KR20110049196A - Hacking protection input system - Google Patents

Hacking protection input system Download PDF

Info

Publication number
KR20110049196A
KR20110049196A KR1020090106101A KR20090106101A KR20110049196A KR 20110049196 A KR20110049196 A KR 20110049196A KR 1020090106101 A KR1020090106101 A KR 1020090106101A KR 20090106101 A KR20090106101 A KR 20090106101A KR 20110049196 A KR20110049196 A KR 20110049196A
Authority
KR
South Korea
Prior art keywords
flash
module
input
action
user computer
Prior art date
Application number
KR1020090106101A
Other languages
Korean (ko)
Inventor
이동성
Original Assignee
이동성
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 이동성 filed Critical 이동성
Priority to KR1020090106101A priority Critical patent/KR20110049196A/en
Publication of KR20110049196A publication Critical patent/KR20110049196A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/629Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/048Interaction techniques based on graphical user interfaces [GUI]
    • G06F3/0484Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
    • G06F3/04842Selection of displayed objects or displayed text elements

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Human Computer Interaction (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

PURPOSE: A hacking protecting input system is provided to prevent the leakage of personal information without additional installation of a user computer by supplying an action guard flash of personal information input. CONSTITUTION: If a user computer is connected, a flash executing module(20) displays an action guard flash of a homepage. If a mouse pointer is operated in the action guard flash, an input module(22) recognizes and stores the matching of a direction telephone result and a pointer. If a result of the direction telephone is matched with the pointer, a processing module(24) processes a control signal.

Description

Hacking protection input system

The present invention relates to a hacking prevention system, and more particularly, even if a computer user accesses a specific site on the Internet and inputs a password (PW), the hacking attempt performed by a hacker by a key input or a click input can be blocked. It relates to a hacking prevention system for input.

Due to the rapid development of Internet technology, there is a positive aspect of reorganizing the industrial structure and improving work efficiency.However, if you want to use various fields such as authentication sites, online internet banking, e-commerce, etc. Since personal information must be entered, there is a concern that personal information that must be kept confidential is exposed to hackers.

As personal information is exposed to hackers and stolen, the damage cases are on the rise, and ways to prevent this are being studied in various directions.

For example, a malicious hacker uses a keylogger program to leak personal information, which is installed on a user's computer to record important personal information, such as a password that a user enters through a keyboard, or log in real time. It has a structure to send to.

Thus, if such a malicious program is installed by a hacker on the user's computer, serious problems may occur when using Internet online banking.

In order to solve the above problems, Patent Application No. 2001-62289 "ActiveX-based keyboard hacking prevention method and apparatus" and Patent Application No. 2002-121141 "Keyboard hacking prevention method" and Patent Application No. 2002-43576 "How to prevent hacking of keystroke data and a computer-readable recording medium recording the same" and Patent Application No. 2003-25951 "Keyboard hacking prevention method using virtual keyboard data transmission" and Patent Application No. 2003-76291 "Keyboard Security method and system, and Patent Application No. 2004-15665, "Keyboard hacking blocking method and a recording medium recording the program." The patent application is applied to a user's computer using Active X technology. It automatically installs a secure keyboard driver to protect the values entered on the keyboard.

These keyboard security solutions can be installed and run on a user's computer. Then, when the user communicates with the Internet, the keyboard security program is automatically executed to identify and block known keyboard hacking programs or to encrypt key values on the keyboard driver. The keylogger is automatically executed to identify and block a known keyboard hacking program or to encrypt a key value on the keyboard driver to disable the keylogger program and to operate the secure keyboard driver to block hacking.

However, the keyboard hacking prevention technology according to the above patent applications has a number of disadvantages, so there is a big problem that can not block the applied hacking technology, the problem occurs when the first known keyboard hacking program, hackers directly If a developed or used source code of a known keylogger program is modified, a variant program cannot be detected when identifying a keyboard hacking program, and thus there is a possibility that information input by a user is leaked.

In addition, the development of key logger programs is developed among general programmers who have no hacking knowledge through API (Application Program Interface) hooking technology. It is because it becomes.

In addition, the solutions for preventing keyboard hacking are developed to be installed on the user's computer through the ActiveX technology, which assumes that the keylogger program is installed on the user's computer, so that the user's computer is already taken over by the hacker. It must be assumed that hackers can analyze the keyboard hacking prevention solution installed on the user's computer in advance, and this analysis can reversely tamper with the keyboard security program running on the user's computer, thereby preventing keyboard hacking. After the program is disabled, when the keylog program is executed, there is a problem that information input by the user may leak.

Techniques for preventing keyboard hacking under the assumption that a key logger program is installed to block the hacking techniques in order to overcome the limitations of the keyboard security solutions are disclosed in Patent Application No. 2004-83378 "Keyboard hacking prevention method using a mouse". And Patent Application No. 2003-3223, "Method for Preventing Key Input Theft," The solution uses a virtual keyboard and a virtual mouse so that the user can input information without using a keyboard at all during internet communication. Block personal information leakage due to keyboard hacking.

However, the hacking prevention techniques using the virtual keyboard and the virtual mouse have a problem of being disabled by a method of capturing an image by a mouse click event. That is, a hacker captures a mouse or screen image or records mouse coordinates every time a mouse key is input using the API hooking technology on the user's computer to leak the captured user's personal information in a similar manner to the keylogger program. There was this.

Accordingly, the present invention has been made to solve the above-mentioned problems according to the prior art, the object of the present invention is that even if a computer user accesses a specific site on the Internet and enters the password (PW) by the hacker key input or In order to block hacking attempts made by click input, it provides Action Guard flash when entering personal information such as password so that personal information can be input to user's computer without additional installation work. The present invention provides a hacking prevention system for inputs to prevent personal information from being leaked.

However, the object of the present invention is not limited to the above-mentioned object, other objects that are not mentioned will be clearly understood by those skilled in the art from the following description.

Features of the hacking prevention system for the input according to the present invention for achieving the above object,

A control module 16 that determines whether the user computer 14 is connected to the homepage 12 of the web server 10 through the Internet, and includes a preset security program;

As a result of the determination of the control module 16, if the user computer 14 is connected, the action guard flash (Home) is displayed on the homepage 12 displayed on the screen of the user computer 14 according to the control signal of the control module 16. a flash execution module 20 for displaying a dial lock flash 18;

When the mouse pointer of the user computer 14 is in a direction change action on the action guard flash 18 of the homepage 12 displayed on the screen of the user computer 14, it is determined whether or not it is positioned with a predetermined arrow. A storage module 30 stored by the input module 22 to recognize and input according to the control signal of the control unit;

A progress module 24 for proceeding to the next step by a preset program according to a control signal of the control module 16 when the input result of the input module 22 matches the preset arrow;

If the operation guard flash 18 action of the homepage 12 displayed on the screen of the user computer 14 is wrong, the user moves the mouse pointer out of the action guard flash 18 and moves the mouse pointer. The action consists of an initialization module 28 which initializes according to the control signal of the control module 16.

As described above, the hacking prevention system for the input according to the present invention is safe for hacking by an event caused by a click on a keyboard or a mouse, and blocks the input information theft using a keyboard hooking technique such as a key logger. As it is dynamically moved by mouse action by the initial setting and dialing method, it has a safe effect on the hacking method of recording coordinates or screen capture method.

In addition, the present invention has the effect that it can be executed in conjunction with a sufficient number of processes without competing with other keyboard security programs to preempt key input.

Hereinafter, a preferred embodiment of the hacking prevention system for the input according to the present invention will be described. In the following description of the present invention, detailed descriptions of well-known functions or configurations will be omitted when it is deemed that they may unnecessarily obscure the subject matter of the present invention.

1 is a view schematically showing a connection relationship between a user computer and a web server to which the present invention is applied, FIG. 2 is a view schematically showing a configuration of a hacking prevention system for an input according to the present invention, and FIG. 3 is FIG. FIG. 4A is a view showing an action guard flash displayed on a screen of a user computer by the flash execution module. FIG. 4A is a detailed view of the action guard flash of FIG.

As shown in Figures 1 to 3, the hacking prevention system for the input according to the present invention,

Determining whether the user computer 14 is connected to the homepage 12 of the web server 10 through the Internet, but including a control module 16 having a preset security program;

As a result of the determination of the control module 16, if the user computer 14 is connected, the action guard flash (Home) is displayed on the homepage 12 displayed on the screen of the user computer 14 according to the control signal of the control module 16. a flash execution module 20 for displaying an action guard flash 18;

When the mouse pointer of the user computer 14 is changed to a direction change action on the action guard flash 18 of the homepage 12 displayed on the screen of the user computer 14, it is determined whether the control module 16 matches the preset arrow. An input module 22 for recognizing and inputting the control signal of the control unit;

A progress module 24 for proceeding to the next step by a preset program according to the control signal of the control module 16 when the input module 22 determines that the arrow matches the preset arrow;

When the action guard flash 18 action of the home page 12 displayed on the screen of the user computer 14 is wrong, the control module 16 moves the mouse pointer of the user computer out of the action guard flash 18. Initialization module 28 for initializing according to the control signal of the).

Reference numeral 30 denotes a storage module.

The action guard flash 18 may be displayed in various shapes, as shown in FIGS. 4A to 4B.

Looking at the operation of the anti-hacking system for the input according to the present invention configured as described above with reference to Figs.

First, the control module 16 with a preset security program determines whether the user computer 14 is connected to the homepage 12 of the web server 10 through the Internet.

As a result of the determination of the control module 16, if the user computer 14 is connected, the control module 16 displays the home page 12 on the screen of the user computer 14 and simultaneously returns to the flash execution module 20. A control signal is sent to display an action guard flash 18 on the home page 12.

In addition, the control module 16 determines whether the mouse pointer of the user computer 14 is acted to change direction by the action guard flash 18 of the homepage 12 displayed on the screen of the user computer 14, In the action, the control module 16 sends a control signal to the input module 22 to input a preset arrow and a number input at the action.

For example, in order to log in to the homepage 12, put the mouse pointer on the action guard flash 18, and then move the mouse pointer, the action guard flash 18 to change the direction according to the movement of the mouse pointer. Will rotate accordingly.

In addition, assuming that the password is '0847', if the '0' is located in the arrow at the time of initialization, if the '0' is aligned with the arrow again by turning in the advancing direction, a single digit is input accordingly, and the input number is the control module. According to the control signal of 16, the number input to the input module 22 is sent to the storage module 30.

On the other hand, as a result of the input of the input module 22, in accordance with a predetermined arrow to the storage module and the control module 16 sends a control signal to the progress module 24 to proceed to the next step according to the preset program. .

For example, if the first password '0' matches the arrow through redirection, the one digit password is entered and the next digit number '8' is reversed from the direction to proceed to position the arrow. Go ahead and place it on the arrow.

In the same manner as above, '4' and '7' are input to the action guard flash by the change of direction.

In addition, the control module 16, when the action guard flash 18 action of the homepage 12 displayed on the screen of the user computer 14, if the operation is wrong, the mouse of the user computer out of the action guard flash 18 It is determined whether the pointer is taken, and if the mouse pointer is acted out of the action guard flash 18, the control signal is sent to the initialization module 28 to initialize the use of the action guard flash 18.

The above detailed description is merely illustrative of the present invention, which is used only for the purpose of illustrating the present invention and is not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will understand that various modifications and equivalent other embodiments are possible from this. Therefore, the true technical protection scope of the present invention will be defined by the technical spirit of the appended claims.

1 is a view schematically showing a connection relationship between a user computer and a web server to which the present invention is applied;

2 is a view schematically showing the configuration of an anti-hacking system for an input according to the present invention;

3 is a view showing an action guard flash displayed on the screen of the user computer by the flash execution module of FIG.

Figure 4a is a detailed view of the action guard flash of Figure 3,

4B is another detailed view of the action guard flash of FIG. 3.

<Description of the symbols for the main parts of the drawings>

10: web server 12: homepage

14: user computer 16: control module

18: action guard flash 20: flash execution module

22: input module 24: progress module

28: initialization module 30: storage module

Claims (1)

A control module 16 that determines whether the user computer 14 is connected to the homepage 12 of the web server 10 through the Internet, and includes a preset security program; As a result of the determination of the control module 16, if the user computer 14 is connected, the action guard flash (Home) is displayed on the homepage 12 displayed on the screen of the user computer 14 according to the control signal of the control module 16. a flash execution module 20 for displaying a dial lock flash 18; When the mouse pointer of the user computer 14 is in a direction change action on the action guard flash 18 of the homepage 12 displayed on the screen of the user computer 14, it is determined whether or not it is positioned with a predetermined arrow. A storage module 30 stored by the input module 22 to recognize and input according to the control signal of the control unit; A progress module 24 for proceeding to the next step by a preset program according to a control signal of the control module 16 when the input result of the input module 22 matches the preset arrow; If the operation guard flash 18 action of the homepage 12 displayed on the screen of the user computer 14 is wrong, the user moves the mouse pointer out of the action guard flash 18 and moves the mouse pointer. Anti-hacking system for the input, characterized in that consisting of an initialization module 28 to initialize according to the control signal of the control module 16 when the action.
KR1020090106101A 2009-11-04 2009-11-04 Hacking protection input system KR20110049196A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020090106101A KR20110049196A (en) 2009-11-04 2009-11-04 Hacking protection input system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020090106101A KR20110049196A (en) 2009-11-04 2009-11-04 Hacking protection input system

Publications (1)

Publication Number Publication Date
KR20110049196A true KR20110049196A (en) 2011-05-12

Family

ID=44360371

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020090106101A KR20110049196A (en) 2009-11-04 2009-11-04 Hacking protection input system

Country Status (1)

Country Link
KR (1) KR20110049196A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2648126A1 (en) 2012-04-05 2013-10-09 LG CNS Co., Ltd. Method of authenticating user, server and mobile terminal performing the same
WO2020138822A1 (en) * 2018-12-24 2020-07-02 삼성전자 주식회사 Electronic device and key input method therefor

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2648126A1 (en) 2012-04-05 2013-10-09 LG CNS Co., Ltd. Method of authenticating user, server and mobile terminal performing the same
US9532216B2 (en) 2012-04-05 2016-12-27 Lg Cns Co., Ltd. Method of authenticating user, server and mobile terminal performing the same
WO2020138822A1 (en) * 2018-12-24 2020-07-02 삼성전자 주식회사 Electronic device and key input method therefor

Similar Documents

Publication Publication Date Title
US7779062B2 (en) System for preventing keystroke logging software from accessing or identifying keystrokes
US7996682B2 (en) Secure prompting
Fernandes et al. Android ui deception revisited: Attacks and defenses
US7263721B2 (en) Password protection
CN101340281A (en) Method and system for safe login input on network
CN101667232B (en) Terminal credible security system and method based on credible computing
US9659173B2 (en) Method for detecting a malware
Mohamed et al. Smashed: Sniffing and manipulating android sensor data for offensive purposes
US20070209014A1 (en) Method and apparatus for secure data input
WO2021046811A1 (en) Attack behavior determination method and apparatus, and computer storage medium
EP3563548B1 (en) Historic data breach detection
US8978150B1 (en) Data recovery service with automated identification and response to compromised user credentials
CN113904820A (en) Network intrusion prevention method, system, computer and readable storage medium
KR100571695B1 (en) Hacking protect method of keyboard, mouse and image
Creutzburg The strange world of keyloggers-an overview, Part I
KR20110049196A (en) Hacking protection input system
Oh et al. A protection technique for screen image-based authentication protocols utilizing the SetCursorPos function
CN112613000A (en) Sensitive information protection method and device, electronic equipment and readable storage medium
Sapra et al. Circumventing keyloggers and screendumps
CN1208728C (en) Safety computer with information safety management unit
Moses et al. Touch interface and keylogging malware
Lee et al. Vulnerability analysis on the image‐based authentication: Through the WM_INPUT message
Nayak et al. Robust virtual keyboard for online banking
KR100651611B1 (en) Safe control method when detecting the access to storage media
Kong et al. PtmxGuard: An improved method for android kernel to prevent privilege escalation attack

Legal Events

Date Code Title Description
A201 Request for examination
N231 Notification of change of applicant
E902 Notification of reason for refusal
E601 Decision to refuse application