CN101819611B - Real-time comparison and defending method of input data and hardware thereof - Google Patents
Real-time comparison and defending method of input data and hardware thereof Download PDFInfo
- Publication number
- CN101819611B CN101819611B CN2009100083569A CN200910008356A CN101819611B CN 101819611 B CN101819611 B CN 101819611B CN 2009100083569 A CN2009100083569 A CN 2009100083569A CN 200910008356 A CN200910008356 A CN 200910008356A CN 101819611 B CN101819611 B CN 101819611B
- Authority
- CN
- China
- Prior art keywords
- data
- application program
- hardware
- immediately
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a real-time comparison and defending method of input data and hardware thereof. The method comprises the following steps: firstly, an input device connected with the hardware is utilized to input data into the hardware; the data are recorded and transmitted to the application program of an operating system; the data are processed by the application program to generate result data; a control application program is utilized to receive the result data and name the result data as data to be tested, and the data to be tested are passed back to the hardware; then the reversal processing unit of the hardware is utilized to carry out reversal dismantling operation on the result data; and finally, the comparison unit of the hardware is utilized to compare the data and the data to be tested, so as to achieve the aim of utilizing the hardware at real time to judge whether the data results are damaged or not.
Description
Technical field
The present invention relates to a kind of comparison means of defence and hardware thereof, particularly relate to a kind of instant comparison means of defence and hardware thereof to the input data.
Background technology
Because the information industry technology is flourish, computing machine and internet have been indispensable rings in life concerning present people, no matter be that individual data or company's business data all can come access through the media of computing machine and network; But also because the network universalness makes that network hacker is also therefore a large amount of and emerges now, and carry out malicious intrusions, destruction of computer systems, alter lawbreaking activities such as computer-internal data, and then computer information safe is caused sizable harm! Also therefore cause numerous individuals and enterprise to suffer increasingly high loss, so the technology of maintenance information safety of all kinds and the instrument software of being developed just arise.
In order to prevent that the hacker from invading the data of destroying in the computing machine with various gimmicks and pipeline, common mode can be divided into two big mainstream technology means such as stopping strick precaution and postmortem reconstruction in advance at present:
About stopping strick precaution in advance, main is to come once and for all to prevent hacker attacks through the mode of setting up fire wall, and makes data in the computing machine avoid the crisis of being altered.But after all the high chi in road, the evil spirit high one zhang; Though firewall technology can stop the invasion of most illegal hackers; But the hacker of the network internal of knowing a little eventually framework; Can find the ad hoc network security breaches or utilize the mode of implanting rogue program to get into other people computing machine, and then alter internal data, so fire wall also can't prevent fully that data from being altered.
Rebuild as for postmortem; Be to belong to a kind of mode of mending the fold after the sheep is lost; And common mode is in respect of two types: a kind of for utilizing manual type that all former input data are checked inspection one by one; Though can be effectively and the utmost point check out which data to be altered or destroy completely, this method is real to belong to very inefficient way.Therefore, another kind of mode has hash function (Hashfunction) functional programs for utilizing jumbo memory storage to cooperate, and specifies a kind of Hash Value that is very difficult to the random number of repetition; With of the computing of every data of being imported through hash function, the Hash Value of a given uniqueness, and these data are backed up in this memory storage; Therefore; When a period of time later or through after some calculation process, it is different whether Hash Value and the original value that writes down that just can check these data has, as if different; Then because the very difficult repeat property of hash function; Just can know that these data are altered, changed or destroyed, therefore, just find out this backed up data and rebuild from this memory storage.
Though utilize the characteristic of hash function; Can be effectively and check out apace which the input data altered; Yet using this mode is not to be flawless, except the storage space of the extra mass storage devices of needs; Since this program with hash function also possibly be subjected to virus infections, destruction or even altered and juggled things; And then make its functional operation not normal, and can not detect the unusual place that imports data, let illegal personage such as hacker evade detecting and organic invasion destruction, alter data with taking advantage of.
Therefore, how to propose that an illegal personage is difficult to destroy and again can be fast and import data comparison detection method and device effectively, just become the direction that relevant dealer institute desire is made great efforts research.
Summary of the invention
An object of the present invention is is providing a kind of instant comparison protection hardware of importing data.The present invention imports data and compares protection hardware immediately; Be applicable to that a result data in data that an input media that is linked to each other is imported and the operating system that comprises an application program and a controlling application program compares; And this result data be by this application program to these data handle produce, this hardware comprises an anti-processing unit and a comparing unit.
This anti-processing unit receives by the result data that this controlling application program returned, and this result data is carried out a kind ofly oppositely disassembling operation, and draws a testing data.
This comparing unit receives and writes down the data that this input media is imported, and these data and the testing data that this anti-processing unit transmitted are certainly compared.
Then, another object of the present invention is that a kind of instant comparison means of defence of importing data is being provided.
The present invention imports data and compares means of defence immediately, comprises following steps:
(1) by an input media that is connected with a hardware data is input in this hardware.
(2) these data are recorded in this hardware.
(3) it is said that again this stroke count is delivered in the application program in the operating system.
(4) this application program is handled these data, and produces a result data.
(5) receive this result data through controlling application program, and to make it be a testing data, again this testing data be back to this hardware.
(6) utilize an anti-processing unit of this hardware that this result data is carried out a kind of operation of oppositely disassembling, reach the comparing unit of this hardware again.
(7) use a comparing unit of this hardware that these data and this testing data are compared, judge whether both are identical, if, represent that then this result data is correct, if not, represent that then this result data wrecks in this operating system.
Beneficial effect of the present invention is: the anti-processing unit by this hardware operates the result data that is produced to this application program to these data; Oppositely disassemble into this testing data; And the comparing unit of this hardware is to the detection of comparing of this testing data and original data, to reach fast and to judge the purpose whether this result data is altered or destroyed effectively.
Description of drawings
Fig. 1 is that explanation the present invention imports the block diagram that data are compared a preferred embodiment of each arrangements of components aspect of protecting hardware immediately; And
Fig. 2 is a process flow diagram of the preferred embodiment running.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is elaborated:
Consult Fig. 1; The present invention imports the preferred embodiment that data are compared protection hardware 3 immediately; Be applicable to that result datas 211 in data 11 that an input media that is linked to each other 1 is imported and the operating system that comprises an application program 21 and a controlling application program 22 2 compare; And this result data 211 be by 21 pairs of these data 11 of this application program handle produce, this hardware 3 comprises an anti-processing unit 31 and a comparing unit 32.
This anti-processing unit 31 receives the result data 211 that is returned by this controlling application program 22, and this result data 211 is carried out a kind ofly oppositely disassembling operation, and draws a testing data 311.
This comparing unit 32 receives and writes down the data 11 that this input media 1 is imported, and these data 11 and the testing data 311 that is transmitted from this anti-processing unit 31 are compared.And the comparison result that is carried out when 32 pairs of these data 11 of this comparing unit and this testing data 311 is stored this result data 211 when being identical, in order to data in the future rebuild required.On the contrary, when comparison result for not simultaneously, export abnormal information 321 first, and notify this controlling application program 22 to abandon this result data 211.
In addition; What deserves to be mentioned is; On practice is used; This hardware 3 can comprise a control module 33 that is connected with this anti-processing unit 31 and this comparing unit 32 respectively in addition, being used for the operation of unified management and control this anti-processing unit 31 and comparing unit 32, as these data 11 of management and control, this result data 211, this testing data 311 and this then abnormal information 321 the flow direction, when must these data 11 be stored or other work flows etc.; Because 33 scopes that can use of this control module are very extensive, so should not be limited to the explanation of present embodiment.
Consult Fig. 1 and Fig. 2, comprise following steps with the pairing method of the preferred embodiment of above-mentioned this hardware 3:
At first, shown in step 50, the application program 21 in this operating system 2 is switched to the file of a read-only form that can't be override by this operating system 2 from the file of a hiding form.
Secondly, shown in step 51, a monitoring facilities 23 in this operating system 2 is switched to the file of a read-only form that can't be override by this operating system 2 from the file of a hiding form.
Come again, shown in step 52, these data 11 are input in this hardware 3 by the input media 1 that is connected with this hardware 3.In this preferred embodiment, mentioned input media 1 can be the device that keyboard, mouse, Trackpad and other can the inputs of confession information.
Then, shown in step 53, these data 11 are recorded in this hardware 3.In this preferred embodiment; These data 11 are recorded in the comparing unit 32 of this hardware 3; But in practical application; Also can these data 11 be stored in this hardware 3 other in addition and have in the storage unit (figure does not show) of memory function, this is for those skilled in the art's easy full of beard of institute and change utilization, so not exceeded by the particular example of the preferred embodiment.
And then, shown in step 54, again these data 11 are sent in this application program 21.
Then, shown in step 55,21 pairs of these data 11 of this application program are handled, and produce this result data 211.
Continuous shown in step 56, monitor by 23 pairs of these application programs 21 of this monitoring facilities, when monitoring the result data 211 that this application program 21 produced, this result data 211 is sent to this controlling application program 22.
What this must remark additionally be; Application program 21 that aforesaid step 50 and step 51 are carried and monitoring facilities 23 carry out order from the step that hiding formal transformations are read-only form; In practice is used; Can exchange it each other and carry out order or carry out simultaneously, or intert respectively and carry out with other steps before this step 56, only note observe must completion form switching before this application program 21 and 23 runnings of this monitoring facilities principle just can; This is easy to change by persons skilled in the art and is migrated, and therefore should not exceed with person disclosed in the preferred embodiment.
Then, shown in step 57, receive this result data 211 through the controlling application program in this operating system 2 22, and order is back to this hardware 3 with this result data 211 again for this testing data 311.And this controlling application program 22 is in this preferred embodiment, is the file of a read-only form that can't be override by this operating system 2.
What deserves to be mentioned is; The usefulness that aforesaid application program 21, monitoring facilities 23 and controlling application program 22 are set to the file of read-only form is intended to; Can carry out but forbid editing the characteristic that writes change by read-only, alter or destroy to prevent malice that these programs are subjected to illegal personage.
Then, shown in step 58, utilize 31 pairs of these testing datas 311 of this anti-processing unit of this hardware 3 oppositely to disassemble operation, and be back to the comparing unit 32 of this hardware 3.
At last, shown in step 59, use 32 pairs of these data 11 of comparing unit and this testing data 311 of this hardware 3 to compare, judge whether both are identical:
If then shown in step 591, represent that this result data 211 is correct, and this result data 211 be stored in the block protection district (figure does not show), in order to the needs of data reconstruction in the future.And this protected location is in this preferred embodiment, non-ly is present in this operating system 2 times, and can only carry out access through 3 pairs of these protected locations of this hardware.
If not, then shown in step 592, represent just to wreck when this result data 211 produces in this operating system 2, and this result data 211 abandoned, and show this then abnormal information 321 on a display device 4.
Next; Still likewise consult Fig. 1 and shown in Figure 2; To how come that the comparison of testing be an example to its data of on a computing machine (figure does not show), being imported 11 with a user, and make a more complete operating process and explain through sharp described hardware 3 of above preferable enforcement and correlation technique:
Before describing; To suppose that below this application program 21 is that a Chinese mosaic input method application program (being exactly a kind of character input method application program of utilizing at least one original coding), this result data 211 are a Chinese character code (being exactly a kind of character code of being made up of this original coding), and the operation of oppositely disassembling of this anti-processing unit 31 is the result data with Chinese character code form 211 oppositely to be disassembled be at least one mosaic symbol (being exactly original coding).
At the beginning; After supposing to accomplish the previous operations of setting read-only form for of this application program 21, monitoring facilities 23; This user utilizes a keyboard (being exactly input media 1) that is directly connected on this hardware 3 to carry out Chinese typewriting operation; At this moment; When this user keyed in Chinese according to the mosaic input method on keyboard, this hardware 3 also was stored in these mosaics in this comparing unit 32 in the time of the Chinese mosaic input method application program (being exactly application program 21) that these mosaic symbols (being exactly data) sent in the operating system 2.
Then, this Chinese mosaic input method application program just accordings to the mosaic that is received and converts corresponding Chinese character code (being exactly result data 211) to; Come again; Other are various like text editing application programs such as the Word of Microsoft 24 time when these Chinese character codes are applied to; During Chinese character code that this monitoring facilities 23 on detection of should Chinese mosaic input method application program be produced, just be sent to the anti-processing unit 31 in this hardware to the media of these Chinese character codes through this controlling application program 22.
Then, this anti-processing unit 31 utilizes this oppositely to disassemble operation these Chinese character codes is disassembled into mosaic symbol to be detected (being exactly testing data 311), and giving these testing datas 311 is the comparing unit 32 in this hardware equally again.
At last; Whether this comparing unit 32 is just compared the mosaic symbol of before importing through keyboard at the beginning in this user (data 11) with these mosaic symbols to be measured (testing data 311), should Chinese character code (result data 211) altered or destroy to judge.
When the comparison result that these mosaic symbols and mosaic symbol to be measured is carried out when this comparing unit 32 is identical; Just the Chinese character code that produced through this Chinese mosaic input method application program of expression is altered or is destroyed, and can supply follow-up operation use and can these Chinese character codes be stored; Yet, when the comparison result of this comparing unit 32 for not simultaneously, export this abnormal information 321, and by this abnormal information 321 being demonstrated, and notify this controlling application program 22 to abandon this Chinese character code (result data 211) like display device such as liquid crystal screen 4.
Know by above; The present invention imports data and compares means of defence and hardware 3 thereof immediately; Mainly be oppositely to disassemble into this testing data 311 to the result data 211 that these data 11 runnings are produced by 31 pairs of these application programs of anti-processing unit 21 of this hardware 3; And the detection of comparing of 32 pairs of these testing datas of the comparing unit of this hardware 3 311 and original data 11, whether altered or destroyed to judge this result data 211 fast and effectively.
In addition; The present invention is except the safeguard function that proposes aforesaid instant detection input data 11 and whether go to pot, alter; Also because this application program 21, monitoring facilities 23 and controlling application program 22 when carrying out its operation and handle, all are in read-only form, alter or destroy to prevent malice that these programs are subjected to illegal personage; And reach the lifting effect of the double protection of data security, so can reach the object of the invention really.
Claims (13)
1. input data are compared means of defence immediately, it is characterized in that comprising following steps:
(1) by an input media that is connected with a hardware data is input in this hardware;
(2) these data are recorded in this hardware;
(3) it is said that again this stroke count is delivered in the application program in the operating system;
(4) this application program is handled these data, and produces a result data;
(5) receiving this result data and make it through a controlling application program is a testing data, and this testing data is back to this hardware;
(6) utilize an anti-processing unit of this hardware that this testing data is carried out a kind of operation of oppositely disassembling; And
(7) use a comparing unit of this hardware that these data and this testing data are compared, judge whether both are identical, if, represent that then this result data is correct, if not, represent that then this result data wrecks in this operating system.
2. input data as claimed in claim 1 are compared means of defence immediately, it is characterized in that: in this step (two), these data are recorded in the comparing unit of this hardware.
3. input data as claimed in claim 2 are compared means of defence immediately, it is characterized in that: in this step (seven), when judging these data and this result data when identical, this result data is stored in the block protection district.
4. input data as claimed in claim 3 are compared means of defence immediately, it is characterized in that: in this step (seven), this protected location is non-to be present under this operating system, and can only carry out access to this protected location through this hardware.
5. input data as claimed in claim 3 are compared means of defence immediately; It is characterized in that: in this step (seven); When judging these data and this result data not simultaneously, this result data is abandoned, and show that abnormal information is on a display device first.
6. input data as claimed in claim 5 are compared means of defence immediately; It is characterized in that: also comprise a step (eight) that is positioned between this step (four) and this step (five); By a monitoring facilities this application program is monitored; When monitoring the result data that this application program produces, this result data is sent to this controlling application program.
7. input data as claimed in claim 6 are compared means of defence immediately; It is characterized in that: also comprise one and be positioned at the preceding step (nine) of this step (four); This application program is before handling these data; Switch to the file of a read-only form that can't be override by this operating system from the file of a hiding form, and carry out subsequent treatment.
8. input data as claimed in claim 7 are compared means of defence immediately, it is characterized in that: in this step (five), this controlling application program is the file of a read-only form that can't be override by this operating system.
9. input data as claimed in claim 8 are compared means of defence immediately; It is characterized in that: also comprise one and be positioned at the preceding step (ten) of this step (eight); This monitoring facilities is before monitoring this application program; Switch to the file of a read-only form that can't be override by this operating system from the file of a hiding form, and carry out subsequent treatment.
10. input data as claimed in claim 1 are compared means of defence immediately; It is characterized in that: in this step (three) and this step (four); This application program is a character input method application program of utilizing at least one original coding; And this result data is a character code, and in this step (six), and the result data that operation will have the character code form oppositely disassembled of this anti-processing unit is oppositely disassembled and is this original coding.
11. input data are compared protection hardware immediately; Be applicable to that a result data in data that an input media that is linked to each other is imported and the operating system that comprises an application program and a controlling application program compares; And this result data be by this application program to these data handle produce; It is characterized in that: this hardware comprises a comparing unit and an anti-processing unit; This comparing unit receives and writes down the data that this input media is imported, and receives the passback that is made the result data that is a testing data, these data and this testing data is compared again; This anti-processing unit is connected between this controlling application program and this comparing unit; Before this comparing unit receives by the testing data that this controlling application program returned, earlier this testing data is carried out a kind of operation of oppositely disassembling, reach this comparing unit again.
12. input data as claimed in claim 11 are compared protection hardware immediately; It is characterized in that: when this comparing unit when being identical these data and comparison result that this testing data carried out; Store this result data; And when this comparing unit to these data and comparison result that this testing data carried out for not simultaneously, export abnormal information first, and notify this controlling application program to abandon this result data.
13. input data as claimed in claim 12 are compared protection hardware immediately, it is characterized in that: the data that operation will have a character code form oppositely disassembled of this anti-processing unit are oppositely disassembled and are at least one original coding.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100083569A CN101819611B (en) | 2009-02-26 | 2009-02-26 | Real-time comparison and defending method of input data and hardware thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100083569A CN101819611B (en) | 2009-02-26 | 2009-02-26 | Real-time comparison and defending method of input data and hardware thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101819611A CN101819611A (en) | 2010-09-01 |
| CN101819611B true CN101819611B (en) | 2012-08-08 |
Family
ID=42654709
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100083569A Active CN101819611B (en) | 2009-02-26 | 2009-02-26 | Real-time comparison and defending method of input data and hardware thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101819611B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292069B (en) * | 2016-03-30 | 2020-03-24 | 虹映科技股份有限公司 | Operation system and method with instant heart rate prediction function |
| CN106951746B (en) * | 2017-04-25 | 2020-01-21 | 厦门芯阳科技股份有限公司 | Method and system for preventing reverse cracking of temperature control program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1217507A (en) * | 1997-11-06 | 1999-05-26 | 后健慈 | Method and system for maintaining access-protected storage region in sotrage device |
| CN1875568A (en) * | 2003-09-19 | 2006-12-06 | 索尼株式会社 | Transmitting apparatus, receiving apparatus, and data transmitting system |
| CN101071462A (en) * | 2007-03-30 | 2007-11-14 | 腾讯科技(深圳)有限公司 | System and method for indicating risk of information inputted by users |
| CN101377751A (en) * | 2007-08-30 | 2009-03-04 | 周宏建 | Method for protecting computer working document |
-
2009
- 2009-02-26 CN CN2009100083569A patent/CN101819611B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1217507A (en) * | 1997-11-06 | 1999-05-26 | 后健慈 | Method and system for maintaining access-protected storage region in sotrage device |
| CN1875568A (en) * | 2003-09-19 | 2006-12-06 | 索尼株式会社 | Transmitting apparatus, receiving apparatus, and data transmitting system |
| CN101071462A (en) * | 2007-03-30 | 2007-11-14 | 腾讯科技(深圳)有限公司 | System and method for indicating risk of information inputted by users |
| CN101377751A (en) * | 2007-08-30 | 2009-03-04 | 周宏建 | Method for protecting computer working document |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101819611A (en) | 2010-09-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106874755B (en) | Most consistent escape error processing apparatus and method | |
| CN104766011B (en) | The sandbox detection alarm method and system of Intrusion Detection based on host feature | |
| US9661003B2 (en) | System and method for forensic cyber adversary profiling, attribution and attack identification | |
| Jeun et al. | A practical study on advanced persistent threats | |
| US9256831B2 (en) | Match engine for detection of multi-pattern rules | |
| Robles-Durazno et al. | PLC memory attack detection and response in a clean water supply system | |
| Abdullayev et al. | SQL injection attack: Quick view | |
| CN103209173A (en) | Vulnerability mining method of network protocols | |
| Myung et al. | ICS malware Triton attack and countermeasures. | |
| CN108509796B (en) | A risk detection method and server | |
| WO2021046811A1 (en) | Attack behavior determination method and apparatus, and computer storage medium | |
| Zhang et al. | All your PLCs belong to me: ICS ransomware is realistic | |
| JP5326063B1 (en) | Malicious shellcode detection apparatus and method using debug events | |
| CN114095228A (en) | Safe access method, system and device for data of Internet of things based on block chain and edge calculation and storage medium | |
| CN101819611B (en) | Real-time comparison and defending method of input data and hardware thereof | |
| CN111786986B (en) | Numerical control system network intrusion prevention system and method | |
| Awad et al. | Volatile Memory Extraction-Based Approach for Level 0‐1 CPS Forensics | |
| CN108429746A (en) | A kind of private data guard method and system of facing cloud tenant | |
| CN107169354A (en) | Multi-layer android system malicious act monitoring method | |
| CN105933303A (en) | File tempering detection method and device | |
| KR101998205B1 (en) | Apparatus and method for analyzing malicious file using distributed virtual environment | |
| TWI409665B (en) | Enter the information air against the protection method and its hardware | |
| Anitha et al. | Detecting various SQL Injection vulnerabilities using String Matching and LCS method | |
| CN114547590A (en) | Code detection method, device and non-transitory computer readable storage medium | |
| Redondo-Hernández et al. | Detection of advanced persistent threats using system and attack intelligence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |