CN105678165A - Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system - Google Patents
Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system Download PDFInfo
- Publication number
- CN105678165A CN105678165A CN201610064397.XA CN201610064397A CN105678165A CN 105678165 A CN105678165 A CN 105678165A CN 201610064397 A CN201610064397 A CN 201610064397A CN 105678165 A CN105678165 A CN 105678165A
- Authority
- CN
- China
- Prior art keywords
- user
- module
- encryption
- sandbox
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The invention relates to a sandboxing keyboard system of a mobile terminal and a data transmitting method of the sandboxing keyboard system, and belongs to the technical field of mobile internet security. According to the data transmitting method, an original keyboard of a system is not used but a sandbox technology is adopted to design a user-defined user keyboard to record user input; the purpose of using the sandbox technology is to isolate user input from other operating software on equipment temporarily, so as to ensure that input data are not exposed to malicious software in the equipment and prevent malicious programs from recording keyboard input in the process; received user input is transmitted through a special encrypted channel, a user can define an encryption mode, an encryption key and the like by self, or user-defined confusion and interference modes can be added, and then input information can be prevented from being broken by the malicious software.
Description
Technical field
The invention belongs to mobile Internet network security technology area, be specifically related to sandbox keyboard system and the data transmission method thereof of a kind of mobile terminal.
Background technology
In prior art, at PC end, there is this instrument of KeyDefender, its function is that protection user prevents by keyboard logging software record input through keyboard, this input through keyboard protection instrument carries out data transmission not in use by former input channel, but open special encryption input channel for user, when user is by key in data, KeyDefender to after input information encryption by this channel transfer to target program, this instrument also can discharge disturbance value simultaneously, make various keyboard logging software cannot obtain any information that user is harmful to, protection user's safety when information various with input through keyboard.
In mobile equipment end, conventional method is first input through keyboard to be encrypted, then sends the content after encryption to target program; Also having a kind of technology is redesign hardware so that rogue program cannot obtain the input information of user by operating in kernel state.
These technology have certain defect, the technology that KeyDefender instrument adopts, it does not have consider the safety of instrument self, and usable range is too little; First encrypting the technology retransmited, information is easily intercepted and cracks, and can not prevent the record that user inputs by the Malware operating on equipment; Redesign hardware then too loaded down with trivial details; Additionally, some common safety keyboards, usually having use scope too small, the data form of protection is too single, can only protect short pure digi-tal password, these problems.
Sandboxing: sandbox (sandbox is translated into again sandbox) is a kind of security mechanism, for the isolation environment that active program provides; Sandbox generally strictly controls the resource that program therein can access, and such as, sandbox can provide with the rear disk namely reclaimed and space; In sandbox, network access, the access to real system, the reading to input equipment are generally strictly prohibited or strictly limit; From this angle, sandbox belongs to virtualized one;At present, Sandboxing is mainly widely used in test by computer technician and is likely to the program with poison or other malicious code, is not applied in mobile equipment end keyboard input technology.
Summary of the invention
For the deficiencies in the prior art; the present invention proposes sandbox keyboard system and the data transmission method thereof of a kind of mobile terminal; to reach to meet the protection of the user input data to multiple format, raising mobile terminal APP and server end carry out the purpose of data interaction safety.
A kind of sandbox keyboard system of mobile terminal, this system includes sandbox module, and described sandbox module includes self-defining key disk module and module is obscured in encryption, wherein,
Self-defining key disk module: when receiving data transfer request, is used for obtaining user input data, and transmission is obscured in module to encryption;
Module is obscured in encryption: for according to encryption obfuscated manner self-defining between target APP and destination server, the input data of user being encrypted and obscured process accordingly, then the ciphertext data that adds after processing is sent to destination server. This system is arranged in mobile terminal with the form of APP, and with target APP application with the use of.
The data transmission method adopting the sandbox keyboard system of mobile terminal to carry out, comprises the following steps:
Step 1, when target APP need obtain user input data and send to destination server time, startup sandbox module;
Step 2, target APP and user are inputted between data transmission channel cut off, and open the data channel between sandbox module and user's input;
Step 3, employing self-defining key disk module obtain user input data;
Step 4, according to encryption obfuscated manner self-defining between target APP and destination server, encryption is obscured module and the input data of user is encrypted and obscured process accordingly, then the ciphertext data that adds after processing is sent to destination server;
Step 5, destination server receive the data of encryption, it is carried out corresponding decryption processing, obtains being originally inputted of user.
The invention have the advantages that
The present invention proposes sandbox keyboard system and the data transmission method thereof of a kind of mobile terminal, and the method does not adopt the primary keyboard of system, but utilizes Sandboxing to design self-defining user's keyboard, record user's input; The purpose utilizing Sandboxing is user to input other operation software temporarily and on equipment and keeps apart, it is ensured that input data are not exposed under the Malware on equipment, it is prevented that the rogue program record to input through keyboard in this process; The user's input collected, is transmitted by special encrypted tunnel, and user can Custom Encryption mode, encryption key etc., it is also possible to adds and self-defining obscures and conflicting mode, it is prevented that Malware cracks input information;
Adopting the present invention, also can be blocked in outside sandbox even if there is Malware; Self-defining keyboard can meet different mobile terminal APP demands, it is possible to meets the protection of the user input data to multiple format; Self-defining encryption obfuscated manner, it is possible to be greatly reinforced mobile terminal APP and server end carries out the safety of data interaction; Comparing the single cipher mode of employing, this way can reduce user's input well and be intercepted the risk of decoding, it is also possible to meet the demand of different types of user.
Accompanying drawing explanation
Fig. 1 is the sandbox keyboard system structured flowchart of the mobile terminal of an embodiment of the present invention;
Fig. 2 is the data transmission method flow chart that carries out of sandbox keyboard system adopting mobile terminal of an embodiment of the present invention.
Detailed description of the invention
Below in conjunction with accompanying drawing, an embodiment of the present invention is described further.
In the embodiment of the present invention, as it is shown in figure 1, the sandbox keyboard system of mobile terminal is arranged in mobile terminal with the form of APP, and with target APP application with the use of; This system includes sandbox module, and described sandbox module includes self-defining key disk module and module is obscured in encryption, and wherein, self-defining key disk module, when receiving data transfer request, is used for obtaining user input data, and transmission is obscured in module to encryption; Encryption obscures module for according to encryption obfuscated manner self-defining between target APP and destination server, the input data of user being encrypted and obscured process accordingly, then the ciphertext data that adds after processing is sent to destination server.
In the embodiment of the present invention, adopting the data transmission method that the sandbox keyboard system of mobile terminal carries out, method flow diagram is as in figure 2 it is shown, comprise the following steps:
Step 1, when target APP need obtain user input data and send to destination server time, startup sandbox module;
In the embodiment of the present invention, when practical operation is the information that input logs in the need for confidentiality such as password, password of the online bank, Alipay password, personal information, APP sends a request to sandbox module, starts sandbox module;
Step 2, target APP and user are inputted between data transmission channel cut off, and open the data channel between sandbox module and user's input;
In the embodiment of the present invention, Sandboxing is used this module to be placed in a restricted system environments, control the resource (such as filec descriptor, internal memory, disk space) of its use, can ensure that any one software that input data are not exposed on equipment, also would not be obtained by Malware.
Step 3, employing self-defining key disk module obtain user input data;
In the embodiment of the present invention, sandbox module opens customizing keyboard, user in the input of customizing keyboard by sandbox module record; In this step, Sandboxing can accomplish that any process operated on equipment all can not obtain being originally inputted of user by the isolation of other any modules on sandbox module and equipment.
In the embodiment of the present invention, the design of customizing keyboard is diversified, it is possible to be large-scale keyboard and the NumberPad keyboard of similar PC keyboard; It can also be a pure hand-written module; Can also be made up of numeral and letter, constantly there is the complete customizing keyboard of change at random in position.
Step 4, according to encryption obfuscated manner self-defining between target APP and destination server, encryption is obscured module and the input data of user is encrypted and obscured process accordingly, then the ciphertext data that adds after processing is sent to destination server;
In the embodiment of the present invention, the encryption Obfuscating Algorithms adopted is very flexible, both can use some common, ripe symmetric cryptography and rivest, shamir, adelmans, it is possible to use self-defining encryption Obfuscating Algorithms; Current sphere of learning has many cipher modes towards different platform, different system, encryption can be used in and obscure in module;
In the embodiment of the present invention, mobile APP end and the server end meeting good communication protocol of designed in advance, including concrete encryption obfuscated manner, key, data form, data transmission channel etc., ensure that server end is after obtaining the data (data that module sends are obscured in namely encryption) that the transmission of mobile APP end comes, it is possible to arrive being originally inputted of user smoothly;And these agreements will not known to outside, even if the data after encryption are intercepted, Malware also cannot obtain being originally inputted of user.
Step 5, destination server receive the data of encryption, it is carried out corresponding decryption processing, obtains being originally inputted of user.
In the embodiment of the present invention, the precondition of this step is the agreement that data communication has been reached in server end and mobile terminal, distribution, exchanged key and data format information.
Claims (3)
1. the sandbox keyboard system of a mobile terminal, it is characterised in that this system includes sandbox module, and described sandbox module includes self-defining key disk module and module is obscured in encryption, wherein,
Self-defining key disk module: when receiving data transfer request, is used for obtaining user input data, and transmission is obscured in module to encryption;
Module is obscured in encryption: for according to encryption obfuscated manner self-defining between target APP and destination server, the input data of user being encrypted and obscured process accordingly, then the ciphertext data that adds after processing is sent to destination server.
2. the sandbox keyboard system of mobile terminal according to claim 1, it is characterised in that this system is arranged in mobile terminal with the form of APP, and with target APP application with the use of.
3. adopt the data transmission method that the sandbox keyboard system of the mobile terminal described in claim 1 carries out, it is characterised in that comprise the following steps:
Step 1, when target APP need obtain user input data and send to destination server time, startup sandbox module;
Step 2, target APP and user are inputted between data transmission channel cut off, and open the data channel between sandbox module and user's input;
Step 3, employing self-defining key disk module obtain user input data;
Step 4, according to encryption obfuscated manner self-defining between target APP and destination server, encryption is obscured module and the input data of user is encrypted and obscured process accordingly, then the ciphertext data that adds after processing is sent to destination server;
Step 5, destination server receive the data of encryption, it is carried out corresponding decryption processing, obtains being originally inputted of user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610064397.XA CN105678165A (en) | 2016-01-29 | 2016-01-29 | Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610064397.XA CN105678165A (en) | 2016-01-29 | 2016-01-29 | Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105678165A true CN105678165A (en) | 2016-06-15 |
Family
ID=56304393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610064397.XA Pending CN105678165A (en) | 2016-01-29 | 2016-01-29 | Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105678165A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529353A (en) * | 2016-10-26 | 2017-03-22 | 努比亚技术有限公司 | Method and apparatus for performing anti-eavesdropping processing on key input information |
| CN107832105A (en) * | 2017-11-24 | 2018-03-23 | 南昌黑鲨科技有限公司 | A kind of application program launching method, starter and computer-readable recording medium |
| CN109260701A (en) * | 2018-07-10 | 2019-01-25 | 广州小鸡快跑网络科技有限公司 | A kind of conversion method and device of Android system standard incoming event |
| CN109726593A (en) * | 2018-12-31 | 2019-05-07 | 联动优势科技有限公司 | A kind of implementation method and device of data sandbox |
| CN111193740A (en) * | 2019-12-31 | 2020-05-22 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1766920A (en) * | 2005-11-01 | 2006-05-03 | 广州好易联支付网络有限公司 | On-line safety payment system |
| CN102184372A (en) * | 2011-05-27 | 2011-09-14 | 北京洋浦伟业科技发展有限公司 | Reverse-sandbox-based mobilephone payment protection method |
| CN102195940A (en) * | 2010-03-12 | 2011-09-21 | 北京路模思科技有限公司 | Virtual-machine-technology-based data security input and submission method and system |
| CN103532927A (en) * | 2013-07-30 | 2014-01-22 | 北京中科金财科技股份有限公司 | Financial cloud safety service platform based on mobile terminal and data protection method |
| CN104021168A (en) * | 2011-12-28 | 2014-09-03 | 北京奇虎科技有限公司 | Method and device for browsing webpage |
| CN104933361A (en) * | 2015-06-05 | 2015-09-23 | 浪潮电子信息产业股份有限公司 | Device and method for protecting login password |
| US20150347747A1 (en) * | 2014-05-28 | 2015-12-03 | Apple Inc. | Sandboxing third party components |
-
2016
- 2016-01-29 CN CN201610064397.XA patent/CN105678165A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1766920A (en) * | 2005-11-01 | 2006-05-03 | 广州好易联支付网络有限公司 | On-line safety payment system |
| CN102195940A (en) * | 2010-03-12 | 2011-09-21 | 北京路模思科技有限公司 | Virtual-machine-technology-based data security input and submission method and system |
| CN102184372A (en) * | 2011-05-27 | 2011-09-14 | 北京洋浦伟业科技发展有限公司 | Reverse-sandbox-based mobilephone payment protection method |
| CN104021168A (en) * | 2011-12-28 | 2014-09-03 | 北京奇虎科技有限公司 | Method and device for browsing webpage |
| CN103532927A (en) * | 2013-07-30 | 2014-01-22 | 北京中科金财科技股份有限公司 | Financial cloud safety service platform based on mobile terminal and data protection method |
| US20150347747A1 (en) * | 2014-05-28 | 2015-12-03 | Apple Inc. | Sandboxing third party components |
| CN104933361A (en) * | 2015-06-05 | 2015-09-23 | 浪潮电子信息产业股份有限公司 | Device and method for protecting login password |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106529353A (en) * | 2016-10-26 | 2017-03-22 | 努比亚技术有限公司 | Method and apparatus for performing anti-eavesdropping processing on key input information |
| CN107832105A (en) * | 2017-11-24 | 2018-03-23 | 南昌黑鲨科技有限公司 | A kind of application program launching method, starter and computer-readable recording medium |
| WO2019100897A1 (en) * | 2017-11-24 | 2019-05-31 | 南昌黑鲨科技有限公司 | Application program starting method and starting apparatus, and computer readable storage medium |
| CN107832105B (en) * | 2017-11-24 | 2022-02-15 | 南昌黑鲨科技有限公司 | Application program starting method, starting device and computer readable storage medium |
| CN109260701A (en) * | 2018-07-10 | 2019-01-25 | 广州小鸡快跑网络科技有限公司 | A kind of conversion method and device of Android system standard incoming event |
| CN109726593A (en) * | 2018-12-31 | 2019-05-07 | 联动优势科技有限公司 | A kind of implementation method and device of data sandbox |
| CN111193740A (en) * | 2019-12-31 | 2020-05-22 | 苏宁金融科技(南京)有限公司 | Encryption method, device, decryption method, computer device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11075955B2 (en) | Methods and systems for use in authorizing access to a networked resource | |
| KR100861104B1 (en) | Apparatus and method for preservation of usb keyboard | |
| US8261091B2 (en) | Solid-state memory-based generation and handling of security authentication tokens | |
| US9672360B2 (en) | Secure computer architectures, systems, and applications | |
| RU2371756C2 (en) | Safety connection to keyboard or related device | |
| KR100334720B1 (en) | Adapter Having Secure Function and Computer Secure System Using It | |
| US9092628B2 (en) | Secure computer architectures, systems, and applications | |
| EP2795829B1 (en) | Cryptographic system and methodology for securing software cryptography | |
| CN105678165A (en) | Sandboxing keyboard system of mobile terminal and data transmitting method of sandboxing keyboard system | |
| US20080109903A1 (en) | Secure co-processing memory controller integrated into an embedded memory subsystem | |
| CN102034039B (en) | Method and apparatus for allowing software access to navigational data in a decrypted media stream while protecting stream payloads | |
| CN103930899A (en) | A method for managing public and private data input at a device | |
| US11856101B2 (en) | Remote secured terminal | |
| CN109558739B (en) | Program running method and device, terminal and readable medium | |
| CN111475832B (en) | Data management method and related device | |
| US20090064273A1 (en) | Methods and systems for secure data entry and maintenance | |
| CN105975867A (en) | Data processing method | |
| US20180144142A1 (en) | Secure Data Protection and Encryption Techniques for Computing Devices and Information Storage | |
| US11689551B2 (en) | Automatic identification of applications that circumvent permissions and/or obfuscate data flows | |
| KR101737747B1 (en) | Improving tamper resistance of aggregated data | |
| CN108154037A (en) | Data transmission method and device between process | |
| CN111475844A (en) | Data sharing method, device, equipment and computer readable storage medium | |
| KR102474901B1 (en) | A bluetooth network generating method authenticating the authtentication code generated based on post quantum cryptography algorithm and a bluetooth network operating system performing the same | |
| KR102474897B1 (en) | A virtual private network generating method providing the virtual private network by exchanging encapsulated key based on post quantum cryptography algorithm and a virtual private network operating system performing the same | |
| US11847237B1 (en) | Secure data protection and encryption techniques for computing devices and information storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160615 |
|
| WD01 | Invention patent application deemed withdrawn after publication |