JP2007280393A - Device and method for controlling computer login - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a device and method for controlling computer login. <P>SOLUTION: The device includes server side, client-side and hardware device, wherein the server side including a data storage means, a centralized management means and a network communication means, the client-side including a network communication means, an authentication means and a login means. The method for using the device includes first the administrator registering hardware device in server side. Then, when a user logs in, a hardware device is inserted into the client-side computer interface to input a password. The client-side computer obtains hardware device information and requests to the server for registration information of the hardware. According to information obtained from the server, whether or not a user is legal is judged. When it is judged that the user is legal, login is allowed and on the contrary, in the case of illegal user, the login is refused. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention provides an apparatus for controlling login of a computer system and a method for controlling login of a computer system using the apparatus.

  With the advancement of science and technology, the use of computers has become increasingly widespread, widely used in various fields and playing an important role, but with this, the safety of computers is also increasingly threatened. Computers that store particularly important information, once invaded, can become immeasurable.

  Conventionally, a password control method has been adopted as one of the preventive measures to prevent unauthorized registration of a computer.

  For example, in the case of a startup password of a Windows (registered trademark) operating system (OS), since the operating system cannot be accessed unless the password is entered correctly, the use of the computer is prohibited, and the information in the computer is The purpose of protecting is achieved. However, since such a method is realized only by software, there is a possibility that the password is easily deciphered. In addition, after logging in, the user can easily change the password or set another user. If the software itself is removed, the purpose of protecting computer information cannot be achieved.

  There is also a method of controlling a computer by a two-factor authentication method using a hardware device such as a smart card, a smart encryption key, and a token. In this case, first, hardware that can log in to the local computer is registered in the local computer. When a user attempts to log in to a computer, he first plugs the hardware device into the computer's corresponding interface. If the hardware device is not plugged in, or if the plugged-in hardware device is incorrect, you cannot log into the computer. When a valid hardware device is plugged in, it prompts the user for a password. If the entered password is correct, you can log in to the computer, but if the password is incorrect, you will not be able to log in. As a result, even if an unauthorized user steals a computer user name and password, the computer information cannot be logged in without hardware, and thus the computer information is kept safe.

  However, the above method has the following drawbacks. First, since the hardware registration information is completed on the local computer, the hardware for logging in to each computer must be registered on the corresponding computer. When registering or deleting new hardware, it must be operated on the corresponding computer. When the number of computers is large, the amount of work for the system administrator becomes very large, and the information on the hardware devices of each computer is independent of each other, so that the management of the administrator becomes inconvenient. Moreover, since the hardware for logging in to the current computer can be registered even after the user properly logs in to the computer system, the administrator cannot effectively manage each computer, and security concerns remain. Furthermore, the hardware device information registered in each computer consumes system resources of the local computer and cannot maximize the efficiency of the computer.

  The present invention provides an apparatus and method for controlling computer login. It is an object to effectively prevent unauthorized users from logging in to a computer and protect the security of computer information by using the apparatus and method. In addition, it is also an object that the administrator can register each computer and hardware devices of the computer in a centralized manner.

  In order to achieve the above-described object, the present invention has the following configuration.

  An apparatus for controlling computer login according to the present invention includes a client side and a server side that stores and manages hardware device information, and obtains hardware device information and sends a verification request to the server side to send a valid user The client side that provides the service and the hardware device that provides the identity information of the user registration.

  The server side stores data relation means for storing the relationship information between the client side and the hardware device, and stores the hardware device information in the data storage means, and is sent from the network communication means when the user logs in. It has centralized management means for receiving and reading the corresponding information from the data storage means and sending it to the client side, and network communication means for communicating with the client side.

  The client side includes a network communication means for communicating with the server side, a comparison means for comparing the information provided from the login means with the information returned from the server, and sending the result to the login means; After the hardware device is inserted, login means for receiving password verification information input by the user and sending it to the verification means and controlling user login based on information returned from the verification means is included.

  A method of controlling computer login using the apparatus includes inserting a hardware device into the server side, obtaining hardware device information from the server side, and inputting the information of the hardware device input by the administrator. Registration step to save on the server side together with the registration information, plug the hardware device into the client side, the client side requests the verification information after obtaining the hardware device information, based on the result returned from the server side, The user determines whether or not it is legitimate. If it is legitimate, the user login is permitted and the client side can be used.

  In the registration step, (1) a step of inserting a hardware device into a corresponding interface on the server side, and (2) a hardware device registration in which hardware device information is read from the centralized management means and the information is input by an administrator Storing in the data storage means together with the information; and (3) removing the hardware device.

  In the verification login step, (1) the hardware device is inserted into the interface of the client side computer and the password is input, the hardware device verifies whether the password is correct, and returns the result to the login means, and the password If the password is correct, the login unit acquires the hardware device information and sends it to the verification unit, and proceeds to the next step. If the password is not correct, the login unit presents a login failure, and (2) the verification unit Sending a request to the server according to the hardware device information and requesting to obtain registration information of the hardware device; and (3) the server side responding according to the request after receiving the request, And (4) the verification means receives Verifying based on the response data and submitting the verification means to the login means; and (5) the login means receives the verification result sent from the verification means, and if the result is a verification pass, the user logs in to the system. And if the result fails verification, presenting a registration failure.

  In the step of sending the claim to the server by the verification unit, (a) after receiving the hardware information, the verification unit generates billing data and requests the server to send the relevant data, and Sending the request to the client-side network communication means; and (a) the client-side network communication means receives the data from the verification means, encrypts the data, and sends the data to the server-side network communication means via the net. Including the step of.

  In the step where the server side responds to the request, (a) the network communication means on the server side receives the data request, decrypts it, and sends the decoded data request to the central management means on the server side; (A) The server centralized management means includes a step of obtaining required data from the data storage means based on the data request and returning the data to the server-side network communication means.

  In the step of sending data to the client side from the server side, (a) the server-side network communication means encrypts the data and sends the data to the client-side network communication means through the net; The communication means includes the steps of decoding the received data and sending the decoded data to the verification means.

  In the step of verifying based on the data received by the verification means, (a) it is verified whether the hardware device inserted into the login means has been registered, and if it has been registered, the process proceeds to the verification of the next step. In the case of registration, the step of failing the verification and (a) verifying whether the registered hardware device is registered in the local computer. If YES, the process proceeds to the verification of the next step. If this is the case, verify the step that fails verification, and (c) verify that the registered hardware device has already been deleted on the server side. If YES, the verification fails. If NO, verify And a step to pass.

  According to the present invention, the following effects can be obtained.

System safety could be strengthened. In the present invention, since the management of hardware device registration and the storage of registration information are all left to the server, an unauthorized user cannot register a hardware device on the client side, and an unauthorized user uses another hardware device. To prevent you from logging in;
A system administrator can centrally manage all computers. In the present invention, since registration and management of hardware devices are completed by a server on a server, it is not necessary to work on each device, greatly reducing the amount of work of the administrator, and all computers by the system administrator. Centralized management of hardware devices is also convenient.

  It's convenient to control the number of users on one computer. In the present invention, since the control authority of the computer is performed by the administrator on the server, the computer user cannot arbitrarily add other unauthorized users in the case of independent management.

  Low cost, economical and practical. Since the present invention stores information about a computer and its corresponding hardware in a server, it reduces the consumption rate of computer resources and increases the efficiency of the computer.

  The equipment for controlling computer login shown in FIG. 1 includes a server side 101, a client side 107, and a hardware device 105. The server side 101 includes data storage means 103, centralized management means 102 or server side network communication means 104. The data storage means 103 stores information related to the client side 107 and the hardware device 105; the centralized management means 102 stores the information of the hardware device 105 in the data storage means 103, and also at the time of user login, the server side network The request sent from the communication means 104 is received, the relevant information is read from the data storage means 103 and sent to the client side 107; the server side network communication means 104 is installed to communicate with the client side 107. The client side 107 includes client side network communication means 108, verification means 110, and login means 109. The client side network communication means 108 communicates with the server side 101. The verification unit 110 compares the information provided by the login unit 109 with the information returned from the server 101 and sends the result to the login unit 109. The log-in means 109 accepts the information of the hardware device 105 and the password verification information input by the user and sends it to the verification means 110, and controls the user login based on the information returned from the verification means 110. The hardware device 105 provides user registration status information.

  When using, first, information of the hardware device 105 is registered in the server 101 as shown in FIG.

Step 201: Plug the hardware device 105 into the corresponding interface of the server 101;
Step 202: Acquire information of the hardware device 105 from the central management means 102 on the server side;
Step 203: The central management unit 102 stores the acquired information on the hardware device 105 and the registration information of the hardware device input by the administrator in the data storage unit 103;
Then, the hardware device is removed and given to the user of the related computer, and the user can log in using the hardware device.

  As shown in FIG. 3, the application flow of login on the client side is as follows.

Step 301: The user plugs the hardware device 105 into the client side 107 interface;
Step 302: The login means 109 prompts the user to enter a verification password;
Step 303: The password input by the user is verified, and if the input password is incorrect, it is indicated that login failed. If the password entered is correct, go to the next step;
Step 304: The login means 109 acquires the information of the hardware device 105 and sends it to the verification means 110;
Step 305: Generate billing data by the verification means 110 and send it to the client side network communication means 108;
Step 306: The client-side network communication means 108 encrypts the billing data and sends it to the server side via the network 105;
Step 307: The server-side network communication means 104 decrypts the received billing data sent from the client side, and submits the decrypted data to the central management means 102;
Step 308: The centralized management means 102 reads the corresponding information from the data storage means 103 and sends the information to the server-side network communication means 104 according to the request;
Step 309: The server-side network communication means 104 encrypts the information returned from the central management means 102 and sends it to the client side via the network 106;
Step 310: The client-side network communication means 108 decrypts the received data and sends the decrypted data to the verification means 110;
Step 311: The verification means 110 performs verification by comparing the information returned from the server with the acquired information of the hardware device 105;
Step 312: Verify whether the hardware device is registered in the server, and if not registered, send verification failure information to the log-in means; if registered, proceed to the next verification;
Step 313: Verify whether the hardware is registered as a hardware device for the local computer. If NO, send verification failure information to login means; if YES, go to next verification;
Step 314: It is verified whether the hardware device has been deleted. If YES, the verification failure information is sent to the login means; if NO, the verification success information is sent to the login means;
Step 315: The login means receives the verification result sent from the verification means, and if the verification fails, the login fails; if the verification passes, the login is made to the computer system.

  The invention will now be further described with specific examples.

  The system administrator separately inserts hardware devices A and B into the server interface, registers hardware device A with computer A, and registers hardware device B with computer B. Both passwords for these two hardware devices were set to “123” and related information was stored in the database. Then, the hardware devices were removed and passed to User A and User B, respectively.

[Example 1]
User A uses hardware device A to log in to computer A. The user A inserts the hardware device A received from the administrator into the interface of the computer, and the computer A requests the user A to input a password. After entering the password “456”, User A is presented to the computer as “Password is incorrect and login is not possible”. The user A inputs the password “123” again, and the log-in means acquires the information of the hardware device A and sends it to the verification means of the computer A. The verification means generates billing data and requests the server to provide related information of the hardware device A. The verification unit sends the billing data to the network communication unit of the computer A, encrypts the data by the network communication unit, and sends the data to the server side network communication unit via the network. Then, the data is decrypted by the server side network communication means and sent to the central management means. The central management unit reads the information of the hardware device A from the data storage unit and sends the information to the server-side network communication unit according to the request. The information is encrypted by the server-side network communication means and sent to the network communication means of the computer A through the network. The network communication means of the computer A decrypts the information and sends it to the verification means of the computer A. Based on this information, the verification means finds that the hardware device A has already been registered in the server, has been registered for the computer A and has not yet been deleted, and allows the user A to log in to the computer A. .

[Example 2]
User B logs in to computer A using hardware device B. Plugging hardware device B into computer A's interface, computer A requests to enter a password. User B enters the password “123” and computer A obtains information about hardware device B and requests the server to ship the registration information for hardware B. The server reads the information of the hardware device B from the database according to the request of the computer A and returns the information to the computer A. Based on the information returned from the server, the computer A has already been registered in the server but the hardware device B has not been registered for the computer A, and the computer A is an unauthorized user. Present and refuse login.

It is a simple block diagram which shows the structure of the installation which controls the computer login of this invention. It is a work flow figure of server side hardware device registration of the method of controlling computer login of the present invention. It is a work flow figure at the time of logging in to a computer by the client side of this invention.

Explanation of symbols

  A, B computer

Claims (10)

A device that controls computer login,
The server side that stores and manages information on the client side and hardware devices, and
Obtain hardware device information, send a request for verification to the server side, and if it is a legitimate user, the client side that provides the service,
An apparatus for controlling computer login, comprising a hardware device for providing user login identity information. On the server side,
Data storage means for storing relationship information between the client side and the hardware device;
Centralized management that stores hardware device information in the data storage means, receives a request sent from a network communication means when a user logs in, reads out the corresponding information from the data storage means, and sends it to the client side Means,
The apparatus for controlling computer login according to claim 1, further comprising a network communication unit for communicating with the client side. On the client side,
Internet communication means for communicating with the server side;
A verification means for comparing the information provided by the login means with the information returned from the server and sending the result to the login means;
A log-in means for receiving password verification information input by the user after the user plugs in the hardware device, sending the password verification information to the verification means, and controlling user login based on information returned from the verification means; The apparatus for controlling computer login according to claim 1. A method for controlling computer login using the apparatus of claim 1, comprising:
A registration step of inserting the hardware device into the server side, acquiring hardware device information from the server side, and storing the information together with the registration information of the hardware device input by the administrator on the server side;
After inserting the hardware device into the client side, the client side requests the verification information after obtaining the hardware device information, and based on the information returned from the server side, the user determines whether it is valid, A method for controlling computer login, comprising: a verification / login step that permits user login in the case of, and login failure in the case of fraud. In the registration step,
(1) plugging a hardware device into a corresponding interface on the server side;
(2) reading hardware device information from the centralized management means, and storing the information in the data storage means together with the hardware device registration information input by the administrator;
(3) The method for controlling computer login according to claim 4, further comprising the step of removing a hardware device. In the verification / login step,
(1) Insert the hardware device into the interface of the client computer, enter the password, the hardware device verifies whether the password is correct, returns the result to the login means, and if the password is correct, the login means Gets the hardware device information and sends it to the verifier and proceeds to the next step, but if the password is incorrect, it presents a login failure,
(2) The verification means sends the request to the server according to the hardware device information, and requests to send the registration information of the hardware device;
(3) the server side receives the request, responds according to the request, and sends response information to the client side;
(4) The verification means performs verification based on the received response data, and submits the verification result to the login means;
(5) The log-in means receives the verification result sent from the verification means, and if the result is verification pass, the user is allowed to log in to the system, and if the result is verification verification failure, presents a registration failure. The method of controlling computer login according to claim 4, comprising the steps of: In the step of validating the request to the server,
(A) after receiving the hardware information, the verification means generates billing data, requests the server to send relevant data, and sends the claim to the client-side network communication means;
(A) The client-side network communication means receives the data of the verification means, encrypts the data, and sends the data to the server-side network communication means via the network. 6. A method for controlling computer login according to item 6. In the step where the server side responds to the request,
(A) the server-side network communication means receives the data request, decrypts it, and sends the decrypted data request to the server-side centralized management means;
(A) The server centralized management means includes a step of acquiring required data from the data storage means based on the data request and returning the data to the server-side network communication means. How to control computer login as described. In the step of sending data to the client side on the server side,
(A) the server-side network communication means encrypts the data and sends the data to the client-side network communication means via the network;
7. The method for controlling computer login according to claim 6, further comprising the step of: (b) the network communication means on the client side decrypts the received data and sends the decrypted data to the verification means. The verification means performs the verification based on the received data,
(A) The login means verifies whether the inserted hardware device has been registered, and if it has been registered, proceeds to verification of the next step, but if not registered, the step of failing verification,
(B) Verify whether the registered hardware device is registered in the local computer. If YES, the process proceeds to the next step, but if NO, the verification is failed.
(C) It is verified whether the registered hardware device has already been deleted on the server side. If YES, the verification is rejected, but if NO, the verification is passed. A method of controlling computer login according to claim 4 or 6.

Images