• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The present invention relates to a method for preventing hacking of keystroke data, in which the number of digits of a user input password is not known and the original keystroke data is not known even if hacking is performed. A method for preventing, comprising: a first step of, when an input window is clicked, a security input window controller generates an encryption key and provides it to a secure keyboard driver; A second step of the security keyboard driver storing keystroke data input through the keyboard in an internal buffer and providing a null value to a system message queue; A third step of encrypting and buffering the keystroke data stored in the internal buffer by the encryption key when the input is completed; And a fourth step in which the secure input window controller reads the encrypted keystroke data directly from the secure keyboard driver, decrypts the encrypted keystroke data using the encryption key, and provides the same to an application program.
    公开号:KR20040009575A
    申请号:KR1020020043576
    申请日:2002-07-24
    公开日:2004-01-31
    发明作者:김남욱
    申请人:주식회사 잉카인터넷;
    IPC主号:
    专利说明:

    Hacking prevention of key stroke data and computer-readable recording medium recording the same {Hacking prevention of key stroke data}
    [8] The present invention relates to a method for preventing hacking of keystroke data input from a keyboard. More particularly, the present invention relates to block encryption of keystroke data input from a keyboard by a keyboard driver, and to block-blocking keystroke data by an input window controller. The present invention relates to a method for preventing a keystroke data input by a user from being hacked by a hacking program installed on a user's computer by decoding and providing the same to an application program, and a computer-readable recording medium recording the same.
    [9] Considering the fact that the number of users of the Internet is increasing due to the development of computer communication network technology, especially the web or e-mail technology, the Internet is deeply positioned as a part of real life, not a new technology or service area. In accordance with this trend, recently, products have been purchased using the Internet, and financial transactions have been made through the Internet. At this time, a user identifier (ID) and a password are used to authenticate the user and approve the transaction. Since such information is transmitted through the Internet, which is an open network, security methods for data transmitted over the network are widely used to prevent hacking. Although such a security method can prevent hacking on the transmission path, a keystroke hacking tool, which is introduced through the Internet and installed in the user's computer, has a risk of leaking passwords, which are important personal information, to the outside. In other words, by recently installing a hacking program secretly on the user's computer, hooking the keystroke data input by the user from the system message queue or the thread message queue, making it a log file, and sending it to the hacker by e-mail, The user's password may be leaked. Such a hacking method intercepts keystroke data input by a user before data to be transmitted to the Internet is encrypted, and thus cannot be solved by conventional network security methods.
    [10] In order to solve this problem, Korean Patent Laid-Open No. 2002-48313 discloses a keyboard hacking prevention method that can block hacking attempts from a keyboard hacking program. Referring to the keyboard hacking prevention method disclosed in 2002-48313, when a user accesses a web server, a keyboard security program is automatically installed on the user's computer. The keyboard security program includes a security input window controller, a key table generator, Includes a secure keyboard driver. The security input window controller generates a key table using a key table generator whenever an input window is selected, and installs a security keyboard driver in a user's computer. The secure keyboard driver encrypts what the user types using the keyboard according to a key table and enters it into the system message queue. The security input window controller decrypts the keyboard message received through the system message queue and the thread message queue using a key table and passes it to the web browser. If the focus of the program window is changed to another window, the security keyboard driver is automatically removed. If the focus is changed from the other window to the window where the keyboard security program is installed again, a new key table is created and the security keyboard driver is installed. Here, the key table is preferably a mapping table to other characters arbitrarily determined for each character of the keyboard keyboard. For example, the key table is' a 'in' x ',' b 'in' k ',' c 'is mapped to' 9 ', so the security keyboard driver converts' abc' to 'xk9' and enters it into the system message queue, and the security input control section reads' xk9 'and follows the key table. Convert it to 'abc' and pass it to the web browser.
    [11] However, this conventional method converts keystroke data using a key table, so that when the key table is leaked to a third party, it is not a problem to decrypt the keystroke data, and the number of digits of the password can be known. Therefore, there is a problem that the password can be known through a combination of possible passwords.
    [12] Accordingly, the present invention is to solve the problems of the prior art as described above, an object of the present invention is to block-encrypt the keystroke data input from the keyboard in the keyboard driver, and the block-encrypted keystroke data in the input window control unit By decrypting and providing it to an application program, a method of preventing hacking of keystroke data in which the number of digits entered by the user is unknown and the original keystroke data is unknown even if hacked, and a computer-readable recording medium recording the same To provide.
    [1] 1 is a view showing a transfer process of keystroke data to which the present invention is applied.
    [2] 2 is a process flow diagram in accordance with the present invention.
    [3] * Explanation of symbols for main parts of the drawings
    [4] 1: keyboard 2: secure keyboard driver
    [5] 3: system message queue 4: thread message queue
    [6] 5: Security input window control unit 6: Web browser
    [7] 7: Internet 8: Web Server
    [13] According to an aspect of the present invention, there is provided a method for preventing hacking of keystroke data input through a keyboard, wherein when an input window is clicked, a security input window controller generates an encryption key and provides the encryption key to a secure keyboard driver. Stage 1; A second step of the secure keyboard driver storing keystroke data input through the keyboard in an internal buffer and providing a null value to a system message queue; A third step of encrypting and buffering the keystroke data stored in the internal buffer by the encryption key when the input is completed; And a fourth step of the secure input window controller reading the encrypted keystroke data directly from the secure keyboard driver, decrypting the encrypted keystroke data using the encryption key, and providing the encrypted keystroke data to an application program.
    [14] In addition, the present invention, if the input window is clicked on the computer, the first step of the security input window controller generates an encryption key to provide to the secure keyboard driver; A second step of the security keyboard driver storing keystroke data input through the keyboard in an internal buffer and providing a null value to a system message queue; A third step of encrypting and buffering the keystroke data stored in the internal buffer by the encryption key when the input is completed; And a program for executing the fourth step of the secure input window controller reading the encrypted keystroke data directly from the secure keyboard driver, decrypting the encrypted keystroke data, and providing the encrypted keystroke data to an application program. Provide the medium.
    [15] Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.
    [16] 1 is a diagram illustrating a process of transferring keystroke data to which the present invention is applied, in which 1 is a keyboard, 2 is a secure keyboard driver, 3 is a system message queue, 4 is a thread message queue, 5 is a secure input window controller, 6 represents a web browser, 7 represents the Internet, and 8 represents a web server.
    [17] A security keyboard driver 2 and a security input window controller 5 are installed in the user computer for the present invention. The secure keyboard driver 2 converts the scan code input from the keyboard 1 into keystroke data and encrypts the keystroke data. The security input window controller 5 provides an encryption key to the secure keyboard driver by generating an encryption key, reads the keystroke data encrypted by the secure keyboard driver 2, and decrypts the encrypted key using the encryption key. Provided by an application program such as a web browser (6). The security keyboard driver 2 and the security input window controller 5 may be downloaded and installed by the user online or installed offline.
    [18] The security keyboard driver 2 is a form in which a function for the present invention is added to a general keyboard driver. In the case of operating as a general keyboard driver, the security keyboard driver 2 converts a scan code value input through the keyboard into keystroke data, and transmits a system message queue ( Enter 3). The keystroke data entered into the system message queue (3) is sent to the currently active virtual machine, which is then passed back through the thread message queue (4) to an application such as a web browser.
    [19] On the other hand, when the secure keyboard driver 2 operates as a secure keyboard driver instead of a general keyboard driver, the keystroke data input through the keyboard is stored in an internal buffer, and a 'Null' value is provided to the system message queue. When the user clicks OK, the secure keyboard driver 2 encrypts and buffers the keystroke data stored in the internal buffer using an encryption key. Then, the security input window control unit 5 reads the keystroke data encrypted by the security keyboard driver through direct communication with the security keyboard driver, decrypts it, and delivers it to the web browser 6 which is an application program. Here, since the 'Null' value is provided to the system message queue, no information can be obtained even if it is hacked by the keystroke hacking tool. On the other hand, the user has to check the status of the password entered through the input window (for example, a special character "*" is displayed every time a key is pressed). Displays special characters through direct communication between input window controls. That is, the secure keyboard driver and the secure input window control unit communicate directly through a program, not through general system message queues and thread message queues, which can be achieved through general known technology. Whenever a key is pressed, the secure keyboard driver provides a specific signal (not a meaningful character) to the security input window control unit through direct communication, and the security input window control unit displays a special character in the input window according to the input signal. do. The reason for displaying special characters through direct communication between the secure keyboard driver and the secure input window control is that hacking tools usually exist on the system message queue and the thread message queue, so special characters are passed through this path. This is because in the end, the number of characters in the password is known. Accordingly, in the present invention, in order not to know the number of characters of the password, the system message queue provides a 'Null' value, and displays special characters through direct communication between the secure keyboard driver and the secure input window controller.
    [20] 2 is a flowchart of keystroke data processing in accordance with the present invention.
    [21] First, for the present invention, a secure input window controller and a secure keyboard driver should be installed (101). When the keystroke data input window of the application program is clicked in this state (102), the security input window controller generates an encryption key for encryption and decryption and provides it to the secure keyboard driver (103). The secure keyboard driver then stores the keystroke data entered via the keyboard in an internal buffer and changes the entered keystroke data to a "Null" value to provide to the system message queue (104).
    [22] In addition, in order to allow the user to know the current password input state, as described above, the secure keyboard driver may display special characters (eg, "*") in the input window through direct communication with the secure input window control unit. (105). When the user clicks OK (106), the secure keyboard driver blocks and encrypts the keystroke data stored in the internal buffer using an encryption key (107). Here, the encryption method uses a block encryption algorithm for a specific size, not a matching method for one character, and the encryption algorithm is preferably a 128-bit AES encryption algorithm adopted by the National Institute of Standards and Technology (NIST). The security input window controller reads the keystroke data encrypted by the security keyboard driver from the buffer, decrypts the encryption key using the encryption key, and provides the same to an application program such as a web browser (108). Meanwhile, in the present invention, the security keyboard driver operates only when the cursor is in the input window, and when the cursor loses focus in the input window, the security keyboard driver stops the operation and performs a general keyboard driver function.
    [23] Although the present invention has been described above based on the preferred embodiments, these examples are intended to illustrate rather than limit the invention. It will be apparent to those skilled in the art that various changes, modifications, or adjustments to the above embodiments can be made without departing from the spirit of the invention. Therefore, the protection scope of the present invention will be limited only by the appended claims, and should be construed as including all such changes, modifications or adjustments.
    [24] According to the present invention as described above, the system message queue is provided by changing to the 'Null' value, and displays the special characters in the input window through direct communication between the secure keyboard driver and the secure input window control unit, the actual password key value Since it is provided through block encryption, not only the number of characters of the password is known, but also hacking of the password, which is one of the important information of the user, can be effectively prevented.
    权利要求:
    Claims (4)
    [1" claim-type="Currently amended] A method for preventing hacking of keystroke data input through a keyboard,
    When the input window is clicked, a first step of the security input window controller generating an encryption key and providing the encryption key to the secure keyboard driver;
    A second step of the security keyboard driver storing keystroke data input through the keyboard in an internal buffer and providing a null value to a system message queue;
    A third step of encrypting and buffering the keystroke data stored in the internal buffer by the encryption key when the input is completed; And
    And a fourth step of the security input window controller reading the encrypted keystroke data directly from the secure keyboard driver, decrypting the encrypted keystroke data using the encryption key, and providing the encrypted keystroke data to an application program. .
    [2" claim-type="Currently amended] The method of claim 1,
    And after performing the second step, the secure keyboard driver directly communicating with the secure input window controller to display a special character on the input window.
    [3" claim-type="Currently amended] The method according to claim 1 or 2,
    And the encryption in the third step is block encryption.
    [4" claim-type="Currently amended] On the computer,
    When the input window is clicked, a first step of the security input window controller generating an encryption key and providing the encryption key to the secure keyboard driver;
    A second step of the security keyboard driver storing keystroke data input through the keyboard in an internal buffer and providing a null value to a system message queue;
    A third step of encrypting and buffering the keystroke data stored in the internal buffer by the encryption key when the input is completed; And
    A computer-readable recording medium having recorded thereon a program for executing the fourth step of the security input window control unit reading the encrypted keystroke data directly from the security keyboard driver, decrypting using the encryption key, and providing the encrypted keystroke data to an application program. .
    类似技术:
    公开号 | 公开日 | 专利标题
    US9891823B2|2018-02-13|System for securely entering particular information and method thereof
    US10491379B2|2019-11-26|System, device, and method of secure entry and handling of passwords
    US9166971B1|2015-10-20|Authentication using an external device
    US10380361B2|2019-08-13|Secure transaction method from a non-secure terminal
    JP6105721B2|2017-03-29|Start of corporate trigger type 2CHK association
    US9667418B2|2017-05-30|Electronic data communication system with encryption for electronic messages
    US8700532B2|2014-04-15|Information sharing system, computer, project managing server, and information sharing method used in them
    Park et al.2000|Secure cookies on the Web
    US8660266B2|2014-02-25|Method of delivering direct proof private keys to devices using an on-line service
    JP4907895B2|2012-04-04|Method and system for recovering password-protected private data over a communication network without exposing the private data
    AU2003203718B2|2010-01-28|Methods and systems for authentication of components in a graphics system
    US8176324B1|2012-05-08|Method and system for a secure virtual keyboard
    US7043643B1|2006-05-09|Method and apparatus for operating a computer in a secure mode
    US6125185A|2000-09-26|System and method for encryption key generation
    US8549606B2|2013-10-01|Device for protecting digital content, device for processing protected digital content, method for protecting digital content, method for processing protected digital content, storage medium storing program for protecting digital content, and storage medium storing program for processing protected digital content
    EP1473869B1|2006-08-30|Universal secure messaging for cryptographic modules
    US7535586B2|2009-05-19|Information processing device, printing device, print data transmission method, printing method, print data transmitting program, and recording medium
    US6367010B1|2002-04-02|Method for generating secure symmetric encryption and decryption
    US7797544B2|2010-09-14|Attesting to establish trust between computer entities
    KR100979576B1|2010-09-01|Methods for remotely changing a communications password
    US7200230B2|2007-04-03|System and method for controlling and enforcing access rights to encrypted media
    US7155616B1|2006-12-26|Computer network comprising network authentication facilities implemented in a disk drive
    CN102271037B|2016-03-02|Based on the key protectors of online key
    US9704159B2|2017-07-11|Purchase transaction system with encrypted transaction information
    JP5129121B2|2013-01-23|Hard disk authentication
    同族专利:
    公开号 | 公开日
    KR100447777B1|2004-09-08|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2002-07-24|Application filed by 주식회사 잉카인터넷
    2002-07-24|Priority to KR10-2002-0043576A
    2004-01-31|Publication of KR20040009575A
    2004-09-08|Application granted
    2004-09-08|Publication of KR100447777B1
    优先权:
    申请号 | 申请日 | 专利标题
    KR10-2002-0043576A|KR100447777B1|2002-07-24|2002-07-24|Hacking prevention of key stroke data|
    [返回顶部]