TWM580295U - System for managing certificate with embedded browser module and computing equipment - Google Patents

System for managing certificate with embedded browser module and computing equipment Download PDF

Info

Publication number
TWM580295U
TWM580295U TW108200664U TW108200664U TWM580295U TW M580295 U TWM580295 U TW M580295U TW 108200664 U TW108200664 U TW 108200664U TW 108200664 U TW108200664 U TW 108200664U TW M580295 U TWM580295 U TW M580295U
Authority
TW
Taiwan
Prior art keywords
smart card
voucher
password
browser module
target
Prior art date
Application number
TW108200664U
Other languages
Chinese (zh)
Inventor
王國河
鄭明昌
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW108200664U priority Critical patent/TWM580295U/en
Publication of TWM580295U publication Critical patent/TWM580295U/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

一種以嵌入式瀏覽器模組管理憑證之系統及計算設備,其透過在應用程式中嵌入瀏覽器模組,瀏覽器模組在憑證管理作業被選擇時,呼叫應用程式的安控元件,使得安控元件依據被輸入之智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業之技術手段,可以在保有以網頁服務提供憑證管理的情況下脫離瀏覽器的限制,並達成在伺服器上修改網頁即可改版無須更新應用程式的技術功效。 A system and computing device for managing credentials by using an embedded browser module, by embedding a browser module in an application, the browser module calls the security component of the application when the credential management job is selected, so that the security module The control component determines the user's identity after passing the verification according to the entered smart card password, and the technical means of performing the voucher management operation through the smart card can deviate from the browser limitation and maintain the servo in the case of maintaining the voucher management by the web service. Modifying the webpage on the device can be modified without updating the technical features of the application.

Description

以嵌入式瀏覽器模組管理憑證之系統及計算設備 System and computing device for managing credentials by embedded browser module

一種憑證管理系統及計算設備,特別係指一種以嵌入式瀏覽器模組管理憑證之系統及計算設備。 A credential management system and computing device, in particular, a system and a computing device for managing credentials by an embedded browser module.

電子憑證,又稱為數位憑證,是一種用於電腦系統的身分識別機制。電子憑證是一個或一組電腦檔案,其中記載了擁有人的身份資料及一組公開密碼。電子憑證的擁有人可向電腦系統認證自己的身分,從而存取或使用某一特定的電腦服務。 An electronic voucher, also known as a digital voucher, is an identity recognition mechanism for computer systems. An electronic voucher is a file or group of computer files that record the identity of the owner and a set of public passwords. The owner of the electronic voucher can authenticate himself to the computer system to access or use a particular computer service.

早期因網路安全性未如現今受到重視,需要透過電子憑證存取或使用的電腦服務大多以網頁附掛安控外掛元件的型態提供,意即使用者在存取或使用這些服務時,是透過瀏覽器來向遠端伺服器進行憑證申請、展期及查詢等相關服務。 In the early days, due to the lack of network security, the computer services that need to be accessed or used through electronic vouchers are mostly provided in the form of webpages attached to the security plug-in components, meaning that when users access or use these services, It is through the browser to perform related services such as voucher application, renewal and inquiry to the remote server.

如今,因近年來網路安全漸受重視,瀏覽器對於運作於其上的網頁及外掛元件之安全性要求及檢核愈益嚴苛,限制大幅增加且支援度下降,造成過去可順利在瀏覽器上執行的憑證新申請、展期、查詢等相關作業因之操作失敗比率大增,反而對使用者造成困擾。 Nowadays, due to the increasing importance of network security in recent years, browsers have become more and more stringent in terms of security requirements and checks for web pages and plug-in components operating on them. The restrictions have increased dramatically and the support has decreased, resulting in a smooth browser in the past. The number of new applications, extensions, inquiries, and other related operations performed on the above-mentioned documents has increased due to a large number of operational failures, which has caused problems for users.

綜上所述,可知先前技術中長期以來一直存在透過網頁服務提供憑證管理受到瀏覽器限制的問題,因此有必要提出改進的技術手段,來解決此一問題。 In summary, it can be seen that in the prior art, there has been a problem that the credential management by the web service has been restricted by the browser for a long time, and therefore it is necessary to propose an improved technical means to solve this problem.

有鑒於先前技術存在透過網頁服務提供憑證管理受到瀏覽器限制的問題,本創作遂揭露一種以嵌入式瀏覽器模組管理憑證之系統及計算設備,其中:本創作所揭露之以嵌入式瀏覽器模組管理憑證之系統,至少包含:智慧卡以及計算設備,計算設備提供智慧卡連接,用以執行應用程式。應用程式更包含:瀏覽器模組,用以提供選擇憑證管理作業;安控元件,用以提供輸入智慧卡密碼,及用以依據智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業。 In view of the prior art problem that the credential management by the web service is limited by the browser, the present invention discloses a system and a computing device for managing credentials by using an embedded browser module, wherein: the embedded browser disclosed in the present application The system for managing the credentials of the module includes at least: a smart card and a computing device, and the computing device provides a smart card connection for executing the application. The application program further includes: a browser module for providing a selection credential management operation; a security control component for providing an input smart card password, and for judging the user identity according to the smart card password, and executing the credential through the smart card after verifying Manage jobs.

本創作所揭露之以嵌入式瀏覽器模組管理憑證之計算設備,至少包含:瀏覽器模組,用以提供選擇憑證管理作業;安控元件,用以提供輸入智慧卡密碼,及用以依據智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業。 The computing device disclosed by the present invention is an embedded browser module management voucher computing device, which at least comprises: a browser module for providing a selection credential management operation; a security control component for providing an input smart card password, and for The smart card password determines that the user's identity has passed the verification, and the voucher management operation is performed through the smart card.

本創作所揭露之系統與計算設備如上,與先前技術之間的差異在於本創作透過應用程式嵌入瀏覽器模組,瀏覽器模組在憑證管理作業被選擇時,呼叫應用程式的安控元件,使得安控元件依據被輸入之智慧卡密碼判斷使用者身分通過驗證後,透過智慧卡執行憑證管理作業,藉以解決先前技術所存 在的問題,並可以達成在伺服器上修改網頁即可改版無須更新應用程式之技術功效。 The system and computing device disclosed in the present application is different from the prior art in that the author embeds a browser module through an application, and the browser module calls the security control component of the application when the credential management job is selected. The security control component judges the user identity according to the entered smart card password, and then performs the credential management operation through the smart card, thereby solving the prior art In the problem, and can be achieved on the server to modify the web page can be modified without the need to update the technical skills of the application.

100‧‧‧計算設備 100‧‧‧ Computing equipment

101‧‧‧智慧卡 101‧‧‧Smart Card

110‧‧‧應用程式 110‧‧‧Application

111‧‧‧瀏覽器模組 111‧‧‧Browser Module

112‧‧‧安控元件 112‧‧‧Security components

180‧‧‧周邊輸入裝置 180‧‧‧ peripheral input device

190‧‧‧處理器 190‧‧‧ processor

400‧‧‧伺服器 400‧‧‧Server

步驟202‧‧‧計算設備執行應用程式,應用程式包含安控元件及瀏覽器模組 Step 202‧‧‧ The computing device executes the application, and the application includes the security component and the browser module

步驟210‧‧‧連接計算設備及智慧卡 Step 210‧‧‧Connect computing devices and smart cards

步驟220‧‧‧瀏覽器模組於憑證管理作業被選擇時呼叫安控元件 Step 220‧‧‧The browser module calls the security component when the credential management job is selected

步驟230‧‧‧安控元件提供輸入智慧卡密碼 Step 230‧‧‧ Security components provide input smart card password

步驟240‧‧‧安控元件依據智慧卡密碼判斷使用者身分是否通過驗證 Step 240‧‧‧ The security component determines whether the user identity has passed the verification based on the smart card password

步驟250‧‧‧安控元件透過智慧卡執行憑證管理作業 Step 250‧‧‧ Security components perform voucher management operations through smart cards

第1圖為本創作所提之以嵌入式瀏覽器模組管理憑證之系統架構圖。 The first figure is the system architecture diagram of the embedded browser module management certificate proposed by the author.

第2圖為本創作所提之以嵌入式瀏覽器模組管理憑證之方法流程圖。 Figure 2 is a flow chart of the method for managing credentials by embedded browser module.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。 The features and implementations of the present invention will be described in detail below in conjunction with the drawings and the embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.

本創作可以在執行於計算設備上的應用程式中嵌入瀏覽器模組與安控元件,使得應用程式可以透過瀏覽器模組呼叫安控元件透過智慧卡(Smart Card)進行憑證管理作業。 The author can embed the browser module and the security control component in the application executed on the computing device, so that the application can call the security control component through the smart card to perform the credential management operation through the browser module.

以下先以「第1圖」本創作所提之以嵌入式瀏覽器模組管理憑證之系統架構圖來說明本創作系統運作。如「第1圖」所示,本創作之系統含有計算設備100以及智慧卡101。 The following is a description of the system architecture diagram of the embedded browser module management voucher proposed in the "Picture 1" of this book to illustrate the operation of the authoring system. As shown in "FIG. 1", the system of the present creation includes a computing device 100 and a smart card 101.

智慧卡101可以是接觸式晶片卡,也可以是感應式晶片卡,本創作並沒有特別的限制。 The smart card 101 may be a contact wafer card or an inductive wafer card, and the creation is not particularly limited.

智慧卡101包含傳輸管理元件、處理元件、儲存元件等(圖中均未示),其中,傳輸管理元件可以接收計算設備100所傳送的資料或訊號,也可 以傳送資料或訊號至計算設備100,例如接收計算設備100所傳送的作業指令;處理元件可以執行儲存元件中所儲存的晶片作業系統(Chip Operating System,COS),並可以提供晶片作業系統執行傳輸管理元件所接收到的作業指令;儲存元件可以儲存晶片作業系統運行時所需要的資料,並可以提供晶片作業系統在智慧卡101上運行及執行作業指令時所需要的記憶體空間。更詳細的說,晶片作業系統在被執行後,可以依據傳輸管理元件所接收到的作業指令使用處理元件在儲存元件所提供的記憶體空間中執行相對應的作業以產生相對應的作業結果,傳輸管理元件可以將作業系統使用處理元件產生的作業結果傳回計算設備100。 The smart card 101 includes a transmission management component, a processing component, a storage component, and the like (none of which are shown), wherein the transmission management component can receive the data or signal transmitted by the computing device 100, or To transmit data or signals to the computing device 100, for example, to receive job instructions transmitted by the computing device 100; the processing component can execute a Chip Operating System (COS) stored in the storage component and can provide a wafer operating system to perform transmission The job instruction received by the management component; the storage component can store the data required for the operation of the wafer operating system, and can provide the memory space required for the wafer operating system to run on the smart card 101 and execute the job instruction. In more detail, after the wafer operating system is executed, the processing component can be used to perform a corresponding job in the memory space provided by the storage component according to the job instruction received by the transmission management component to generate a corresponding job result. The transfer management component can communicate the results of the job generated by the operating system using the processing component back to computing device 100.

計算設備100包含但不限於一個或多個處理器、一個或多個記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等元件。透過所包含之多個元件,計算設備100可以載入並執行作業系統,使作業系統在計算設備上運行。 Computing device 100 includes, but is not limited to, one or more processors, one or more memory modules, and components such as bus bars that connect different components, including memory modules and processors. Through the various components included, computing device 100 can load and execute the operating system to cause the operating system to operate on the computing device.

計算設備100的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。 The bus bar of computing device 100 can include one or more types, including, for example, a data bus, an address bus, a control bus, an expansion bus, and an expansion bus. And/or a type of bus such as a local bus. Busbars for computing devices include, but are not limited to, side-by-side industry standard architecture (ISA) busses, peripheral component interconnect (PCI) busses, video electronic standards associations (VESA) local busses, and tandem universal sequence busses (USB), Fast Peripheral Component Interconnect (PCI-E) bus, etc.

計算設備100的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流 排耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。若計算設備100為多處理器設備,也就是計算設備100包含多個處理器,則計算設備100所包含的處理器都相同或類似,且透過匯流排耦接與通訊。 The processor of computing device 100 is coupled to the busbar. The processor includes a register group or a scratchpad space, and the scratchpad group or scratchpad space can be completely disposed on the processing wafer, or all or part of the processor is disposed outside the processing chip and via a dedicated electrical connection. And/or via confluence The row is coupled to the processor. The processor can be a processing unit, a microprocessor, or any suitable processing element. If the computing device 100 is a multi-processor device, that is, the computing device 100 includes multiple processors, the computing device 100 includes processors that are the same or similar and are coupled and communicated through the bus.

計算設備100的處理器可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。 The processor of computing device 100 can be coupled to the chip set or electrically coupled to the wafer set via the bus bar. The chipset is composed of one or more integrated circuits (ICs), including a memory controller and a peripheral input/output (I/O) controller, that is, the memory controller and the peripheral output controller can be included in In an integrated circuit, two or more integrated circuits can also be used. The chipset typically provides input and memory management functions, as well as providing a plurality of general purpose and/or dedicated registers, timers, etc., wherein the general purpose and/or dedicated registers and timers are coupled or One or more processors electrically coupled to the chip set are accessed or used.

計算設備100的處理器也可以透過記憶體控制器存取安裝於計算設備100上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory,NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟、磁帶機、隨身碟(快閃記憶體)、固態硬碟(Solid State Disk,SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。 The processor of the computing device 100 can also access the memory modules installed in the computing device 100 and the data in the mass storage area through the memory controller. The above memory module includes any type of volatile memory and/or non-volatile memory (NVRAM) memory, such as static random access memory (SRAM), dynamic random access. Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The mass storage area described above may include any type of storage device or storage medium, such as a hard disk drive, a compact disc, a tape drive, a flash drive (flash memory), a solid state disk (SSD), or any Other storage devices, etc. That is to say, the memory controller can access data in the static random access memory, the dynamic random access memory, the flash memory, the hard disk drive, and the solid state hard disk.

計算設備100的處理器也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、以及GPS接收器等周邊裝置或介面通訊。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、 軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、3G/4G/5G等行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路設備、非同步傳輸模式(ATM)設備、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠進行資料的輸入與輸出,也能夠與具有上述描述之元件的另一個計算設備進行通訊。 The processor of the computing device 100 can also communicate with peripheral devices or interfaces such as peripheral output devices, peripheral input devices, communication interfaces, and GPS receivers through the peripheral output/input bus via the peripheral output/input controller. The peripheral input device can be any type of input device, such as a keyboard, a mouse, The trackball, the touchpad, the rocker, etc., the peripheral output device can be any type of output device, such as a display, a printer, etc., and the peripheral input device and the peripheral output device can also be the same device, such as a touch screen. The communication interface can include a wireless communication interface and/or a wired communication interface, and the wireless communication interface can include a wireless communication network such as Wi-Fi, Zigbee, Bluetooth, infrared, near field communication (NFC), 3G/4G/5G, etc. The interface of the road or other wireless data transmission protocol, the wired communication interface can be an Ethernet device, an asynchronous transfer mode (ATM) device, a DSL data machine, a cable (data) data machine, and the like. The processor can periodically poll various peripheral devices and interfaces to enable the computing device to perform input and output of data, as well as to communicate with another computing device having the elements described above.

計算設備100提供智慧卡101連接。其中,計算設備100可以包含或連接讀卡機(圖中未示)。若智慧卡101為接觸式晶片卡時,智慧卡101可以插入讀卡機藉以與讀卡機接觸而連接計算設備100;而若智慧卡101為感應式晶片卡時,智慧卡101可以接近讀卡機以與讀卡機發生感應而與計算設備100連接。 Computing device 100 provides a smart card 101 connection. The computing device 100 can include or connect to a card reader (not shown). If the smart card 101 is a contact chip card, the smart card 101 can be inserted into the card reader to connect with the card reader to connect to the computing device 100; and if the smart card 101 is an inductive chip card, the smart card 101 can be close to the card reader. The machine is coupled to the computing device 100 in response to sensing with the card reader.

計算設備100負責透過處理器190執行應用程式110。其中,計算設備100的處理器190可以運行作業系統(圖中未示),且應用程式110安裝於作業系統中。 Computing device 100 is responsible for executing application 110 through processor 190. The processor 190 of the computing device 100 can run a working system (not shown), and the application 110 is installed in the operating system.

應用程式110負責透過智慧卡101執行憑證管理作業。其中,應用程式110更包含瀏覽器模組111以及安控元件112。 The application 110 is responsible for executing the credential management job through the smart card 101. The application 110 further includes a browser module 111 and a security control component 112.

瀏覽器模組111與伺服器400連接,負責由伺服器400下載使用者操作介面。 The browser module 111 is connected to the server 400 and is responsible for downloading the user operation interface by the server 400.

瀏覽器模組111也負責提供在所下載的使用者操作介面中選擇進行憑證管理作業、密碼變更作業、或線上解卡作業等執行作業。其中,憑證管 理作業可以是憑證更新作業、憑證管理作業、憑證下載作業、憑證儲存作業、憑證匯出作業、或憑證匯入作業等,但本創作並不以上述為限。 The browser module 111 is also responsible for providing an execution job for selecting a voucher management job, a password change job, or an online card removal job among the downloaded user operation interfaces. Among them, the certificate tube The job can be a voucher update job, a voucher management job, a voucher download job, a voucher save job, a voucher remittance job, or a voucher remittance job, but the present creation is not limited to the above.

在部分的實施例中,瀏覽器模組111也可以在提供於使用者操作介面中選擇憑證管理作業時一併選擇安裝於計算設備100中的瀏覽器,藉以提供安控元件112在進行憑證管理作業(如憑證匯出作業或憑證匯入作業等)時使用,但本創作並不以此為限。 In some embodiments, the browser module 111 can also select a browser installed in the computing device 100 when the credential management job is selected in the user operation interface, so as to provide the security control component 112 for credential management. Use when working (such as voucher remittance or voucher import), but this creation is not limited to this.

瀏覽器模組111可以在憑證管理作業被選擇時,呼叫安控元件112。 The browser module 111 can call the security component 112 when the credential management job is selected.

瀏覽器模組111也可以在密碼變更作業被選擇時,顯示輸入原密碼與新密碼的輸入介面,藉以提供輸入原密碼以及新密碼,並可以呼叫安控元件112。 The browser module 111 can also display an input interface for inputting the original password and the new password when the password change job is selected, thereby providing the input original password and the new password, and can call the security control unit 112.

瀏覽器模組111也可以在線上解卡作業被選擇時,提供輸入登入伺服器400的網站密碼,並傳送網站密碼至伺服器400驗證,以及接收伺服器400所傳回的驗證結果,並可以在所接收到的驗證結果表示網站密碼通過伺服器的驗證後,提供輸入新密碼,及呼叫安控元件112。 The browser module 111 can also provide the website password input to the login server 400 when the online unpacking operation is selected, and transmit the website password to the server 400 for verification, and receive the verification result returned by the server 400, and can After the received verification result indicates that the website password has been verified by the server, a new password is entered, and the security control element 112 is called.

安控元件112負責在瀏覽器模組111選擇憑證管理作業時,透過計算設備100的周邊輸入裝置180提供輸入智慧卡密碼以驗證使用者身分,及用以判斷使用者身分通過驗證後,透過智慧卡101執行被選擇的憑證管理作業。 The security control component 112 is responsible for providing the input smart card password through the peripheral input device 180 of the computing device 100 to verify the user identity when the browser module 111 selects the credential management operation, and to determine the user identity after passing the verification, through the wisdom The card 101 executes the selected credential management job.

更詳細的,當瀏覽器模組111選擇的憑證管理作業為憑證更新作業或憑證管理作業時,安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機(圖中未示)將所下載的目標憑證傳送給智慧卡101儲存;當憑證管理作業為憑證下載作業時,安控元件112可以判斷欲下載之目標憑 證是否在計算設備100上申請,若目標憑證是在計算設備100上申請,則安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機將目標憑證傳送給智慧卡101儲存;當憑證管理作業為憑證儲存或憑證匯出作業時,安控元件112可以透過計算設備100的讀卡機由智慧卡101讀取目標憑證,並可以將所讀出的目標憑證儲存為憑證檔案或將所讀出的目標憑證匯入指定瀏覽器;當憑證管理作業為憑證匯入作業時,安控元件112可以由特定瀏覽器中讀取出目標憑證,並可以透過計算設備100的讀卡機將所讀出的目標憑證傳送給智慧卡101儲存。一般而言,上述之指定瀏覽器與特定瀏覽器是瀏覽器模組111在提供使用者選擇憑證管理作業時一併選擇,但本創作並不以此為限。 In more detail, when the credential management job selected by the browser module 111 is a credential update job or a credential management job, the security control component 112 can download the target credential by the server 400 and can pass through the card reader of the computing device 100 (Fig. The downloaded target voucher is transmitted to the smart card 101 for storage; when the voucher management job is a voucher downloading operation, the security control component 112 can determine the target to be downloaded. Whether the certificate is applied on the computing device 100, if the target certificate is applied on the computing device 100, the security component 112 can download the target credentials by the server 400, and can transmit the target credentials to the wisdom through the card reader of the computing device 100. The card 101 is stored; when the voucher management job is a voucher storage or voucher remittance operation, the security control component 112 can read the target voucher from the smart card 101 through the card reader of the computing device 100, and can store the read target voucher. The voucher file or the read target document is imported into the designated browser; when the voucher management job is a voucher import job, the security control component 112 can read the target voucher from the specific browser and can pass through the computing device 100 The card reader transmits the read target certificate to the smart card 101 for storage. Generally, the specified browser and the specific browser are selected by the browser module 111 when providing the user to select a credential management operation, but the creation is not limited thereto.

安控元件112也可以在瀏覽器模組111選擇密碼變更作業時,透過計算設備100的讀卡機將瀏覽器模組111提供輸入的原密碼傳送給智慧卡101,並接收智慧卡101判斷瀏覽器模組111提供輸入的原密碼是否正確的判斷結果,以及在智慧卡101所傳回的判斷結果表示原密碼正確時,透過讀卡機將瀏覽器模組111提供輸入的新密碼傳送給智慧卡101,使得智慧卡101以新密碼取代原密碼。 The security control component 112 can also transmit the original password provided by the browser module 111 to the smart card 101 through the card reader of the computing device 100 when the browser module 111 selects the password change operation, and receive the smart card 101 to determine the browsing. The module 111 provides a determination result as to whether the input original password is correct, and when the judgment result returned by the smart card 101 indicates that the original password is correct, the new password provided by the browser module 111 is transmitted to the wisdom through the card reader. The card 101 causes the smart card 101 to replace the original password with a new password.

安控元件112也可以在瀏覽器模組111選擇線上解卡作業時,透過計算設備100的讀卡機由智慧卡101讀取目標憑證,並依據所取得之目標憑證由伺服器400取得與目標憑證相對應的通訊資料後,產生認證碼並使用通訊資料發送所產生的認證碼。其中,通訊資料可以是電子郵件帳號,也可以是手機號碼,本創作並不此為限,凡可以確實將認證碼提供給目標憑證之使用者的資料都可以作為本創作之通訊資料。 The security control component 112 can also read the target credential by the smart card 101 through the card reader of the computing device 100 when the browser module 111 selects the line unblocking operation, and obtains the target by the server 400 according to the obtained target credential. After the corresponding communication data of the voucher, an authentication code is generated and the generated authentication code is transmitted using the communication data. The communication data may be an email account or a mobile phone number. This creation is not limited to this. Any data that can provide the authentication code to the user of the target certificate can be used as the communication material of the creation.

安控元件112還可以判斷瀏覽器模組111提供輸入的認證碼是否正確,並可以在判斷瀏覽器模組111提供輸入的認證碼正確後,透過計算設備100 的讀卡機將瀏覽器模組111提供輸入的新密碼傳送至智慧卡101,使得智慧卡101以新密碼取代原密碼。 The security control component 112 can also determine whether the authentication code provided by the browser module 111 is correct, and can pass through the computing device 100 after determining that the authentication code provided by the browser module 111 is correct. The card reader transmits the new password provided by the browser module 111 to the smart card 101, so that the smart card 101 replaces the original password with a new password.

接著以一個實施例來解說本創作的運作,並請參照「第2圖」本創作所提之以嵌入式瀏覽器模組管理憑證之方法流程圖。在本實施例中,假設計算設備100為電腦,應用程式110為憑證管理程式,但本創作並不以此為限。 Next, an embodiment is used to illustrate the operation of the present creation, and please refer to the flowchart of the method for managing credentials by the embedded browser module in the "Picture 2". In this embodiment, it is assumed that the computing device 100 is a computer, and the application 110 is a credential management program, but the creation is not limited thereto.

首先,使用者需要在計算設備100上安裝並執行應用程式110(步驟202),應用程式110在被執行後,應用程式110的瀏覽器模組111可以透過HTTP協定連線到伺服器400下載包含使用者操作介面的網頁,並顯示所下載的網頁以提供使用者進行操作。 First, the user needs to install and execute the application 110 on the computing device 100 (step 202). After the application 110 is executed, the browser module 111 of the application 110 can be connected to the server 400 via the HTTP protocol to download and include The user operates the webpage of the interface and displays the downloaded webpage to provide the user with an operation.

若智慧卡101為接觸式晶片卡,則使用者也需要連接計算設備100與智慧卡101(步驟210),但使用者連接計算設備100與智慧卡101的時機並沒有特別的限制,例如,使用者可以在操作計算設備100執行應用程式110(步驟202)前,連接計算設備100與智慧卡101(步驟210);使用者也可以應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,連接計算設備100與智慧卡101(步驟210)。也就是說,計算設備100執行應用程式110(步驟202)與連接計算設備100與智慧卡101(步驟210)並沒有先後次序的關係。另外,要特別說明的是,若智慧卡101為感應式晶片卡,則使用者此時可以不連接計算設備100與智慧卡101,也就是此時尚不需要將智慧卡101靠近計算設備100。 If the smart card 101 is a contact chip card, the user also needs to connect the computing device 100 and the smart card 101 (step 210), but the timing of the user connecting the computing device 100 and the smart card 101 is not particularly limited, for example, The computing device 100 and the smart card 101 can be connected before the application computing device 100 executes the application 110 (step 202) (step 210); the user can also display the connection to the server 400 by the browser module 111 of the application 110. After the downloaded web page, the computing device 100 and the smart card 101 are connected (step 210). That is, computing device 100 executes application 110 (step 202) and has no prioritized relationship with connected computing device 100 and smart card 101 (step 210). In addition, it should be particularly noted that if the smart card 101 is an inductive chip card, the user may not connect the computing device 100 and the smart card 101 at this time, that is, the fashion card 101 does not need to be close to the computing device 100.

在應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,瀏覽器模組111可以提供使用者選擇欲進行的作業,也就是提供使用者選擇一種憑證管理作業、密碼變更作業、或線上解卡作業。 After the browser module 111 of the application 110 displays the webpage downloaded to the server 400, the browser module 111 can provide a user to select a job to be performed, that is, provide the user to select a credential management job and password. Change the job, or cancel the card online.

若使用者選擇憑證更新作業、憑證管理作業、憑證下載作業、憑證儲存作業、憑證匯出作業、或憑證匯入作業等憑證管理作業,則應用程式110的瀏覽器模組111可以在憑證管理作業被使用者選擇時,呼叫應用程式110的安控元件112(步驟220)。 If the user selects a voucher management job such as a voucher update job, a voucher management job, a voucher download job, a voucher storage job, a voucher remittance job, or a voucher import job, the browser module 111 of the application 110 can perform the voucher management job. When selected by the user, the security component 112 of the application 110 is called (step 220).

在應用程式110的安控元件112被應用程式110的瀏覽器模組111呼叫後,安控元件112可以提供使用者輸入智慧卡密碼(步驟230)。在本實施例中,安控元件112可以產生並顯示對話方塊,並提示使用者在對話方塊中輸入智慧卡密碼。 After the security component 112 of the application 110 is called by the browser module 111 of the application 110, the security component 112 can provide the user with the smart card password (step 230). In this embodiment, the security component 112 can generate and display a dialog box and prompt the user to enter the smart card password in the dialog box.

在應用程式110的安控元件112取得使用者輸入的智慧卡密碼後,安控元件112可以依據使用者輸入的智慧卡密碼判斷使用者身分是否通過驗證(步驟240)。在本實施例中,安控元件112可以透過計算設備100的讀卡機將智慧卡密碼傳送給智慧卡101,智慧卡101可以判斷安控元件112所傳來的智慧卡密碼是否正確,若否,則智慧卡101可以產生表示使用者身分沒有通過驗證的驗證結果,而若智慧卡101判斷安控元件112所傳來的智慧卡密碼正確,則智慧卡101可以產生使用者身分通過驗證的驗證結果。智慧卡101在產生驗證結果後,可以將所產生的驗證結果傳回計算設備100,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所產生的驗證結果,並可以依據所接收到的驗證結果判斷使用者身分是否通過驗證。 After the security component 112 of the application 110 obtains the smart card password input by the user, the security component 112 can determine whether the user identity has passed the verification according to the smart card password input by the user (step 240). In this embodiment, the security control component 112 can transmit the smart card password to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can determine whether the smart card password sent by the security component 112 is correct, and if not The smart card 101 can generate a verification result indicating that the user identity has not passed the verification, and if the smart card 101 determines that the smart card password transmitted by the security control component 112 is correct, the smart card 101 can generate verification that the user identity passes the verification. result. After the verification result is generated, the smart card 101 can transmit the generated verification result back to the computing device 100. The security control component 112 can receive the verification result generated by the smart card 101 through the card reader of the computing device 100, and can receive the verification result according to the received The verification result obtained determines whether the user identity has passed the verification.

若應用程式110的安控元件112判斷使用者身分沒有通過驗證,則安控元件112可以再次提供輸入智慧卡密碼(步驟230)或結束執行以拒絕進行憑證管理作業;而若應用程式110的安控元件112判斷使用者身分通過驗證,則安控元件112可以透過智慧卡101執行憑證管理作業(步驟250)。在本實施例中, 當使用者透過應用程式110的瀏覽器模組111選擇的憑證管理作業為憑證更新作業或憑證管理作業時,安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機將儲存憑證的作業指令以及所下載的目標憑證傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及目標憑證,並可以依據所接收到的作業指令儲存所接收到的目標憑證;當使用者選擇的憑證管理作業為憑證下載作業時,安控元件112可以判斷使用者欲下載至智慧卡101之目標憑證是否是在計算設備100上所申請,若目標憑證不是在計算設備100上申請,則安控元件112將可以不執行憑證下載作業,也就是不傳送目標憑證給智慧卡101,而若目標憑證是在計算設備100上申請,則安控元件112可以由伺服器400下載目標憑證,並可以透過計算設備100的讀卡機將儲存憑證的作業指令以及所下載的目標憑證傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及目標憑證,並可以依據所接收到的作業指令儲存所接收到的目標憑證;當使用者所選擇的憑證管理作業為憑證儲存作業時,安控元件112可以產生讀取憑證的作業指令,並透過計算設備100的讀卡機將所產生的作業指令傳送給智慧卡101,智慧卡101在接收到作業指令後,可以依據所接收到的作業指令讀取目標憑證,並可以將所讀出的目標憑證傳回計算設備100,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所傳回的目標憑證,並可以提供使用者選擇目標憑證的儲存路徑以及輸入目標憑證的儲存檔名,以及可以將所接收到之目標憑證的格式轉換為憑證檔案後,以使用者所輸入的儲存檔名儲存在使用者所選擇的儲存路徑中;當使用者所選擇的憑證管理作業為憑證匯出作業時,安控元件112可以產生讀取憑證的作業指令,並透過計算設備100的讀卡機將所產生的作業指令傳送給智慧卡101,智慧卡101在接收到作業指令後,可 以依據所接收到的作業指令讀取目標憑證,並可以將所讀出的目標憑證傳回計算設備100,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所傳回的目標憑證,並可以提供使用者選擇安裝於計算設備100中的一個瀏覽器作為指定瀏覽器,以及可以將所接收到之目標憑證匯入指定瀏覽器中;當使用者所選擇的憑證管理作業為憑證匯入作業時,安控元件112可以提供使用者選擇安裝於計算設備100中的一個特定瀏覽器以及目標憑證,並可以由使用者所選擇的特定瀏覽器中讀取出目標憑證,以及可以透過計算設備100的讀卡機將儲存憑證的作業指令以及所下載的目標憑證傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及目標憑證,並可以依據所接收到的作業指令儲存所接收到的目標憑證。 If the security component 112 of the application 110 determines that the user identity has not passed the verification, the security component 112 may again provide the input smart card password (step 230) or end the execution to reject the voucher management operation; The control component 112 determines that the user identity has passed the verification, and the security component 112 can perform the credential management operation through the smart card 101 (step 250). In this embodiment, When the user selects the credential management job selected by the browser module 111 of the application 110 as a credential update job or a credential management job, the security control component 112 can download the target credential by the server 400 and can read the card through the computing device 100. The machine transmits the job instruction for storing the certificate and the downloaded target certificate to the smart card 101, and the smart card 101 can receive the job instruction and the target certificate transmitted by the computing device 100, and can store the received according to the received job instruction. The target credential; when the credential management job selected by the user is a credential download job, the security control component 112 can determine whether the target credential that the user wants to download to the smart card 101 is applied on the computing device 100, if the target credential is not in the calculation When the device 100 applies, the security component 112 will not perform the voucher download operation, that is, the target voucher is not transmitted to the smart card 101, and if the target voucher is applied on the computing device 100, the security component 112 can be served by the server. 400 downloading the target credential, and the work instruction for storing the credential can be read by the card reader of the computing device 100 The downloaded target certificate is transmitted to the smart card 101, and the smart card 101 can receive the job instruction and the target certificate transmitted by the computing device 100, and can store the received target document according to the received job instruction; when the user selects When the voucher management job is a voucher storage job, the security control component 112 can generate a job instruction to read the voucher, and transmit the generated job instruction to the smart card 101 through the card reader of the computing device 100, and the smart card 101 receives the After the job instruction, the target certificate can be read according to the received job instruction, and the read target certificate can be transmitted back to the computing device 100, and the security control component 112 can receive the smart card 101 through the card reader of the computing device 100. The returned target voucher, and can provide the storage path of the user to select the target voucher and the storage file name of the input target voucher, and can convert the format of the received target voucher into a voucher file, and then store the input by the user. The file name is stored in the storage path selected by the user; when the user selects the voucher management job as a voucher When the job security control element 112 may generate instructions for reading job credentials, via the card reader and the computing device 100 transmits the generated job command to the smart card 101, smart card 101 after receiving the job instructions, may The target voucher is read in accordance with the received job instruction, and the read target voucher can be transmitted back to the computing device 100. The security control component 112 can receive the target returned by the smart card 101 through the card reader of the computing device 100. Credentials, and can provide a browser selected by the user to be installed in the computing device 100 as the designated browser, and can import the received target document into the specified browser; when the user selects the credential management job as a credential During the import operation, the security control component 112 can provide a specific browser and target credentials that the user selects to install in the computing device 100, and can read the target credentials from a specific browser selected by the user, and can pass through The card reader of the computing device 100 transmits the job instruction for storing the voucher and the downloaded target voucher to the smart card 101, and the smart card 101 can receive the job instruction and the target voucher transmitted by the computing device 100, and can be based on the received job. The instruction stores the received target certificate.

如此,透過本創作,便可以避免瀏覽器對安控元件的限制,同時也可以維持在不改變使用網頁提供憑證作業的情況下隨時更新應用程式110所能提供的憑證作業功能,也就是只要更新伺服器400之網頁即可以更新應用程式110,而不需要由使用者更新應用程式110。 In this way, through the creation, the browser can be prevented from restricting the security control components, and the credential job function provided by the application 110 can be updated at any time without changing the use of the webpage to provide the voucher operation, that is, as long as the update is performed. The web page of the server 400 can update the application 110 without requiring the user to update the application 110.

上述的實施例中,在計算設備100執行應用程式110(步驟202),且應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,若使用者透過瀏覽器模組111選擇密碼變更作業,則瀏覽器模組111可以至伺服器400下載密碼變更介面,並顯示所下載的密碼變更介面以提供使用者輸入原密碼與新密碼,瀏覽器模組111也可以在使用者完成原密碼與新密碼的輸入後呼叫應用程式110的安控元件112,安控元件112被瀏覽器模組111呼叫後,可以透過智慧卡101判斷使用者所輸入的原密碼是否正確,也就是透過計算設備100的讀卡機將使用者所輸入的原密碼以及檢核密碼的作業指令傳送給智慧卡101,智慧卡101 可以接收計算設備100所傳送的作業指令以及原密碼,並可以依據所接收到的作業指令判斷所接收到的原密碼是否正確,以及可以產生判斷結果並將所產生的判斷結果傳回計算設備100。 In the above embodiment, the computing device 100 executes the application 110 (step 202), and the browser module 111 of the application 110 displays the webpage downloaded to the server 400, and then the user accesses the browser module. 111, the password change operation is selected, the browser module 111 can download the password change interface to the server 400, and display the downloaded password change interface to provide the user to input the original password and the new password, and the browser module 111 can also be used. After the input of the original password and the new password is completed, the security control component 112 of the application 110 is called. After the security control component 112 is called by the browser module 111, the smart card 101 can be used to determine whether the original password input by the user is correct. That is, the original password input by the user and the operation command for checking the password are transmitted to the smart card 101 through the card reader of the computing device 100, and the smart card 101 is used. The job instruction transmitted by the computing device 100 and the original password may be received, and the received original password may be determined to be correct according to the received job instruction, and the determination result may be generated and the generated determination result may be transmitted back to the computing device 100. .

應用程式110的安控元件112可以在智慧卡101判斷原密碼正確時,將使用者所輸入的新密碼儲存至智慧卡101中。在本實施例中,安控元件112可以透過計算設備100的讀卡機接收智慧卡101所傳回的判斷結果,若判斷結果表示原密碼錯誤,則安控元件112可以停止繼續執行密碼變更作業,而若判斷結果表示原密碼正確,則安控元件112可以透過計算設備100的讀卡機將新密碼以及變更密碼的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及新密碼,並可以依據所接收到的作業指令將原密碼更新為新密碼。 The security control component 112 of the application 110 can store the new password entered by the user into the smart card 101 when the smart card 101 determines that the original password is correct. In this embodiment, the security control component 112 can receive the determination result returned by the smart card 101 through the card reader of the computing device 100. If the determination result indicates that the original password is incorrect, the security control component 112 can stop performing the password change operation. If the result of the determination indicates that the original password is correct, the security control component 112 can transmit the new password and the job password change command to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the data transmitted by the computing device 100. The job instruction and the new password, and the original password can be updated to the new password according to the received job instruction.

另外,在計算設備100執行應用程式110(步驟202),且應用程式110的瀏覽器模組111顯示連線到伺服器400所下載的網頁後,若使用者透過瀏覽器模組111選擇線上解卡作業,則瀏覽器模組111可以呼叫應用程式110的安控元件112。安控元件112被瀏覽器模組111呼叫後,可以由智慧卡101讀取目標憑證,並依據所讀出之目標憑證由伺服器400取得電子郵件帳號,以及可以產生並發送認證碼至電子郵件帳號。 In addition, after the computing device 100 executes the application 110 (step 202), and the browser module 111 of the application 110 displays the webpage downloaded to the server 400, the user selects the online solution through the browser module 111. The card module 111 can call the security component 112 of the application 110. After the security control component 112 is called by the browser module 111, the target certificate can be read by the smart card 101, and the email account is obtained by the server 400 according to the read target certificate, and the authentication code can be generated and sent to the email. account number.

應用程式110的瀏覽器模組111在呼叫應用程式110的安控元件112後,可以由伺服器400下載認證碼輸入介面,並顯示所下載的認證碼輸入介面以提供使用者輸入認證碼。在使用者完成認證碼的輸入後,安控元件112可以判斷使用者所輸入的認證碼是否正確,並可以在判斷使用者所輸入的認證碼正確時,透過瀏覽器模組111所下載的密碼更新介面提供使用者輸入新密碼,並儲 存新密碼至智慧卡101中。在本實施例中,安控元件112可以透過計算設備100的讀卡機將新密碼以及卡片解卡的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及新密碼,並可以依據所接收到的作業指令將原密碼更新為新密碼,並解除智慧卡101的鎖定狀態。 After the browser module 111 of the application 110 calls the security control component 112 of the application 110, the authentication code input interface can be downloaded by the server 400, and the downloaded authentication code input interface is displayed to provide the user input authentication code. After the user completes the input of the authentication code, the security control component 112 can determine whether the authentication code input by the user is correct, and can use the password downloaded by the browser module 111 when determining that the authentication code input by the user is correct. The update interface provides the user with a new password and saves Save the new password to the smart card 101. In this embodiment, the security control component 112 can transmit the new password and the card unlocking job instruction to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the job instruction transmitted by the computing device 100 and the new The password can be updated to a new password according to the received job instruction, and the smart card 101 is unlocked.

此外,瀏覽器模組111也可以在線上解卡作業被使用者選擇時,至伺服器400下載密碼輸入介面,並顯示所下載的密碼輸入介面以提供使用者輸入登入伺服器400的網站密碼。瀏覽器模組111也可以在使用者完成網站密碼的輸入後,傳送使用者輸入的網站密碼至伺服器400驗證,並接收伺服器400所傳回的驗證結果。當瀏覽器模組111所接收到的驗證結果表示網站密碼沒有通過伺服器400的驗證時,瀏覽器模組111可以再次顯示密碼輸入介面以提供使用者再次輸入登入伺服器400的網站密碼;而當瀏覽器模組111所接收到的驗證結果表示網站密碼通過伺服器400的驗證時,瀏覽器模組111可以至伺服器400下載密碼更新介面,並顯示所下載的密碼更新介面以提供使用者輸入新密碼。瀏覽器模組111也可以在驗證結果表示網站密碼通過伺服器400的驗證時,呼叫安控元件112,安控元件112在被瀏覽器模組111呼叫後,可以取得使用者透過瀏覽器模組111所輸入的新密碼,並可以透過計算設備100的讀卡機將新密碼以及卡片解卡的作業指令傳送給智慧卡101,智慧卡101可以接收計算設備100所傳送的作業指令以及新密碼,並可以依據所接收到的作業指令儲存新密碼,藉以將原密碼更新為新密碼,並解除智慧卡101的鎖定狀態。 In addition, the browser module 111 can also download the password input interface to the server 400 when the online unlocking operation is selected by the user, and display the downloaded password input interface to provide the website password of the user inputting the login server 400. The browser module 111 can also transmit the website password input by the user to the server 400 after the user completes the input of the website password, and receive the verification result returned by the server 400. When the verification result received by the browser module 111 indicates that the website password is not verified by the server 400, the browser module 111 may display the password input interface again to provide the user with the website password of the login server 400 again; When the verification result received by the browser module 111 indicates that the website password is verified by the server 400, the browser module 111 can download the password update interface to the server 400, and display the downloaded password update interface to provide the user. Enter a new password. The browser module 111 can also call the security control component 112 when the verification result indicates that the website password is verified by the server 400. After the security component 112 is called by the browser module 111, the browser module can obtain the user through the browser module. 111, the new password is input, and the new password and the card unlocking job instruction can be transmitted to the smart card 101 through the card reader of the computing device 100, and the smart card 101 can receive the job instruction and the new password transmitted by the computing device 100. And the new password can be stored according to the received job instruction, so that the original password is updated to the new password, and the locked state of the smart card 101 is released.

綜上所述,可知本創作與先前技術之間的差異在於具有透過應用程式嵌入瀏覽器模組,瀏覽器模組在憑證管理作業被選擇時,呼叫應用程式的安控元件,使得安控元件依據被輸入之智慧卡密碼判斷使用者身分通過驗證 後,透過智慧卡執行憑證管理作業之技術手段,藉由此一技術手段可以解決先前技術所存在透過網頁服務提供憑證管理受到瀏覽器限制的問題,進而達成在伺服器上修改網頁即可改版無須更新應用程式之技術功效。 In summary, it can be seen that the difference between the present creation and the prior art is that the browser module is embedded in the application module, and the browser module calls the security control component of the application when the credential management job is selected, so that the security control component Judging the user's identity by the entered smart card password After that, the technical means of performing the credential management operation through the smart card can solve the problem that the prior art has the browser limitation by providing the credential management through the web service, thereby realizing that the webpage can be modified on the server without being modified. Update the technical power of the app.

再者,本創作之以嵌入式瀏覽器模組管理憑證之方法,可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。 Furthermore, the method of managing credentials by the embedded browser module of the present invention can be implemented in a centralized manner in a computer system or in a distributed manner in which different components are interspersed among several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。 Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.

Claims (10)

一種以嵌入式瀏覽器模組管理憑證之計算設備,該計算設備提供一智慧卡連接,該計算設備至少包含:一周邊輸入裝置;一處理器,與該周邊輸入裝置連接;及一應用程式,由該處理器執行,其中更包含:一瀏覽器模組,用以提供選擇一憑證管理作業;及一安控元件,用以提供輸入一智慧卡密碼,及用以依據該智慧卡密碼判斷使用者身分通過驗證後,透過該智慧卡執行該憑證管理作業。 A computing device for managing credentials by an embedded browser module, the computing device providing a smart card connection, the computing device comprising at least: a peripheral input device; a processor coupled to the peripheral input device; and an application Executing by the processor, further comprising: a browser module for providing a selection of a voucher management operation; and a security control component for providing a smart card password for inputting and determining for use according to the smart card password After the identity is verified, the credential management operation is performed through the smart card. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該安控元件於該憑證管理作業為憑證更新作業或憑證管理作業時,由一伺服器下載一目標憑證並安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證下載作業時,判斷該目標憑證是否在該計算設備上申請,並於該目標憑證在該計算設備上申請時安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證儲存或憑證匯出作業時,由該智慧卡讀取該目標憑證並將該目標憑證儲存為憑證檔案或將該目標憑證匯入指定瀏覽器;該安控元件於該憑證管理作業為憑證匯入作業時,由一特定瀏覽器讀取該目標憑證並安裝該目標憑證至該智慧卡。 For example, in the system of claim 1, the embedded browser module manages the voucher, wherein the security control component downloads a target voucher from a server when the voucher management job is a voucher update job or a voucher management job. And installing the target credential to the smart card; the security control component determines whether the target credential is applied on the computing device when the credential management job is a credential downloading operation, and installs when the target credential is applied on the computing device The target certificate is sent to the smart card; when the credential management operation is a voucher storage or a voucher remittance operation, the smart card reads the target voucher and stores the target voucher as a voucher file or the target voucher Importing the specified browser; the security control component reads the target credential and installs the target credential to the smart card when the credential management job is a voucher import job. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於密碼變更作業被選擇時,提供輸入一原密碼與一新密碼,並呼叫該安控元件,該安控元件更用以透過該智慧卡判斷該原密碼正確後,儲存該新密碼至該智慧卡中。 The system for managing credentials by using an embedded browser module according to the first aspect of the patent application, wherein the browser module is further configured to provide an original password and a new password when the password change operation is selected, and The security component is called to use the smart card to determine that the original password is correct, and then store the new password into the smart card. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於線上解卡作業被選擇時呼叫該安控元件,該安控元件更用以由該智慧卡讀取該目標憑證,並依據該目標憑證由該伺服器取得一通訊資料後,使用該通訊資料發送一認證碼,並透過該瀏覽器模組提供輸入該認證碼,及判斷該認證碼正確後,透過該瀏覽器模組提供輸入一新密碼,並儲存該新密碼至該智慧卡中。 The system for managing credentials by using an embedded browser module as described in claim 1, wherein the browser module is further configured to call the security control component when the online unlocking operation is selected, and the security control component is further After the target document is read by the smart card, and a communication data is obtained by the server according to the target certificate, an authentication code is sent by using the communication data, and the authentication code is input through the browser module, and After determining that the authentication code is correct, a new password is input through the browser module, and the new password is stored in the smart card. 如申請專利範圍第1項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於線上解卡作業被選擇時,提供輸入一網站密碼,並傳送該網站密碼至該伺服器驗證,及當該網站密碼通過驗證伺服器後,提供輸入一新密碼,並呼叫該安控元件,該安控元件更用以儲存該新密碼至該智慧卡中。 The system for managing credentials by using an embedded browser module according to the first aspect of the patent application, wherein the browser module is further configured to provide a website password and transmit the website when the online card cancellation operation is selected. The password is verified by the server, and when the website password passes the verification server, a new password is input, and the security control component is called, and the security control component is further used to store the new password into the smart card. 一種以嵌入式瀏覽器模組管理憑證之系統,該系統至少包含:一智慧卡;及一計算設備,提供該智慧卡連接,用以執行一應用程式,該應用程式更包含:一瀏覽器模組,用以提供選擇一憑證管理作業;及一安控元件,用以提供輸入一智慧卡密碼,及用以依據該智慧卡密碼判斷使用者身分通過驗證後,透過該智慧卡執行該憑證管理作業。 A system for managing credentials by using an embedded browser module, the system comprising: at least one smart card; and a computing device providing the smart card connection for executing an application, the application further comprising: a browser module a group for providing a selection of a voucher management operation; and a security control component for providing a smart card password for inputting, and for determining that the user identity is verified according to the smart card password, and performing the credential management through the smart card operation. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該安控元件於該憑證管理作業為憑證更新作業或憑證管理作業時,由一伺服器下載一目標憑證並安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證下載作業時,判斷該目標憑證是否在該計算設備上申請,並於 該目標憑證在該計算設備上申請時安裝該目標憑證至該智慧卡;該安控元件於該憑證管理作業為憑證儲存或憑證匯出作業時,由該智慧卡讀取該目標憑證並將該目標憑證儲存為憑證檔案或將該目標憑證匯入指定瀏覽器;該安控元件於該憑證管理作業為憑證匯入作業時,由一特定瀏覽器讀取該目標憑證並安裝該目標憑證至該智慧卡。 The system for managing credentials by using an embedded browser module as described in claim 6 wherein the security control component downloads a target credential by a server when the credential management job is a credential update job or a credential management job. And installing the target credential to the smart card; the security control component determines whether the target credential is applied on the computing device when the credential management job is a credential downloading operation, and When the target certificate is applied on the computing device, the target certificate is installed to the smart card; when the security management component is the voucher storage or voucher remittance operation, the smart card reads the target voucher and the The target voucher is stored as a voucher file or the target voucher is imported into the specified browser; when the voucher management job is a voucher import job, the target voucher is read by a specific browser and the target voucher is installed to the Smart card. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於密碼變更作業被選擇時,提供輸入一原密碼與一新密碼,並呼叫該安控元件,該安控元件更用以透過該智慧卡判斷該原密碼正確後,儲存該新密碼至該智慧卡中。 The system for managing credentials by using an embedded browser module as described in claim 6, wherein the browser module is further configured to input an original password and a new password when the password change operation is selected, and The security component is called to use the smart card to determine that the original password is correct, and then store the new password into the smart card. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於線上解卡作業被選擇時呼叫該安控元件,該安控元件更用以由該智慧卡讀取該目標憑證,並依據該目標憑證由該伺服器取得一通訊資料後,使用該通訊資料發送一認證碼,並透過該瀏覽器模組提供輸入該認證碼,及判斷該認證碼正確後,透過該瀏覽器模組提供輸入一新密碼,並儲存該新密碼至該智慧卡中。 The system for managing credentials by using an embedded browser module according to claim 6 of the patent application, wherein the browser module is further configured to call the security control component when the online unlocking operation is selected, and the security control component is further After the target document is read by the smart card, and a communication data is obtained by the server according to the target certificate, an authentication code is sent by using the communication data, and the authentication code is input through the browser module, and After determining that the authentication code is correct, a new password is input through the browser module, and the new password is stored in the smart card. 如申請專利範圍第6項所述之以嵌入式瀏覽器模組管理憑證之系統,其中該瀏覽器模組更用以於線上解卡作業被選擇時,提供輸入一網站密碼,並傳送該網站密碼至該伺服器驗證,及當該網站密碼通過驗證伺服器後,提供輸入一新密碼,並呼叫該安控元件,該安控元件更用以儲存該新密碼至該智慧卡中。 The system for managing credentials by using an embedded browser module according to claim 6 of the patent application, wherein the browser module is further configured to provide a website password and transmit the website when the online card cancellation operation is selected. The password is verified by the server, and when the website password passes the verification server, a new password is input, and the security control component is called, and the security control component is further used to store the new password into the smart card.
TW108200664U 2019-01-15 2019-01-15 System for managing certificate with embedded browser module and computing equipment TWM580295U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108200664U TWM580295U (en) 2019-01-15 2019-01-15 System for managing certificate with embedded browser module and computing equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108200664U TWM580295U (en) 2019-01-15 2019-01-15 System for managing certificate with embedded browser module and computing equipment

Publications (1)

Publication Number Publication Date
TWM580295U true TWM580295U (en) 2019-07-01

Family

ID=68049966

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108200664U TWM580295U (en) 2019-01-15 2019-01-15 System for managing certificate with embedded browser module and computing equipment

Country Status (1)

Country Link
TW (1) TWM580295U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI690820B (en) * 2019-01-15 2020-04-11 臺灣網路認證股份有限公司 System for using embedded browser module to manage certificate and method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI690820B (en) * 2019-01-15 2020-04-11 臺灣網路認證股份有限公司 System for using embedded browser module to manage certificate and method thereof

Similar Documents

Publication Publication Date Title
TWI754811B (en) System for using device identification to identify via telecommunication server and method thereof
TWM618092U (en) Certificate management system for automated domain verification
TWM580295U (en) System for managing certificate with embedded browser module and computing equipment
TWM641468U (en) Electronic certificate and digital certificate verification system through third-party platform
TWI690820B (en) System for using embedded browser module to manage certificate and method thereof
TWM592629U (en) System to obtain appended data and execute corresponding operation when identity is confirmed
TWM580206U (en) System for identifying identity through telecommunication server by identification data device
TWM575144U (en) Computing equipment using password of operating system to encrypt and decrypt
TWM583978U (en) System of using physical carrier to store digital certificate for performing online transaction
TWI742429B (en) System for displaying signature message of portable document format file in web page and method thereof
TWM620550U (en) System for verifying identity on different devices by verifying valid certificates
TWM588313U (en) System for confirming user identity through financial account information
TWM586390U (en) A system for performing identity verification according to the service instruction to execute the corresponding service
TWM586494U (en) ID recognition system using network identification data through telecommunication server
TWM576681U (en) Computing device validating user identity during signing
TWI729535B (en) System for using financial account to confirm identity and method thereof
TWI767113B (en) System for using certificate stored in carrier to conduct online transactions and method thereof
TWI691859B (en) System for identifying according to instruction to execute service and method thereof
TWI780341B (en) System for using network identification to identify via telecommunication server and method thereof
TW202018626A (en) System for verifying user identity when processing digital signature and method thereof
TWM578053U (en) System for generating signing documents sequentially providing the signature for the signing party
TWI757925B (en) System for making two applications run simultaneously by calling input program and method thereof
TWI790495B (en) System for driving smart card by third-party device for identity verification and method thereof
TWI704796B (en) System for using network identification to sign in service server via telecommunication server and method thereof
TWI754812B (en) System for using a device identification to log in via telecommunication server and method thereof