CN1252550A - Security cipher confirming keyboard and method thereof - Google Patents

Security cipher confirming keyboard and method thereof Download PDF

Info

Publication number
CN1252550A
CN1252550A CN 99121691 CN99121691A CN1252550A CN 1252550 A CN1252550 A CN 1252550A CN 99121691 CN99121691 CN 99121691 CN 99121691 A CN99121691 A CN 99121691A CN 1252550 A CN1252550 A CN 1252550A
Authority
CN
China
Prior art keywords
authentication
keyboard
password
buffer
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 99121691
Other languages
Chinese (zh)
Other versions
CN1095112C (en
Inventor
后健慈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN99121691A priority Critical patent/CN1095112C/en
Publication of CN1252550A publication Critical patent/CN1252550A/en
Priority to GB0025325A priority patent/GB2355331B/en
Application granted granted Critical
Publication of CN1095112C publication Critical patent/CN1095112C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Input From Keyboards Or The Like (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a security cipher confirming keyboard and method, especially to a cipher confirming system, in which cipher data is keyed in through keyboard as a hardware confirmation. Inside keyboard, are set a unreadable protected confirming buffer area, a confirm controller and a confirm table. The confirming buffer area together with original keyboard buffer area treats keyboard input character streams. After the cipher data are fed into the confirming buffer area, the confirm controller compares the cipher data with the data inside the confirm table; and after passing through confirmation, the user is allowed to clear the confirming buffer area by using computer system. Because CPU and confirm software do not join in the confirmation, an illegal invalder can not capture the cipher data, and this makes the confirm system safer than conventional ones.

Description

The key board unit and the method thereof of the authentication of tool security password
The present invention relates to the key board unit and the method thereof of the authentication of a kind of tool security password, particularly a kind ofly utilize the hardware authentication to import secret message, and CPU do not participate in verification process with authenticating software, can solve the design of conventional cipher Verification System security breaches by keyboard.
Traditional cipher authentication system is dominated by software, as shown in Figure 1, when the user will start cipher authentication system, because the authentication software is performed by CPU, the password 10 that software will set according to the user, produce a private mark chart 12 by authentication software 11, when using each time afterwards, authentication software 12 all will be inquired user's password 10 ', after the user imported password 10 ' by keyboard, authentication software 11 contrasted this password and original private mark chart 12 that produces, as if correct, then the user promptly has the right of using system, can do the access and the processing of data to storage device (as hard disc etc.).But the illegal invasion person in the whole authentication process (hacker) can see handling procedure, the authentication private mark chart that software produced 12 is very easy to by illegal invasion person's displacement, revises, or the results of comparison of password 11 played tricks, be about to the result and change to correctly or not and work.
For instance, the password that the user sets is " abc ", and the coding back is " * ﹠amp; 1 "; the password of encoding will be sent in the memory body and store; but the data in the memory body is not authenticated the protection of software 11; can utilize some softwares (as soft ICE etc.) to find password easily and be stored in position in the memory body; illegal invasion person if during authentication processing with the word string (be " xxx " as " cde " coding back) of equal length, with the original " * of " xxx " replacement; 1 ", so illegal invasion person can be easily by authentication.Thus, illegal invasion person can take from me whatever you please to the information of system stores.
In aforesaid cipher authentication process, no matter the input of the person of being to use or illegal invasion person's password all is to reach by input media, the most common input media promptly is a keyboard.Traditional keyboard includes keyboard array and keyboard controller (can with reference to figure 3), then is to finish by keyboard buffer with communicating by letter between computer.Therefore, password is identical with general character stream by the keyboard input, all will enter in the computer system by same keyboard buffer, transfers to CPU again and carries out identifying procedure to user filtering.
But traditional flow process has the secret worry on the following safety:
1. because keyboard buffer there is no the removing step after using, and be open to all users, any disabled user may obtain the password message that is not eliminated by illegal means in keyboard buffer.
2. identifying procedure is performed by CPU, and illegal invasion person can invade the CPU executive routine and obtain the password message easily.
3. Installed System Memory is not encrypted, and the authentication software may be attacked (as described above) by illegal invasion person.
Edge this, the present invention is because the shortcoming that existing security breaches of existing software Verification System and input media exist, a kind of key board unit and method thereof of tool security password authentication are provided, it is reached by hardware, CPU can't get involved identifying procedure with the authentication software, and solves the leak on the conventional authentication security of system.
According to aforementioned; the present invention be in keyboard, be provided with one not readable and have the authentication buffer of defencive function, a verification table that a controller for authentication and is used to authenticate; the original keyboard buffer of authentication buffer and keyboard is handled the character stream of keyboard input jointly; the password message is sent into authentication buffer; this controller for authentication promptly from authenticate buffer zone obtain message and with verification table in message relatively; authentication is by promptly allowing the user and use computer system and authentication buffer is removed, and can't obtain any residual keying material in keyboard.
Below will do a detailed description to structural design of the present invention and know-why, and with reference to accompanying drawing, feature of the present invention be done further to understand, wherein accompanying drawing comprises:
Fig. 1 is the schematic flow sheet that traditional soft is realized card;
Fig. 2 is system architecture figure of the present invention;
Fig. 3 is system works flow process figure of the present invention.
Description of reference numerals:
10 passwords, 20 key board units
10 ' password, 30 importations
11 authentication softwares, 31 keyboard controller
12 private mark charts, 32 keyboard arrays
33 keyboard buffers, 43 controller for authentication
34 authentication buffers, 44 verification tables
40 authentication section, 45 softwares
41CPU 50 bus-bars
42 system controllers
As shown in Figure 2, this figure is the framework map of system of the present invention.The key board unit 20 of tool security password authentication of the present invention mainly is made up of importation 30 and authentication section 40, wherein:
This importation 30 comprises traditional keyboard controller 31, keyboard array 32 and keyboard buffer 33 (with commonly used identical, not giving unnecessary details) and authentication buffer 34 herein.
This authentication section 40 includes CPU41, system controller 42, controller for authentication 43, verification table 44 and related software 45.
Importation 30 and authentication section 40 are by bus-bar 50 communicate by letter (for example PCI, ISA etc.).
This keyboard controller 31 is to distinguish to look 32 input data of keyboard array, if general character stream then with this data storage in keyboard buffer 33; If the password message then is stored in authentication buffer 34.
This system controller 42 is from the general message of keyboard buffer 33 acquisition, and sends into CPU41 and be for further processing.
This controller for authentication 43 is framework independent individuals in system controller 42, and it is the password message in the acquisition authentication buffer 34, and with verification table 44 in the keying material contrast that prestores, whether legal to appraise and decide the user.
The formation of this verification table 44 is to be set by software 45 when using for the first time in system, and this software 45 is guiding user setting code data, and is stored in the verification table 44.When starting again, refresh routine (as increasing user, Change Password etc.) only, the control of authentication will be transferred to controller for authentication 43 forever.
As shown in Figure 3, this figure is system works flow process figure of the present invention.When starting for the first time, software 45 is carried out and is set verification table 44, and the user is according to the guiding of software 45, and (step a), as the foundation that authenticates in the future, Ren Zheng work after this promptly has nothing to do in software 45 in verification table 44 with password setting.When carrying out again, the user is by keyboard array 32 input messages, and this keyboard controller 31 judges it is general character stream or password message (step b).If general character stream, then this input message will be controlled by keyboard controller 31 and send in the keyboard buffer 33 that (step c) is made conventional handling procedure (steps d by system controller 42; Identical with conventional keyboard).If password message, then send into authentication buffer 34 (step e) by keyboard controller 31 controls, this moment, user or illegal invasion person can only read the substitute symbol word string (as " * * * * * ") of corresponding password bit number in keyboard buffer 33, keyboard controller 31 and this substitute symbol word string is sent to software 45 and CPU41 by keyboard buffer 33, system controller 42 simultaneously, so anyone has to read the substitute symbol word string from authentication buffer 34, CPU41 and software 45, and can't obtain the password message.
This controller for authentication 43 from authenticate obtain the password message in the buffer zone 34 after, will compare with the data that prestores in the verification table 44 (step f), if be complementary, authentication success then, system will open all resources and use for the user.But if be not complementary, promptly represent authentification failure, system is any request of refusing user's, and so just protecting system resources closely blocks illegal invasion person's p of E in the path of the message that may snatch password.
After authentication procedure finished, controller for authentication 43 was about to authentication buffer 34 and removes (step g).
Because authentication buffer 34 not readable (promptly read as and replace the bit message) adopts above-mentioned safeguard measure simultaneously, and promptly is eliminated after each authentication is finished, system provides tight guarantee to user's password message.And the authentication of system is to be handled by the controller for authentication 43 that is independent of system controller 42, not via software 45 and CPU41, has solved the secret worry of conventional cipher Verification System.
In sum, the key board unit and the method thereof of tool security password authentication provided by the present invention, the execution of cipher authentication is not via CPU and authentication software, and password is by independently controller for authentication is performed, and replace former input password to substitute unreadable character stream, reach and remove authentication buffer after authentication finishes, make illegal invasion person can't in keyboard buffer, read any secret message, leak for the conventional authentication program proposes effective solution and countermeasure, has met the application important document of patent of invention really.
Methods such as above-described technology, accompanying drawing, program or control only are most preferred embodiments of the present invention, can not limit the scope of the invention according to this.The modifications and variations of being done within the scope of the invention any similar, that function is identical all should be in protection scope of the present invention.

Claims (5)

1. the key board unit of a tool security password authentication comprises importation and authentication section, wherein:
The importation comprises:
Keyboard buffer is temporary general character stream;
Authentication buffer is temporary password message;
Keyboard controller is looked keyboard array institute input data for distinguishing, if general character stream then with this data storage in keyboard buffer; If the password message then is stored in authentication buffer with the password message;
Authentication section includes:
CPU;
System controller for capturing general message from keyboard buffer, and is sent into CPU and is for further processing;
Controller for authentication is the independent individual of framework in system controller, the password message of its acquisition in authentication buffer, and with verification table in the keying material contrast that prestores, whether legal to appraise and decide the user;
Verification table is the password message that stored user is set, and makes the foundation of authentication in the future.
2. the key board unit of tool security password authentication as claimed in claim 1 wherein more includes software, in order to guiding user setting code data, and is stored in the verification table.
3. the key board unit of tool security password as claimed in claim 1 authentication wherein is communicate by letter by bus-bar (as PCI, ISA etc.) between this importation and authentication section.
4. the keyboard authentication method of tool security password authentication mainly is to import secret message by the hardware authentication by keyboard, and CPU do not participate in verification process with authenticating software, comprises the following steps:
A. software is carried out the step of setting verification table;
B. judge general character stream or password message step; If general character stream is sent in the keyboard buffer and is made conventional handling procedure by system controller; If the password message is then sent into authentication buffer and is made the Cipher Processing program by controller for authentication;
C. authenticate comparison step, the data that prestores in password message and the verification table is compared, if be complementary, authentication success then, system will open all resources and use for the user; If be not complementary, the authentication authorization and accounting failure, system is with any request of refusing user's.
D. remove data step in the authentication buffer.
5. the key board unit of tool security password authentication as claimed in claim 4, wherein after the input of password message, controller for authentication produces the substitute symbol word string of corresponding password message bit number to keyboard buffer.
CN99121691A 1999-10-14 1999-10-14 Security cipher confirming keyboard and method thereof Expired - Fee Related CN1095112C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN99121691A CN1095112C (en) 1999-10-14 1999-10-14 Security cipher confirming keyboard and method thereof
GB0025325A GB2355331B (en) 1999-10-14 2000-10-16 Keyboard apparatus with a password-identification device and method for controlling the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN99121691A CN1095112C (en) 1999-10-14 1999-10-14 Security cipher confirming keyboard and method thereof

Publications (2)

Publication Number Publication Date
CN1252550A true CN1252550A (en) 2000-05-10
CN1095112C CN1095112C (en) 2002-11-27

Family

ID=5282085

Family Applications (1)

Application Number Title Priority Date Filing Date
CN99121691A Expired - Fee Related CN1095112C (en) 1999-10-14 1999-10-14 Security cipher confirming keyboard and method thereof

Country Status (2)

Country Link
CN (1) CN1095112C (en)
GB (1) GB2355331B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255109A (en) * 2011-04-06 2011-11-23 宇龙计算机通信科技(深圳)有限公司 Authentication method for mobile terminal battery, and mobile terminal thereof
CN102521546A (en) * 2011-12-22 2012-06-27 福建联迪商用设备有限公司 Method for realizing mutual authentication of self-service terminal and pin pad

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2040229A1 (en) * 2007-09-18 2009-03-25 Axalto SA Method and system for obtaining a pin validation signal in a data processing unit

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2389284A1 (en) * 1977-04-27 1978-11-24 Cii Honeywell Bull INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION
FR2392447A1 (en) * 1977-05-26 1978-12-22 Cii Honeywell Bull INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION
AU556098B1 (en) * 1985-05-14 1986-10-23 Cadam Systems Company Inc. Program keyboard mechanism
EP0763791A1 (en) * 1995-09-14 1997-03-19 Hewlett-Packard Company Computer keyboard unit with smartcard interface

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255109A (en) * 2011-04-06 2011-11-23 宇龙计算机通信科技(深圳)有限公司 Authentication method for mobile terminal battery, and mobile terminal thereof
CN102521546A (en) * 2011-12-22 2012-06-27 福建联迪商用设备有限公司 Method for realizing mutual authentication of self-service terminal and pin pad
CN102521546B (en) * 2011-12-22 2014-10-08 福建联迪商用设备有限公司 Method for realizing mutual authentication of self-service terminal and pin pad

Also Published As

Publication number Publication date
GB2355331B (en) 2001-11-28
GB0025325D0 (en) 2000-11-29
CN1095112C (en) 2002-11-27
GB2355331A (en) 2001-04-18

Similar Documents

Publication Publication Date Title
O'Gorman Comparing passwords, tokens, and biometrics for user authentication
US7415605B2 (en) Biometric identification network security
CN102217277B (en) Method and system for token-based authentication
US8141141B2 (en) System and method for sequentially processing a biometric sample
US6745327B1 (en) Electronic certificate signature program
CN100587729C (en) Authentication device, authentication system, and verification method for authentication device
US20040243806A1 (en) Digital watermarking security systems
WO2006006182A2 (en) System, method of generation and use of bilaterally generated variable instant passwords
WO2004001656A2 (en) Systems and methods for secure biometric authentication
KR20040053253A (en) Method and apparatus for securely transmitting and authenticating biometric data over a network
CN1834977A (en) Authentication protection method based on USB device
KR100908100B1 (en) Encrypted image data with matryoshka structure and, system and method for mutual synchronization certificating using the same
CN117216740A (en) Digital identity authentication method based on blockchain technology
CN1291313A (en) A remotely accessible private space using a fingerprint
WO2020183250A1 (en) A system for generation and verification of identity and a method thereof
JP2005293490A (en) Biometrics system
CN1095112C (en) Security cipher confirming keyboard and method thereof
CN1322335A (en) Apparatus and method for end-to-end authentication using biometric data
CN111526010A (en) Key escrow method suitable for user identity authentication
CN1805338A (en) Cipher device and its user management method
TWI328956B (en)
CN1271525C (en) Computer system landing method
CN1263251C (en) Wireless network authentication method and authenticatior encrypting method
EP1689120B1 (en) An authentication method for information storing application
JP3227536B2 (en) Keyboard device and password authentication method using the same

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C53 Correction of patent for invention or patent application
CB02 Change of applicant information

Address after: The British Virgin Islands Duoertuolalu town zip code 34444

Applicant after: Gennetichvar Ltd.

Address before: Taipei city of Taiwan Province

Applicant before: Hou Jianci

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: HOU JIANCI TO: GENTICVAL CO., LTD.

C14 Grant of patent or utility model
GR01 Patent grant
C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee
REG Reference to a national code

Ref country code: HK

Ref legal event code: GR

Ref document number: 1064451

Country of ref document: HK