"EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS". The present document relates to an invention patent of an "EXTERNAL CIPHER AND AUTHENTICATION DEVICE FOR USE WITH KEYBOARD UNITS", which has features that assures the confidentiality of the data when a computer user enters sensitive or secret information on a computer keyboard, thus avoiding possible injuries caused by hackers or malicious software. These risks arise at e-commerce and e-banking Internet sites, for example. As being connected between a computer and a keyboard unit, the Cipher and Authenticator can cipher a message inputted via the keyboard unit before it arrives in the computer. Only an authorized system with the correct codes (keys) can correctly decipher the message. This way the message is rendered incomprehensible and unusable to any third-party that may "listening" to keyboard input in the computer. The Cipher and Authenticator can also authenticate the given message before it is sent to the computer, so that the message cannot be successfully tampered with by third-parties. The Cipher and Authenticator is a portable and low-cost device that may be carried to any computer where a secure transaction can take place. A common security threat is the unauthorized "listening" of keyboard activity. This "listening" can take place in personal computers, ATM computers, and point-of-sale (POS) terminals, for example.
Computer invasion, or hacking, is quite frequent, and an intruder can monitor or modify any given text typed on the keyboard. Valuable data, such as credit card numbers and Internet banking passwords can be captured and then used by a third-party to carry out unauthorized transactions, which incurs potential losses to financial institutions or computer user, for example. There are solutions already addressing the described "listening" attack, but they do not offer the required security levels, and are incapable of providing authentication of the messages entered on the keyboard. They also present superior complexity compared to a solution based on the present invention. The so called cryptographic keyboards, for example, cipher the keyboard text before it is sent via keyboard cable. Its widespread use would imply the replacement of a large number of normal keyboard units. They are also very expensive, and are at the present moment an unpractical solution for the popular e-commerce and e-banking services. As a solution to the related problems it is now introduced the present invention, a Keyboard Cipher and Authenticator. It can be used on any combination of keyboards and data processor systems. It is portable, and its installation does not require hardware modifications to the related keyboard unit and data processor system, neither requires special technical skills. Is a low-cost solution to user data security. Brief description of the drawings: Figure 1 shows a flow diagram of a typical system without the present invention (prior art).
Figure 2 shows another flow diagram containing the Cipher and Authenticator connected between a keyboard(A) and a computer(B), establishing a secure communication channel between them. As illustrated by the given drawings, the Cipher and Authenticator is comprised of a embodiment(C) housing two connectors, one for the keyboard unit cable(A), and the other for the computer (B). The device allows keyboard-entered data such as passwords to be ciphered and/or authenticated before they enter the computer. This way the password will be kept confidential even if the said computer is being violated by a hacker that is recording every keystroke from the keyboard. Due to the authentication feature, a remote server can check if the said data is authentic or if it has suffered tampering. The Cipher and Authenticator uses modern ciphering and authentication algorithms that are executed by an electronic device(D) that has a statistically unique secret code for each individual device. This code can be inoculated or generated internally. The code is then used by a transformation (e.g. ciphering) of the user-typed data, generating an incomprehensible sequence of data, that can only be recovered and used by a machine that has knowledge of this secret code, or a transformation of this code, or the data sequence itself. If the computer is being "listened to" by a hacker (or if the user is being mislead to enter its password on a fake internet banking site, for example), it will not be possible to recover the plain text password, since it can only be deciphered by an authorized system. The user-typed data can also be authenticated so that sensitive data, such as account numbers and values, cannot be successfully modified.
In any of the two cases (ciphering or authentication), the present device may require an access code to be entered via the keyboard or by other means (e.g. biometric devices) in the device, so that only the respective device owner can use it. The Cipher and Authenticator is a portable low-cost device that can be carried in the user pocket. This is not possible to do with cryptographic keyboards, which are high-cost solutions and designed to be a fixed desktop item.
The operating steps for the Cipher and
Authenticator are the following:
1 ) Connect the Cipher and Authenticator between the keyboard and the computer, as shown in Fig. 2.
2) The Cipher and Authenticator acts as a transparent link between the keyboard and the computer, until it is activated. It can be activated by means of: a) The computer, when a secure transaction is to take place; b) The user, by means of the keyboard or by requiring so from the computer. It may be required that the user enters a code on the device to allow its activation.
3) The Cipher and Authenticator can be disconnected from a computer at any time, whether or not an operation is being carried out. The Cipher and Authenticator can provide the given features when connected to any keyboard I/O Standard, such
as IBM PC/AT, PS/2, USB, FireWire, RS232, RS232C, RS485, Wireless, for example. The Cipher and Authenticator physical dimensions can vary, including cables lengths (Fig. 2: A-C cable, C-B cable). The device embodiment can also house the two necessary connectors, in this case not requiring any cable at all. The Cipher and Authenticator can be connected between a keyboard unit and a computer by the user, at any time, not requiring any special skills. A computer can communicate with the device without special drivers or software; by means of an Internet HTML document, for example. The Cipher and Authenticator may also generate audio or visual signals in its embodiment or in the computer or the keyboard unit that it is connected to. These signals can be used to alert the user about the device status (e.g. the scroll lock light turned on only when a secure channel is established). As shown in the present document, the Keyboard Cipher and Authenticator can solve the proposed problems, providing superior capabilities and cost over the current existent solutions, due to its unique and innovative characteristics.