200905541 九、發明說明: 【發明所屬之技術領域】 本發明係關於一種動態虛擬鍵盤之安全身份確認方 法,可以防止駭客無法依據數字和英文於螢幕上之絕對 位置’進行侧·錄用戶之機密資料,以大福提高網站的安 全性。 【先前技術】 目前網路金融與線上交易及服務為了避免用戶密碼 於線上輸入時被惡意程式或木馬病毒(忏〇』时Vins) 進行鍵盤側錄(key-l〇gger),造成安全漏洞,因此有 三種技術加強保護用戶ID及密碼的方式如下提 供用戶能不斷產生不同密碼之小型電子裝置(如動態密 碼產生器);(2)定義用戶之另—裝置,用以鑑別用戶 之真偽(如動態產生GTP碼至用戶手機、晶片晶融卡); (3)不再使用鍵盤輸人#訊,改利用滑鼠從表格或視 覺上對應傳統鍵盤的符號集進行選擇(如虛擬鍵盤)。 上述三種保護用戶ID及密碼的方式,皆是為了避免 惡意程式或木馬病毒在用戶輸人個人機密資料時,侧錄 用戶之帳號及密碼,進而造成店家及用戶之損失。 動態密碼之電子裝置產生器,其實作應用如:新竹 商銀網路銀行登入,其提供客戶能不斷產生不同密碼的 200905541 电子▲置,以避免用戶每次登入 之密碼,造成用户密碼被竊取。、鍵皿輪入相同 費不貲,-Μ 1"財式效果不錯但所 開始需要購買及配送裝置,若 失,還必須提供使用者後择 文障或迗 使用f後、戈的支援服務。且用戶 使用此線上服務時,皆,人在 , 頁隧身攜帶此電子裝置,而益 /網路服務之任意地點皆可使用之便利性。一 利用用戶之另一裝置,以加強用戶身份之識別,1 貝作應用如:合5蠻却Θ ^ ^ 八 、 〇 4銀仃及玉山銀行網路銀行,係要求用 戶在進行㈣定戶之㈣服料,插 ^ . , . 八日日々日日融卡至 ::卡機中,用以識別用戶有權限使用帳戶内之轉帳功 另外’中國信託網隸行要求用戶在申請網路銀行 時,即要求用戶填寫其確認之手機號碼,當用戶進行網 路銀行登料,系統即動態產生登錄密瑪至用戶的手機 中’以動態改變用戶每次登錄之密瑪,避免用戶密碼被 竊取。此兩種使用用戶另一裝置的識別方式,在用戶裝 置未遺失或被盜用的情況下,可以很準確的識別用戶^ 登入使用身份,但是此種攜帶式的裝置,若是不慎遺失 或被盜用,則可能無法保護用戶身份識別之安全性逍且 此方式同樣會有攜帶或使用上的問題,造成用戶每文使 用地點及使用裝置的麻煩,因而無法達到網路使用之便 利性。 200905541 利用滑鼠從螢幕上輸入用戶之帳號或密碼,可以避 免用戶於任思地點使用上述兩種技術之不便,亦可減少 企業裝置成本之費用。目前此技術之實作應用如:國泰 世華網路銀行。當用戶柊登入時,係利用螢幕上之虛擬 鍵盤’輪人帳號及密碼,可㈣免駭客利用鍵盤側錄程 式,盜取用戶之帳號及密碼。但是,駭客之技術日益精 進,惡意程式可以依據用戶滑鼠之點選,以辨視出用戶 點選密碼之螢幕位置,進而被侧錄。 ,由此可見,上述習用技術仍有諸多缺失,實非一丨 善之设計’而亟待加以改良。 本案發明人鑑於上述習用方式所衍生的各項缺點 乃亟思加以改良創新。網路金流安全性之課題,是目寿 網路發展不可或缺注意之問題。為了能在網路安全控, 下:思考對客戶操作上簡易與安全提升之·得平衡 SI苦心孤詣潛心研究後,終於成功研發完成本件 ::鍵盤之密碼輸入方法。本發明使得每當用戶欲200905541 IX. INSTRUCTIONS: [Technical field of invention] The present invention relates to a method for secure identity verification of a dynamic virtual keyboard, which can prevent a hacker from being able to perform side-recording user secrets based on the absolute position of numbers and English on the screen. Information to Dafu to improve the security of the website. [Prior Art] At present, online finance and online transactions and services are used to prevent user passwords from being entered by the malicious program or Trojan virus (keys) when the user password is entered online. Therefore, there are three techniques to enhance the protection of user IDs and passwords by providing a small electronic device (such as a dynamic password generator) that can continuously generate different passwords; and (2) defining another device for the user to authenticate the authenticity of the user ( Such as dynamically generating GTP code to the user's mobile phone, wafer crystal card); (3) no longer use the keyboard to input the # message, use the mouse to select from the table or visually corresponding to the traditional keyboard symbol set (such as virtual keyboard). The above three ways of protecting the user ID and password are to prevent the malicious program or the Trojan virus from recording the user's account number and password when the user inputs the personal confidential information, thereby causing the loss of the store and the user. The dynamic password electronic device generator is actually used for applications such as: Hsinchu Shangyin Online Banking, which provides customers with the ability to continuously generate different passwords to avoid the user's password being stolen. The key wheel is the same. The price is good. -Μ 1" The financial effect is good, but you need to purchase and distribute the device. If you lose it, you must also provide the user with a text or a support service. And when users use this online service, they can use this electronic device in the tunnel, and the convenience of any location of the benefit/network service can be used. One use of the user's other device to enhance the identification of the user's identity, 1 Bay application such as: 5 but Θ ^ ^ 八, 〇 4 silver 仃 and Yushan Bank Internet Bank, the user is required to carry out (4) (4) Service, insert ^ . , . 8th day and day to date:: in the card machine, to identify the user has the right to use the account transfer function in addition to the 'China Trust Network Licensing requires users to apply for online banking That is, the user is required to fill in the mobile phone number confirmed by the user. When the user conducts online banking, the system dynamically generates the login to the user's mobile phone to dynamically change the user's login every time to avoid the user password being stolen. The two identification methods using another device of the user can accurately identify the user's login identity when the user device is not lost or stolen, but the portable device is accidentally lost or stolen. The security of the user identification may not be protected, and the method may also have problems of carrying or using, which causes the user to use the location and the trouble of using the device, thereby failing to achieve the convenience of using the network. 200905541 Using the mouse to enter the user's account number or password from the screen, you can avoid the inconvenience of using the above two technologies in the location of the user, and reduce the cost of the enterprise device. At present, the implementation of this technology is as follows: Cathay World Bank. When the user logs in, he uses the virtual keyboard on the screen to turn the person's account number and password. (4) The hacker can use the keyboard-side recording method to steal the user's account number and password. However, the technology of the hacker is becoming more and more sophisticated, and the malicious program can select the screen position of the user to select the password according to the user's mouse click, and then be recorded. From this, it can be seen that there are still many shortcomings in the above-mentioned conventional techniques, which are not a good design and need to be improved. The inventors of the present invention have made improvements and innovations in view of the shortcomings derived from the above-mentioned conventional methods. The issue of network flow security is an indispensable issue for the development of the network. In order to be able to control the security of the network, think about the balance between the simple and the safe operation of the customer. After the hard work of SI, I finally succeeded in research and development of this method: keyboard password input method. The invention makes every time the user wants
輪帳波、密碼時’可動態地變動英文和數字的位置, 以避免機密資料依墟签I 免用戶需要另位置被側錄,並可以避 之便利性。 務進而達到網路使用 【發明目的】 200905541 -本發明t目的即在於提供—種動態虛擬鍵盤之密碼 輸入方式,藉由動態地變動虛擬鍵盤上的英文和數字的 位置,以達到避免駭客依據螢幕位置進行侧錄用戶之帳 ,號密碼’並順應用戶鍵盤文字之使用f慣順序性,以提 供用戶更安全及便利之帳號密碼輸入方式。 - 【發明内容】 達成上述發明目的之動態虛擬鍵盤之密碼輸入方 -法’係在當用戶進行網路活動,需要登錄或輸入機密資 料之行為時,系統以螢幕上動態虛擬鍵盤之方式,旋轉 變動按鍵位置,供用戶利用滑鼠進行選擇。 【實施方式】 請參閱圖一及圖二所示,圖一為本發明動態虛擬鍵 盤之密碼輸人方法之輪盤式模擬圖’係模擬虛擬鍵盤之 U 組合方式,本模擬是以英文字母鍵盔1及數字鍵盤2 •組合成輪盤狀為例,實施時亦可增加其他符號之輪盤或 1英文字母鍵盤及數字鍵#中插人其他符號。圖二為本 發明動態虛擬鍵盤之密碼輸入方法於網站上之輪盤式 應用模擬圖,係包括登入網站之帳號與密碼區及一辅助 帳號與岔碼輸入之旋轉的輪盤式虛擬鍵盤,當用戶進入 颁似圖一之模擬網站時,動態輪盤式虛擬鍵盤則以旋轉 、方式改殳數子和字母位於螢幕上之絕對位置。用戶欲 輸入其帳號及密碼時,只要將滑鼠移動至動態輪盤式虛 200905541 鍵盤上%可#止虡擬鍵盤的旋轉,用彳即可以滑鼠 =選英文^鍵盤或數字鍵盤上代表其帳號及密碼之 :母或數子。若用戶之滑鼠移動至虛擬鍵盤外時,則動 態輪盤式虛擬鍵盤即開始旋轉而再次改變按鍵之位 置’故每輸入一個字母或數字後,可將滑鼠移動至虛擬 鍵盤外,再錢變下—個輪人字母或數字之位置。本發 明之動態輪盤的旋轉方向、速度或是按鍵之顏色,可依 據系統隨機改變,即每次登人類㈣二之模擬網站時, 虛擬鍵盤皆可以不同的旋轉方式、速度或按鍵顏色呈 現,以增加虛擬鍵盤之安全性。 【特點及功效】 本發明所提供之動態虛擬鍵盤之“輸人方法,與 "他習用方法相互比較時,更具備下列優點: 1. 本發明可改善原有靜態虛擬鍵盤輸入方式,避免 •駭客依據發幕之位置側錄,將大幅提高密碼輸入 %之女全性,提供較佳機密資料輸入之方式。 2. 本發明可降制戶需要利用第二項裝置進行密碼 之傳送的不便,並減少企業在購置第H置之 成本。 3. 本發明以動態虛擬鍵般 皿之方式,不但能動態改變 按鍵於螢幕上之絕對位置,增加安全性,並可依 200905541 據按鍵原有相對應之順序予以排列,降低用戶習 慣性選取之不便。 上列詳細說明乃針對本發明之一可行實施例進行具 體說明’㈣實施例並非用以限制本發明之專利範圍, 凡未脫離本發明技藝精神所為之等效實施或變更,均應 包3於本案之專利範圍中。 ‘ 絲上所述,本案不僅於技術思想上確屬創新,並具 備習用之傳統方法所不及之上述多項功效,已充分符合 新穎性及進步性之法定發明專利要件,爰依法提出申 請’懇請#局核准本件發明專”請案,以勵發明, 至感德便。 ’— 【圖式簡單說明1 圖一為本發明動態虛擬鍵盤之密碼輸入方法之輪盤式 模擬圖;以及 圖二為該動態虛擬鍵盤之密碼輸入方法於網站上之輪 盤式應用模擬圖。 【主要元件符號說明】 1 ·字母鍵盤 2.數字鍵盤 10When the account wave and password are used, the position of the English and the number can be dynamically changed to avoid the confidential information, and the user needs to be placed in the other position, and the convenience can be avoided. In order to achieve network use [invention purpose] 200905541 - The purpose of the present invention is to provide a dynamic virtual keyboard password input mode, by dynamically changing the position of the English and digital on the virtual keyboard, in order to avoid hacking basis The position of the screen is used to record the user's account, number password 'and to comply with the user's keyboard text usage order, to provide users with a safer and more convenient account password input method. - [Summary of the Invention] The password input method of the dynamic virtual keyboard that achieves the above object is a system that rotates on a dynamic virtual keyboard on the screen when the user performs a network activity and needs to log in or input confidential information. Change the button position for the user to select with the mouse. [Embodiment] Please refer to FIG. 1 and FIG. 2, FIG. 1 is a U-combination mode of a roulette simulation diagram of a dynamic virtual keyboard for a password input method of the present invention. The simulation is an alphabetic key. Helmet 1 and numeric keypad 2 • As an example of a combination of a roulette shape, other symbols can be added to the roulette of the other symbols or the 1 alphanumeric keyboard and the numeric keys #. 2 is a roulette application simulation diagram of a password input method of a dynamic virtual keyboard according to the present invention, which includes an account number and password area of a login website and a rotating roulette virtual keyboard of an auxiliary account and a weight input. When the user enters the simulation website of Figure 1, the dynamic roulette virtual keyboard changes the absolute position of the number and letters on the screen in a rotating manner. When users want to enter their account number and password, just move the mouse to the dynamic roulette type virtual 200905541 keyboard. The % can be used to stop the rotation of the keyboard. You can use the mouse to select the mouse. Account and password: mother or number. If the user's mouse moves outside the virtual keyboard, the dynamic roulette virtual keyboard starts to rotate and changes the position of the button again. Therefore, after inputting a letter or number, the mouse can be moved outside the virtual keyboard, and then the money Change - the position of a person's letter or number. The rotation direction, the speed of the dynamic wheel of the present invention or the color of the button can be randomly changed according to the system, that is, each time the human (4) two simulation website is launched, the virtual keyboard can be presented in different rotation modes, speeds or button colors. To increase the security of the virtual keyboard. [Features and Efficacy] The "virtual virtual keyboard" provided by the present invention has the following advantages when compared with the other methods: 1. The present invention can improve the original static virtual keyboard input mode and avoid According to the location of the screen, the hacker will greatly increase the female input of the password and provide better confidential information input. 2. The invention can reduce the inconvenience of using the second device for password transmission. And reduce the cost of the enterprise in the purchase of the H. 3. The invention uses the dynamic virtual key to not only dynamically change the absolute position of the button on the screen, but also increases the security, and can be based on the 200905541 The order of the steps is arranged to reduce the inconvenience of the user's habitual selection. The above detailed description is specific to the possible embodiments of the present invention. The (4) embodiment is not intended to limit the scope of the invention, and does not depart from the spirit of the invention. The equivalent implementation or change shall be included in the patent scope of this case. 'On the silk, the case is not only technical thinking It is indeed innovative, and has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and has filed an application for the application of '恳请#局 Approval of this invention.' , to the sense of virtue. ‘— [Simple description of the figure 1 FIG. 1 is a roulette simulation diagram of a password input method of a dynamic virtual keyboard of the present invention; and FIG. 2 is a simulation diagram of a rotatable application of the password input method of the dynamic virtual keyboard on a website. [Main component symbol description] 1 · Alphabet keyboard 2. Numeric keypad 10