200924476 七、指定代表囷: ^案指定代表圖為:第(二)圖 本代表圖之元件符號簡單說明· 20 21 211 22 23 24 伺服端電腦主機 應用端電腦主機 鍵盤側錄軟體 防側錄鍵盤 防側錄鍵盤連接線 加密網路 八 、本案若有化學式時,請揭示最能顯ί發明特徵的化學式 九、發明說明: 【發明所屬之技術領域】 j貝’叮文王石心社的糸、统愈方、本 ί方=可確保鍵盤的按鍵資料不會被非法的側錄軟體取 =二因為鍵盤的按鍵資料是經過鍵盤加密直接傳' 為=電腦轉㈣安全認證㈣。透過這 軟體取 主Λ是直接將加密的按鍵資料傳二飼 服%罨胸叹有其他加工處理加密的按鍵資料,也不合 正的按鍵資料,讓側錄軟體或間諜軟體無機可趁。㈢^ 服端電腦域解密取得真正的 【先前技術】 請參閱第-圖’個人電腦(PerSQnal C()mputer,Pc)的鍵盤資 料係經由中央處理器(Centrai processing jjnit,CRJ)之輸 出入指令(10 instructions)與輸出入埠60h及64h ^Keyboard Controller 10 ports 6〇h,64h(h 代表十六進位數 字))來達成。由於個人電腦的原始架構的關係,任意軟體都 可以輕易地取得鍵盤按鍵的資料,而且使用者都不會查覺到 200924476 任何異狀。按鍵侧錄或間諜軟體(keyl〇gger 〇Γ spy s〇f切are) 就是利用這個特性來非法盗取個人帳號與密碼。 王球表大的中央處理器製造商英特爾(Intel)於幾年前曾推廣 TMKBC (Trusted Mobile Keyboard Controller),TMKBC 主要 定位在高階商用的筆記型電腦,而其架構必須搭配整套特製 的電月b 晶片(LaGrande Platform),包括 Trusted CPU, Trusted Chipset, Trusted Memory, Trusted Graphics, Trusted Platform Module(TPM)以及 TMKBC。由於此系統平 台涉及層面過多,無法相容於現有之軟硬體系統,並且實作 f本過高,以致於lntel目前已經不再推廣這個新系統平 口 ° TMKBC的目的即在讓使用者的按鍵不會被盗取,但規格 中並不包括任何加解密的技術或方法,其憑藉的防側錄技術 建立在整個可信任平台(LaGrande platf〇rm)是不允許任意軟 體去讀取或更改鍵盤的資料。 心 由於目刖市,上並無加密鍵盤的產品,即使有防毐與防間諜 的專人體,也#聽到線上電腦遊戲的使用者在線上遊戲中的寶' 物或點數被盗,或因網路銀行的帳號密碼被側錄而有所損 失。據統計,側錄軟體造成的損害每年也以倍數的數目成 長/很多國家也因此而限制網路金融的交易。例如國内網路 銀行不得無約定的帳號轉帳,網路ATM無約定的帳號 得超過三萬元。有些國家甚至不許使用網路銀行。 1前的電腦網路雖然有各種成熟穩定的加密拔術,但即使電 路使用的加密的網路協定,亦非無法解決側錄軟體和間 軟體的問題,因為問題的根源在於個人電腦的鍵盤是可以 =錄的,除雜決鍵盤會侧錄關題,否關錄軟 間課軟體就*會㈣失的-天。所⑽,關錄加密鍵盤是 200924476 電腦網路系統必傷且非常重 被側錄的根本問題,但加密的然並沒有解決鍵盤 按鍵資料變成無意義的亂碼,除非:二,體側錄到的 的問題。 制知"鍵側錄軟體和間諜軟體 【發明内容】 t發明為—種電腦網路認證 鍵加密功能,來達到安全的網路存;法加2::鍵盤的按 置,此裴置借由加密鍵盤按鍵代满读鍵盤為一鍵盤裝 的鍵盤通常以PS2^usb的連結器接上個人電腦, 料則透過ps2或懸協定規格⑽騰P=:ls ^ckbc)^usb /μΛ (USB H controller) ’軟體透過輸出入埠 =4h與KBC溝通,或透過USB主機控制器,取得按鍵的資 m料傳送龍腦主機的過程中,按㈣料是公開透明 的’因為個人電腦的軟硬體規格是公開的,也就是任何人 I以利用公開的軟硬體規格,自製或其他方式取得按鍵側 錄:間課軟體(keylogger,spy SC)ftware),擷取使用者按鍵 的貧料。 本發明利用按鍵資料在鍵盤中即被加密,再上傳至應用端電腦 中’應用端電腦直接將加密的按鍵資料傳送到網路上的伺服 端電腦主機,所以應用端電腦不處理也不會儲存解密過的按 鍵資料。而按鍵侧錄軟體與間諜軟體所取得的是被加密過的 200924476 貝料,只要加密的演算法(encryption alg〇rithm)或密鑰 (private or secret key)不被按鍵侧錄軟體與間諜 道’按鍵資料便不會被非法盗取。 為了進一步了解本發明之特徵及技術内容,請參閱【實施方 式】之細部說明與附圖。然而細部說明與附圖僅提供表 明之用,並非用來限制本發明之範圍。 ^ 【實施方式】 二圖(本案使用技術系統架構圖),舰端電腦主機 20,應用職腦主機21以網路相連接,其中伺服端軟體會】 供使时名稱與密碼來登人伺服端電腦。鍵 i的g 能會在應用端電腦暗中側錄所有使用者按 加?方/則錄加密鍵盤的連接㈣ 組,只要其中有一個(22或23)具有防側錄功能即 it日f Γ力效,並獨要二者_具有_錄加密功能。口 要最後由顧端電職體取得的按鍵是加密的即可,音 =輸出輸入埠6_4h取得加密的資料。因為桌g 是ί接ff在電腦主機板上,KBC晶片 ^(keyboard devlce controller),所以 KBC 直接處理按 料而不必經由-條外接的PS2或USB的連接線來連接。、、 述說明可清楚看出頻_主要與習知技術的差別在於 ,=口密功能與否。接下來看第三圖與第四圖系统二气 與細端軟體在新舊技術上帳號與密碼認 200924476 iHf舊技術步驟32與33使用者輸人帳號與密碼 “;=:==^,入什麼資料,側 ===以與密:= 軟驟體= 何解密f碼,除非繼軟體知道如 r按鍵資料只 軟體關閉防側錄鍵盤。 俊值&軟體再要求應用端 在新系統的防側錄功能的開啟盥 前的個人電腦系統,並且減少系餘可牙、疋為了相容於目 鍵盤資料按鍵都由飼服端解密1312防侧錄功能的 ΐ腦的軟硬體計算資源把按鍵資料===員ff司服端 側錄加密應㈣她直開啟防 者感覺到那騎辆反應。m杨—般鍵無鍵給使用 【圖式簡單說明】 f=圖為習知技術系統架構圖。 ^圖為本案使用技術系統架構圖。 弟二圖為習知技術系統操作流程圖。 200924476 第四圖為本案使職補嶋作流程圖。 【主要元件符號說明】 第一圖: 伺服端電腦主機 1〇 應用端電腦主機 n 鍵盤側錄軟體 ιη 一盤鍵盤 一盤鍵盤連接線(PS2或USB) 13 加密網路 1yj 第二圖: 伺服端電腦主機 2〇 應用端電腦主機 21 鍵盤側錄軟體 211 防側錄鍵盤 22 防侧錄鍵盤的連接線(PS2或USB) 23 加密網路 24 I 第三圖: 應用端電腦(Client):要求登入伺服端電腦系統 30 伺服端電腦(Server):要求使用者帳號密瑪認證 31 應用端電腦(Client):要求使用者輸入帳號密碼 32 應用端電腦(Client):透過網路傳送使用者帳號密碼 33 伺服端電腦(Server):認證使用者帳號密碼 科 鍵盤侧錄軟體:在使用者輸入資料時暗中侧錄按鍵資料 % 第四圖: 應用端電腦(C1 i ent):要求登入伺服端電腦系、統 30 9 200924476 伺服端電腦(Server):要求防側錄使用者帳號密碼認證31 應用端電腦(Client):啟動鍵盤防側錄功能 山 要求使用者輸入帳號密碼 32 應用端電腦(Cl ient):透過網路傳送防側錄加密的使用者帳 號密碼 伺服端電腦(Server):解密防側錄使用者帳號密碼 認證使用者帳號密碼 要求關閉键盤防側錄功能 34 鍵盤側錄軟體:在使用者輸入資料時暗中側錄按鍵資料35 '申請專利範圍: L 個應用端與伺服端電腦網路系統,此系統中包含: 一個伺服端電腦主機; 一個應用端電腦主機; 一^[口連接在應用端電腦上具有防侧錄功能的鍵盤模組; 固連接伺服端電腦與應用端電腦的網路; 用端電腦接收來自防側錄鍵盤模組的加密按 送給祠服端電腦’以此達到防止未加密的“ 在應用鳊電腦被側錄的功效。 ' 利範圍第1項所述之伺服端電腦主機中執行的伺服 _㈢要求使用者輸入機密性的資料;例如使用者帳穿、 馬、身份證字號、生日、信用卡卡號、交易金額、數量等"。 3.如申請專纖㈣1柄述之制端電駐機巾執行的應用200924476 VII. Designated representative ^: ^ The designated representative figure of the case is: (2) The picture symbol represents a simple description of the component symbol. 20 21 211 22 23 24 Servo computer host application computer host keyboard side recording software anti-side recording keyboard Anti-side recording keyboard connection cable encryption network 8. If there is a chemical formula in this case, please disclose the chemical formula that best describes the characteristics of the invention. 9. Description of the invention: [Technical field of invention] jbe's 叮文王石心社Tong Yu Fang, Ben ί Fang = can ensure that the keyboard key data will not be taken by the illegal side recording software = two because the keyboard key data is directly transmitted through the keyboard encryption 'for = computer turn (four) security certification (four). Through this software, the main Λ is to directly transfer the encrypted key data to the second feeding service. The other sighs have other processing keys, and the key information is not correct, so that the side recording software or the spy software is inorganic. (3) ^ The computer domain decryption of the server is real [prior art] Please refer to the figure - 'Personal computer (PerSQnal C () mputer, Pc) keyboard data is output command via the central processor (Centrai processing jjnit, CRJ) (10 instructions) and output 埠60h and 64h ^Keyboard Controller 10 ports 6〇h, 64h (h stands for hexadecimal digits)). Due to the original architecture of the personal computer, any software can easily obtain the data of the keyboard keys, and the user will not be aware of any abnormalities in 200924476. Keystroke or spyware (keyl〇gger 〇Γ spy s〇f cut are) is to use this feature to illegally steal personal accounts and passwords. Intel’s Intel processor manufacturer Intel (Intel) promoted TMKBC (Trusted Mobile Keyboard Controller) a few years ago. TMKBC is mainly targeted at high-end commercial notebook computers, and its architecture must be matched with a complete set of special electric moon b. The chip (LaGrande Platform) includes Trusted CPU, Trusted Chipset, Trusted Memory, Trusted Graphics, Trusted Platform Module (TPM) and TMKBC. Because this system platform involves too many layers, it is not compatible with the existing software and hardware systems, and the implementation is too high, so that lntel is no longer promoting the new system. The purpose of TMKBC is to let the user press the button. It will not be stolen, but the specification does not include any encryption or decryption technology or method. Its anti-sliding technology is built on the entire trusted platform (LaGrande platf〇rm) and does not allow any software to read or change the keyboard. data of. Because of the sight of the city, there is no encryption keyboard product, even if there is a special body for anti-smashing and anti-spyware, you can also hear the online game’s online game’s treasures or points stolen, or because of The account password of the online bank was recorded and lost. According to statistics, the damage caused by the software recorded by the side-by-side software is also growing in multiples per year. Many countries also restrict online financial transactions. For example, domestic online banks may not transfer accounts without an agreement, and the network ATM has no agreed account number of more than 30,000 yuan. Some countries do not even allow online banking. Although the former computer network has a variety of mature and stable encryption, but even the encrypted network protocol used by the circuit, it is impossible to solve the problem of software and software. Because the root of the problem lies in the keyboard of the personal computer. Can = recorded, in addition to the miscellaneous keyboard will be recorded on the side of the title, or the soft-book class software will be closed * (four) lost - days. (10), the closed encryption keyboard is 200924476 computer network system must be hurt and very heavy side of the basic problem, but the encryption does not solve the keyboard key data becomes meaningless garbled, unless: second, the body side recorded The problem. Knowing "key side recording software and spyware [invention content] t invention is a kind of computer network authentication key encryption function to achieve secure network storage; Fajia 2:: keyboard pressing, this device lending The keyboard is installed by the keyboard with the encryption keyboard. The keyboard is usually connected to the PC with the connector of PS2^usb. The material is ps2 or suspended. (10) Teng P=:ls ^ckbc)^usb /μΛ (USB H controller) 'Software communicates with KBC through input/output 埠=4h, or through the USB host controller, the process of obtaining the key information to transfer the dragon brain host, press (four) material is open and transparent 'because the soft and hard of the personal computer The body specification is public, that is, anyone I uses the open hardware and software specifications, self-made or other means to obtain the button side recording: keyware (spy SC) ftware), to take the user's button poor. The invention utilizes the key data to be encrypted in the keyboard, and then uploads to the application computer. The application computer directly transmits the encrypted key data to the server computer host on the network, so the application computer does not process and does not store and decrypt. Key data. The button side recording software and spyware get the encrypted 200924476 beaker, as long as the encryption algorithm (encryption alg〇rithm) or key (private or secret key) is not pressed by the side of the software and spy road ' The button data will not be illegally stolen. In order to further understand the features and technical contents of the present invention, please refer to the detailed description of the [implementation method] and the accompanying drawings. However, the detailed description and the accompanying drawings are for the purpose of illustration only ^ [Implementation] Two pictures (in this case using the technical system architecture diagram), the ship terminal computer host 20, the application brain host 21 is connected by the network, wherein the server software will provide the time and name to the server. computer. The g of the key i can be recorded in the application computer side by side. All the users press the add/write encryption keyboard connection (4) group, as long as one of them (22 or 23) has the anti-slide function, ie it is f Effective, and the two must have both _ record encryption. The button to be finally obtained by Gu Duan's service is encrypted. The sound = output input 埠 6_4h to obtain the encrypted data. Because the table g is ί ff on the computer motherboard, KBC chip ^ (keyboard devlce controller), so the KBC directly processes the material without having to connect via an external PS2 or USB cable. The description can clearly see that the difference between the frequency and the prior art is that the function of the secret is not. Next, look at the third and fourth diagrams of the system two gas and fine-end software on the old and new technology account and password recognition 200924476 iHf old technology steps 32 and 33 user input account and password "; =: == ^, into What information, side === to and secret: = soft body = how to decrypt the f code, unless the software knows that the software like r button only software closes the anti-sliding keyboard. Jun value & software then requires the application side in the new system The anti-sliding function is turned on in front of the personal computer system, and the software and hardware resources of the camphor are reduced by the 1312 anti-slide function in order to be compatible with the keyboard data. Key data === ff ff department side recording encryption should be (four) she straight open the defender feels that riding reaction. m Yang - ordinary key without key to use [schematic simple description] f = picture is a conventional technology system Architecture diagram. ^The diagram shows the technical system architecture diagram for this case. The second diagram is the flow chart of the operation of the conventional technology system. 200924476 The fourth diagram is the flow chart of the task of the case. [Main component symbol description] First diagram: Servo End computer host 1 〇 application computer host n keyboard Recording software ιη A keyboard keyboard keyboard cable (PS2 or USB) 13 Encrypted network 1yj Second picture: Servo computer host 2 〇 Application computer host 21 Keyboard side recording software 211 Anti-side recording keyboard 22 Anti-side recording keyboard Connection cable (PS2 or USB) 23 Encrypted network 24 I Third diagram: Client computer: Request to log in to the server system 30 Servo computer: Request user account Mimar authentication 31 Application computer (Client): Require user to enter account password 32 Client computer (Client): Transmit user account password through network 33 Servo computer (Server): Authentication user account password section Keyboard side recording software: input data in user In the dark side of the key record information% Fourth: Application computer (C1 i ent): requires login to the server computer system, system 30 9 200924476 server computer (Server): requires anti-side recording user account password authentication 31 application Computer (Client): Start the keyboard anti-sliding function Mountain requires the user to input the account password 32 Application computer (Cl ient): Transmitting the anti-side recording encrypted user account password server computer (S Erver): Decryption anti-sliding user account password authentication user account password request to turn off the keyboard anti-sliding function 34 Keyboard side recording software: secretly recording the button data when the user inputs data 35 'Patent application scope: L applications End and servo computer network system, the system includes: a server computer host; an application computer host; a ^ port connected to the application computer with anti-slide keyboard module; fixed connection server The network of the computer and the application computer; the end computer receives the encryption from the anti-sideboard keyboard module and sends it to the server computer to "prevent the unencrypted" function in the application. 'Servo executed in the server computer host mentioned in item 1 of the profit range_(3) requires the user to input confidential information; for example, user account wear, horse, ID number, birthday, credit card number, transaction amount, quantity, etc. ". 3. If applying for special fiber (4) 1 handle, the application of the terminal electric station towel