CN108334794B - Information input encryption method and system for information input equipment - Google Patents
Information input encryption method and system for information input equipment Download PDFInfo
- Publication number
- CN108334794B CN108334794B CN201711463018.5A CN201711463018A CN108334794B CN 108334794 B CN108334794 B CN 108334794B CN 201711463018 A CN201711463018 A CN 201711463018A CN 108334794 B CN108334794 B CN 108334794B
- Authority
- CN
- China
- Prior art keywords
- information input
- key
- key value
- triggered
- input device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention provides an information input encryption method and system for information input equipment, wherein the method comprises the following steps: in the encryption mode, a security chip of the information input equipment acquires a second key value generated by the triggered key, and encrypts the second key value to obtain a second key value ciphertext; calling a second communication interface to send an operation request to the cloud server, wherein the operation request comprises a second key value ciphertext; the cloud server decrypts the second key value ciphertext to obtain a second key value; determining a keyboard event corresponding to the second key value; executing the keyboard event to obtain keyboard event execution result information; encrypting the keyboard event execution result information to obtain a keyboard event execution result information ciphertext; sending an operation response to the information input device, wherein the operation response comprises a keyboard event execution result information ciphertext; the security chip decrypts the keyboard event execution result information ciphertext to obtain keyboard event execution result information; and determining information to be displayed, and controlling a display screen to display the information to be displayed.
Description
Technical Field
The invention relates to the technical field of electronics, in particular to an information input encryption method and system for information input equipment.
Background
With the rapid development of electronic offices, more and more people rely on keyboards to input information, and in the prior art, information input through a common keyboard is easily attacked by malicious programs such as trojans or viruses, so that the information input through the keyboard is in an unsafe environment, and how to improve the safety of the information input through the keyboard is a problem which needs to be solved urgently.
Disclosure of Invention
The present invention is directed to solving the above problems.
The invention mainly aims to provide an information input encryption method for an information input device;
it is another object of the present invention to provide an information input encryption system for an information input device.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
one aspect of the present invention provides an information input encryption method for an information input device, including: in a common mode, a security chip of information input equipment detects whether a first communication interface receives an instruction sent by an upper computer, judges whether the instruction is a first mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controls the information input equipment to be switched to an encryption mode when judging that the instruction is the first mode switching instruction; or, in a normal mode, a security chip of the information input device detects whether a key of the information input device is triggered, acquires a key value generated by the triggered key when the key of the information input device is detected to be triggered, judges whether the key value generated by the triggered key is a first key value, and controls the information input device to switch to an encryption mode when the key value generated by the triggered key is judged to be the first key value; in an encryption mode, a security chip of the information input equipment detects whether a key of the information input equipment is triggered; when the security chip of the information input equipment detects that the key of the information input equipment is triggered, acquiring a second key value generated by the triggered key and acquiring a security key at the information input equipment side; the security chip of the information input equipment encrypts the second key value by using the security key at the information input equipment side to obtain a second key value ciphertext; a security chip of the information input device calls a second communication interface to send an operation request to a cloud server, wherein the operation request comprises the second key value ciphertext; the cloud server receives the operation request sent by the information input equipment; the cloud server acquires a cloud server side security key corresponding to the information input equipment; the cloud server decrypts the second key value ciphertext by using the security key at the cloud server side to obtain the second key value; the cloud server determines a keyboard event corresponding to the second key value; the cloud server executes the keyboard event to obtain keyboard event execution result information; the cloud server encrypts the keyboard event execution result information by using the cloud server side security key to obtain a keyboard event execution result information ciphertext; the cloud server sends an operation response to the information input device, wherein the operation response comprises the keyboard event execution result information ciphertext; the security chip of the information input device detects whether the second communication interface receives the operation response sent by the cloud server; when the security chip of the information input equipment receives the operation response sent by the cloud server, the security key at the information input equipment side is used for decrypting the keyboard event execution result information ciphertext to obtain the keyboard event execution result information; and the safety chip of the information input equipment determines information to be displayed according to the keyboard event execution result information and controls a display screen to display the information to be displayed.
In addition, the method further comprises the following steps: in the encryption mode, a security chip of the information input equipment detects whether a first communication interface receives an instruction sent by an upper computer, judges whether the instruction is a second mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controls the information input equipment to be switched to a common mode when judging that the instruction is the second mode switching instruction; or, in the encryption mode, the security chip of the information input device detects whether the key of the information input device is triggered, acquires a key value generated by the triggered key when detecting that the key of the information input device is triggered, judges whether the key value generated by the triggered key is a third key value, and controls the information input device to switch to a normal mode when judging that the key value generated by the triggered key is the third key value.
In addition, acquiring a key value generated by the triggered key specifically includes: obtaining key value combinations generated by a plurality of keys pressed simultaneously; alternatively, a single key value generated by a single key pressed is obtained.
Another aspect of the present invention provides a cloud mode encryption system, including: the information input device is provided with a security chip; the safety chip of the information input equipment is used for detecting whether a first communication interface receives an instruction sent by an upper computer in a common mode, judging whether the instruction is a first mode switching instruction or not when detecting that the first communication interface receives the instruction sent by the upper computer, and controlling the information input equipment to be switched to an encryption mode when judging that the instruction is the first mode switching instruction; or, the encryption control module is configured to detect whether a key of the information input device is triggered in a normal mode, acquire a key value generated by the triggered key when the key of the information input device is detected to be triggered, determine whether the key value generated by the triggered key is a first key value, and control the information input device to switch to an encryption mode when the key value generated by the triggered key is determined to be the first key value; detecting whether a key of the information input device is triggered or not in an encryption mode; when detecting that the key of the information input equipment is triggered, acquiring a second key value generated by the triggered key and acquiring a security key at the information input equipment side; encrypting the second key value by using the information input equipment side security key to obtain a second key value ciphertext; calling a second communication interface to send an operation request to a cloud server, wherein the operation request comprises the second key value ciphertext; the cloud server is used for receiving the operation request sent by the information input equipment; acquiring a cloud server side security key corresponding to the information input equipment; decrypting the second key value ciphertext by using the security key at the cloud server side to obtain a second key value; determining a keyboard event corresponding to the second key value; executing the keyboard event to obtain keyboard event execution result information; encrypting the keyboard event execution result information by using the cloud server side security key to obtain a keyboard event execution result information ciphertext; sending an operation response to the information input device, wherein the operation response comprises the keyboard event execution result information ciphertext; the security chip of the information input device is further configured to detect whether the second communication interface receives the operation response sent by the cloud server; when the operation response sent by the cloud server is received, decrypting the keyboard event execution result information ciphertext by using the information input device side security key to obtain the keyboard event execution result information; and determining information to be displayed according to the keyboard event execution result information, and controlling a display screen to display the information to be displayed.
In addition, the security chip of the information input device is further configured to detect whether a first communication interface receives an instruction sent by an upper computer in the encryption mode, judge whether the instruction is a second mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and control the information input device to switch to a normal mode when judging that the instruction is the second mode switching instruction; or, the security chip of the information input device is further configured to detect whether a key of the information input device is triggered in the encryption mode, acquire a key value generated by the triggered key when the key of the information input device is detected to be triggered, determine whether the key value generated by the triggered key is a third key value, and control the information input device to switch to the normal mode when the key value generated by the triggered key is determined to be the third key value.
In addition, the security chip of the information input device is specifically configured to obtain a second key value generated by the triggered key through the following method: obtaining key value combinations generated by a plurality of keys pressed simultaneously; alternatively, a single key value generated by a single key pressed is obtained.
According to the technical scheme provided by the invention, the key detection is carried out by the security chip of the information input equipment, the key detection security is improved, all keys triggered by the information input equipment are sent to the cloud server after being encrypted, the cloud server executes the keyboard event corresponding to the triggered key and returns the keyboard event execution result information to the information input equipment after encrypting the keyboard event execution result information, and the key value generated by the triggered key and the keyboard event execution result information are encrypted and transmitted, so that the security of key value and keyboard event execution result information transmission is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of an information input encryption method for an information input device according to embodiment 1 of the present invention;
fig. 2 is a schematic structural diagram of an information input encryption system for an information input device according to embodiment 1 of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Embodiments of the present invention will be described in further detail below with reference to the accompanying drawings.
Example 1
The embodiment provides an information input encryption method for an information input device, as shown in fig. 1, comprising the following steps:
101. in a common mode, a security chip of information input equipment detects whether a first communication interface receives an instruction sent by an upper computer, judges whether the instruction is a first mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controls the information input equipment to be switched to an encryption mode when judging that the instruction is the first mode switching instruction; or, in a normal mode, a security chip of the information input device detects whether a key of the information input device is triggered, acquires a key value generated by the triggered key when the key of the information input device is detected to be triggered, judges whether the key value generated by the triggered key is a first key value, and controls the information input device to switch to an encryption mode when the key value generated by the triggered key is judged to be the first key value;
as an optional implementation structure of the information input device of the present invention, it may include: (1) manufacturing a keyboard with a new structure, wherein keys, a display screen, a communication interface and the like of a common keyboard are arranged on a shell of the keyboard, and a security chip is arranged in the shell of the keyboard; (2) the information input device comprises a common keyboard, a safety chip, a safety device and a display screen, wherein the common keyboard is provided with an interface (the interface can utilize the existing interface, such as a USB interface and the like, and can also be independently provided with the interface), the safety chip is arranged in the safety device (the safety device can be independently used as an independent device), and the safety device is connected with the common keyboard through the interface to form the information input device.
In this embodiment, the difference from the existing ordinary keyboard is that the information input device in this application is provided with a security chip, and the information input device has two working modes: the keyboard comprises a common mode and an encryption mode, wherein the common mode is similar to the working mode of the existing keyboard, and after the information input equipment is switched to the common mode, the information input equipment does not perform any security processing on the information input through the information input equipment; the encryption mode is an encryption mode of the information input device, after the information input device is switched to the encryption mode, the information input device performs security processing, such as encryption processing, on information input through the information input device, and then sends the information after the security processing to the cloud server so as to perform subsequent processing conveniently.
In the embodiment, on the basis of the existing common keyboard, the safety chip, the display screen, the communication interface and the like are added to realize corresponding functions. The safety chip arranged on the information input equipment meets the requirements of safety departments such as a national password administration and the like, and only preset instructions can be executed, so that the safety chip cannot be hijacked, and the operation executed by the safety chip and the control on the equipment can be ensured to be the expression of real intention.
In an optional implementation manner of this embodiment, the information input device is connected to an upper computer through a first communication interface, where the upper computer may be a terminal such as a computer and a mobile phone, the first communication interface may be a wired communication interface or a wireless communication interface, the wired communication interface is, for example, a keyboard interface such as a PS/2 interface and a USB interface, and the wireless communication interface is, for example, a wireless communication interface such as bluetooth, WiFi, and NFC.
This step 101 describes two implementation ways of switching the information input device from the normal mode to the encryption mode:
one mode is that the upper computer sends a first mode switching instruction to the information input equipment, and the information input equipment receives the first mode switching instruction through a first communication interface and switches to an encryption mode; for example: when a PIN code needs to be input in the online banking transaction process, the online banking client in the upper computer controls the information input equipment to be switched into an encryption mode for PIN code input; or in the process of writing the encrypted mail, the mail client in the upper computer controls the information input equipment to be switched into an encryption mode to write the mail content.
The other mode is that a switching key for realizing mode switching is arranged on the information input equipment, a user presses the switching key to trigger the information input equipment to generate a first key value, and when the information input equipment detects the first key value, the information input equipment is switched from a common mode to an encryption mode. For example: when a PIN code needs to be input in the internet bank transaction process, triggering a preset key in the information input equipment to switch the information input equipment from a common mode to an encryption mode for PIN code input; or, in the process of writing the encrypted mail, triggering a preset key in the information input equipment to switch the information input equipment from a common mode to an encryption mode to write the mail content.
In an optional implementation manner of this embodiment, switching the information input device from the encryption mode to the normal mode may be implemented as follows:
in the encryption mode, a security chip of the information input equipment detects whether a first communication interface receives an instruction sent by an upper computer, judges whether the instruction is a second mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controls the information input equipment to be switched to a common mode when judging that the instruction is the second mode switching instruction; or, in the encryption mode, the security chip of the information input device detects whether the key of the information input device is triggered, acquires a key value generated by the triggered key when detecting that the key of the information input device is triggered, judges whether the key value generated by the triggered key is a third key value, and controls the information input device to switch to a normal mode when judging that the key value generated by the triggered key is the third key value.
It can be seen that the information input device may also be switched from the encryption mode to the normal mode in two ways: one mode is that the upper computer sends a second mode switching instruction to the information input equipment, and the information input equipment receives the second mode switching instruction through the first communication interface and switches to the common mode; the other mode is that a switching key for realizing mode switching is arranged on the information input equipment, a user presses the switching key to trigger the information input equipment to generate a third key value, and when the information input equipment detects the third key value, the encryption mode is switched to the common mode.
In practical application, the switch key for implementing mode switching may implement switching between the normal mode and the encryption mode by using one key, that is, when the switch key is triggered, the first key value (or the third key value, where the first key value and the third key value are the same) is generated, and the switch key is switched from one of the normal mode and the encryption mode to the other mode. Of course, the switching key for implementing mode switching may also be implemented by using two keys, one key is triggered to generate a first key value for implementing switching from the normal mode to the encryption mode, and the other key is triggered to generate a third key value for implementing switching from the encryption mode to the normal mode.
Specifically, what kind of method is used to realize the switching between the normal mode and the encryption mode may be set according to the requirements of practical applications, and is not limited herein.
In this embodiment, the keys of the information input device may be physical keys, and certainly, if the key pad supports the touch screen, the keys of the information input device may also be virtual keys, which is not limited herein. It is understood that if a key is in the form of a physical key, the triggering of the key described in this embodiment means that the key is pressed, and if the key is in the form of a virtual key, the triggering of the key described in this embodiment means that the key is clicked.
102. In an encryption mode, a security chip of the information input equipment detects whether a key of the information input equipment is triggered; when the security chip of the information input equipment detects that the key of the information input equipment is triggered, acquiring a second key value generated by the triggered key; the security chip of the information input equipment acquires a security key at the information input equipment side; the security chip of the information input equipment encrypts the second key value by using the security key at the information input equipment side to obtain a second key value ciphertext;
in this embodiment, after the information input device enters the encryption mode, whether all keys on the information input device are pressed down is detected by the security chip of the information input device, and since the security level of the security chip is higher, the security chip is not easily controlled by an illegal program, compared with the existing common keyboard which is easily controlled by illegal programs such as trojans and viruses when detecting keys, the security chip performs key detection to improve the security of key detection.
In practical application, the triggered key may be a plurality of keys or a single key, that is, the second key value may be one key value or a combination of a plurality of key values, and therefore, the second key value generated by the triggered key obtained in this step may be implemented in the following manner: obtaining key value combinations generated by a plurality of keys pressed simultaneously; alternatively, a single key value generated by a single key pressed is obtained. For example, in practical application, different operations need to be implemented by triggering different keys, for example, when inputting characters, a single key may be triggered in sequence; when the file is deleted, a single delete key can be triggered; when the file is saved, the combination key of ctrl + c may be triggered.
In this embodiment, the information input device side security key may be pre-stored in the information input device, or obtained after the information input device and the cloud server perform key agreement. The process of performing key agreement between the information input device and the cloud server may refer to the implementation of the existing key agreement, and is not described herein again.
The information input device side security key may be obtained by obtaining a pre-stored information input device side security key in the information input device, or may be obtained by performing key agreement between the information input device and the cloud server.
In this embodiment, the security key may be stored in a security chip of the information input device, so as to ensure the security of the storage of the security key.
In this embodiment, after the information input device enters the encryption mode, when the security chip detects that any key is triggered, the key value generated by the triggered key is encrypted by using the security key on the information input device side and then sent to the cloud server, so that the key value is ensured not to be leaked in the transmission process, and the security of the key value in the transmission process is improved.
103. A security chip of the information input device calls a second communication interface to send an operation request to a cloud server, wherein the operation request comprises the second key value ciphertext;
in an optional implementation manner of this embodiment, the second communication interface may be a network communication interface, and the network communication interface may be a wired network port, or may also be a wireless network port such as WiFi; at this time, the implementation of the information input device sending the operation request to the cloud server is: the security chip of the information input equipment directly sends the operation request to the cloud server through the second communication interface;
in another optional implementation manner of this embodiment, the second communication interface may be the same interface as the first communication interface, and at this time, the implementation that the information input device sends the operation request to the cloud server is that: and the safety chip of the information input equipment sends the operation request to the upper computer through the second communication interface, and the operation request is forwarded to the cloud server by the upper computer.
104. The cloud server receives the operation request sent by the information input equipment; the cloud server acquires a cloud server side security key corresponding to the information input equipment; the cloud server decrypts the second key value ciphertext by using the security key at the cloud server side to obtain the second key value; the cloud server determines a keyboard event corresponding to the second key value; the cloud server executes the keyboard event to obtain keyboard event execution result information, and the cloud server side security key is used for encrypting the keyboard event execution result information to obtain a keyboard event execution result information ciphertext;
in this embodiment, the cloud server side may store a cloud server side security key corresponding to each of the one or more information input devices, and after receiving the operation request, the cloud server side security key corresponding to the information input device that sent the operation request is obtained first, so as to correctly decrypt a ciphertext carried in the operation request.
In this embodiment, the security key at the cloud server side may be pre-stored in the cloud server, or obtained after the cloud server performs key agreement with the information input device.
In this step, the cloud server obtains the security key at the cloud server side corresponding to the information input device, and the security key is implemented as follows: the cloud server searches for a cloud server side security key corresponding to the information input equipment sending the operation request from cloud server side security keys corresponding to a plurality of locally stored information input equipment; or the security key at the cloud server side can be obtained after key agreement is performed between the cloud server and the information input device.
In this embodiment, the information input device sends the ciphertext obtained by encrypting the information input device side security key to the cloud server, and the cloud server may decrypt the plaintext by using the cloud server side security key.
In this embodiment, the cloud server side security key and the information input device side security key may be a pair of symmetric keys, or may also be a pair of asymmetric keys.
In this embodiment, the information input device side does not store or process a file, the security chip of the information input device detects a triggered key, encrypts a key value corresponding to the triggered key and sends the encrypted key value to the cloud server, the cloud server stores the file, the cloud server receives the key value sent from the information input device, determines a corresponding keyboard event according to the key value, and performs corresponding file processing, such as file creation, text input, modification, deletion and the like, on the file according to the keyboard event, and then returns the processed document information as the keyboard event execution result information to the information input device for display.
105. The cloud server sends an operation response to the information input device, wherein the operation response comprises the keyboard event execution result information ciphertext;
in this embodiment, the cloud server sends the operation response to the information input device, and the implementation is as follows: the cloud server sends the operation response to the information input equipment through the upper computer, or when the second communication interface is a wireless network interface, the cloud server directly sends the operation response to the second communication interface of the information input equipment through the wireless network interface, or when the second communication interface is a wired network interface, the cloud server directly sends the operation response to the second communication interface of the information input equipment through the wired network interface.
106. The security chip of the information input device detects whether the second communication interface receives the operation response sent by the cloud server; when the security chip of the information input equipment receives the operation response sent by the cloud server, the security key at the information input equipment side is used for decrypting the keyboard event execution result information ciphertext to obtain the keyboard event execution result information;
in the embodiment, the keyboard event execution result information is encrypted by the cloud server by using the cloud server side security key and then transmitted, and even if the keyboard event execution result information is illegally intercepted, the keyboard event execution result information cannot be successfully decrypted because the information input device side security key cannot be obtained, so that the security of the keyboard event execution result information transmission is ensured.
107. And the safety chip of the information input equipment determines information to be displayed according to the keyboard event execution result information and controls a display screen to display the information to be displayed.
In this embodiment, the display screen may be integrated in the information input device as a part of the information input device. Of course, the display screen may also be a display screen that is independent from the information input device, and the display screen may be connected to the information input device through a wired interface (e.g., HDMI interface) or a wireless interface (e.g., WiFi or bluetooth interface, etc.), which is not limited herein.
In this embodiment, the secure chip determines, according to the keyboard event execution result information, that the information to be displayed is implemented as follows: the security chip may determine all contents in the keyboard event execution result information as information to be displayed, may also determine a part of contents from the keyboard event execution result information as information to be displayed according to a preset display rule, or may also select all or part of contents from the keyboard event execution result information and generate information to be displayed after setting a display format.
In the embodiment, the key detection is performed by the security chip of the information input device, so that the security of the key detection is improved, all keys triggered by the information input device are encrypted and then sent to the cloud server, the cloud server executes the keyboard events corresponding to the triggered keys and encrypts the keyboard event execution result information and then returns the keyboard event execution result information to the information input device, and the key values generated by the triggered keys and the keyboard event execution result information are encrypted and transmitted, so that the security of the key values and the keyboard event execution result information transmission is improved;
and the keyboard event corresponding to the triggered key is executed by the cloud server side, so that the information input device can complete the execution of the keyboard event without being connected to a certain display terminal or a host.
The embodiment also provides a cloud mode encryption system, configured to execute the information input encryption method for an information input device, as shown in fig. 2, where the method includes: an information input device 21 provided with a security chip and a cloud server 22;
the security chip of the information input device 21 is configured to detect whether a first communication interface receives an instruction sent by an upper computer in a normal mode, determine whether the instruction is a first mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and control the information input device 21 to switch to an encryption mode when determining that the instruction is the first mode switching instruction; or, the encryption control module is configured to, in a normal mode, detect whether a key of the information input device 21 is triggered, when it is detected that the key of the information input device 21 is triggered, obtain a key value generated by the triggered key, determine whether the key value generated by the triggered key is a first key value, and when it is determined that the key value generated by the triggered key is the first key value, control the information input device 21 to switch to an encryption mode; and detecting whether a key of the information input device 21 is triggered in an encryption mode; when detecting that the key of the information input device 21 is triggered, acquiring a second key value generated by the triggered key, and acquiring a security key at the information input device 21 side; encrypting the second key value by using the security key at the information input equipment 21 side to obtain a second key value ciphertext; calling a second communication interface to send an operation request to a cloud server, wherein the operation request comprises the second key value ciphertext;
the cloud server 22 is configured to receive the operation request sent by the information input device 21; acquiring a cloud server side security key corresponding to the information input device 21; decrypting the second key value ciphertext by using the security key at the cloud server side to obtain a second key value; determining a keyboard event corresponding to the second key value; executing the keyboard event to obtain keyboard event execution result information; encrypting the keyboard event execution result information by using the cloud server side security key to obtain a keyboard event execution result information ciphertext; and sending an operation response to the information input device 21, the operation response including the keyboard event execution result information ciphertext;
the security chip of the information input device 21 is further configured to detect whether the second communication interface receives the operation response sent by the cloud server; when the operation response sent by the cloud server is received, decrypting the keyboard event execution result information ciphertext by using the security key at the information input device 21 side to obtain the keyboard event execution result information; and determining information to be displayed according to the keyboard event execution result information, and controlling a display screen to display the information to be displayed.
In this embodiment, the difference from the existing ordinary keyboard is that the information input device in this application is provided with a security chip, and the information input device has two working modes: the keyboard comprises a common mode and an encryption mode, wherein the common mode is similar to the working mode of the existing keyboard, and after the information input equipment is switched to the common mode, the information input equipment does not perform any security processing on the information input through the information input equipment; the encryption mode is an encryption mode of the information input device, after the information input device is switched to the encryption mode, the information input device performs security processing, such as encryption processing, on information input through the information input device, and then sends the information after the security processing to the cloud server so as to perform subsequent processing conveniently.
In the embodiment, on the basis of the existing common keyboard, the safety chip, the display screen, the communication interface and the like are added to realize corresponding functions. The safety chip arranged on the information input equipment meets the requirements of safety departments such as a national password administration and the like, and only preset instructions can be executed, so that the safety chip cannot be hijacked, and the operation executed by the safety chip and the control on the equipment can be ensured to be the expression of real intention.
In this embodiment, after the information input device enters the encryption mode, whether all keys on the information input device are pressed down is detected by the security chip of the information input device, and since the security level of the security chip is higher, the security chip is not easily controlled by an illegal program, compared with the existing common keyboard which is easily controlled by illegal programs such as trojans and viruses when detecting keys, the security chip performs key detection to improve the security of key detection.
In an optional implementation manner of this embodiment, after the information input device enters the encryption mode, switching from the encryption mode to the normal mode may also be implemented, at this time, the security chip of the information input device 21 is further configured to detect whether the first communication interface receives an instruction sent by an upper computer in the encryption mode, determine whether the instruction is a second mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and control the information input device 21 to switch to the normal mode when determining that the instruction is the second mode switching instruction; or, the security chip of the information input device 21 is further configured to detect whether the key of the information input device 21 is triggered in the encryption mode, obtain a key value generated by the triggered key when the key of the information input device 21 is detected to be triggered, determine whether the key value generated by the triggered key is a third key value, and control the information input device 21 to switch to the normal mode when the key value generated by the triggered key is determined to be the third key value.
In an optional implementation manner of this embodiment, the triggered key may be a plurality of keys or a single key, that is, the second key value may be one key value or a combination of a plurality of key values, and thus, the obtaining of the second key value generated by the triggered key in the system may be implemented in the following manner: obtaining key value combinations generated by a plurality of keys pressed simultaneously; alternatively, a single key value generated by a single key pressed is obtained. For example, in practical application, different operations need to be implemented by triggering different keys, for example, when inputting characters, a single key may be triggered in sequence; when the file is deleted, a single delete key can be triggered; when the file is saved, the combination key of ctrl + c may be triggered. At this time, the security chip of the information input device 21 is specifically configured to obtain the second key value generated by the triggered key in the following manner: obtaining key value combinations generated by a plurality of keys pressed simultaneously; alternatively, a single key value generated by a single key pressed is obtained.
In the embodiment, the key detection is performed by the security chip of the information input device, so that the security of the key detection is improved, all keys triggered by the information input device are encrypted and then sent to the cloud server, the cloud server executes the keyboard events corresponding to the triggered keys and encrypts the keyboard event execution result information and then returns the keyboard event execution result information to the information input device, and the key values generated by the triggered keys and the keyboard event execution result information are encrypted and transmitted, so that the security of the key values and the keyboard event execution result information transmission is improved;
and the keyboard event corresponding to the triggered key is executed by the cloud server side, so that the information input device can complete the execution of the keyboard event without being connected to a certain display terminal or a host.
For the function implementation of each module in the cloud encryption system provided in this embodiment, reference may also be made to the relevant description of the information input device and the cloud server in the cloud encryption method, which is not described herein again.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (6)
1. An information input encryption method for an information input apparatus, comprising:
in a common mode, a security chip of information input equipment detects whether a first communication interface receives an instruction sent by an upper computer, judges whether the instruction is a first mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controls the information input equipment to be switched to an encryption mode when judging that the instruction is the first mode switching instruction; or, in a normal mode, a security chip of the information input device detects whether a key of the information input device is triggered, acquires a key value generated by the triggered key when the key of the information input device is detected to be triggered, judges whether the key value generated by the triggered key is a first key value, and controls the information input device to switch to an encryption mode when the key value generated by the triggered key is judged to be the first key value;
in an encryption mode, a security chip of the information input equipment detects whether a key of the information input equipment is triggered;
when the security chip of the information input equipment detects that the key of the information input equipment is triggered, acquiring a second key value generated by the triggered key and acquiring a security key at the information input equipment side;
the security chip of the information input equipment encrypts the second key value by using the security key at the information input equipment side to obtain a second key value ciphertext;
the security chip of the information input device calls a second communication interface to directly send an operation request to a cloud server, wherein the operation request comprises the second key value ciphertext; wherein, the second communication interface is a network communication interface;
the cloud server receives the operation request sent by the information input equipment;
the cloud server acquires a cloud server side security key corresponding to the information input equipment;
the cloud server decrypts the second key value ciphertext by using the security key at the cloud server side to obtain the second key value;
the cloud server determines a keyboard event corresponding to the second key value; the cloud server stores a file, executes corresponding file processing on the file according to the keyboard event, and the file processing comprises: establishing a file, inputting the file, modifying or deleting the file to obtain keyboard event execution result information;
the cloud server encrypts the keyboard event execution result information by using the cloud server side security key to obtain a keyboard event execution result information ciphertext;
the cloud server directly sends an operation response to the information input equipment through the second communication interface, wherein the operation response comprises the keyboard event execution result information ciphertext;
the security chip of the information input device detects whether the second communication interface receives the operation response sent by the cloud server;
when the security chip of the information input equipment receives the operation response sent by the cloud server, the security key at the information input equipment side is used for decrypting the keyboard event execution result information ciphertext to obtain the keyboard event execution result information;
and the safety chip of the information input equipment determines information to be displayed according to the keyboard event execution result information and controls a display screen to display the information to be displayed.
2. The method of claim 1, further comprising:
in the encryption mode, a security chip of the information input equipment detects whether a first communication interface receives an instruction sent by an upper computer, judges whether the instruction is a second mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controls the information input equipment to be switched to a common mode when judging that the instruction is the second mode switching instruction; or, in the encryption mode, the security chip of the information input device detects whether the key of the information input device is triggered, acquires a key value generated by the triggered key when detecting that the key of the information input device is triggered, judges whether the key value generated by the triggered key is a third key value, and controls the information input device to switch to a normal mode when judging that the key value generated by the triggered key is the third key value.
3. The method according to claim 1 or 2, wherein obtaining the key value generated by the triggered key specifically comprises:
obtaining key value combinations generated by a plurality of keys pressed simultaneously;
alternatively, a single key value generated by a single key pressed is obtained.
4. A cloud mode encryption system, comprising: the information input device is provided with a security chip;
the safety chip of the information input equipment is used for detecting whether a first communication interface receives an instruction sent by an upper computer in a common mode, judging whether the instruction is a first mode switching instruction or not when detecting that the first communication interface receives the instruction sent by the upper computer, and controlling the information input equipment to be switched to an encryption mode when judging that the instruction is the first mode switching instruction; or, the encryption control module is configured to detect whether a key of the information input device is triggered in a normal mode, acquire a key value generated by the triggered key when the key of the information input device is detected to be triggered, determine whether the key value generated by the triggered key is a first key value, and control the information input device to switch to an encryption mode when the key value generated by the triggered key is determined to be the first key value; detecting whether a key of the information input device is triggered or not in an encryption mode; when detecting that the key of the information input equipment is triggered, acquiring a second key value generated by the triggered key and acquiring a security key at the information input equipment side; encrypting the second key value by using the information input equipment side security key to obtain a second key value ciphertext; calling a second communication interface to directly send an operation request to a cloud server, wherein the operation request comprises the second key value ciphertext; wherein, the second communication interface is a network communication interface;
the cloud server is used for receiving the operation request sent by the information input equipment; acquiring a cloud server side security key corresponding to the information input equipment; decrypting the second key value ciphertext by using the security key at the cloud server side to obtain a second key value; determining a keyboard event corresponding to the second key value; the cloud server stores a file, executes corresponding file processing on the file according to the keyboard event, and the file processing comprises: establishing a file, inputting the file, modifying or deleting the file to obtain keyboard event execution result information; encrypting the keyboard event execution result information by using the cloud server side security key to obtain a keyboard event execution result information ciphertext; and directly sending an operation response to the information input device through the second communication interface, wherein the operation response comprises a keyboard event execution result information ciphertext;
the security chip of the information input device is further configured to detect whether the second communication interface receives the operation response sent by the cloud server; when the operation response sent by the cloud server is received, decrypting the keyboard event execution result information ciphertext by using the information input device side security key to obtain the keyboard event execution result information; and determining information to be displayed according to the keyboard event execution result information, and controlling a display screen to display the information to be displayed.
5. The system of claim 4,
the safety chip of the information input equipment is also used for detecting whether a first communication interface receives an instruction sent by an upper computer in the encryption mode, judging whether the instruction is a second mode switching instruction when detecting that the first communication interface receives the instruction sent by the upper computer, and controlling the information input equipment to be switched to a common mode when judging that the instruction is the second mode switching instruction; alternatively, the first and second electrodes may be,
the security chip of the information input device is further configured to detect whether a key of the information input device is triggered in the encryption mode, acquire a key value generated by the triggered key when the key of the information input device is detected to be triggered, judge whether the key value generated by the triggered key is a third key value, and control the information input device to switch to a normal mode when the key value generated by the triggered key is judged to be the third key value.
6. The system according to claim 4 or 5, wherein the security chip of the information input device is specifically configured to obtain the second key value generated by the triggered key by: obtaining key value combinations generated by a plurality of keys pressed simultaneously; alternatively, a single key value generated by a single key pressed is obtained.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711463018.5A CN108334794B (en) | 2017-12-28 | 2017-12-28 | Information input encryption method and system for information input equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711463018.5A CN108334794B (en) | 2017-12-28 | 2017-12-28 | Information input encryption method and system for information input equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108334794A CN108334794A (en) | 2018-07-27 |
| CN108334794B true CN108334794B (en) | 2021-10-22 |
Family
ID=62924665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711463018.5A Active CN108334794B (en) | 2017-12-28 | 2017-12-28 | Information input encryption method and system for information input equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108334794B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109344608B (en) * | 2018-08-10 | 2021-09-21 | 天地融科技股份有限公司 | Information transmission method and system |
| CN109117678A (en) * | 2018-08-10 | 2019-01-01 | 天地融科技股份有限公司 | A kind of information transferring method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
| CN103036681A (en) * | 2012-12-13 | 2013-04-10 | 中国工商银行股份有限公司 | Password safety keyboard device and system |
| CN202978979U (en) * | 2012-12-13 | 2013-06-05 | 中国工商银行股份有限公司 | Password security keypad device and password security pad system |
| CN107358094A (en) * | 2017-07-10 | 2017-11-17 | 广东天波信息技术股份有限公司 | The password input system and method for smart machine |
-
2017
- 2017-12-28 CN CN201711463018.5A patent/CN108334794B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101236591A (en) * | 2007-01-31 | 2008-08-06 | 联想(北京)有限公司 | Method, terminal and safe chip for guaranteeing critical data safety |
| CN103036681A (en) * | 2012-12-13 | 2013-04-10 | 中国工商银行股份有限公司 | Password safety keyboard device and system |
| CN202978979U (en) * | 2012-12-13 | 2013-06-05 | 中国工商银行股份有限公司 | Password security keypad device and password security pad system |
| CN107358094A (en) * | 2017-07-10 | 2017-11-17 | 广东天波信息技术股份有限公司 | The password input system and method for smart machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108334794A (en) | 2018-07-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111193695B (en) | Encryption method and device for third party account login and storage medium | |
| US20140282978A1 (en) | Method and apparatus for secure interaction with a computer service provider | |
| CN103092484B (en) | The method of unlock screen, device and terminal | |
| CN108769027B (en) | Secure communication method, device, mobile terminal and storage medium | |
| WO2017084288A1 (en) | Method and device for verifying identity | |
| CN108197501B (en) | Encryption method and device for input information of information input equipment and information input equipment | |
| WO2017020630A1 (en) | Method, apparatus and system for processing order information | |
| EP3132621B1 (en) | Mobile terminal control method, apparatus and system | |
| CN104954126B (en) | Sensitive operation verification method, device and system | |
| KR20160129839A (en) | An authentication apparatus with a bluetooth interface | |
| CN107395610B (en) | Communication authentication method, first terminal and second terminal | |
| EP3352528A1 (en) | Remote control method and apparatus and mobile terminal | |
| CN107451813B (en) | Payment method, payment device and payment server | |
| CN105512576A (en) | Method for secure storage of data and electronic equipment | |
| CN111475832B (en) | Data management method and related device | |
| KR20180034563A (en) | A data processing method and system, and a wearable electronic device | |
| US20170169213A1 (en) | Electronic device and method for running applications in different security environments | |
| CN107615294A (en) | A kind of identifying code short message display method and mobile terminal | |
| WO2018108062A1 (en) | Method and device for identity verification, and storage medium | |
| CN105325021B (en) | Method and apparatus for remote portable wireless device authentication | |
| CN108334794B (en) | Information input encryption method and system for information input equipment | |
| CN105933503B (en) | Information processing method and electronic equipment | |
| CN108322440B (en) | Card reading login method and security login system by using security equipment | |
| TWI680687B (en) | Communication method and device | |
| CN108566359B (en) | Information input encryption method and system for information input equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |