TW200928849A - A method for keyloggers resistant keyboard - Google Patents

Abstract

The invention can be used to solve the problem caused by keyloggers and spy software in a Personal Computer. The keyloggers and spy software can steal the accounts and passwords of the users in the computers and network systems. After get the accounts and passwords, the hacker may break and enter the systems illeagally. The malice keyloggers and spy software can do this by logging the keystrokes sending from keyboard device, thus the users of online finance, the players of online games may lost anything valuable. The invention is a device, system and method to prevent from the keyloggers and spy software. The device, system or method encrypt data of keystrokes by hardware in the keyboard device, so that nobody can understand the screamble logged keystrokes, except the software with decryption alogrithm and key for the encrypted data.

Description

200928849 VII. Designated representative map: The representative representative of the case is: (2). The symbol of the symbol of this representative figure is simple: Computer host 20 KBC or USB host controller 201 Keyboard side recording software 202 Anti-side recording keyboard 21 Keyboard connection line 22 8. If there is a chemical formula in this case, please reveal the chemical formula that best shows the characteristics of the invention. Nine, invention description: [Technical field of the invention] The present invention is a data preservation method for a computer peripheral device, that is, a method for preventing a side view of a computer keyboard. In this way, it is ensured that the actual data of the keyboard keys of the computer is not obtained by the illegal side recording software; because the key data of the keyboard is encrypted by the keyboard. [Prior Art] 凊 Referring to the first figure, the key data of the personal computer (PC) keyboard 11 is input and output (i〇instructi〇ns) and output through the central processing unit (CPU). 6〇h and 64h' are KBC 101 (Keyboard Controller 10 ports 60h, 64h (h stands for hexadecimal digits)). Due to the relationship between the hardware and software architecture of the personal computer, any software can easily obtain the data of the keyboard keys, and the user will not detect any abnormalities. Button side recording or intervening software _ illegal illegal stealing 200928849 Intel (Intel), the world's largest central processor manufacturer, promoted TMKBC (Trusted Mobile Keyboard Controller) a few years ago, TMKBC is mainly positioned in high-end commercial notebook computers The architecture must be paired with a complete set of custom-made computer chips (LaGrande Platform), including Trusted CPU, Trusted Chipset, Trusted Memory, Trusted Graphics, Trusted Platform Module (TPM) and TMKBC. Because this system is flat

The platform involved too much, could not be compatible with the existing software and hardware systems, and the implementation cost was too high, so Intel has no longer promoted this new system platform. The purpose of TMKBC is to prevent the user's buttons from being stolen, but the specification does not include any encryption or decryption technology or method. The anti-scratch technology is not allowed on the entire trusted platform (LaGrande Platform). Any tone to read or change the keyboard data. ^Soft Because there are no products on the market that have no encryption keyboard, even if there is anti-mite and body, you can hear online users of online computer games online. In the | | or: number: Pirates, or because the online banking account password was recorded and lost. According to statistics, the software used by the side-recording software is too long to be lost. The miscellaneous code is stripped. According to the f-count: the side-recording software caused the _ damage to the number of multiples each year ^ two '- very: t countries are therefore limited to the road of financial. For example, the domestic network lost the S3 agreement account? Account, network leg has no agreed account transfer ί 11 a 70. Some countries do not even allow online banking. However, there are all kinds of mature and stable encryption pull-ups, but even if it is soft, the problem, because the root of the problem, the software of the spyware is expected to have a 'software and between the two methods to solve the problem is a software screen keyboard, User 200928849 ;: Change the screen on the screen = Record software, or some users find it inconvenient to not use the screen, " So that 'anti-side recording encryption keyboard is a must-have for today's computer network system. More well-made; j; know to screen off

/α.Ι A/r J.» «<·*>. V disk. Private, 丨扣 i, _一. . ° Yang, ... screen small key important device, although it does not solve the fundamental problem of the keyboard being recorded, but the encryption method can make the key information recorded on the side of the software side become Meaningless code, unless the side recording software knows how to decrypt, the anti-sideboard keyboard theoretically θ can prevent the problem of button side recording software and spyware.疋 [Summary] ^The second figure (the technical system architecture diagram of the case) and the first (the conventional system architecture diagram) The keyboard of the desktop computer is usually connected to the personal computer by the connectors 12 and 22 of the PS2 or USB. The button data is uploaded to the keyboard controller (KBC) or USB host controller (USB Host Controller) of the personal computer through the PS2 or USB protocol specification (ps2, 〇rUsB protocols specifications), and the software communicates with the KBC through the input/output port 60h/64h. Or obtain the key of the button through the USB host controller. The notebook computer is built into the keyboard, so the keyboard device controller (Keyboard Device Controller) 11 and KBC (Keyboard)

The Controller 101 function is one, so there is no pS2 connection 12 on the outside; however, the architecture and principle are the same. In the process of transferring key data to the host computer, the key data is public and transparent, because the soft and hard specifications of the personal computer are public, that is, anyone can use the open software and hardware specifications, self-made or other methods to obtain the keys. Side-recording, inter-class software (keylogger, spy S0ftware), capture data from user buttons. As shown in the first figure (the technical system architecture diagram of this case), it differs from the first figure (the conventional system architecture diagram) 200928849. The only difference is that it is difficult to use the encryption keyboard 2 other hardware connection or software. The match is different. - General keyboard n button by 赃 or us f ^ to text button Α, Β, 0.·Ζ, 〇, ! , 2...9 and the blank key, etc. The side record plus the 21 sent by the KBC or the other is the encrypted password. The focus of the invention is that the text button data AB GmU and the blank key are encrypted in the keyboard and then uploaded to the f brain host, as shown in the third figure '^ = diagram, the case is in the keyboard. Added - button data plus face group 404, you can re-encode and encrypt the key words sent to the host computer, so you can't read the password data when you log the software. , τ ! The mid-month control buttons (Ctrl, Alt, Shift, Tab, CaPs 〇c, ~2, Enter..., etc.) do not re-encrypt the code, as the control buttons usually have individual functions, usually controlled by the operating system software. If the control button is also encrypted, the keyboard control function of the entire operating system will be messy; unless a new keyboard control driver is developed to solve the problem of this control button. Developing a new keyboard control driver is not technically feasible, but in reality Microsoft keyboard operating system, the keyboard control driver (i8〇42 porj; driver) can not be rewritten, or replaced; Different levels of drivers can be rewritten or added to control KBC, but they must be built according to the i8〇42 port driver, so the i8〇42 port driver cannot be changed at will. However, the Linux open source operating system can rewrite the driver. Even if Linux can rewrite the KBC driver to fix the above encryption control button, the new problem may arise, that is, there is a decrypted algorithm and key in the operating system, making the encryption system easier to be Crack the risk of 7 200928849. Therefore, the present invention divides the keyboard keys into two categories: a text button and a control button, the text button can be encrypted, and the control button remains as it is, without processing, so that the driver of the operating system does not have to be changed. And the decryption of the play: it is better to put it on the server computer. For a better understanding of the features and technical contents of the present invention, please refer to the detailed description of the [implementation method] and the accompanying drawings. The detailed description and drawings are for the purpose of illustration and description 〇[Embodiment] Please refer to the third figure (the conventional technology keyboard device controller block diagram) 'The keyboard key matrix 31 is scanned by the keyboard matrix control module 302, if a user presses a key or releases the button' The control signal and the scan address of the (make key) or release (b^eak key) are issued, and the make key and the break key generate corresponding scans via the keyboard key data generation module 3〇i. The position of the button code (ScanCode), and then transferred to the interface connected to the host computer 3, that is, PS2 or USB keyboard interface; if the KBC of the notebook computer through the internal software or hardware of the chip, directly through the Lpc ( L〇w pin c〇unt BUS) is uploaded to the South Bridge Chipset.

The function of the keyboard key data generating module 3〇1 is to map the position of each button to the code of the PS2 or USB button (scanc〇de), for example, the button A is located at the 85h position scanned by the keyboard matrix controller ( Scan Address), and A makes key = ICh on the PS2 Set2 Scan Code; USB HID is 〇4h. The keyboard key data generation module 3〇i is converted to ICh or 04h ’ and then sent to the interface 3连接 connected to the host computer, ie ps2 or USB keyboard interface module. Please refer to the fourth figure (in this case, use the technical keyboard device controller block diagram), and add the woven material encryption module side next to the keyboard 200928849 material generation module 401, and the text button can be used to add the impurity to find the material. Introduction of the machine. Text keys include English letters (A ~ z), Arabic numerals 7 ~ 9), (Space) a total of 37 to be encrypted, other control keys (Ctrl, Alt' Shift, Tab, Caps Lock, F1 ~ F12, Enter. ..) Then add no =. Because the buttons that are meaningful to the side recording software are those English letters, Arabic numerals and empty keys (Space) and the control wheel keys have different functions for the operating system. The present invention does not need to change the operating system's original KBC driver (i8042). Port driver), so the control key is not encrypted. ^In the fourth figure, in addition to the new key data encryption module 4〇4, in the keyboard command control module 403, in order to make the system of the present invention more elastic, and let the software use more Conveniently, an eleven sets of anti-side recording encryption keyboard commands can be set in the keyboard command control module 403. The functions of this new set of commands, such as enabling and closing the keyboard, setting or selecting the encryption algorithm and algorithm parameters; allowing the software to directly control the anti-sliding keyboard. Of course, these commands must be designed to ensure that the entire anti-sideboard system is not cracked; the new command implementation is as follows: Set the RSA encryption algorithm for the keyboard device controller. W1 FA W2 FA W3 FA W4 FA ... Read RSA encrypted text button decoding correspondence table F0 FA 07 FA R1 R2 R3 R4 ...

Start anti-sideboard keyboard encryption function F0 FA 08 FA ^This PS2 keyboard command FOh (Access Scan Code Set) is the command to read or set =PS2 keyboard scan code; the command format is f〇fa 〇〇FA 02 (both The hexadecimal value), where FA is the keyboard device controller (Keyb〇ard 9 200928849 should be the code (aCk_ledge) 'GG stands for software=, PS2 keyboard scans the cat code code, 〇2 stands for the current broom code is secret; If 00 is replaced by a value other than 00, such as 〇1 or 02, it means setting the ps2 keyboard scan code to Setl Scan Code or Set2 Scan Code; currently common scan code has Setl, Set2, and Set3. Now add PS2 keyboard Broom code (4): =FA 06 FA W1 FA W2 FA W3 FA W4 FA .... where 06 means the new scan cat code is Set6 for the newly set number '. The purpose is to set the public face of the RSA encryption algorithm to the keyboard device control n, It is not true that Set6 scans the cat code, FA is the response code of the keyboard device controller (ackn〇wled soft), and Wl, W2' W3, W4... represents the RSA open gold correction written to the keyboard device controller. After setting the RSA public key, you can use the new command F〇FA 〇7 FA R1 to defeat R3. R4...Reads the text button decoding correspondence table, where 〇7 is the command code for decoding the corresponding text button decoding, and Rl, R2, R3, R4... represents the text button decoding correspondence table. The text button decoding correspondence table is set each time. The public key of the RSA encryption algorithm will change. Only the RSA private key can be used to unlock the text key decoding correspondence table. In theory, if the one-time RSA encryption method is used, it is changed every time the anti-sideboard function is required. RSA's public and private gold, it is very difficult to break the one-time encryption method. If you put RSA's private information on a more secure server computer, the security is even higher, because the common key-side recording software is happening. On a general user's personal computer, the server computer is inadvertently invaded by the button side recording software because of the human operation. The new command F0 FA 08 FA starts the anti-side recording keyboard encryption function, that is, set Set8 to prevent The start command of the side-recording keyboard 'After the side-recording keyboard receives this command, if the user presses the A key, it will receive aa on the host computer KBCPS2 connection, and the β key will receive bb. 'Instead of Seth's ICh and 32h (A and B's makL code). As long as the aa and bb search for the decoded text button to decode the correspondence table, the original keyboard can be sent out is ICh and 32h. 200928849 ^ 37 key) exchange Encoding 'single-letter cryptography (10), ^^ Cipher) '(4) Mainly in the domain computer does not have to install __ operation, because other non-textual control buttons are not ϊ The added text is re-encoded text. The re-encoded decoding table is protected by RSA's public key.

After completing the anti-slide function, set the pS2 keyboard scan code to F0 FA 〇2 FA, that is, turn off the anti-side recording keyboard and return to the normal keyboard state. The above embodiment mainly takes the keyboard of the desktop computer as an example. If the computer is returned to the first figure, the KBC 101 or 202 is in the host computer, and is the controller for controlling the external keyboard of the ps2, and the middle of the key information, so You can also put the text encryption function in the KBC' as shown in the fifth picture. The KBC Host Interface in KBC50 uses three registers to allow the computer software to read or write commands or data; read and write data buffers respectively (read/ wHte KBC Data Register, 10 port 60h), and the command register (kbc Command Register ' write 10 port 64h) ' also has a status register (KBC Status Register ' read 10 port 64h). The KBC 50 is connected to the South Bridge Chipset via LPC (Low Pin Count BUS). When the KBC 50 receives the key data of the external PS2 keyboard through the interface 502 of the keyboard, the key data is transmitted through the keyboard key data generation module 501, and the Set2 Scan Code is corresponding to the Setl Scan Code, and then transmitted to the keyboard controller host interface. The output data buffer (Output Buffer) in 500, and the output flag on the status register is set to 1 (KBC Status Register BitO, OBF, Output Buffer Full Flag); waiting for the software to read through the data register (Read KBC data 10 port 60h) to get the button data. If before 11 200928849 ======, first pass the key data encryption on the controller (Kpv^ if as 刖& put the encryption function on the keyboard decoration system crying DeV1Ce C〇ntr〇1 ler ). Only KBC and keyboard installed two plus = in. ί bridge chipset (&uth Bridge ^ can _, silk, ==: force 0 is only the data of the side recording key, the screen side recording software may be recorded on the side to make it correct and cause this system to have -==== ΪΓ The best way to do this is to use the software that does not have to be decoded by the user to operate the key data to ensure the button Ο. For the convenience of the user, there are several ways - one is added on the keyboard. The problem of a small display is that the user loses the switch to the panel, and the direct increase is more, and the use is less direct. The system hardware is connected to the keyboard controller 602 of the motherboard 60. ί sixth picture, in addition to the south bridge chipset 601, another - new hanging encryption key data _, directly output the unencrypted button body ^ disk data directly from the Bellow to the display controller 600 (Vga 12 200928849 ^roller or GPU, Graphic Pr〇cessing _). The body usually passes through the miscellaneous screen of the screen, so the connection of the keyboard data directly output 6〇3 must be two == recorded memory age, Saki The effect of the miscellaneous silk. The scope of the present invention is intended to cover the scope of the invention. The embodiment of the present invention should cover the scope of the invention. σ [Simple description of the drawing] The first figure is a conventional technical system. The second figure is a block diagram of the technical system of the prior art. The second figure is a block diagram of the controller of the prior art keyboard device. The fourth figure is a block diagram of the controller of the technical keyboard device used in the present case. The sixth figure shows the block diagram directly using the keyboard data for this case. [Main component symbol description] The first picture:

Computer host 1〇KBC or USB host controller1〇1 Keyboard side recording software 102 Keyboard 11 Keyboard cable 12 Second figure: Computer host 20 KBC or USB host controller 201 Keyboard side recording software 202 13 200928849 Anti-side recording keyboard 21 Keyboard cable 22 Third diagram: Keyboard device controller 30 Interface to the host computer 300 Keyboard button data generation module 301 Keyboard matrix control module 302 Keyboard command control module 303 Keyboard matrix 31

Figure 4: Keyboard Device Controller 40 Interface to the host computer 400 Keyboard button data generation module 401 Keyboard matrix control module 402 Keyboard command control module 403 Button data encryption module 404 Keyboard matrix 41

Figure 5: KBC (Keyboard Controller) 50 Keyboard Controller Host Interface 500 Keyboard Key Data Generation Module 501 Keyboard Interface 502 Keyboard Controller Command Control Module 503 Key Data Encryption Module 504 Figure 6. 14 200928849 Computer Motherboard 60 VGA (development controller) 600 Southbridge chipset 601 KBC (keyboard controller) 602 Keyboard data direct output connection 603 Patent application scope: 1. A method to prevent computer keyboard key data from being recorded, this method includes : e A keyboard matrix; a keyboard matrix control module; a keyboard key data generation module; a data encryption module; an interface connected to the host computer; When the user presses a button on the keyboard, the keyboard matrix generates a signal parent and points, and scans the position of the intersection (Scan Address) through the keyboard matrix control module, and then sends Go to the keyboard button data generation module to generate a keyboard scan code (Scan c〇de) corresponding to the button. If the button is the text button A/, C"j' 〇, 1,2.··9 and the blank button, The text scan code is re-encoded by the (Scan c〇de) data encryption module, and then sent to the interface connected to the host computer; therefore, the text scan code (Scan c〇de) received by the host computer software is encrypted. The Scan Code is used to control the function of the keyboard side recording program; and the computer host software receives the ctrl, Alt, Shift, Tab, Caps Lock' FI~F12, Enter... and so on. The scan code (Scan c〇de) is not re-encoded and encrypted, so it is compatible with the existing keyboard driver of the operating system. 2. The keyboard matrix control module described in the first application of the patent scope is used for sweeping and sweeping. Cat mode 'decision button scan position (Scan Address), also The position of the button

Claims (1)

200928849 Computer motherboard 60 VGA (development controller) 600 South bridge chipset 601 KBC (keyboard controller) 602 Keyboard data direct output connection 603 Patent application scope: 1. A method to prevent the computer keyboard key data from being recorded. The method comprises: e a keyboard matrix; a keyboard matrix control module; a keyboard key data generation module; a data encryption module; an interface connected to the host computer; When the user presses a button on the keyboard, the keyboard matrix generates a signal parent and points, and scans the position of the intersection (Scan Address) through the keyboard matrix control module, and then sends Go to the keyboard button data generation module to generate a keyboard scan code (Scan c〇de) corresponding to the button. If the button is the text button A/, C"j' 〇, 1,2.··9 and the blank button, The text scan code is re-encoded by the (Scan c〇de) data encryption module, and then sent to the interface connected to the host computer; therefore, the text scan code (Scan c〇de) received by the host computer software is encrypted. The Scan Code is used to control the function of the keyboard side recording program; and the computer host software receives the ctrl, Alt, Shift, Tab, Caps Lock' FI~F12, Enter... and so on. The scan code (Scan c〇de) is not re-encoded and encrypted, so it is compatible with the existing keyboard driver of the operating system. 2. The keyboard matrix control module described in the first application of the patent scope is used for sweeping and sweeping. The cat mode 'cuts the button to scan the Scan Address, That is, the bit of the button 200928849 3. If you apply for the keystroke key of the first job, the code of the output of the butterfly group is the keyboard key code (PS2 Setl, Set2 and USB HID Scan) as described in PS2 or USB standard keyboard specifications. Code), so there is a corresponding table 'determines the scan code corresponding to each scan position (Scan c〇de). " 4', as described in the scope of the π patent range, the key data force π The secret module is used to re-encode and re-encode the scan code (ScanCode) of the m2 or USB standard keyboard specifications, c, c...z, 〇, 2···9 and the blank key. The scan code still falls within the scope of the text scan code; other CtrlAltShiftTab, Caps ❹ Lock, FHF12, Enter... and so on do not re-encode the encryption. 5. As described in the scope of the patent application, the heart &;"2,〇,12_9, including lowercase letters a, b, c...z, and the same key symbol as 〇~9) j, @... (and the numeric keys of the nine squares and the +-V symbol. 6 The interface for connecting to the host computer as described in the application for the scope of the patent is ps2 or USB or LPC (Low Pin Count BUS). Connect to the keyboard controller (Teng) or South Bridge Chipset. ❹ 7. A method to prevent the computer keyboard key data from being recorded. This method includes: a keyboard connection interface; a keyboard key data generation Module; a data encryption module; an interface connected to the host computer; wherein, the interface connected to the keyboard receives the keyboard to send the button scan code (Scan c〇de), 16 200928849 through the keyboard button data generation module, generate the corresponding keyboard Scan Code's new keyboard scan code, if the keyboard scan code (Scan c〇de) is the text key A, B, C. " Z, 0, 1, 2...9 With the blank key, the text scan code is re-encoded by the Scan Code data encryption module, and the re-encoded scan code is still in the range of the text broom code, and then sent to the connected computer host. The interface scan code (Scan c〇de) received by the host computer software is an encrypted text scan code (Scan Code), thereby achieving the effect of preventing the keyboard side recording program; and the host computer software receiving To Ctrl, Alt, Shift, Tab, Caps Lock, F1 ~ F12, Enter... and so on. ❹ Scan Code is not re-encoded, so it is compatible with the existing keyboard driver. 8. The interface for connecting the keyboard as described in item 7 of the patent application is the pS2 keyboard interface. 9. If the keyboard key data generation module described in item 7 of the patent application scope outputs the code as the keyboard key set according to the PS2 standard keyboard specification, Setl, Set2 Scan Code) 'is therefore one of the correspondence tables, the decision Each scan code (PS2 Set1 Scan Code) corresponds to the new scan code (PS2 Setl Scan ❹ Code). 10. For the text key a, Β, 〇··Ζ, 0,1, 2...9, including the lowercase letters a, b, c. “z, and the same button as 〇~9, as described in item 7 of the patent application scope. The symbol), !, @. ·. (and the '9-square grid number key and +-*/ symbol. 11. The interface for connecting to the host computer as described in claim 7 is LPC (Low Pin Count BUS), Connect to the keyboard controller (KBC) or South Bridge Chipset. 17 200928849 12·—A direct turn-out button with: Data to the screen's Wei anti-bribery method, this method package - an anti-side recording encryption keyboard control ; a development controller; ° 'connected keyboard controller and development controller connection; where the keyboard control ϋ output unencrypted controller and the development controller's linkage key two, through the connection keyboard control? Show on the screen, let: ====== is the garbled code of the anti-recording. 』The text of the soil card, not the PS2f quasi-keyboard secrets f anti-side recording encryption keyboard controller, will ^ Keyboard specification described _ button coded by _ code (off 2 Scan Code) = corresponding new scan code (ps2 Setl ^ ) and re-encode the text key data; other ctrl, sister, Shift, thief Lock' FI~F12, Enter... and so on do not re-encode the encryption. 14. As shown in the scope of claim 12 Like the controller, it is a VGA controller or a GPU (Graphic Processing Unit). 15. The text button information as described in item 12 of the patent application is Α, Β, Ο··Ζ, 0,1,2···9 Scan code with blank key (Scan c〇de) 16. As described in item 12 of the patent application, 〇.. B 0,1,2~9, including lowercase mother a, b, c· .·ζ, and the symbol of the same button with 〇~9),!,@...(and the number key of the nine squares and the +_*/ symbol. 200928849 VII. Designation of the representative figure: The representative figure of the case is: 2) Figure. The symbol of the symbol of this representative is simple: Computer host 20 KBC or USB host controller 201 Keyboard side recording software 202 Anti-side recording keyboard 21 Keyboard connection line 22 8. If there is a chemical formula in this case, please reveal the best display Chemical formula of the invention features: IX. Description of the invention: [Technical field to which the invention pertains] The invention relates to a data security method for a computer peripheral device, that is, a method for preventing a side view of a computer keyboard. Through this method, it is ensured that the real data of the computer keyboard keys is not obtained by the illegal side recording software; Keyboard encryption. [Prior Art] 凊 Referring to the first figure, the key data of the personal computer (PC) keyboard 11 is input and output (i〇instructi〇ns) and output through the central processing unit (CPU). 6〇h and 64h' are KBC 101 (Keyboard Controller 10 ports 60h, 64h (h stands for hexadecimal digits)). Due to the relationship between the hardware and software architecture of the personal computer, any software can easily obtain the data of the keyboard keys, and the user will not detect any abnormalities. Button side recording or intervening software _ illegal illegal stealing