CN103065085A - System and method for implementing a secure USB application device - Google Patents
System and method for implementing a secure USB application device Download PDFInfo
- Publication number
- CN103065085A CN103065085A CN 201210050029 CN201210050029A CN103065085A CN 103065085 A CN103065085 A CN 103065085A CN 201210050029 CN201210050029 CN 201210050029 CN 201210050029 A CN201210050029 A CN 201210050029A CN 103065085 A CN103065085 A CN 103065085A
- Authority
- CN
- China
- Prior art keywords
- main process
- process equipment
- security token
- token
- agency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A system and a method for implementing a secure USB token are described. In one embodiment, the system is used for implementing the secure USB token. The system comprises (1) the secure USB token including a processor, a memory coupled to said processor, a communication port coupled to said processor and a secure element coupled to said processor, wherein the secure element storing data for implementing a secure environment; one or more applications stored on said memory are adapted to run on said memory and processor; and (2) a host device including a processor, a memory coupled to said processor, a communication port coupled to said processor and an agent displayed on the host device, wherein the agent launches one or more of the applications stored on the USB token; and the agent prevents the host device from accessing the USB token's memory.
Description
The cross reference of related application
The application requires the U.S. Provisional Patent Application No.61/628 with same title and identical inventor name of submission on October 24th, 2011,092 right of priority, and mode by reference is herein incorporated its disclosed content.
Technical field
The present invention relates to be used to the system and method for realizing safe USB device.
Background technology
Current online on PC tends to be subject to becoming more intelligent virus and the attack of Malware based on bank and the payment system of the Internet.In order to improve security and to protect user's logging on authentication, bank and pay site are used the one-time password token and have been realized multifactor authentication (multifactor authentication) from the SMS password of user's mobile phone or mobile device.Yet some viruses are no longer interested in this password.On the contrary, virus allows the user normally to sign in to the Internet bank/pay site, allows from all multifactor authentication clauses and subclauses of user and to the foundation of safety chain (such as security software layer (" SSL ")).Virus can be placed suspension hook (hook) or be revised the PC browser in operating system (" OS "), thereby so that virus can see before security software layer that what URL and parameter have been submitted to bank/pay site.
An example of virus attack may occur in when the user transfers accounts to another account from user's bank account.Virus can detect the number yyy that transfers accounts in the account xxxx.When the user clicks the submission button (rather than browser is submitted to bank by safe lane with user's parameter), the opposing party that virus these parameters of interception and modification transfer account and the amount of money are not expected to the user.Then, the viral parameter that will change via safe lane on PC sends to bank's website.Virus can be redirected to certain other account and number from the account of user expection with fund now.
In order to prevent that intermediate from attacking, attack of (phishing attempts), browser intermediate (man-in-the-browser) etc. is attempted in fishing, some companies have developed hard browser, and described hard browser can prevent owing to attack the modification of browser code from the CD-ROM version (need not to be installed on the PC) of the browser of CD-ROM operation by using.The example of this product is the basic finger-type driver of the hard browser CD-ROM of Vasco (base thumb drive).The shortcoming of the hard browser of Vasco is: browser still moves together with the resource (for example, storer) of the host PC that also is vulnerable to attack.The present invention is safe USB token (" SUT "), and safe USB token is not exposed to host PC with its software code or runtime data storer.Can not revise any data of the application on the SUT in the virus on the host PC.
Summary of the invention
The disclosure has been described the system and method for the safe USB token of realizing using with main process equipment, and it will allow safely operation application on the processor of USB token and storer, and whether jeopardize main process equipment regardless of viral or other Malware.Start the application that is positioned on the USB token the agency on the main process equipment, and prevent the file system of host access USB token.
Embodiments of the invention comprise a kind of system and method, and wherein, the application that moves in USB device sends graph command to main process equipment, and process this by main process equipment and present (rendering).In addition, the present invention is not exposed to application or the virus that may be on the host PC with the file system of USB.Embodiments of the invention start application on the USB device with the agency, and can only start those application that management channel allows on USB device.
The present invention is different from the U.S. Patent application No.12/660 that has at Cassis International, the invention described in 723.In the application of Cassis, system is Virtual network computer (" VNC ") setting simply.VNC carries out all figures in USB device and presents, and whole screen buffer is transferred to host computer system.This requires a large amount of display frame memory buffer from the USB device to the main process equipment to shift in order to show.Therefore, the high processing power that the design of Cassis need to be on USB device is in order to present figure, and limited graphics display capability owing to shifting the needed mass data of screen buffer.
Designing requirement of the present invention is from the less processing power of USB device and less graphic service communication between USB and main process equipment, and the power that takes full advantage of main process equipment present/processing graphics shows.In VNC arranged, the whole desktop of the OS that moves in USB device showed and is sent to main process equipment.This has exposed the file system of the OS of USB, and malicious application can be downloaded to the file system that exposes and start malicious application from the file system that exposes.
Description of drawings
In the following description of carrying out by reference to the accompanying drawings, explained feature and the other side of the embodiment of the invention, in the accompanying drawings:
Fig. 1 illustrates the block diagram for the hardware stack of SUT of illustrating according to the embodiment of the invention.
Fig. 2 illustrates the block diagram for the software stack of SUT of illustrating according to the embodiment of the invention.
Fig. 3 illustrates the beginning sequence of the application on SUT of being undertaken by the agency on the main frame according to the embodiment of the invention.
Embodiment
Now with reference to accompanying drawing various embodiment of the present invention is described in more detail.
Fig. 1 shows the hardware stack of the embodiment of SUT 100.SUT 100 comprises the equipment that can dock with main frame via USB port 101, and contains processor 102, RAM 103, flash memory 104 and safety element 105, but is not restricted to these assemblies.
Fig. 2 shows the software stack of the embodiment of SUT 100.This SUT equipment can via USB202 be connected to have network insertion 210, any main frame 201 systems of display 213 and user's input interface device 212 (for example, keyboard, mouse, touch pad, remote controllers).The example of main frame 201 equipment comprises personal computer or has enabled the TV of the Internet.Embedded OS 205 operations of one or more SUT application 204 on the hardware of SUT.(one or more) SUT uses 204 and is triggered in order to moved by its independent agency 206 on main process equipment 201.Agency 206 is the application that move at the main process equipment 201 that SUT 100 is connected to.
Agency's 206 use management ports 207 are enabled in the application 204 on the SUT.Graphics Application is presented the agency 206 who sends to termly on the main process equipment in the application 204 on the SUT by figure display port 208.SUT will not need figure to present ability, because the agency 206 that drawing command is sent directly on the main process equipment 201 is used for presenting.Present the graphic hardware that figure remotely takes full advantage of main process equipment 201, accelerated to present process, and reduced the requirement of the processor (MCU) 102 of SUT, thereby make it more effective.By acting on behalf of 206 the user on main process equipment input is sent to application 204 on the SUT.By USB port 209, SUT can obtain via the bridge 203 on the main process equipment network 210 accesses.The environment that the OS 216 of main frame is provided for moving to the agency.The OS 216 of main frame can be that Microsoft Windows, Mac OS, Linux maybe can support figure to show, present any other OS of ability and user's input.Agency's opening window and present therein SUT and use 204 demonstration in main frame OS desktop screen.Main frame OS 216 can support that to main frame be local application 217, and this moment, the agency moved.
In a preferred embodiment, on main process equipment 201, will not support to show for the desktop window of SUT OS 205.Not supporting desktop to show on main frame has protected the SUT file system to avoid being subject to any external reference.The SUT file system further is subject to acting on behalf of 206 protection, and agency 206 only allows to start the application 204 that is placed among the SUT.Lack interface with the SUT file system so that more be difficult to put into applications (for example, virus) among the SUT and start them.
Fig. 3 shows the beginning sequence of the application on SUT of being undertaken by the agency on the main frame according to the embodiment of the invention.According to this embodiment, when the agency is activated 301, it sends signal to SUTOS so that the respective application 302 of beginning on SUT.SUT checks with intelligent chip whether application-specific can move 303 at SUT.If do not allow this to be applied in the upper operation of SUT, then error message sent to agency 306.If ratified this application, then this application can be to the request 304 of agency's transmission to login authentication.Intelligent chip checks logging on authentication 305.If logging on authentication is incorrect, then error message is sent to agency 306.If logging on authentication is correct, then act on behalf of opening window on main process equipment in order to present the demonstration 307 that is sent by SUT.When acting on behalf of window and be in activity, the agency also sends to SUT 307 with user's input (for example, mouse, keyboard etc.) from main process equipment.
Description to subsystem
SUT itself does not have the figure viewing hardware.Application 204 usefulness demonstration channels on SUT show the agency 206 who is updated directly into main process equipment with the figure of main frame.Can realize showing channel with OpenGL, XGL, CGL, WGL or similar agreement.Agency 206 at host device receives graphics display command by USB via figure display port 208.Agency 206 will open graphical display window and graphing thereon at the main process equipment display.Can encrypt graphic display data in order to strengthen security for the each side that is not desirable graph data take over party.Can before using beginning, SUT be encrypted by management channel.Start application 204 on the SUT via management port 207 by the agency 206 in the host computer system.
Management port 207 is such management channels, that is, this management channel allows the agency 206 on main process equipment to communicate by letter with SUT in order to begin or stop application 204.Use 204 by acting on behalf of 206 SUT that only can be enabled in the upper registration of SUT, in order to prevent that the unauthorized application is placed on SUT upward and at SUT starts it.
Figure display port 208 provides channel for the application 204 on the SUT and has been sent to the agency 206 on the main process equipment in order to will show channel command.
User input mouth 211 is provided for the channel of SUT, and the agency 206 who uses when being in activity from the main process equipment with box lunch receives users' input.In one embodiment, via the keyboard that SUT presents, can input safely data on the graphic alphanumeric display of main process equipment.Agency 206 will only send the position that other user input device of upper key area (on-screen key location) was clicked or shielded to mouse, not select what button and do not send.To finish following decoding in the SUT side: what button is corresponding to the upper zone of this screen.
Bridge 203 allows SUT to use the Internet resources 210 of main process equipment to visit the Internet.SUT can be by being encrypted to create the safe lane with the external world to the data on the SUT (before it leaves SUT).Smell spy or fishing for the virus on the main process equipment, another form of SSL or encryption can strengthen security.
In a preferred embodiment, SUT hardware will show as the compound USB equipment for main frame OS 216: it will show as USB CDC Ethernet kind equipment and CD-ROM read-only device.All communication channels that CDC Ethernet kind equipment is provided for acting on behalf of to SUT.CD-ROM (read-only) part contains will be in agency's 206 programs of main frame 201 operations.Agent can directly move the CD-ROM that is mounted from this.Agency 206 adopts read-only CD-ROM forms also not require installation agent on main process equipment 201, and thereby provides security for agent code.The agency will communicate by letter with SUTOS 205 in order to start its respective application 204 on SUT.The agency can set up the safe lane for figure display port 208 and user input mouth 211.The agency can opening window and will be presented to this window from the graph command of the application 204 among the SUT.Each application 204 that moves at SUT will require different agencies 206 startups and present the new display window that is associated with this application.In one embodiment, new window is opened in each application, and perhaps under Web browser operates in situation on the SUT, when the user clicks new browser window in the browser that has moved in SUT, new window will be opened in main process equipment.The agency can use the selection to using to start a more than type or application when beginning, perhaps is the dissimilar independent agencies of application start.
Intelligent chip (or safety element) 105 is provided for crypto engine and the password/data storage of SUT.Intelligent chip 105 can be any physics and the electronics tamper resistant device for storage and execution cryptographic algorithm and password/data.For example, intelligent chip 105 can be used as secure storage section and comes tabulation for the executable file that can carry out at SUT, carries out at SUT in order to prevent virus or back door access program.SUT OS can be on proving program before the executive routine be in tabulation on the intelligent chip 105.Again for example, the agency on main frame 206 can require the user to utilize password to login.Intelligent chip 105 can be used for verifying password before the SUT that agents 206 is asked uses 204.Intelligent chip 105 can also provide password authentication (for example to the application that moves at SUT, be used for the entry password, Internet Web Site ID/password of e-mail applications and to the authentication of bank or payment Web website, and other application that requires password authentication).
In another embodiment, near-field communication (" NFC ") reader/writer chip 106 can be realized as SUT.NFC chip 106 can allow SUT use 204 usefulness for example the EMV bank card realize bank transaction.The EMV card that is placed on the SUT can communicate via NFC chip 106 and the application 204 that moves at SUT.(for example carrying out bank transaction when using 204, payment, transfer of financial resources etc.) time, host server (for example, the Internet bank/secure payment server) can be by sending the authenticity that authentication checks this card via NFC chip 106 to the EMV card.
The detailed realization of system
In a preferred embodiment, processor, ARM cortex A8 move application processor and are used to make up SUT with flash memory and RAM.This design is not restricted to this MCU.In another embodiment, Linux is used to SUT OS.
For example, realize that at Linux OS the X Window client brings in for the application 204 that moves at SUT, in order to connect 209 (it is for the host PC of moving the agency with X server 214 abilities) via USB, will show with transmission to agency 206 for the figure of using 204.X client 215 can be moved at SUT, because it does not present the Graphics Application user interface, and thereby has reduced the work load of SUT processor.This can reduce the realization cost, because it allows the SUT processor not have graphics hardware accelerator.The application 204 that moves at SUT sends graphical user interface (" GUI ") order to X client 215, and X client 215 sends it to agency 206 on the host PC via the USB channel.The agency has realized X server 214 abilities and has carried out figure in host PC presenting.Therefore SUT can utilize the existing graphics display capability of host PC to realize that heavy figure presents.Application 204 can be mapped to its display window size the size of the window of being opened by the agency 206 on the main process equipment 201.Window on the main process equipment can be resized, and agency new size can be sent to X client 215, X client 215 can be readjusted size in order to be matched with host display to it.
The agency can move at the PC main frame, and wherein, PC can be operation Microsoft OS, any personal computer, any PC of MAC OS, clipboard or the smart phone with display, user input and usb host ability.
In a preferred embodiment, when agency window when host PC is in activity, the X server 214 usefulness transmissions that all user input (for example, keyboard, mouse) will be acted on behalf of are to X client 215, and then are transferred to the application that moves at SUT.Between the agency on SUT and the main frame all communicate by letter all can be encrypted to prevent that grouping from smelling spy.
The example that SUT uses
SUT is the most suitable such as following application: Web browser, Email, perhaps often by virus, keystroke logger, spyware etc. for other application.Be applied on processor/storer of SUT and move, and do not move in host PC.Application on SUT does not stay trace at PC, because it is all encrypted to enter or leave all data of SUT.The application code of SUT is safe, and can't be modified, because main frame can not be accessed the file system of SUT.In a further embodiment, by directly presenting and do not present at the main frame frame buffer at graphics card, act on behalf of X server 214 and can make keystroke virus (keystroke virus) more be difficult to carry out screen capture.
Although in some embodiment, described various aspects of the present invention, but can make a large amount of changes, variation, change, conversion, modification so that those skilled in the art obtains suggestion, and the present invention is intended to contain such change, variation, change, conversion, modification, because they have fallen within the spirit and scope of claims.
Claims (41)
1. system that be used for to realize security token, described system comprises:
Security token, it comprises:
First processor;
First memory, described first memory is coupled to described first processor;
The first communication port, described the first communication port is coupled to described first processor;
Safety element, described safety element is coupled to described first processor, is used for realizing security context;
In one or more application that described first memory is stored, described one or more application are suitable for moving at described first memory and described first processor; And
Main process equipment, it comprises:
The second processor;
Second memory, described second memory are coupled to described the second processor;
Second communication port, described second communication port are coupled to described the second processor and described the first communication port;
The agency who shows at described main process equipment;
Wherein, described agency is enabled in the one or more described application of storing in the described first memory on the described security token, and wherein, and described agency prevents that described main process equipment from accessing described first memory.
2. system according to claim 1, wherein, described security token depends on USB Dongle form factor.
3. system according to claim 1, wherein, described security token uses with lower and one or more graph command is sent to described main process equipment: OpenGL, XGL, CGL, WGL or other agreement.
4. system according to claim 1, wherein, described security token is suitable for showing about with lower one or more data: personal computer, clipboard, TV, digital album (digital photo frame) or smart phone.
5. system according to claim 1, wherein, described communication port is with lower one or more: USB, live wire, near-field communication, perhaps for the network connection of described main process equipment.
6. system according to claim 1, wherein, described security token comprises near field communications element.
7. system according to claim 1, wherein, the data of storing at described safety element comprise: the tabulation of key, password, the executable file ratified, perhaps data encryption algorithm.
8. system according to claim 1, wherein, described security token is used with lower and is one or morely communicated with described main process equipment: VPN, SSL or other encryption.
9. system according to claim 1, wherein, described agency is stored on the described security token.
10. system according to claim 1, wherein, described agency's operation is from described security token.
11. system according to claim 1, wherein, described main process equipment is with lower one or more: personal computer, clipboard, TV, digital album (digital photo frame) or smart phone.
12. system according to claim 1, wherein, described main process equipment comprises input equipment, and described input equipment comprises with lower one or more: keyboard, operating rod, mouse, key plate, touch-screen, button, trace ball, remote control or loudspeaker.
13. one kind is used for the security token communicate by letter with main process equipment, described security token comprises:
Processor;
Storer, described storer is coupled to described processor;
Communication port, described communication port are coupled to described processor and described main frame;
Safety element, described safety element is coupled to described processor, is used for realizing security context; And
In one or more application that described storer is stored, described one or more application are suitable for moving at described storer and processor;
Wherein, the agency is enabled in the one or more described application of storing on the described token, and wherein, described agency prevents described main process equipment access token storer.
14. security token according to claim 13, wherein, described security token depends on USB Dongle form factor.
15. security token according to claim 13, wherein, described security token is used with lower and one or more graph command is sent to described main process equipment: OpenGL, XGL, CGL, WGL or other agreement.
16. security token according to claim 13, wherein, described security token is suitable for showing about with lower one or more data: personal computer, clipboard, TV, digital album (digital photo frame) or smart phone.
17. security token according to claim 13, wherein, described communication port is with lower one or more: USB, live wire, near-field communication, and perhaps for the network connection of described main process equipment.
18. security token according to claim 13, wherein, described security token comprises near field communications element.
19. security token according to claim 13, wherein, the data of storing at described safety element comprise: the tabulation of key, password, the executable file ratified, perhaps data encryption algorithm.
20. security token according to claim 13, wherein, described security token is used with lower one or more next and described main process equipment and is communicated: VPN, SSL or other encryption.
21. security token according to claim 13, wherein, described agency is stored on the described security token.
22. security token according to claim 13, wherein, described agency's operation is from described security token.
23. one kind is used for being implemented in the main process equipment that storer has been stored the security token of using, system comprises main process equipment, and described main process equipment comprises:
Processor;
Storer, described storer is coupled to described processor;
Communication port, described communication port are coupled to described processor and described token; And
The agency who shows at described main process equipment;
Wherein, described agency is enabled in the one or more described application of storing in the described token store device, and wherein, and described agency prevents that described main process equipment from accessing described token store device.
24. main process equipment according to claim 23, wherein, described main process equipment is with lower one or more: personal computer, clipboard, TV, digital album (digital photo frame) or smart phone.
25. main process equipment according to claim 23, wherein, described main process equipment is used with lower one or more next and described security token and is communicated: USB, live wire, near-field communication or network connection.
26. main process equipment according to claim 23, wherein, described main process equipment is used with lower one or more next and described security token and is communicated: VPN, SSL or other encryption.
27. main process equipment according to claim 23, wherein, described main process equipment comprises input equipment, and described input equipment comprises with lower one or more: keyboard, operating rod, mouse, key plate, touch-screen, button, trace ball, remote control or loudspeaker.
28. the method for the security token of realizing communicating by letter with main process equipment, described method comprises:
The one or more application of storer storage at described token;
Transmit the instruction that is used for showing at main process equipment one or more agencies;
Receive the instruction that is used for being enabled in the one or more application on the described token from described main process equipment; And
Reception prevents that described main process equipment from accessing the instruction of described token store device.
29. method according to claim 28, wherein, described security token depends on USB Dongle form factor.
30. method according to claim 28, wherein, described security token is used with lower and one or more graph command is sent to described main process equipment: OpenGL, XGL, CGL, WGL or other agreement.
31. method according to claim 28, wherein, described security token is suitable for showing about with lower one or more data: personal computer, clipboard, TV, digital album (digital photo frame) or smart phone.
32. method according to claim 28, wherein, described main process equipment is with lower one or more: personal computer, clipboard, TV, digital album (digital photo frame) or smart phone.
33. method according to claim 28, wherein, described token comprises for the safety element of realizing security context.
34. method according to claim 33, wherein, the data of storing at described safety element comprise: the tabulation of key, password, the executable file ratified, perhaps data encryption algorithm.
35. method according to claim 28, wherein, described security token is used with lower one or more next and described main process equipment and is communicated: VPN, SSL or other encryption.
36. method according to claim 28, wherein, described agency is stored on the described security token.
37. method according to claim 28, wherein, described agency's operation is from described security token.
38. method according to claim 28, wherein, described security token is via with lower one or more communicating: USB, live wire, near-field communication, and perhaps for the network connection of described main process equipment.
39. method according to claim 28, wherein, described security token comprises near field communications element.
40. method according to claim 28, wherein, described main process equipment comprises input equipment, and described input equipment comprises with lower one or more: keyboard, operating rod, mouse, key plate, touch-screen, button, trace ball, remote control or loudspeaker.
41. a system that is used for realizing security token, described system comprises:
Security token, it comprises:
Be used for moving the device of one or more application;
Be used for the device that communicates with main process equipment;
Be used for realizing the device of security context; And
Main process equipment, it comprises:
Be used for the device that operation is used;
Be used for the device that communicates with security token;
Be used for showing agency's device, described agency can be enabled in the one or more described application of storing on the described token; And
Access the device of the storer of described token for preventing described main process equipment.
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201161628092P | 2011-10-24 | 2011-10-24 | |
| US61/628,092 | 2011-10-24 | ||
| US13/373,955 US20130104220A1 (en) | 2011-10-24 | 2011-12-06 | System and method for implementing a secure USB application device |
| US13/373,955 | 2011-12-06 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103065085A true CN103065085A (en) | 2013-04-24 |
Family
ID=48107713
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201210050029 Pending CN103065085A (en) | 2011-10-24 | 2012-02-29 | System and method for implementing a secure USB application device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103065085A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455747A (en) * | 2013-06-20 | 2013-12-18 | 珠海亿联图灵信息技术有限公司 | USB interface token terminal and communication method thereof with host |
| CN105306488A (en) * | 2015-11-19 | 2016-02-03 | 邓苏湘 | Device and method for improving operation safety of mobile equipment |
| CN110780962A (en) * | 2019-10-15 | 2020-02-11 | 四川长虹电器股份有限公司 | Application window title bar and window control display method in X window manager |
-
2012
- 2012-02-29 CN CN 201210050029 patent/CN103065085A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455747A (en) * | 2013-06-20 | 2013-12-18 | 珠海亿联图灵信息技术有限公司 | USB interface token terminal and communication method thereof with host |
| CN105306488A (en) * | 2015-11-19 | 2016-02-03 | 邓苏湘 | Device and method for improving operation safety of mobile equipment |
| CN110780962A (en) * | 2019-10-15 | 2020-02-11 | 四川长虹电器股份有限公司 | Application window title bar and window control display method in X window manager |
| CN110780962B (en) * | 2019-10-15 | 2022-02-01 | 四川长虹电器股份有限公司 | Application window title bar and window control display method in X window manager |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8448226B2 (en) | Coordinate based computer authentication system and methods | |
| US20130104220A1 (en) | System and method for implementing a secure USB application device | |
| US8806652B2 (en) | Privacy from cloud operators | |
| US20220092595A1 (en) | Secure in-line payments for rich internet applications | |
| US11797636B2 (en) | Intermediary server for providing secure access to web-based services | |
| US20120240224A1 (en) | Security systems and methods for distinguishing user-intended traffic from malicious traffic | |
| US9270644B2 (en) | Thwarting keyloggers using proxies | |
| Jang et al. | Gyrus: A Framework for User-Intent Monitoring of Text-based Networked Applications. | |
| CN101821715A (en) | System and method for browser-based access to smart cards | |
| US20110202762A1 (en) | Method and apparatus for carrying out secure electronic communication | |
| US9208489B2 (en) | System for secure web-prompt processing on point sale devices | |
| CN109644196A (en) | Message protection | |
| US20140208225A1 (en) | Managing sensitive information | |
| Fernandes et al. | Tivos: Trusted visual i/o paths for android | |
| CN103065085A (en) | System and method for implementing a secure USB application device | |
| EP3841731B1 (en) | Securing sensitive user data across hardware and software components having unbalanced trust levels | |
| EP2521994B1 (en) | Authentication of transactions in a network | |
| US20230004638A1 (en) | Redirection of attachments based on risk and context | |
| Chang | The study on end-to-end security for ubiquitous commerce | |
| JP7118044B2 (en) | INTERNET SYSTEM AND METHODS THAT THE INTERNET SYSTEM PERFORMS | |
| AU2013100799A4 (en) | Secure in-line payments for rich internet applications | |
| CN103455747A (en) | USB interface token terminal and communication method thereof with host | |
| Langweg et al. | Extending the Trusted Path in Client-Server Interaction | |
| KR20090095941A (en) | System and Method for Processing Non-Faced Financial Transaction Channel using Virtual Key and Recording Medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130424 |