TWI805537B - Method for controlling multiple computers - Google Patents

Method for controlling multiple computers Download PDF

Info

Publication number
TWI805537B
TWI805537B TW112100903A TW112100903A TWI805537B TW I805537 B TWI805537 B TW I805537B TW 112100903 A TW112100903 A TW 112100903A TW 112100903 A TW112100903 A TW 112100903A TW I805537 B TWI805537 B TW I805537B
Authority
TW
Taiwan
Prior art keywords
module
computer
authentication
management device
key information
Prior art date
Application number
TW112100903A
Other languages
Chinese (zh)
Inventor
陳佳豪
翁綸浩
Original Assignee
宏正自動科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宏正自動科技股份有限公司 filed Critical 宏正自動科技股份有限公司
Priority to TW112100903A priority Critical patent/TWI805537B/en
Application granted granted Critical
Publication of TWI805537B publication Critical patent/TWI805537B/en

Links

Images

Abstract

The present invention provides a method for controlling multiple computers. Firstly, a switching system comprising a first module electrically connected to at least one input device, a plurality of second modules respectively electrically connected to a first computer and a second computer, and a management device electrically coupled to the first module and the plurality of second modules is provided. Then, the first module obtains a first private key corresponding to the first computer, and transmits an authorizing request to the management device. Finally, the management device performs an authorization process with the first module, wherein if it is successfully authorized, a second private key stored in the management device is utilized to perform an automatic authorization process with the first computer. If the automatic authorization process is successfully conducted, the input device is allowed to directly control the first computer through the first module.

Description

多計算機控制方法multi-computer control method

本發明為一種多電腦控制技術,特別是指一種管理認證的多計算機控制方法。The invention relates to a multi-computer control technology, in particular to a multi-computer control method for management authentication.

請參閱圖1所示,該圖為習用技術之多計算機控制切換系統示意圖。該多計算機系統1包括有複數個接收模組10~10b、管理計算機12以及複數個傳輸模組13~13b。每一接收模組10~10b連接有操控端裝置11包括有顯示器、鍵盤以及滑鼠等。每一個傳輸模組13~13b連接有遠端的計算機14~14b。管理計算機12、接收模組10~10b以及傳輸模組13~13b經由網路90電性連接在一起,使得多計算機控制切換系統構成網路KVM架構(KVM over IP)。管理計算機12內具有管理控制軟體,用以控制經由每一個從接收模組10~10b登入的使用者控制每一計算機14~14b的權限。Please refer to Fig. 1, which is a schematic diagram of a conventional multi-computer control switching system. The multi-computer system 1 includes a plurality of receiving modules 10-10b, a management computer 12 and a plurality of transmitting modules 13-13b. Each receiving module 10-10b is connected with a control terminal device 11 including a display, a keyboard, and a mouse. Each transmission module 13-13b is connected to a remote computer 14-14b. The management computer 12, the receiving modules 10-10b and the transmitting modules 13-13b are electrically connected together via the network 90, so that the multi-computer control switching system constitutes a network KVM architecture (KVM over IP). The management computer 12 has management control software, which is used to control the authority of each computer 14-14b via each user who logs in from the receiving module 10-10b.

習用技術中,例如:使用者利用操控端裝置11藉由接收模組10~10b登入到管理計算機12內的管理控制軟體。管理控制軟體會呈現多個傳輸模組13~13b讓使用者選擇,使用者再選擇其中之一的傳輸模組13~13b以控制對應的計算機14~14b。例如:使用者選擇傳輸模組13a之後,使用者透過操控裝置11輸入可以登入被選擇的計算機14a的帳號與密碼,經由接收模組10a以及傳輸模組13a登入計算機14a,以操作被選擇計算機14a的應用程式。In the conventional technology, for example, the user uses the console device 11 to log in to the management control software in the management computer 12 through the receiving modules 10-10b. The management control software will present multiple transmission modules 13-13b for the user to select, and the user then selects one of the transmission modules 13-13b to control the corresponding computer 14-14b. For example: after the user selects the transmission module 13a, the user enters the account number and password that can log in to the selected computer 14a through the control device 11, and logs in to the computer 14a through the receiving module 10a and the transmission module 13a to operate the selected computer 14a application.

請參閱圖2所示,在現有的技術中,對於帳號密碼的安全性保護方式為將具有安全性金鑰的認證裝置15插入近端電腦16,然後近端電腦16的作業系統會偵測到插入的認證裝置15,之後近端電腦16的作業系統會和雲端認證伺服器17進行認證,然後雲端認證伺服器17回傳隨機資訊(nonce),使用者在透過解密資訊(例如:指紋或密碼)解除鎖定在認證裝置15內的私密金鑰,並用此私密金鑰簽署隨機資訊。然後,被簽署的隨機資訊會再回傳給雲端認證伺服器17,雲端認證伺服器17再使用和私密金鑰對應的公開金鑰來驗證簽署的認證資訊,如果通過的話,就開啟使用者對近端電腦16的存取權。Please refer to Fig. 2, in the prior art, the security protection method for the account password is to insert the authentication device 15 with the security key into the local computer 16, and then the operating system of the local computer 16 will detect After inserting the authentication device 15, the operating system of the near-end computer 16 will authenticate with the cloud authentication server 17, and then the cloud authentication server 17 returns random information (nonce), and the user decrypts the information (for example: fingerprint or password) ) unlock the private key locked in the authentication device 15, and use the private key to sign random information. Then, the signed random information will be sent back to the cloud authentication server 17, and the cloud authentication server 17 will use the public key corresponding to the private key to verify the signed authentication information. Access rights to the local computer 16 .

圖2的機制,如果應用在圖1的多電腦系統時,雖然可以達到加解密的安全性功效,但是實際上必須進行兩次驗證,第一次驗證為管理計算機12的認證,第二次認證為被選擇的計算機14~14b的認證。如此繁瑣的程序雖可以達到安全性的功能,但是每一次登入時,使用者則必須要重新登入,重新進行兩次認證,如此造成使用上的不方便性。。If the mechanism of Fig. 2 is applied to the multi-computer system of Fig. 1, although the security effect of encryption and decryption can be achieved, it must be verified twice in fact, the first verification is the authentication of the management computer 12, and the second authentication is the authentication of the selected computer 14~14b. Although such a cumbersome program can achieve the security function, the user must log in again every time he logs in, and re-authenticate twice, which causes inconvenience in use. .

綜合上述,因此需要一種多計算機控制方法來解決習用技術之問題。To sum up the above, therefore a kind of multi-computer control method is needed to solve the problems of the conventional technology.

本發明的目的在於提供一種多計算機控制方法,可以實現加解密以及簡化認證與登入多計算機系統的程序。The purpose of the present invention is to provide a multi-computer control method, which can implement encryption and decryption and simplify the procedures of authentication and login into the multi-computer system.

在一實施例中,本發明提供一種多計算機控制方法,首先,提供一切換系統,其包括有與至少一輸入裝置電性連接的第一模組、分別與一第一計算機與一第二計算機電性連接的複數個第二模組、與第一模組以及複數個第二模組電性連接的管理裝置。然後,使第一模組獲得對應於第一計算機的第一私鑰資訊並傳輸認證請求給管理裝置。最後,管理裝置根據認證請求與第一模組進行認證程序,如果認證成功,則透過儲存於管理裝置內的第二私鑰資訊與第一計算機進行自動認證程序,若自動認證程序認證成功,則允許輸入裝置經由第一模組直接控制第一計算機。In one embodiment, the present invention provides a multi-computer control method. First, a switching system is provided, which includes a first module electrically connected to at least one input device, and a first computer and a second computer respectively. A plurality of second modules electrically connected, a management device electrically connected with the first module and the plurality of second modules. Then, make the first module obtain the first private key information corresponding to the first computer and transmit the authentication request to the management device. Finally, the management device performs an authentication procedure with the first module according to the authentication request. If the authentication is successful, the automatic authentication procedure is performed with the first computer through the second private key information stored in the management device. If the automatic authentication procedure is successful, then The input device is allowed to directly control the first computer via the first module.

在一實施例中,第一私鑰資訊儲存於認證裝置內,將認證裝置與第一模組電性連接,透過生物特徵或密碼使得第一模組獲得第一私鑰資訊,其中,認證程序更包括有下列步驟:首先,管理裝置回傳隨機資訊給第一模組。然後,第一模組利用第一私鑰資訊簽署該隨機資訊並回傳給該管理裝置。接著判斷該管理裝置是否成功以相應該第一計算機的一公鑰資訊解開簽署的該隨機資訊, 如果成功解開,則使該認證裝置與一外部認證伺服器進行認證。最後,如果成功與該外部認證伺服器進行認證,則使該第一模組直接控制對應該私鑰資訊的該第一計算機。In one embodiment, the first private key information is stored in the authentication device, the authentication device is electrically connected to the first module, and the first module obtains the first private key information through biometric features or passwords, wherein the authentication procedure It further includes the following steps: first, the management device returns random information to the first module. Then, the first module uses the first private key information to sign the random information and send it back to the management device. Then it is judged whether the management device successfully decrypts the signed random information with a public key information corresponding to the first computer, and if successful, the authentication device is authenticated with an external authentication server. Finally, if the authentication with the external authentication server is successful, the first module directly controls the first computer corresponding to the private key information.

在一實施例中,第一私鑰資訊儲存於第一模組內,透過輸入裝置輸入帳號與密碼以獲得私鑰資訊。其中,認證程序更包括有下列步驟:首先,管理裝置回傳隨機資訊給第一模組。然後,第一模組利用第一私鑰資訊簽署該隨機資訊並回傳給該管理裝置。接著判斷該管理裝置是否成功以相應該第一計算機的一公鑰資訊解開簽署的該隨機資訊, 如果成功解開,則使該認證裝置與一外部認證伺服器進行認證。最後,如果成功與該外部認證伺服器進行認證,則使該第一模組直接控制對應該私鑰資訊的該第一計算機。In one embodiment, the first private key information is stored in the first module, and the account number and password are input through the input device to obtain the private key information. Wherein, the authentication procedure further includes the following steps: first, the management device returns random information to the first module. Then, the first module uses the first private key information to sign the random information and send it back to the management device. Then it is judged whether the management device successfully decrypts the signed random information with a public key information corresponding to the first computer, and if successful, the authentication device is authenticated with an external authentication server. Finally, if the authentication with the external authentication server is successful, the first module directly controls the first computer corresponding to the private key information.

因此,利用本發明前述之多計算機控制方法,可以在具有管理裝置以及多台被控計算機的架構中,透過管理裝置與外部認證伺服器建立認證的程序,免除了習用技術中使用者在管理裝置以及被控計算機都要進行認證的繁瑣程序,達到兼顧操作便利性以及安全性的功效。Therefore, by using the aforementioned multi-computer control method of the present invention, in a structure with a management device and multiple controlled computers, the authentication procedure can be established through the management device and an external authentication server, which eliminates the need for the user in the conventional technology to perform an authentication process on the management device. As well as the cumbersome procedures of authentication for the accused computer, it achieves the effect of taking into account the convenience of operation and safety.

本發明之優點及特徵以及達到其方法將參照例示性實施例及附圖進行更詳細地描述而更容易理解。然而,本發明可以不同形式來實現且不應該被理解僅限於此處所陳述的實施例。相反地,對所屬技術領域具有通常知識者而言,所提供的此些實施例將使本揭露更加透徹與全面且完整地傳達本發明的範疇,且本發明將僅為所附加的申請專利範圍所定義。整篇說明書中,某些不同的元件符號可以是相同的元件。本文所公開的具體結構和功能細節僅僅是代表性的,並且是用於描述本發明的示例性實施例的目的。但是本發明可以通過許多替換形式來具體實現,並且不應當被解釋成僅僅受限於本文所闡述的實施例。The advantages and features of the present invention and methods for achieving them will be more easily understood by describing in more detail with reference to exemplary embodiments and accompanying drawings. However, the invention may be embodied in different forms and should not be construed as limited to the embodiments set forth herein. On the contrary, for those skilled in the art, these embodiments provided will make this disclosure more thorough, comprehensive and completely convey the scope of the present invention, and the present invention will only be the appended claims defined. Throughout the specification, some different reference numerals may refer to the same component. Specific structural and functional details disclosed herein are representative only and are for purposes of describing example embodiments of the invention. This invention may, however, be embodied in many alternative forms and should not be construed as limited to only the embodiments set forth herein.

除非另外定義,所有使用於後文的術語(包含科技及科學術語)具有與本發明所屬該領域的技術人士一般所理解相同的意思。將更可理解的是,例如於一般所使用的字典所定義的那些術語應被理解為具有與相關領域的內容一致的意思,且除非明顯地定義於後文,將以所屬技術領域通常知識者所理解的一般意義所理解。Unless otherwise defined, all terms (including technical and scientific terms) used hereinafter have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be more understandable that, for example, those terms defined in commonly used dictionaries should be understood as having a meaning consistent with the content of the relevant field, and unless clearly defined in the following, it will be understood by those with ordinary knowledge in the technical field understood in the general sense understood.

本文所使用的術語僅僅是為了描述具體實施例而非意圖限制示例性實施例。除非上下文明確地另有所指,否則本文所使用的單數形式“一個”、“一項”還意圖包括複數。還應當理解的是,本文所使用的術語“包括”和/或“包含”規定所陳述的特徵、整數、步驟、操作、單元和/或組件的存在,而不排除存在或添加一個或更多其他特徵、整數、步驟、操作、單元、組件和/或其組合。The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the exemplary embodiments. As used herein, the singular forms "a", "an" and "an" are also intended to include the plural unless the context clearly dictates otherwise. It should also be understood that the term "comprises" and/or "comprises" as used herein specifies the presence of stated features, integers, steps, operations, units and/or components and does not exclude the presence or addition of one or more Other features, integers, steps, operations, units, components and/or combinations thereof.

請參閱圖3與圖4所示,其中,圖3為本發明之多計算機控制方法流程示意圖;圖4為本發明之切換系統架構示意圖。所述的計算機控制方法3包括有步驟30,提供切換系統2。在切換系統2的一實施例中,如圖4所示,其為網路KVM (KVM over IP) 架構。切換系統2包括有第一模組20~20b、第二模組22~22b以及管理裝置23。每一第一模組20~20b分別電性連接上網路90,例如:透過符合互聯網群組管理協議(Internet Group Management Protocol,IGMP),亦即是TCP/IP的協議族中負責的IP群播成員管理的協議的網路切換器26(LAN switch)連接上網,並與輸入裝置201,例如:鍵盤與滑鼠,電性連接。要說明的是,網路切換器26並不以前述之實施例為限制,使用者可以根據需求選擇適當的網路切換器26。Please refer to FIG. 3 and FIG. 4 , wherein FIG. 3 is a flow diagram of the multi-computer control method of the present invention; FIG. 4 is a schematic diagram of the switching system architecture of the present invention. The computer control method 3 includes a step 30 of providing a switching system 2 . In an embodiment of the switching system 2, as shown in FIG. 4, it is a network KVM (KVM over IP) architecture. The switching system 2 includes a first module 20 - 20 b , a second module 22 - 22 b and a management device 23 . Each of the first modules 20-20b is electrically connected to the network 90 respectively, for example: by conforming to the Internet Group Management Protocol (Internet Group Management Protocol, IGMP), which is responsible for the IP multicast in the TCP/IP protocol suite The LAN switch 26 (LAN switch) of the protocol managed by the member is connected to the Internet, and is electrically connected to the input device 201, such as a keyboard and a mouse. It should be noted that the network switch 26 is not limited to the aforementioned embodiments, and the user can select an appropriate network switch 26 according to requirements.

每一第二模組22~22b與網路90電性連接,例如:透過網路切換器26連接上網,並藉由網路90和管理裝置23以及每一第一模組20~20b電性連接。每一第二模組22~22b電性連接有計算機21~21b,其中第二模組22與第一計算機21電性連接,第二模組22a與第二計算機21b電性連接以及第二模組22b與第三計算機21c電性連接。管理裝置23與網路90電性連接。管理裝置23可以為計算機或者伺服器。Each second module 22~22b is electrically connected to the network 90, for example: connected to the Internet through the network switch 26, and through the network 90 and the management device 23 and each first module 20~20b is electrically connected connect. Each second module 22~22b is electrically connected to computers 21~21b, wherein the second module 22 is electrically connected to the first computer 21, the second module 22a is electrically connected to the second computer 21b, and the second module 22 is electrically connected to the second computer 21b. The group 22b is electrically connected with the third computer 21c. The management device 23 is electrically connected to the network 90 . The management device 23 can be a computer or a server.

之後進行步驟31,使第一模組獲得第一私鑰資訊並傳輸認證請求給管理裝置。在本步驟之一實施例中,以第一模組20控制第一計算機21a為例來做說明。在本實施例中,第一模組20獲得第一私鑰資訊的方式為透過對稱式認證的方式來取得。在對稱式認證的一實施例中,第一私鑰資訊儲存於外接的認證裝置24內,使用者將認證裝置24插入第一模組20內,使得第一模組20可以透過生物特徵,例如:指紋、人臉或瞳孔特徵的方式取得儲存在認證裝置24內的第一私鑰資訊。除了使用生物特徵之外,在另一實施例中,使用者也可以透過輸入裝置輸入密碼取得認證裝置24內的第一私鑰資訊。Then proceed to step 31 to enable the first module to obtain the first private key information and transmit the authentication request to the management device. In one embodiment of this step, the first module 20 controls the first computer 21a as an example for illustration. In this embodiment, the first module 20 obtains the first private key information through symmetric authentication. In an embodiment of symmetric authentication, the first private key information is stored in an external authentication device 24, and the user inserts the authentication device 24 into the first module 20, so that the first module 20 can pass through biometric features, such as : Obtain the first private key information stored in the authentication device 24 by way of fingerprint, human face or pupil feature. In addition to using biometric features, in another embodiment, the user can also input a password through the input device to obtain the first private key information in the authentication device 24 .

本實施例中,認證裝置24為USB隨身碟,但不以此為限制。第一私鑰資訊為符合FIDO2安全協定的私鑰資訊,但不以FIDO2為限制。第一私鑰資訊是相應於使用者要控制操控的計算機,本實施例以第一計算機21a為例。此外,在對稱式認證的另一實施例中,第一私鑰資訊儲存於第一模組20內,使用者透過輸入關聯該第一私鑰資訊的帳號與密碼以獲得第一私鑰資訊。在其它實施例中,使用者也可直接插入存有第一私鑰資訊的隨身碟而不透過生物特徵或是輸入帳號密碼的方式就取出第一私鑰資訊。In this embodiment, the authentication device 24 is a USB flash drive, but it is not limited thereto. The first private key information is private key information conforming to the FIDO2 security protocol, but not limited by FIDO2. The first private key information is corresponding to the computer that the user wants to control and manipulate. In this embodiment, the first computer 21a is taken as an example. In addition, in another embodiment of symmetric authentication, the first private key information is stored in the first module 20 , and the user obtains the first private key information by inputting the account number and password associated with the first private key information. In other embodiments, the user can also directly insert the flash drive storing the first private key information to retrieve the first private key information without using biometric features or inputting account passwords.

步驟31之後,接著進行步驟32,管理裝置23根據第一模組20發出的認證請求與第一模組20進行認證程序。請參閱如圖4與圖5所示,其中圖5為本發明之認證程序之一實施例流程示意圖。本實施例中,步驟32的實施例屬於非對稱認證的程序,亦即以私鑰資訊來加密,以相應的公鑰資訊來解密的方式來進行。步驟32的認證程序可以進一步包括有步驟321,管理裝置23接收到認證請求之後,回傳符合相同認證協定的隨機資訊(nonce)給第一模組20。接著進行步驟322,第一模組20利用獲得的第一私鑰資訊加密(encrypt)簽署隨機資訊並回傳給管理裝置23。之後再進行步驟323,判斷管理裝置23是否成功以相應第一計算機21a的公鑰資訊解開由第一模組20所回傳簽署的隨機資訊。After step 31 , proceed to step 32 , where the management device 23 performs an authentication procedure with the first module 20 according to the authentication request sent by the first module 20 . Please refer to FIG. 4 and FIG. 5 , wherein FIG. 5 is a schematic flowchart of an embodiment of the authentication procedure of the present invention. In this embodiment, the embodiment of step 32 belongs to the procedure of asymmetric authentication, that is, the private key information is used for encryption, and the corresponding public key information is used for decryption. The authentication procedure in step 32 may further include step 321 , after receiving the authentication request, the management device 23 returns random information (nonce) conforming to the same authentication protocol to the first module 20 . Then proceed to step 322 , the first module 20 uses the obtained first private key information to encrypt (encrypt) sign the random information and send it back to the management device 23 . Then proceed to step 323 , judging whether the management device 23 has successfully decrypted the signed random information returned by the first module 20 with the public key information corresponding to the first computer 21 a.

在判斷程序的一實施例中,管理裝置23內部會儲存有對應每一個被控計算機21a~21c的公鑰資訊,並將每一公鑰資訊來對前述步驟的被加密的隨機資訊進行解密,如果成功解開,則代表第一模組20可以控制解開加密隨機資訊的公鑰資訊所對應的計算機。完成了認證裝置24與管理裝置23之間的認證程序,流程回到圖3的步驟33,反之,如果沒有任何一公鑰資訊可以解開前述的被加密的隨機資訊,進行步驟324拒絕存取第一模組20存取與管理裝置23相連的計算機21a~21c。In an embodiment of the judging procedure, the management device 23 internally stores public key information corresponding to each controlled computer 21a-21c, and uses each public key information to decrypt the encrypted random information in the preceding steps, If the decryption is successful, it means that the first module 20 can control the computer corresponding to the public key information to decrypt the encrypted random information. After the authentication procedure between the authentication device 24 and the management device 23 is completed, the flow returns to step 33 of FIG. 3 , otherwise, if there is no public key information that can unlock the aforementioned encrypted random information, proceed to step 324 to deny access The first module 20 accesses the computers 21 a - 21 c connected to the management device 23 .

步驟32之後,進行步驟33,透過儲存於管理裝置23內的第二私鑰資訊進行自動認證程序。在步驟33的一實施例中,管理裝置23的作業系統會和雲端認證伺服器25進行認證。本實施例中的雲端認證伺服器25為為FIDO2的身分認證伺服器,其係相應於被控第一算機21a的作業系統的認證伺服器。例如:如果第一計算機21a的作業系統為微軟WINDOWS,則雲端認證伺服器25為微軟AZURE的認證伺服器,但不以此為限制。然後雲端認證伺服器25回傳隨機資訊(nonce)給管理裝置23,管理裝置23利用第二私鑰資訊對隨機資訊進行加密簽署,並將加密後的第二私鑰資訊回傳給雲端認證伺服器25。然後,雲端認證伺服器25再使用和第二私鑰資訊對應的公鑰資訊來解開加密簽署的認證資訊,如果解開的話,就代表管理裝置24通過認證。反之,則代表沒有通過認證,則進行步驟34拒絕第一模組20存取遠端的計算機。After step 32, proceed to step 33 to perform an automatic authentication procedure through the second private key information stored in the management device 23 . In an embodiment of step 33 , the operating system of the management device 23 will authenticate with the cloud authentication server 25 . The cloud authentication server 25 in this embodiment is an identity authentication server of FIDO2, which is an authentication server corresponding to the operating system of the controlled first computer 21a. For example: if the operating system of the first computer 21a is Microsoft WINDOWS, then the cloud authentication server 25 is an authentication server of Microsoft AZURE, but it is not limited thereto. Then the cloud authentication server 25 returns random information (nonce) to the management device 23, and the management device 23 uses the second private key information to encrypt and sign the random information, and returns the encrypted second private key information to the cloud authentication server. device 25. Then, the cloud authentication server 25 uses the public key information corresponding to the second private key information to decrypt the encrypted and signed authentication information. If decrypted, it means that the management device 24 has passed the authentication. On the contrary, it means that the authentication is not passed, and then go to step 34 to deny the first module 20 from accessing the remote computer.

當成功認證之後,進行步驟35,在本步驟中,使用者就可以透過第一模組20取得第一計算機21a的控制權,並透過第一模組20將輸入裝置21所輸入的內容經由第二模組22到第一計算機21a,以直接操控第一計算機21a。在操作的一實施例中,使用者透過輸入裝置201,產生輸入或操控的訊號,如:滑鼠游標移動的座標、滑鼠單點擊或雙點擊或者是鍵盤的按鍵輸入內容等,經由第一模組20打包成網路封包,然後透過網路90傳輸至第二模組22解開封包之後,再傳入第一計算機21a;同時,第一計算機21a輸出相應的影像訊號透過第二模組22打包成網路封包、經由網路90傳輸至第一模組20,然後第一模組20解開網路封包形成影像資訊,在顯示器進行顯示。After successful authentication, go to step 35. In this step, the user can obtain the control right of the first computer 21a through the first module 20, and pass the content input by the input device 21 through the first module 20 through the first module 20. The second module 22 connects to the first computer 21a to directly control the first computer 21a. In an embodiment of the operation, the user generates an input or manipulation signal through the input device 201, such as: the coordinates of the mouse cursor movement, the single-click or double-click of the mouse, or the input content of the keyboard keys, etc., through the first The module 20 is packaged into a network packet, and then transmitted to the second module 22 through the network 90 to unpack the packet, and then transmitted to the first computer 21a; at the same time, the first computer 21a outputs the corresponding video signal through the second module 22 is packaged into a network packet, and transmitted to the first module 20 via the network 90, and then the first module 20 unpacks the network packet to form image information, and displays it on the display.

綜合上述,本發明之多計算機控制方法,可以過管理裝置與外部認證伺服器建立認證的程序,因此使用者最多只要輸入一次帳號與密碼即可成功登入與第二模組電性連接的計算機,如此可以免除習用技術中使用者在管理裝置以及被控計算機都要進行認證的繁瑣程序,達到兼顧操作便利性以及安全性的功效。To sum up the above, the multi-computer control method of the present invention can establish an authentication program through the management device and the external authentication server, so the user only needs to enter the account number and password once at most to successfully log in to the computer electrically connected to the second module. In this way, the cumbersome procedures for the user to authenticate both the management device and the controlled computer in the conventional technology can be avoided, and the effect of both operation convenience and safety can be achieved.

以上所述,乃僅記載本發明為呈現解決問題所採用的技術手段之較佳實施方式或實施例而已,並非用來限定本發明專利實施之範圍。即凡與本發明專利申請範圍文義相符,或依本發明專利範圍所做的均等變化與修飾,皆為本發明專利範圍所涵蓋。The above description is only a description of the preferred implementation or examples of the technical means used to solve the problems in the present invention, and is not intended to limit the scope of the patent implementation of the present invention. That is, all equivalent changes and modifications that are consistent with the scope of the patent application of the present invention, or made according to the scope of the patent of the present invention, are covered by the scope of the patent of the present invention.

1:多計算機系統 10~10b:接收模組 12:管理計算機 13~13b:傳輸模組 11:操控端裝置 14~14b:計算機 15:認證裝置 16:近端電腦 17:認證伺服器 2:切換系統 20~20b:第一模組 201:輸入裝置 202:顯示器 21a:第一計算機 21b:第二計算機 21c:第三計算機 22~22b:第二模組 23:管理裝置 24:認證裝置 25:認證伺服器 26:切換器 90:網路 3:多計算機控制方法 30~35:步驟 321~324:步驟1: Multi-computer system 10~10b: Receiving module 12: Manage computer 13~13b: Transmission module 11: Control device 14~14b: Computer 15: Authentication device 16: near-end computer 17:Authentication server 2: switch system 20~20b: The first module 201: input device 202: display 21a: First computer 21b: Second computer 21c: Third computer 22~22b: Second module 23: Management device 24: Authentication device 25: Authentication server 26:Switcher 90: Internet 3: Multi-computer control method 30~35: steps 321~324: Steps

所包括的圖式用來提供對本申請實施例的進一步的理解,其構成了說明書的一部分,用於例示本申請的實施方式,並與文字描述一起來闡釋本申請的原理。顯而易見地,下面描述中的圖式僅僅是本申請的一些實施例,對於本領域普通技術人員來講,在不付出創造性勞動的前提下,還可以根據這些圖式獲得其他的圖式。在圖式中: 圖1為習用技術之多計算機控制切換系統示意圖; 圖2為習用技術之加解密認證架構示意圖; 圖3為本發明之多計算機控制方法流程示意圖; 圖4為本發明之切換系統架構示意圖;以及 圖5為本發明之認證程序之一實施例流程示意圖。 The included drawings are used to provide a further understanding of the embodiments of the present application, which constitute a part of the specification, are used to illustrate the implementation of the present application, and explain the principle of the present application together with the text description. Obviously, the drawings in the following description are only some embodiments of the present application, and those skilled in the art can obtain other drawings based on these drawings without creative efforts. In the schema: Fig. 1 is the multi-computer control switching system schematic diagram of conventional technology; Figure 2 is a schematic diagram of the encryption and decryption authentication architecture of the conventional technology; Fig. 3 is the schematic flow chart of multi-computer control method of the present invention; FIG. 4 is a schematic diagram of the architecture of the switching system of the present invention; and FIG. 5 is a schematic flowchart of an embodiment of the authentication procedure of the present invention.

3:多計算機控制方法 3: Multi-computer control method

30~35:步驟 30~35: steps

Claims (9)

一種多計算機控制方法,包括: 提供一切換系統,其包括有與至少一輸入裝置電性連接的一第一模組、分別與一第一計算機與一第二計算機電性連接的複數個第二模組、與該第一模組以及該複數個第二模組電性連接的一管理裝置; 使該第一模組獲得一第一私鑰資訊並傳輸一認證請求給該管理裝置,其中該第一私鑰資訊對應於該第一計算機;以及 該管理裝置根據該認證請求與該第一模組進行一認證程序,如果認證成功,則透過儲存於該管理裝置內的一第二私鑰資訊進行一自動認證程序,若該自動認證程序認證成功,則允許該輸入裝置經由該第一模組直接控制該第一計算機。 A multi-computer control method, comprising: A switching system is provided, which includes a first module electrically connected to at least one input device, a plurality of second modules electrically connected to a first computer and a second computer respectively, and the first module a management device electrically connected to the group and the plurality of second modules; making the first module obtain a first private key information and transmit an authentication request to the management device, wherein the first private key information corresponds to the first computer; and The management device performs an authentication procedure with the first module according to the authentication request. If the authentication is successful, an automatic authentication procedure is performed through a second private key information stored in the management device. If the automatic authentication procedure authentication is successful , then allow the input device to directly control the first computer via the first module. 如請求項1所述之多計算機控制方法,其中該第一私鑰資訊儲存於一認證裝置內,將該認證裝置與該第一模組電性連接,透過一生物特徵或一密碼使得該第一模組獲得該第一私鑰資訊。The multi-computer control method as described in Claim 1, wherein the first private key information is stored in an authentication device, the authentication device is electrically connected to the first module, and the first module is enabled through a biometric feature or a password A module obtains the first private key information. 如請求項2所述之多計算機控制方法,其中該認證裝置為隨身碟。The multi-computer control method as described in Claim 2, wherein the authentication device is a USB flash drive. 如請求項2所述之多計算機控制方法,其中該認證程序更包括有下列步驟: 該管理裝置回傳一隨機資訊給該第一模組; 該第一模組利用該第一私鑰資訊簽署該隨機資訊並回傳給該管理裝置; 判斷該管理裝置是否成功以相應該第一計算機的一公鑰資訊解開簽署的該隨機資訊;以及 如果成功解開,則使該管理裝置透過該第二私鑰資訊與一外部伺服器進行該自動認證程序。 The multi-computer control method as described in Claim 2, wherein the authentication program further includes the following steps: The management device returns a random message to the first module; The first module uses the first private key information to sign the random information and send it back to the management device; judging whether the management device successfully decrypts the signed random information with a public key information corresponding to the first computer; and If it is successfully unlocked, the management device is made to perform the automatic authentication procedure with an external server through the second private key information. 如請求項4所述之多計算機控制方法,其中該外部伺服器為FIDO2的身分認證伺服器。The multi-computer control method as described in claim 4, wherein the external server is an identity authentication server of FIDO2. 如請求項1所述之多計算機控制方法,其中該第一私鑰資訊儲存於該第一模組內,透過該輸入裝置輸入一帳號與密碼以獲得該第一私鑰資訊。The multi-computer control method as described in Claim 1, wherein the first private key information is stored in the first module, and an account number and password are input through the input device to obtain the first private key information. 如請求項6所述之多計算機控制方法,其中該認證程序更包括有下列步驟: 該管理裝置回傳一隨機資訊給該第一模組; 以一生物特徵從該認證裝置取出該第一私鑰資訊; 該第一模組利用該第一私鑰資訊簽署該隨機資訊並回傳給該管理裝置; 判斷該管理裝置是否成功以相應該第一計算機的一公鑰資訊解開簽署的該隨機資訊; 以及 如果成功解開,則使該管理裝置透過該第二私鑰資訊與一外部伺服器進行該自動認證程序。 The multi-computer control method as described in Claim 6, wherein the authentication program further includes the following steps: The management device returns a random message to the first module; fetching the first private key information from the authentication device with a biometric feature; The first module uses the first private key information to sign the random information and send it back to the management device; judging whether the management device successfully decrypts the signed random information with a public key information corresponding to the first computer; and If it is successfully unlocked, the management device is made to perform the automatic authentication procedure with an external server through the second private key information. 如請求項7所述之多計算機控制方法,其中該外部認證伺服器為FIDO2的身分認證伺服器。The multi-computer control method as described in claim 7, wherein the external authentication server is an identity authentication server of FIDO2. 如請求項1所述之多計算機控制方法,其係更包括有一網路切換器,分別與該第一模組、第二模組以及該管理裝置電性連接。The multi-computer control method as described in Claim 1 further includes a network switch electrically connected to the first module, the second module and the management device respectively.
TW112100903A 2023-01-09 2023-01-09 Method for controlling multiple computers TWI805537B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112100903A TWI805537B (en) 2023-01-09 2023-01-09 Method for controlling multiple computers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112100903A TWI805537B (en) 2023-01-09 2023-01-09 Method for controlling multiple computers

Publications (1)

Publication Number Publication Date
TWI805537B true TWI805537B (en) 2023-06-11

Family

ID=87803072

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112100903A TWI805537B (en) 2023-01-09 2023-01-09 Method for controlling multiple computers

Country Status (1)

Country Link
TW (1) TWI805537B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030105721A1 (en) * 1995-02-13 2003-06-05 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US20090150532A1 (en) * 2007-12-06 2009-06-11 Aten International Co., Ltd. Methods and systems for client computer managing multiple servers
US20110107379A1 (en) * 2009-10-30 2011-05-05 Lajoie Michael L Methods and apparatus for packetized content delivery over a content delivery network
US20160203343A1 (en) * 2010-02-24 2016-07-14 Hige Sec Labs Ltd. Secured kvm system having remote controller-indicator
US20190268347A1 (en) * 2009-03-31 2019-08-29 Amazon Technologies, Inc. Managing security groups for data instances

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030105721A1 (en) * 1995-02-13 2003-06-05 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US20090150532A1 (en) * 2007-12-06 2009-06-11 Aten International Co., Ltd. Methods and systems for client computer managing multiple servers
US20190268347A1 (en) * 2009-03-31 2019-08-29 Amazon Technologies, Inc. Managing security groups for data instances
US20110107379A1 (en) * 2009-10-30 2011-05-05 Lajoie Michael L Methods and apparatus for packetized content delivery over a content delivery network
US20160203343A1 (en) * 2010-02-24 2016-07-14 Hige Sec Labs Ltd. Secured kvm system having remote controller-indicator

Similar Documents

Publication Publication Date Title
US9992176B2 (en) Systems and methods for encrypted communication in a secure network
US9185096B2 (en) Identity verification
US20180205547A1 (en) Method for providing security using secure computation
JP5619019B2 (en) Method, system, and computer program for authentication (secondary communication channel token-based client-server authentication with a primary authenticated communication channel)
US7581099B2 (en) Secure object for convenient identification
US7591012B2 (en) Dynamic negotiation of encryption protocols
US8739260B1 (en) Systems and methods for authentication via mobile communication device
WO2018046009A1 (en) Block chain identity system
CN108964885B (en) Authentication method, device, system and storage medium
US20090031125A1 (en) Method and Apparatus for Using a Third Party Authentication Server
US20060230438A1 (en) Single sign-on to remote server sessions using the credentials of the local client
JP2008516476A (en) Method and system for allowing multimedia group broadcast
US20020152377A1 (en) System console device authentication in a network environment
WO2001082038A2 (en) Security link management in dynamic networks
CN100365974C (en) Device and method for controlling computer access
US7581111B2 (en) System, method and apparatus for transparently granting access to a selected device using an automatically generated credential
WO2008095346A1 (en) Electronic signature method and electronic signature tool
WO2018187960A1 (en) Method and system for managing and controlling root permission
JP5827724B2 (en) Method and apparatus for entering data
US10873572B1 (en) Transferring a single sign-on session between a browser and a client application
TWI805537B (en) Method for controlling multiple computers
CN113904830B (en) SPA authentication method, SPA authentication device, electronic equipment and readable storage medium
US7302568B2 (en) Method, system, and article of manufacture for remote management of devices
CN110493236A (en) A kind of communication means, computer equipment and storage medium
US20080288781A1 (en) Systems and methods for secure password change