送週期持續發送回音請求至伺服端120,其中,所述回音請求包含權杖信息(步驟230);以及當伺服端120在非發送週期提前接收到回音請求時,伺服端120更新權杖信息,並且將更新後的權杖信息傳送至發送回音請求的客戶端110,使客戶端110以更新後的權杖信息嵌入客戶端請求(步驟240)。透過上述步驟,即可透過在客戶端110登入伺服端120時,由伺服端120產生相應的權杖信息並提供給客戶端110,以便客戶端110在傳送客戶端請求時,嵌入此權杖信息作為單機登入的用戶識別之用,以及由客戶端110以固定的發送週期持續發送包含權杖信息的回音信息至伺服端120,以便在權杖信息失效時,使客戶端110能夠即時得到伺服端120的反饋,以及在伺服端120提前接收到回音請求時,更新權杖信息以確保單機登入。Next, please refer to "Figure 2". "Figure 2" is a flowchart of a method for a single sign-on method that allows the network address to be changed according to the present invention. The method is applied to a network environment with a client 110 and a server 120. Including: the server 120 provides the client 110 for login, and after the client 110 successfully logs in, the corresponding token information is generated for transmission to the corresponding client 110 (step 210); the client 110 receives the corresponding token from the server 120 The token information is stored, and when the client request is transmitted to the server 120, the stored token information is embedded in each client request (step 220); the client 110 continuously sends an echo request to the server at a fixed sending cycle. The server 120, wherein the echo request includes token information (step 230); and when the server 120 receives the echo request in advance in a non-sending period, the server 120 updates the token information and updates the updated token The information is transmitted to the client 110 that sends the echo request, so that the client 110 embeds the client request with the updated token information (step 240). Through the above steps, when the client 110 logs into the server 120, the server 120 generates corresponding token information and provides it to the client 110, so that the client 110 embeds the token information when transmitting the client request. As a single-user login user identification, and the client 110 continuously sends echo information containing token information to the server 120 at a fixed sending cycle, so that when the token information is invalid, the client 110 can get the server in real time 120 feedback, and when the server 120 receives the echo request in advance, the token information is updated to ensure a single machine login.

以下配合「第3圖」及「第4圖」以實施例的方式進行如下說明,請先參閱「第3圖」,「第3圖」為應用本發明於客戶端登入伺服端之示意圖。在實際實施上,位於客戶端110的使用者欲登入伺服端120時,可透過登入視窗300的帳號輸入區塊311中輸入帳號,以及在密碼輸入區塊312輸入密碼。接著,點選確認元件321向伺服端120提出登入請求,或者點選取消元件322選擇取消登入伺服端120。接著,在成功登入伺服端120後,客戶端110會持續以固定的發送週期傳送包含權杖信息的回音請求至伺服端120,以便在權杖信息失效時,能夠即時得到伺服端120的反饋(即:錯誤信息)。當伺服端120提前接收到客戶端110傳送的回音請求時,代表同一帳號可能通過另一客戶端110進行登入,因此,伺服端120更新權杖信息,並且將更新後的權杖信息傳送至發送回音請求的客戶端110,使此客戶端110與伺服端120擁有相同的權杖信息。The following description will be given in an embodiment in conjunction with "Figure 3" and "Figure 4". Please refer to "Figure 3" first, and "Figure 3" is a schematic diagram of applying the present invention to a client login server. In actual implementation, when a user located on the client 110 wants to log in to the server 120, the user can enter the account in the account input block 311 of the login window 300, and the password in the password input block 312. Then, click the confirmation element 321 to submit a login request to the server 120, or click the cancel element 322 to cancel the login to the server 120. Then, after successfully logging in to the server 120, the client 110 will continue to send echo requests containing token information to the server 120 at a fixed sending cycle, so that when the token information fails, the server 120 can get immediate feedback ( (Ie: error message). When the server 120 receives the echo request transmitted by the client 110 in advance, the same account may log in through another client 110. Therefore, the server 120 updates the token information and transmits the updated token information to the sender. The client 110 of the echo request makes the client 110 and the server 120 have the same token information.

如「第4圖」所示意,「第4圖」為應用本發明的提示區塊,提示使用者重新登入伺服端之示意圖。在實際實施上,伺服端120在更新過權杖信息後,倘若接收到嵌入未更新過的權杖信息的客戶端請求或回音請求時,將丟棄嵌入未更新過的權杖信息的客戶端請求或回音請求,並且傳送錯誤信息至對應的客戶端110。此客戶端110在接收到錯誤信息時,會產生如「第4圖」所示意的提示區塊400,用以提示使用者點選重新登入元件410,以便開啟如「第3圖」所示意的登入視窗300重新進行登入。As shown in "Figure 4", "Figure 4" is a schematic diagram of the application of the present invention to prompt the user to log in to the server again. In actual implementation, after updating the token information, if the server 120 receives a client request or an echo request that embeds the token information that has not been updated, it will discard the client request that embeds the token information that has not been updated. Or echo request, and send an error message to the corresponding client 110. When the client 110 receives an error message, it will generate a prompt block 400 as shown in "Figure 4", which is used to prompt the user to click on the re-login element 410, so as to open the icon shown in "Figure 3" The login window 300 logs in again.

綜上所述,可知本發明與先前技術之間的差異在於透過在客戶端登入伺服端時,由伺服端產生相應的權杖信息並提供給客戶端,以便客戶端在傳送客戶端請求時,嵌入此權杖信息作為單機登入的用戶識別之用,以及由客戶端以固定的發送週期持續發送包含權杖信息的回音信息至伺服端,以便在權杖信息失效時,使客戶端能夠即時得到伺服端的反饋,以及在伺服端提前接收到回音請求時,更新權杖信息以確保單機登入,藉由此一技術手段可以解決先前技術所存在的問題,進而達成提高單機登入的可適用性之技術功效。In summary, it can be seen that the difference between the present invention and the prior art lies in that when the client logs in to the server, the server generates corresponding token information and provides it to the client, so that when the client transmits the client request, Embed this token information for user identification of single sign-on, and the client continuously sends echo information containing token information to the server at a fixed sending cycle, so that when the token information is invalid, the client can get it instantly The feedback from the server and when the server receives an echo request in advance, the token information is updated to ensure a single sign-on. This technology can solve the problems of the previous technology, and thus achieve a technology that improves the applicability of single sign-on. efficacy.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明,任何熟習相像技藝者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾,因此本發明之專利保護範圍須視本說明書所附之申請專利範圍所界定者為準。Although the present invention is disclosed in the foregoing embodiments as above, it is not intended to limit the present invention. Any person skilled in similar arts can make some modifications and retouches without departing from the spirit and scope of the present invention. The scope of patent protection shall be determined by the scope of the patent application attached to this specification.

110‧‧‧客戶端110‧‧‧Client

111‧‧‧傳輸模組 111‧‧‧Transmission Module

112‧‧‧執行模組 112‧‧‧Execution Module

120‧‧‧伺服端 120‧‧‧Server

121‧‧‧登入模組 121‧‧‧Login Module

122‧‧‧更新模組 122‧‧‧Update Module

300‧‧‧登入視窗 300‧‧‧Login window

311‧‧‧帳號輸入區塊 311‧‧‧Account input block

312‧‧‧密碼輸入區塊 312‧‧‧password input block

321‧‧‧確認元件 321‧‧‧Confirm component

322‧‧‧取消元件 322‧‧‧ Cancel component

400‧‧‧提示區塊 400‧‧‧tip block

410‧‧‧重新登入元件 410‧‧‧Re-login to the component

步驟210‧‧‧伺服端提供客戶端進行登入,並且在所述客戶端成功登入後,生成對應的一權杖信息以傳送至對應的所述客戶端 Step 210‧‧‧ The server provides a client to log in, and after the client successfully logs in, a corresponding token information is generated for transmission to the corresponding client

步驟220‧‧‧所述客戶端自該伺服端接收對應的該權杖信息以進行儲存,並且在傳送多個客戶端請求至該伺服端時,將儲存的該權杖信息嵌入每一客戶端請求中 In step 220‧‧‧, the client receives the corresponding token information from the server for storage, and embeds the stored token information into each client when sending multiple client requests to the server. Request

步驟230‧‧‧所述客戶端以固定的一發送週期持續發送一回音請求至該伺服端,其中,該回音請求包含該權杖信息 In step 230‧‧‧, the client continuously sends an echo request to the server at a fixed sending cycle, wherein the echo request includes the token information.

步驟240‧‧‧當該伺服端在非該發送週期提前接收到該回音請求時,該伺服端更新該權杖信息,並且將更新後的該權杖信息傳送至發送該回音請求的所述客戶端,使所述客戶端以更新後的該權杖信息嵌入所述客戶端請求 Step 240‧‧‧ When the server receives the echo request in advance in a period other than the sending cycle, the server updates the token information and transmits the updated token information to the client that sent the echo request End, so that the client embeds the client request with the updated token information

第1圖為本發明允許網路位址變動的單機登入系統之系統方塊圖。 第2圖為本發明允許網路位址變動的單機登入方法之方法流程圖。 第3圖為應用本發明於客戶端登入伺服端之示意圖。 第4圖為應用本發明的提示區塊,提示使用者重新登入伺服端之示意圖。FIG. 1 is a system block diagram of a stand-alone login system that allows network address changes according to the present invention. FIG. 2 is a flowchart of a method for a single sign-on method allowing network address changes according to the present invention. FIG. 3 is a schematic diagram of applying the present invention to a client login server. FIG. 4 is a schematic diagram of a prompt block to which the present invention is applied to prompt a user to log in to the server again.

Claims (10)

一種允許網路位址變動的單機登入系統,該系統包含: 至少一客戶端,每一客戶端包含: 一傳輸模組,用以接收一權杖信息以進行儲存,以及傳送多個客戶端請求,其中,每一客戶端請求在傳送時均嵌入儲存的該權杖信息;以及 一執行模組,用以在成功登入後,以固定的一發送週期持續發送一回音請求,所述回音請求包含該權杖信息;以及 一伺服端,該伺服端包含: 一登入模組,用以允許所述客戶端進行登入,並且在所述客戶端成功登入後,生成對應的該權杖信息以傳送至對應的所述客戶端;以及 一更新模組,用以在非該發送週期提前接收到該回音請求時,更新該權杖信息,並且將更新後的該權杖信息傳送至發送該回音請求的所述客戶端,使所述客戶端儲存更新後的該權杖信息。A stand-alone login system allowing network address changes. The system includes: at least one client, and each client includes: a transmission module for receiving a token information for storage, and transmitting multiple client requests In which, each client request embeds the stored token information when transmitting; and an execution module for continuously sending an echo request at a fixed sending cycle after successful login, the echo request includes The token information; and a server end, the server end includes: a login module for allowing the client to log in, and after the client successfully logs in, generating the corresponding token information for transmission to The corresponding client; and an update module for updating the token information when the echo request is received in advance other than the sending cycle, and transmitting the updated token information to the person who sent the echo request The client causes the client to store the updated token information. 根據申請專利範圍第1項之允許網路位址變動的單機登入系統,其中所述客戶端在重新載入同一網頁時,在該發送週期中停止發送第一個該回音請求。According to the stand-alone login system that allows a network address to change according to item 1 of the scope of the patent application, when the client reloads the same webpage, it stops sending the first echo request in the sending cycle. 根據申請專利範圍第1項之允許網路位址變動的單機登入系統,其中該伺服端在更新過該權杖信息後,接收到嵌入未更新過的該權杖信息的所述客戶端請求或該回音請求時,丟棄嵌入未更新過的該權杖信息的所述客戶端請求或該回音請求,並且傳送一錯誤信息至對應的所述客戶端。According to the stand-alone login system allowing network address change according to item 1 of the scope of patent application, after the server has updated the token information, it receives the client request that embeds the token information that has not been updated or In the echo request, the client request or the echo request embedded with the token information that has not been updated is discarded, and an error message is transmitted to the corresponding client. 根據申請專利範圍第3項之允許網路位址變動的單機登入系統,其中所述客戶端接收到該錯誤信息時,產生一提示區塊提示使用者重新登入該伺服端。According to the stand-alone login system that allows network address changes according to item 3 of the scope of patent application, when the client receives the error message, it generates a prompt block to prompt the user to log in to the server again. 根據申請專利範圍第1項之允許網路位址變動的單機登入系統,其中該權杖信息為該伺服端產生的一隨機字符串,並且同時儲存在該伺服端及所述客戶端,其中,所述客戶端以一網路餅乾儲存該權杖信息。According to the stand-alone login system that allows network address changes according to item 1 of the scope of patent application, the token information is a random string generated by the server, and is stored on the server and the client at the same time, where: The client stores the token information in a network cookie. 一種允許網路位址變動的單機登入方法,應用在具有至少一客戶端及一伺服端的網路環境,其步驟包括: 該伺服端提供所述客戶端進行登入,並且在所述客戶端成功登入後,生成對應的一權杖信息以傳送至對應的所述客戶端; 所述客戶端自該伺服端接收對應的該權杖信息以進行儲存,並且在傳送多個客戶端請求至該伺服端時,將該權杖信息嵌入每一客戶端請求中; 所述客戶端以固定的一發送週期持續發送一回音請求至該伺服端,其中,該回音請求包含該權杖信息;以及 當該伺服端在非該發送週期提前接收到該回音請求時,該伺服端更新該權杖信息,並且將更新後的該權杖信息傳送至發送該回音請求的所述客戶端,使所述客戶端以更新後的該權杖信息嵌入所述客戶端請求。A stand-alone login method allowing network address changes is applied to a network environment having at least one client and a server. The steps include: the server provides the client for login, and the client successfully logs in After that, a corresponding token information is generated for transmission to the corresponding client; the client receives the corresponding token information from the server for storage, and sends multiple client requests to the server When the token information is embedded in each client request; the client continuously sends an echo request to the server at a fixed sending cycle, wherein the echo request includes the token information; and when the server When the terminal receives the echo request in advance before the sending cycle, the server updates the token information, and transmits the updated token information to the client that sent the echo request, so that the client uses The updated token information is embedded in the client request. 根據申請專利範圍第6項之允許網路位址變動的單機登入方法,其中所述客戶端在重新載入同一網頁時,在該發送週期中停止發送第一個該回音請求。According to the stand-alone login method that allows the network address to change according to item 6 of the patent application scope, when the client reloads the same webpage, it stops sending the first echo request in the sending cycle. 根據申請專利範圍第6項之允許網路位址變動的單機登入方法,其中該伺服端在更新過該權杖信息後,接收到嵌入未更新過的該權杖信息的所述客戶端請求或該回音請求時,丟棄嵌入未更新過的該權杖信息的所述客戶端請求或該回音請求,並且傳送一錯誤信息至對應的所述客戶端。According to the stand-alone login method that allows the network address to change according to item 6 of the patent application scope, after the server end has updated the token information, it receives the client request that embeds the token information that has not been updated or In the echo request, the client request or the echo request embedded with the token information that has not been updated is discarded, and an error message is transmitted to the corresponding client. 根據申請專利範圍第8項之允許網路位址變動的單機登入方法,其中所述客戶端接收到該錯誤信息時,產生一提示區塊提示使用者重新登入該伺服端。According to the stand-alone login method that allows the network address to change according to item 8 of the scope of the patent application, when the client receives the error message, a prompt block is generated to prompt the user to log in to the server again. 根據申請專利範圍第6項之允許網路位址變動的單機登入方法,其中該權杖信息為該伺服端產生的一隨機字符串,並且同時儲存在該伺服端及所述客戶端,其中,所述客戶端以一網路餅乾儲存該權杖信息。According to the stand-alone login method of allowing a network address to change according to item 6 of the scope of patent application, wherein the token information is a random string generated by the server, and stored at the server and the client at the same time, wherein, The client stores the token information in a network cookie.
TW107145605A 2018-12-18 2018-12-18 Single-user login system with allows network address changes and method thereof TWI680658B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107145605A TWI680658B (en) 2018-12-18 2018-12-18 Single-user login system with allows network address changes and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107145605A TWI680658B (en) 2018-12-18 2018-12-18 Single-user login system with allows network address changes and method thereof

Publications (2)

Publication Number Publication Date
TWI680658B true TWI680658B (en) 2019-12-21
TW202025669A TW202025669A (en) 2020-07-01

Family

ID=69582469

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107145605A TWI680658B (en) 2018-12-18 2018-12-18 Single-user login system with allows network address changes and method thereof

Country Status (1)

Country Link
TW (1) TWI680658B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8479263B1 (en) * 2011-03-07 2013-07-02 Symantec Corporation Method and system for detecting captive portals
US20140047522A1 (en) * 2005-12-08 2014-02-13 Microsoft Corporation Request authentication token
US8752124B2 (en) * 2011-08-15 2014-06-10 Bank Of America Corporation Apparatus and method for performing real-time authentication using subject token combinations
US20160234186A1 (en) * 2013-09-30 2016-08-11 Schneider Electric Industries Sas Cloud-authenticated site resource management devices, apparatuses, methods and systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140047522A1 (en) * 2005-12-08 2014-02-13 Microsoft Corporation Request authentication token
US8479263B1 (en) * 2011-03-07 2013-07-02 Symantec Corporation Method and system for detecting captive portals
US8752124B2 (en) * 2011-08-15 2014-06-10 Bank Of America Corporation Apparatus and method for performing real-time authentication using subject token combinations
US20160234186A1 (en) * 2013-09-30 2016-08-11 Schneider Electric Industries Sas Cloud-authenticated site resource management devices, apparatuses, methods and systems

Also Published As

Publication number Publication date
TW202025669A (en) 2020-07-01

Similar Documents

Publication Publication Date Title
US10785207B2 (en) Automatic login method and device between multiple websites
US10581827B2 (en) Using application level authentication for network login
JP7086994B2 (en) Secure authentication of BOT users
US10277409B2 (en) Authenticating mobile applications using policy files
CN100354852C (en) Automatic re-authentication
CN111034146B (en) Method, computer storage medium, and computer system for two-step authentication
US11240314B2 (en) Systems and methods for remote management of appliances
US9923906B2 (en) System, method and computer program product for access authentication
EP3300331B1 (en) Response method, apparatus and system in virtual network computing authentication, and proxy server
US20100043065A1 (en) Single sign-on for web applications
WO2019218747A1 (en) Third party authorized login method and system
US20120233664A1 (en) Securing asynchronous client server transactions
US20110296038A1 (en) System and method for continuation of a web session
CN110365701B (en) Client terminal equipment management method and device, computing equipment and storage medium
US9590972B2 (en) Application authentication using network authentication information
CN102546570A (en) Processing method and system for single sign-on
WO2019237950A1 (en) Security verification method and device
TWI680658B (en) Single-user login system with allows network address changes and method thereof
CN112383542B (en) User login method and system, authentication end and user end
CN111327574B (en) Single machine login system allowing network address change and method thereof
JP2018190378A (en) System, program, and heuristic
TW202123041A (en) Multiple login system for same user and method thereof
JP6394326B2 (en) Information processing apparatus, information processing system, information processing method, and computer program
CN118316688A (en) Gateway authentication method, device and system
CN114844699A (en) Method, device and medium for accessing BMC console