WO2005003932A1 - External cipher and authentication device for use with keyboard units - Google Patents

External cipher and authentication device for use with keyboard units Download PDF

Info

Publication number
WO2005003932A1
WO2005003932A1 PCT/BR2004/000110 BR2004000110W WO2005003932A1 WO 2005003932 A1 WO2005003932 A1 WO 2005003932A1 BR 2004000110 W BR2004000110 W BR 2004000110W WO 2005003932 A1 WO2005003932 A1 WO 2005003932A1
Authority
WO
WIPO (PCT)
Prior art keywords
keyboard
computer
cipher
user
authentication
Prior art date
Application number
PCT/BR2004/000110
Other languages
French (fr)
Inventor
Guido Costa Souza De Araujo
Roberto Alves Gallo Filho
Henrique De Medeiros Kawakami
Original Assignee
Guido Costa Souza De Araujo
Roberto Alves Gallo Filho
Henrique De Medeiros Kawakami
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guido Costa Souza De Araujo, Roberto Alves Gallo Filho, Henrique De Medeiros Kawakami filed Critical Guido Costa Souza De Araujo
Publication of WO2005003932A1 publication Critical patent/WO2005003932A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Definitions

  • EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS The present document relates to an invention patent of an "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS", which has features that assures the confidentiality of the data when a computer user enters sensitive or secret information on a computer keyboard, thus avoiding possible injuries caused by hackers or malicious software. These risks arise at e-commerce and e-banking Internet sites, for example.
  • the Cipher and Authenticator can cipher a message inputted via the keyboard unit before it arrives in the computer. Only an authorized system with the correct codes (keys) can correctly decipher the message.
  • the Cipher and Authenticator can also authenticate the given message before it is sent to the computer, so that the message cannot be successfully tampered with by third-parties.
  • the Cipher and Authenticator is a portable and low-cost device that may be carried to any computer where a secure transaction can take place.
  • a common security threat is the unauthorized "listening" of keyboard activity. This "listening" can take place in personal computers, ATM computers, and point-of-sale (POS) terminals, for example. Computer invasion, or hacking, is quite frequent, and an intruder can monitor or modify any given text typed on the keyboard.
  • Valuable data such as credit card numbers and Internet banking passwords can be captured and then used by a third-party to carry out unauthorized transactions, which incurs potential losses to financial institutions or computer user, for example.
  • solutions already addressing the described "listening" attack but they do not offer the required security levels, and are incapable of providing authentication of the messages entered on the keyboard. They also present superior complexity compared to a solution based on the present invention.
  • the so called cryptographic keyboards for example, cipher the keyboard text before it is sent via keyboard cable. Its widespread use would imply the replacement of a large number of normal keyboard units. They are also very expensive, and are at the present moment an unpractical solution for the popular e-commerce and e-banking services.
  • Figure 1 shows a flow diagram of a typical system without the present invention (prior art).
  • Figure 2 shows another flow diagram containing the Cipher and Authenticator connected between a keyboard(A) and a computer(B), establishing a secure communication channel between them.
  • the Cipher and Authenticator is comprised of a embodiment(C) housing two connectors, one for the keyboard unit cable(A), and the other for the computer (B).
  • the device allows keyboard-entered data such as passwords to be ciphered and/or authenticated before they enter the computer. This way the password will be kept confidential even if the said computer is being violated by a hacker that is recording every keystroke from the keyboard. Due to the authentication feature, a remote server can check if the said data is authentic or if it has suffered tampering.
  • the Cipher and Authenticator uses modern ciphering and authentication algorithms that are executed by an electronic device(D) that has a statistically unique secret code for each individual device.
  • This code can be inoculated or generated internally.
  • the code is then used by a transformation (e.g. ciphering) of the user-typed data, generating an incomprehensible sequence of data, that can only be recovered and used by a machine that has knowledge of this secret code, or a transformation of this code, or the data sequence itself. If the computer is being "listened to” by a hacker (or if the user is being mislead to enter its password on a fake internet banking site, for example), it will not be possible to recover the plain text password, since it can only be deciphered by an authorized system.
  • the user-typed data can also be authenticated so that sensitive data, such as account numbers and values, cannot be successfully modified.
  • the present device may require an access code to be entered via the keyboard or by other means (e.g. biometric devices) in the device, so that only the respective device owner can use it.
  • the Cipher and Authenticator is a portable low-cost device that can be carried in the user pocket. This is not possible to do with cryptographic keyboards, which are high-cost solutions and designed to be a fixed desktop item.
  • Authenticator are the following:
  • the Cipher and Authenticator acts as a transparent link between the keyboard and the computer, until it is activated. It can be activated by means of: a) The computer, when a secure transaction is to take place; b) The user, by means of the keyboard or by requiring so from the computer. It may be required that the user enters a code on the device to allow its activation.
  • the Cipher and Authenticator can be disconnected from a computer at any time, whether or not an operation is being carried out.
  • the Cipher and Authenticator can provide the given features when connected to any keyboard I/O Standard, such as IBM PC/AT, PS/2, USB, FireWire, RS232, RS232C, RS485, Wireless, for example.
  • the Cipher and Authenticator physical dimensions can vary, including cables lengths (Fig. 2: A-C cable, C-B cable).
  • the device embodiment can also house the two necessary connectors, in this case not requiring any cable at all.
  • the Cipher and Authenticator can be connected between a keyboard unit and a computer by the user, at any time, not requiring any special skills.
  • a computer can communicate with the device without special drivers or software; by means of an Internet HTML document, for example.
  • the Cipher and Authenticator may also generate audio or visual signals in its embodiment or in the computer or the keyboard unit that it is connected to. These signals can be used to alert the user about the device status (e.g. the scroll lock light turned on only when a secure channel is established).
  • the Keyboard Cipher and Authenticator can solve the proposed problems, providing superior capabilities and cost over the current existent solutions, due to its unique and innovative characteristics.

Abstract

External cipher and authentication device for use with keyboard units characterized as a device to be connected between a keyboard and a computer. When activated, the said device ciphers and/or authenticates the data entered at the keyboard unit in such a way that only an authorized user can assure its contents, so that a third party cannot recover or modify the said data. It is a portable device, does not require hardware or software updates on the computer or keyboard unit, capable of using any appropriate cryptographic algorithm. The ciphering and authenticating features can be activated or deactivated by the user or by the computer at any time. The device can be plugged and unplugged at any time. It can also provide its own audio or visual means, as well as use the computer or keyboard indicators, to inform the user of its current status. A computer can communicate with the device without special drivers or software. It can have any appropriate physical dimensions, such as cable lengths, and can also have no cables at all.

Description

"EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS". The present document relates to an invention patent of an "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS", which has features that assures the confidentiality of the data when a computer user enters sensitive or secret information on a computer keyboard, thus avoiding possible injuries caused by hackers or malicious software. These risks arise at e-commerce and e-banking Internet sites, for example. As being connected between a computer and a keyboard unit, the Cipher and Authenticator can cipher a message inputted via the keyboard unit before it arrives in the computer. Only an authorized system with the correct codes (keys) can correctly decipher the message. This way the message is rendered incomprehensible and unusable to any third-party that may "listening" to keyboard input in the computer. The Cipher and Authenticator can also authenticate the given message before it is sent to the computer, so that the message cannot be successfully tampered with by third-parties. The Cipher and Authenticator is a portable and low-cost device that may be carried to any computer where a secure transaction can take place. A common security threat is the unauthorized "listening" of keyboard activity. This "listening" can take place in personal computers, ATM computers, and point-of-sale (POS) terminals, for example. Computer invasion, or hacking, is quite frequent, and an intruder can monitor or modify any given text typed on the keyboard. Valuable data, such as credit card numbers and Internet banking passwords can be captured and then used by a third-party to carry out unauthorized transactions, which incurs potential losses to financial institutions or computer user, for example. There are solutions already addressing the described "listening" attack, but they do not offer the required security levels, and are incapable of providing authentication of the messages entered on the keyboard. They also present superior complexity compared to a solution based on the present invention. The so called cryptographic keyboards, for example, cipher the keyboard text before it is sent via keyboard cable. Its widespread use would imply the replacement of a large number of normal keyboard units. They are also very expensive, and are at the present moment an unpractical solution for the popular e-commerce and e-banking services. As a solution to the related problems it is now introduced the present invention, a Keyboard Cipher and Authenticator. It can be used on any combination of keyboards and data processor systems. It is portable, and its installation does not require hardware modifications to the related keyboard unit and data processor system, neither requires special technical skills. Is a low-cost solution to user data security. Brief description of the drawings: Figure 1 shows a flow diagram of a typical system without the present invention (prior art). Figure 2 shows another flow diagram containing the Cipher and Authenticator connected between a keyboard(A) and a computer(B), establishing a secure communication channel between them. As illustrated by the given drawings, the Cipher and Authenticator is comprised of a embodiment(C) housing two connectors, one for the keyboard unit cable(A), and the other for the computer (B). The device allows keyboard-entered data such as passwords to be ciphered and/or authenticated before they enter the computer. This way the password will be kept confidential even if the said computer is being violated by a hacker that is recording every keystroke from the keyboard. Due to the authentication feature, a remote server can check if the said data is authentic or if it has suffered tampering. The Cipher and Authenticator uses modern ciphering and authentication algorithms that are executed by an electronic device(D) that has a statistically unique secret code for each individual device. This code can be inoculated or generated internally. The code is then used by a transformation (e.g. ciphering) of the user-typed data, generating an incomprehensible sequence of data, that can only be recovered and used by a machine that has knowledge of this secret code, or a transformation of this code, or the data sequence itself. If the computer is being "listened to" by a hacker (or if the user is being mislead to enter its password on a fake internet banking site, for example), it will not be possible to recover the plain text password, since it can only be deciphered by an authorized system. The user-typed data can also be authenticated so that sensitive data, such as account numbers and values, cannot be successfully modified. In any of the two cases (ciphering or authentication), the present device may require an access code to be entered via the keyboard or by other means (e.g. biometric devices) in the device, so that only the respective device owner can use it. The Cipher and Authenticator is a portable low-cost device that can be carried in the user pocket. This is not possible to do with cryptographic keyboards, which are high-cost solutions and designed to be a fixed desktop item.
The operating steps for the Cipher and
Authenticator are the following:
1 ) Connect the Cipher and Authenticator between the keyboard and the computer, as shown in Fig. 2.
2) The Cipher and Authenticator acts as a transparent link between the keyboard and the computer, until it is activated. It can be activated by means of: a) The computer, when a secure transaction is to take place; b) The user, by means of the keyboard or by requiring so from the computer. It may be required that the user enters a code on the device to allow its activation.
3) The Cipher and Authenticator can be disconnected from a computer at any time, whether or not an operation is being carried out. The Cipher and Authenticator can provide the given features when connected to any keyboard I/O Standard, such as IBM PC/AT, PS/2, USB, FireWire, RS232, RS232C, RS485, Wireless, for example. The Cipher and Authenticator physical dimensions can vary, including cables lengths (Fig. 2: A-C cable, C-B cable). The device embodiment can also house the two necessary connectors, in this case not requiring any cable at all. The Cipher and Authenticator can be connected between a keyboard unit and a computer by the user, at any time, not requiring any special skills. A computer can communicate with the device without special drivers or software; by means of an Internet HTML document, for example. The Cipher and Authenticator may also generate audio or visual signals in its embodiment or in the computer or the keyboard unit that it is connected to. These signals can be used to alert the user about the device status (e.g. the scroll lock light turned on only when a secure channel is established). As shown in the present document, the Keyboard Cipher and Authenticator can solve the proposed problems, providing superior capabilities and cost over the current existent solutions, due to its unique and innovative characteristics.

Claims

CLAIMS 1) "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS", comprising an adapter(C) for a keyboard unit cable(A) of a computer(B) which can cipher and authenticate user-typed data before the data arrives at the computer. 2) "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS" according to claim 1 , featuring ciphering and authentication algorithms executed by an electronic device(D) that has a statistically unique secret code, generated internally or inoculated, in each unit of this device. This secret code is applied to cipher the user-typed data, generating an incomprehensible sequence of data, that can be used only by a machine that has knowledge of this secret code, or a transformation of this code, or the data sequence itself. 3) "EXTERNAL CIPHER AND
AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS" according to claim 1 , featuring ciphering and authentication algorithms executed by an electronic device(D) that has a statistically unique secret code, generated internally or inoculated, in each unit of this device. This secret code is applied to authenticate user-typed data, generating a data sequence, known as message authentication code (MAC), so that a machine that has knowledge of this secret code, or a transformation of this code, can assure if the user-typed data is authentic or not. 4) "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS" according to claim 1 , characterized by the fact that the present device is a low-cost and portable solution, and can be activated by means of the user or the computer. The device can be disconnected from the computer, even if an operation is being held, without implying loss of the computer functionality. It can also be connected in between any keyboard and machine that has an electrical or mechanical keyboard interface. 5) "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS" according to claim 1 , meaning that the device embodiment physical dimension can vary in its size, as well as the length of the associated cables between the main body(C) and its connectors. The main embodiment can also house the two connectors, without the need of additional cables. 6) "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS" according to claim 1 , characterized by the capability to be connected between the keyboard and the computer at any time, not requiring special technical skills. A computer can communicate with the device without special drivers or software. 7) "EXTERNAL CIPHER AND AUTHENTSCATSON DEVICE FOR USE WITH KEYBOARD UNITS" according to claim 1 , characterized by the capability to generate audio or visual signals in its embodiment or in the computer or in the keyboard unit that it is connected to. These signals can be used to inform the user of the device status.
PCT/BR2004/000110 2003-07-08 2004-07-06 External cipher and authentication device for use with keyboard units WO2005003932A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BRPI0302727-9 2003-07-08
BR0302727A BR0302727A (en) 2003-07-08 2003-07-08 External keyboard encoder

Publications (1)

Publication Number Publication Date
WO2005003932A1 true WO2005003932A1 (en) 2005-01-13

Family

ID=33557339

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BR2004/000110 WO2005003932A1 (en) 2003-07-08 2004-07-06 External cipher and authentication device for use with keyboard units

Country Status (2)

Country Link
BR (1) BR0302727A (en)
WO (1) WO2005003932A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI416931B (en) * 2008-06-20 2013-11-21 Chi Mei Comm Systems Inc System and method for deleting data stored in the mobile phone automatically
US8954624B2 (en) 2005-10-06 2015-02-10 Safend Ltd. Method and system for securing input from an external device to a host

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0272230A2 (en) * 1986-12-15 1988-06-22 DE LA RUE INTER INNOVATION Aktiebolag An operator console for data communication purposes
WO1995026085A1 (en) * 1994-03-18 1995-09-28 Innovonics, Inc. Methods and apparatus for interfacing an encryption module with a personal computer
WO1998007255A1 (en) * 1996-08-12 1998-02-19 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
WO2001010079A1 (en) * 1999-07-29 2001-02-08 Safe Technology Co., Ltd. Adapter having secure function and computer secure system using it

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0272230A2 (en) * 1986-12-15 1988-06-22 DE LA RUE INTER INNOVATION Aktiebolag An operator console for data communication purposes
WO1995026085A1 (en) * 1994-03-18 1995-09-28 Innovonics, Inc. Methods and apparatus for interfacing an encryption module with a personal computer
WO1998007255A1 (en) * 1996-08-12 1998-02-19 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
WO2001010079A1 (en) * 1999-07-29 2001-02-08 Safe Technology Co., Ltd. Adapter having secure function and computer secure system using it

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8954624B2 (en) 2005-10-06 2015-02-10 Safend Ltd. Method and system for securing input from an external device to a host
TWI416931B (en) * 2008-06-20 2013-11-21 Chi Mei Comm Systems Inc System and method for deleting data stored in the mobile phone automatically

Also Published As

Publication number Publication date
BR0302727A (en) 2005-03-29

Similar Documents

Publication Publication Date Title
US10187211B2 (en) Verification of password using a keyboard with a secure password entry mode
US10555169B2 (en) System and method for dynamic multifactor authentication
US8997177B2 (en) Graphical encryption and display of codes and text
ES2456815T3 (en) User authentication procedures in data processing systems
EP0986209B1 (en) Remote authentication system
US8214888B2 (en) Two-factor USB authentication token
KR101381789B1 (en) Method for web service user authentication
US20050055318A1 (en) Secure PIN management
EP2143028A2 (en) Secure pin management
US20080120511A1 (en) Apparatus, and associated method, for providing secure data entry of confidential information
US20100195825A1 (en) Keystroke encryption system
EP2368208A1 (en) Portable security device protecting against keystroke loggers
EP2182457A1 (en) Dynamic PIN verification for insecure environment
US20120095919A1 (en) Systems and methods for authenticating aspects of an online transaction using a secure peripheral device having a message display and/or user input
US20100257359A1 (en) Method of and apparatus for protecting private data entry within secure web sessions
EP2344973A1 (en) Networked computer identity encryption and verification
WO2001084768A1 (en) Method of authenticating user
WO2007001237A2 (en) Encryption system for confidential data transmission
JP5135331B2 (en) PC external signature apparatus having wireless communication capability
KR101754519B1 (en) Keyboard secure system and method for protecting data input via keyboard using one time key
WO2005003932A1 (en) External cipher and authentication device for use with keyboard units
WO2012123859A1 (en) Transaction security method and device
Gerberick Cryptographic key management
JP2002082909A (en) Information managing device and information managing system
CN114240435A (en) Data verification system and method for preventing payment data from being tampered

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase