CN113468620A - Method and device for realizing safety keyboard - Google Patents
Method and device for realizing safety keyboard Download PDFInfo
- Publication number
- CN113468620A CN113468620A CN202110826714.8A CN202110826714A CN113468620A CN 113468620 A CN113468620 A CN 113468620A CN 202110826714 A CN202110826714 A CN 202110826714A CN 113468620 A CN113468620 A CN 113468620A
- Authority
- CN
- China
- Prior art keywords
- keyboard
- random key
- security
- information
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Input From Keyboards Or The Like (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The invention provides a method and a device for realizing a safety keyboard, wherein the method comprises the following steps: adding a View object to be suspended to a parent layout container ContentParent when the page Activity is started by utilizing an addView mode of a root node View DecorView; assigning values to each child View object by traversing the parent layout to generate random key positions of the security keyboard; and receiving information input based on the random key position of the secure keyboard, and encrypting the input information according to Keystore of an Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm. The invention can improve the safety and convenience.
Description
Technical Field
The invention relates to the technical field of mobile application, in particular to a method and a device for realizing a safety keyboard.
Background
When an existing user needs to input a login password or a payment password in the process of using a mobile application, the security of the input password needs to be ensured, the input password is not stolen by malicious software or a Trojan horse program, and a common method is to acquire a secret key from a server side for encryption and then upload the secret key to a server or store the secret key into a so file. The first method can not ensure the security of the secret key, and is very inconvenient to interact depending on a server; the second approach decompiles the so file by a reverse approach, which cannot guarantee the absolute security of the key.
For security, the first approach: the secret key is obtained from the server side for encryption and then uploaded to the server, the security of the secret key cannot be guaranteed, and the interaction depending on the server is very inconvenient; the second method comprises the following steps: the key is stored in the so file, and if the so file is decompiled by a reverse means, the absolute security of the key cannot be guaranteed.
For developers, at present, most of solutions for security keyboard encryption at present need an encryption manufacturer to customize, the coupling degree of module access is high, and the solutions need to be called through H5 after special customization, for example, a native password keyboard needs to be called through the front end, a webview needs to be bound manually and a focus is obtained, a system application keyboard is shielded manually to pop up, a method of js communication needs to be added to the webview when the password keyboard inputs data that an H5 input box wants to obtain the password keyboard, and the data is called manually after the keyboard is clicked each time.
Therefore, how to provide a safe and convenient implementation method of a secure keyboard becomes a technical problem to be solved urgently.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for implementing a security keyboard, so as to improve security and convenience.
In a first aspect, a method for implementing a secure keyboard includes: adding a View object to be suspended to a parent layout container ContentParent when the page Activity is started by utilizing an addView mode of a root node View DecorView; assigning values to each child View object by traversing the parent layout to generate random key positions of the security keyboard; and receiving information input based on the random key position of the secure keyboard, and encrypting the input information according to Keystore of an Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm.
Further, in the execution process of receiving the information input based on the random key position of the security keyboard, the implementation method further comprises the following steps: and forbidding recording and screen capture of the screen display content.
Further, the receiving information input based on the random key position of the security keyboard comprises: and receiving information input based on the random key positions of the security keyboard through a built-in H5 communication channel.
Further, the implementation method further includes: and dynamically loading a default configuration file when the security keyboard is initialized.
In a second aspect, the present invention provides an implementation apparatus of a security keyboard, where the implementation apparatus includes:
the information processing module is used for adding the View object to be suspended to the parent layout container ContentParent when the page Activity is started by utilizing the addView mode of the root node View DecorView;
the keyboard generation module is used for assigning values to each child View object by traversing the parent layout and generating a random key of the safety keyboard;
the information receiving module is used for receiving information input based on the random key positions of the security keyboard;
and the information encryption module is used for encrypting the input information according to Keystore of an Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm.
Further, the implementation apparatus further includes: and the function disabling module is used for forbidding recording and screen capturing of the screen display content.
Further, the information receiving module is specifically configured to receive, through a built-in H5 communication channel, information input based on the random key position of the security keyboard.
Further, the implementation apparatus further includes: and the initialization module is used for dynamically loading a default configuration file when the security keyboard is initialized.
In a third aspect, the invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method.
In a fourth aspect, the invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method when executing the program.
According to the method and the device for realizing the safety keyboard, the Keystore of the Android system is combined with the mode of asymmetric encryption and symmetric encryption matching to encrypt the content input by the user, so that the highest safety of the system level when the user inputs important information is ensured; the pop-up window authority application is avoided through a user-defined View and a user-defined pop-up mode, the pop-up mode does not adopt a Windows manager and Dialog pop-up mode, but uses an addView mode of DecorView, and when the Activity onStart, the View to be floated is added to the ContentParent, so that the floating window without the authority can be realized. When the H5 is applied to the application of agreeing with the security keyboard, a developer only needs to instantiate a SecurityKeyboard/builder () object in the lifecycle of a native page onCreate (), bind webview and a callback method needing to be bound through chain calling, configure configurations such as a mode needing encryption and the like, and then use the method, and the developer does not need to consider operations such as preventing the native keyboard from popping up.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for implementing a security keyboard according to an exemplary first embodiment of the present invention.
Fig. 2 is a block diagram of an apparatus for implementing a security keyboard according to an exemplary second embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be noted that, in the case of no conflict, the features in the following embodiments and examples may be combined with each other; moreover, all other embodiments that can be derived by one of ordinary skill in the art from the embodiments disclosed herein without making any creative effort fall within the scope of the present disclosure.
It is noted that various aspects of the embodiments are described below within the scope of the appended claims. It should be apparent that the aspects described herein may be embodied in a wide variety of forms and that any specific structure and/or function described herein is merely illustrative. Based on the disclosure, one skilled in the art should appreciate that one aspect described herein may be implemented independently of any other aspects and that two or more of these aspects may be combined in various ways. For example, an apparatus may be implemented and/or a method practiced using any number of the aspects set forth herein. Additionally, such an apparatus may be implemented and/or such a method may be practiced using other structure and/or functionality in addition to one or more of the aspects set forth herein.
Fig. 1 is a flowchart of a method for implementing a C-standard dynamic library according to an exemplary first embodiment of the present invention, and as shown in fig. 1, an implementation method according to the present invention includes:
step 101: and adding the View object to be floated to a parent layout container ContentParent when the page Activity is started by utilizing an addView mode of a root node View DecorView.
Step 102: and (4) assigning values to each child View object by traversing the parent layout to generate random key positions of the security keyboard.
Step 103: and receiving information input based on the random key position of the secure keyboard, and encrypting the input information according to Keystore of an Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm. The specific asymmetric encryption algorithm and the symmetric encryption algorithm are not limited, and the existing algorithm can be directly applied.
Preferably, in the execution process of receiving the information input based on the random key position of the security keyboard, the implementation method further comprises: and forbidding recording and screen capture of the screen display content. The recording and screen capturing functions of the screen are forbidden in the process of user input, so that the Trojan horse program is prevented from monitoring the keyboard input process.
Preferably, the receiving information input based on the random key position of the security keyboard comprises: and receiving information input based on the random key positions of the security keyboard through a built-in H5 communication channel. Specifically, a H5 communication channel is built in, and communication is carried out through binding front-end webview objects.
Preferably, the implementation method further comprises: and dynamically loading a default configuration file when the security keyboard is initialized to realize specific requirements.
In the embodiment, the content input by the user is encrypted by combining the Keystore of the Android system with the mode of asymmetric encryption and symmetric encryption matching, so that the highest security of the system level when the user inputs important information is ensured; the pop-up window authority application is avoided through a user-defined View and a user-defined pop-up mode, the pop-up mode does not adopt a Windows manager and Dialog pop-up mode, but uses an addView mode of DecorView, and when the Activity onStart, the View to be floated is added to the ContentParent, so that the floating window without the authority can be realized. When the H5 is applied to the application of agreeing with the security keyboard, a developer only needs to instantiate a SecurityKeyboard/builder () object in the lifecycle of a native page onCreate (), bind webview and a callback method needing to be bound through chain calling, configure configurations such as a mode needing encryption and the like, and then use the method, and the developer does not need to consider operations such as preventing the native keyboard from popping up.
Fig. 2 is a block diagram of an apparatus for implementing a security keyboard according to an exemplary second embodiment of the present invention. The embodiment shown in fig. 1 may be applied to this embodiment, and specifically as shown in fig. 2, the implementation apparatus includes:
the information processing module 201 is used for adding a View object to be suspended to a parent layout container ContentParent when the page Activity is started by using an addView mode of a root node View DecorView;
the keyboard generation module 202 is used for assigning a value to each child View object by traversing the parent layout to generate a random key of the safety keyboard;
the information receiving module 203 is used for receiving information input based on the random key positions of the security keyboard;
and the information encryption module 204 is configured to encrypt the input information according to a Keystore of the Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm.
Preferably, the implementation apparatus further includes: and the function disabling module 205 is used for disabling recording and screen capturing of the screen display content.
Further preferably, the information receiving module 203 is specifically configured to receive information input based on the random key position of the security keyboard through a built-in H5 communication channel.
Further preferably, the implementation apparatus further includes: an initialization module 200, configured to dynamically load a default configuration file when the security keyboard is initialized.
It should be noted that, in this embodiment, the keyboard interface can be customized, the free switching and matching of the upper and lower case letters, the numbers and the special symbols are supported, and the random change of the position is supported, so that only the user can know the content input by himself; the user experience is better emphasized, the frame popping mode is customized, and the permission frame popping is not required. Webview is bound in the safety keyboard, so that H5 can be more conveniently integrated and the keyboard function can be more conveniently called. And particularly, dynamic debugging of a third-party tool can be prevented in an additional process mode.
The embodiment provides a device for realizing a universal safety keyboard, which realizes low-intrusion access, supports common encryption modes on the market, can dynamically configure a UI (user interface), prevents screen capture, screen recording, dynamic debugging, package name verification, secondary packaging, supports License authorization verification, supports binding with webview, not only supports Android native, but also supports H5 calling, and thus realizes a system-level safety guarantee, an authority-free application pop-up mode, a built-in H5 communication channel, and a safety keyboard for preventing third-party tool debugging.
The invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method.
The medium has the corresponding technical effects of the implementation method of the safety keyboard, and specifically comprises the following steps: the higher-level safety of the user input information can be ensured, and the safety is equal to the safety of a system level; in addition, configuration management is integrated, webview is bound inside, a necessary interface is provided, convenience in use of H5 is guaranteed, integration cost is saved, development time is shortened, and therefore efficient work is achieved; the interface is customized, so that the design requirement is conveniently met, and the user experience is further improved; the pop-up mode is optimized, the application of system permission is avoided, and the use of a user is facilitated.
The invention also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the steps of the method being implemented when the processor executes the program.
The computer device of the embodiment has the corresponding technical effect of the implementation device of the secure keyboard, and particularly can obtain balanced strong security between reliable encryption and good performance, and the security level is suitable for consumer applications such as bank applications, chat applications and the like. The method has the advantages that the content input by the user is encrypted by combining the Keystore of the Android system with the mode of matching asymmetric encryption and symmetric encryption, so that the highest security of the system level when the user inputs important information is ensured. In addition, the safety keyboard also inhibits the screen recording and screen capturing functions in the input process of the user, so that the Trojan horse program is prevented from monitoring the input process of the keyboard.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for implementing a secure keyboard, the method comprising:
adding a View object to be suspended to a parent layout container ContentParent when the page Activity is started by utilizing an addView mode of a root node View DecorView;
assigning values to each child View object by traversing the parent layout to generate random key positions of the security keyboard;
and receiving information input based on the random key position of the secure keyboard, and encrypting the input information according to Keystore of an Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm.
2. The implementation method of claim 1, wherein during the execution of receiving the information based on the input of the random key position of the security keyboard, the implementation method further comprises:
and forbidding recording and screen capture of the screen display content.
3. The method of claim 2, wherein the receiving information based on the secure keyboard random key input comprises:
and receiving information input based on the random key positions of the security keyboard through a built-in H5 communication channel.
4. The method of claim 3, further comprising:
and dynamically loading a default configuration file when the security keyboard is initialized.
5. An implementation apparatus of a security keyboard, the implementation apparatus comprising:
the information processing module is used for adding the View object to be suspended to the parent layout container ContentParent when the page Activity is started by utilizing the addView mode of the root node View DecorView;
the keyboard generation module is used for assigning values to each child View object by traversing the parent layout and generating a random key of the safety keyboard;
the information receiving module is used for receiving information input based on the random key positions of the security keyboard;
and the information encryption module is used for encrypting the input information according to Keystore of an Android system in combination with a preset asymmetric encryption algorithm and a preset symmetric encryption algorithm.
6. The apparatus of claim 5, further comprising:
and the function disabling module is used for forbidding recording and screen capturing of the screen display content.
7. The implementation device of claim 6, wherein the information receiving module is specifically configured to receive information input based on the random key position of the security keyboard through a built-in H5 communication channel.
8. The apparatus for implementing the method of claim 7, further comprising: and the initialization module is used for dynamically loading a default configuration file when the security keyboard is initialized.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 4.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of any one of claims 1 to 4 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110826714.8A CN113468620B (en) | 2021-07-21 | 2021-07-21 | Method and device for realizing safety keyboard |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110826714.8A CN113468620B (en) | 2021-07-21 | 2021-07-21 | Method and device for realizing safety keyboard |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113468620A true CN113468620A (en) | 2021-10-01 |
| CN113468620B CN113468620B (en) | 2022-09-06 |
Family
ID=77881613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110826714.8A Active CN113468620B (en) | 2021-07-21 | 2021-07-21 | Method and device for realizing safety keyboard |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468620B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115408096A (en) * | 2022-11-02 | 2022-11-29 | 易方信息科技股份有限公司 | Android-based non-invasive application internal floating window implementation method |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080010053A1 (en) * | 2004-08-31 | 2008-01-10 | Vadim Fux | Handheld Electronic Device and Associated Method Employing a Multiple-Axis Input Device and Outputting as Variants Textual Variants of Text Disambiguation |
| US20100145679A1 (en) * | 2004-08-31 | 2010-06-10 | Vadim Fux | Handheld Electronic Device With Text Disambiguation |
| CN103686289A (en) * | 2013-12-26 | 2014-03-26 | 深圳Tcl新技术有限公司 | Intelligent television keyboard input control method and intelligent television |
| CN109613990A (en) * | 2018-11-26 | 2019-04-12 | 深圳供电局有限公司 | Soft keyboard secured inputting method, server, client, electronic equipment and medium |
| CN110289946A (en) * | 2019-07-12 | 2019-09-27 | 深圳市元征科技股份有限公司 | A kind of generation method and block chain node device of block chain wallet localization file |
| CN110858250A (en) * | 2018-08-24 | 2020-03-03 | 山东华软金盾软件股份有限公司 | Desensitization encryption method for sending information by mobile equipment chat tool |
| CN112260820A (en) * | 2019-12-18 | 2021-01-22 | 刘辛越 | Mobile payment password keyboard based on key splitting protection in Android system and implementation method thereof |
| CN112507326A (en) * | 2020-12-16 | 2021-03-16 | 平安国际智慧城市科技股份有限公司 | SM3 hash algorithm-based password information encryption method and device and computer equipment |
| CN112579086A (en) * | 2020-12-24 | 2021-03-30 | 四川长虹电器股份有限公司 | Template construction method adaptive to multi-platform front-end View |
-
2021
- 2021-07-21 CN CN202110826714.8A patent/CN113468620B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080010053A1 (en) * | 2004-08-31 | 2008-01-10 | Vadim Fux | Handheld Electronic Device and Associated Method Employing a Multiple-Axis Input Device and Outputting as Variants Textual Variants of Text Disambiguation |
| US20100145679A1 (en) * | 2004-08-31 | 2010-06-10 | Vadim Fux | Handheld Electronic Device With Text Disambiguation |
| CN103686289A (en) * | 2013-12-26 | 2014-03-26 | 深圳Tcl新技术有限公司 | Intelligent television keyboard input control method and intelligent television |
| CN110858250A (en) * | 2018-08-24 | 2020-03-03 | 山东华软金盾软件股份有限公司 | Desensitization encryption method for sending information by mobile equipment chat tool |
| CN109613990A (en) * | 2018-11-26 | 2019-04-12 | 深圳供电局有限公司 | Soft keyboard secured inputting method, server, client, electronic equipment and medium |
| CN110289946A (en) * | 2019-07-12 | 2019-09-27 | 深圳市元征科技股份有限公司 | A kind of generation method and block chain node device of block chain wallet localization file |
| CN112260820A (en) * | 2019-12-18 | 2021-01-22 | 刘辛越 | Mobile payment password keyboard based on key splitting protection in Android system and implementation method thereof |
| CN112507326A (en) * | 2020-12-16 | 2021-03-16 | 平安国际智慧城市科技股份有限公司 | SM3 hash algorithm-based password information encryption method and device and computer equipment |
| CN112579086A (en) * | 2020-12-24 | 2021-03-30 | 四川长虹电器股份有限公司 | Template construction method adaptive to multi-platform front-end View |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115408096A (en) * | 2022-11-02 | 2022-11-29 | 易方信息科技股份有限公司 | Android-based non-invasive application internal floating window implementation method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113468620B (en) | 2022-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601596B2 (en) | Techniques to secure computation data in a computing environment | |
| US20190026464A1 (en) | Mobile application management | |
| Miller et al. | iOS Hacker's Handbook | |
| US20120137364A1 (en) | Remote attestation of a mobile device | |
| US9208319B2 (en) | Code base partitioning system | |
| WO2010105259A1 (en) | Secure card access module for integrated circuit card applications | |
| CN105718171B (en) | A kind of data processing method and terminal | |
| US11005847B2 (en) | Method, apparatus and computer program product for executing an application in clouds | |
| US20190325134A1 (en) | Neural network detection of malicious activity | |
| CN113468620B (en) | Method and device for realizing safety keyboard | |
| CN113792297A (en) | Service processing method, device and equipment | |
| EP2354994A1 (en) | Secure signature creation application using a TPM comprising a middleware stack | |
| US10614240B2 (en) | Accessing an encrypted file system | |
| CN114691157A (en) | Cloud-based FPGA management control system and method and electronic equipment | |
| Härtig et al. | Lateral thinking for trustworthy apps | |
| CN110737910B (en) | Android log decryption management method, device, equipment and medium | |
| CN115033870A (en) | Anti-malicious tampering code method and device based on big data cloud deployment | |
| Lee et al. | Privacy preserving collaboration in bring-your-own-apps | |
| Nazar et al. | Rooting Android–Extending the ADB by an auto-connecting WiFi-accessible service | |
| US9021271B1 (en) | Injecting code decrypted by a hardware decryption module into Java applications | |
| US20200089896A1 (en) | Encrypted log aggregation | |
| WO2019209893A1 (en) | Operating system on a computing system | |
| US9858423B2 (en) | Application modification based on a security vulnerability | |
| US20180103029A1 (en) | Writing system software on an electronic device | |
| Angelakis | Application development in the trusted execution environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |