TW201533603A - Key protecting method and a computing apparatus - Google Patents

Key protecting method and a computing apparatus Download PDF

Info

Publication number
TW201533603A
TW201533603A TW103129541A TW103129541A TW201533603A TW 201533603 A TW201533603 A TW 201533603A TW 103129541 A TW103129541 A TW 103129541A TW 103129541 A TW103129541 A TW 103129541A TW 201533603 A TW201533603 A TW 201533603A
Authority
TW
Taiwan
Prior art keywords
password
input
protection device
request
password protection
Prior art date
Application number
TW103129541A
Other languages
Chinese (zh)
Other versions
TWI546694B (en
Inventor
hong-jian Zhou
Original Assignee
hong-jian Zhou
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US14/190,041 external-priority patent/US20140177831A1/en
Application filed by hong-jian Zhou filed Critical hong-jian Zhou
Publication of TW201533603A publication Critical patent/TW201533603A/en
Application granted granted Critical
Publication of TWI546694B publication Critical patent/TWI546694B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A key protecting method includes the steps of: in response to receipt of an access request, configuring a control application program to generate a key confirmation request; in response to receipt of the key confirmation request, configuring a key protecting device to generate a key input request to prompt a user for a key input; upon receipt of the key input, the key protecting device determining if the key input matches a predefined key preset therein; the key protecting device entering an execution mode if it is determined that the key input matches the predefined key; and the key protecting device entering a failure mode if it is determined that the key input does not match the predefined key.

Description

密碼保護方法 Password protection method

本發明是有關於一種密碼保護方法,特別是指一種透過硬體來完成的密碼保護方法。 The invention relates to a password protection method, in particular to a password protection method implemented by hardware.

二十一世紀是個高度資訊化的社會,科技的進步與發展讓我們可以廣泛地運用電腦處理生活中的各項事物,舉凡文書處理、資料庫管理、帳務計算、電腦製繪、數位攝影、影像處理、光碟燒錄,以及多媒體製作等等,電腦均能提供迅速、直接、高品質與令人滿意的服務。 The 21st century is a highly information-based society. The advancement and development of science and technology allows us to use computers to deal with all kinds of things in life, such as document processing, database management, accounting calculation, computer graphics, digital photography, With image processing, CD burning, multimedia production, etc., computers can provide fast, direct, high quality and satisfactory service.

然而,也因為人們對於電腦的倚賴度日益漸增,舉凡許多金融業者亦推出線上服務,以供客戶透過網路及可輕易地操作資金相關的各項動作,如轉帳、購買基金、股票等,但是相對的,許多使用者之電腦帳號及密碼被破解、竊取而盜用等社會事件也層出不窮地發生,而其中,電腦用戶因為中毒而受到木馬程式盜取密碼為目前電腦相關犯罪中之最大宗。 However, because people's dependence on computers is increasing, many financial companies also launch online services for customers to easily operate fund-related actions such as transfer, purchase of funds, stocks, etc. through the Internet. However, social events such as cracking, stealing and misappropriation of many users' computer accounts and passwords have also occurred in an endless stream. Among them, computer users have been hacked by Trojans for poisoning and are the largest computer-related crimes.

簡而言之,所謂的木馬程式,就是用蒙混的方式讓受害者無意間加以執行的程式;例如有陌生人或已中毒之親朋好友寄了一封附有一惡意執行檔(即木馬程式)給一使用者,而當該使用者因為誤以為是親朋好友所分享 的無害檔案而執行時,此時,該使用者即成為此木馬程式侵害的受害者,其往後所輸入之任何密碼或資料也就被盜取而一覽無遺。因此,木馬程式與一般的病毒不同,它不會自我繁殖,也不會刻意地去感染其他文件,木馬程式具有隱蔽、自動啟動、欺騙、自我恢復、破壞、傳輸資料的行為特徵,並透過偽裝吸引用戶下載執行或安裝,提供散播木馬程式的不法人士打開被木馬程式侵犯者的電腦門戶,使散播木馬程式者可以任意毀壞、竊取被種者的文件或操作畫面,甚至遠端操控被木馬程式侵犯的電腦。此外,依照木馬程式目的來分類:其最終的目的就是蒐集情資、等待時機執行破壞任務、當作跳板進行滲透。其手段包含匿蹤、佔領、遠端遙控、截聽封包、記錄鍵盤輸入資料、破壞、傳遞情資、提供封包轉送達到跳板功能等等。 In short, the so-called Trojan horse program is a program that allows the victim to inadvertently execute it in a confusing manner; for example, a stranger or a poisoned relative has sent a malicious executable file (a Trojan horse program) to a user, and when the user mistakenly believes that it is shared by friends and family At the time of execution of the harmless file, the user becomes the victim of the Trojan attack, and any passwords or materials entered later are stolen and displayed. Therefore, the Trojan horse program is different from the general virus. It does not self-reproduce and does not deliberately infect other files. Trojans have hidden, automatic startup, deception, self-recovery, destruction, and transmission of data. Attracting users to download execution or installation, the illegal person who provides the Trojan horse program opens the computer portal of the Trojan horse aggressor, so that the trojan programmer can arbitrarily destroy, steal the file or operation screen of the cultivator, and even remotely control the Trojan horse program. Infringement of the computer. In addition, according to the purpose of the Trojan horse program: its ultimate purpose is to collect intelligence, wait for the opportunity to perform the destruction task, as a springboard for penetration. The means include hiding, occupying, remote control, intercepting packets, recording keyboard input data, destroying, transmitting the situation, providing packet transfer to the springboard function, and the like.

因此,如何有效防止密碼被盜取,使得作業系統無法取得使用者所輸入之密碼,便成為相關業者所欲努力研究的方向。 Therefore, how to effectively prevent the password from being stolen, so that the operating system cannot obtain the password input by the user, has become a direction that the relevant industry is trying to study.

因此,本發明之目的,即在提供一種密碼保護方法。 Accordingly, it is an object of the present invention to provide a method of password protection.

於是,本發明密碼保護方法,執行於一運算系統中,且該運算系統包括一配置有一作業系統與一顯示單元之主機裝置、一密碼保護裝置及一輸入裝置,其中,該作業系統安裝有一控制應用程式,該密碼保護裝置係獨立於該主機裝置之外且運作於該主機裝置及該輸入裝置之間 ,並包括一控制單元、一密碼比對單元及一處理單元,該方法包含以下步驟:(a)該作業系統之控制應用程式於收到一第一訪問請求後產生一密碼確認請求;(b)該密碼保護裝置之控制單元於接收該密碼確認請求後,產生一密碼輸入請求,其中該密碼輸入請求被傳送至該主機裝置並顯示於該顯示單元上,以提示一使用者利用該輸入裝置進行一密碼輸入;(c)在從該輸入裝置接收該密碼輸入後,該密碼保護裝置之控制單元傳送輸入狀態資訊至該控制應用程式,該輸入狀態資訊被處理以顯示在該顯示單元上,且該輸入狀態資訊包括與該密碼輸入無關的一預設字串或隨機字元;(d)該密碼保護裝置之密碼比對單元接收該密碼輸入,並比對該密碼輸入是否符合預設在該密碼比對單元之一預設密碼;(e)若該步驟(d)中經判定該密碼輸入符合該預設密碼,則該密碼保護裝置進入一執行模式,以將該步驟(d)中得到的判定結果傳送至該控制應用程式,並允許從該控制應用程式傳送至該密碼保護單元之一處理請求被該密碼保護裝置的該處理單元執行;以及(f)若該步驟(d)中經判定該密碼輸入與該預設密碼相異,則該密碼保護裝置進入一失敗模式。 Therefore, the password protection method of the present invention is implemented in a computing system, and the computing system includes a host device configured with an operating system and a display unit, a password protection device and an input device, wherein the operating system is installed with a control An application, the password protection device being independent of the host device and operating between the host device and the input device And including a control unit, a password comparison unit and a processing unit, the method comprising the steps of: (a) the control application of the operating system generates a password confirmation request after receiving a first access request; After receiving the password confirmation request, the control unit of the password protection device generates a password input request, wherein the password input request is transmitted to the host device and displayed on the display unit to prompt a user to utilize the input device. Performing a password input; (c) after receiving the password input from the input device, the control unit of the password protection device transmits the input status information to the control application, and the input status information is processed to be displayed on the display unit, And the input status information includes a preset string or a random character unrelated to the password input; (d) the password matching unit of the password protection device receives the password input, and compares whether the password input is preset or not Determining a password by one of the password matching units; (e) if it is determined in the step (d) that the password input meets the preset password, the password protection device Entering an execution mode to transmit the determination result obtained in the step (d) to the control application, and allowing the control application to transmit to the one of the password protection units to process the processing unit requested by the password protection device And (f) if the password input is determined to be different from the preset password in the step (d), the password protection device enters a failure mode.

本發明之功效在於,藉由該密碼保護裝置直接 地接收該密碼輸入,並進行驗證比對,經比對確認後才進行後續之處理作業,因此,該密碼並不回傳出該密碼保護裝置,而避免了密碼被其他惡意程式竊取之風險。 The effect of the invention is that the password protection device is directly The password input is received, and the verification comparison is performed. After the comparison is confirmed, the subsequent processing operation is performed. Therefore, the password does not return the password protection device, and the risk of the password being stolen by other malicious programs is avoided.

1‧‧‧主機裝置 1‧‧‧Host device

11‧‧‧儲存單元 11‧‧‧ storage unit

111‧‧‧作業系統 111‧‧‧Operating system

112‧‧‧控制應用程式 112‧‧‧Control application

113‧‧‧USB驅動程式 113‧‧‧USB driver

114‧‧‧顯示驅動程式 114‧‧‧Display driver

115‧‧‧SATA驅動程式 115‧‧‧SATA driver

116‧‧‧檔案系統 116‧‧‧File System

117‧‧‧應用程式 117‧‧‧Application

12‧‧‧中央處理單元 12‧‧‧Central Processing Unit

13‧‧‧顯示單元 13‧‧‧Display unit

2‧‧‧密碼保護裝置 2‧‧‧ password protection device

21‧‧‧控制單元 21‧‧‧Control unit

22‧‧‧密碼比對單元 22‧‧‧Password comparison unit

23‧‧‧處理單元 23‧‧‧Processing unit

3‧‧‧輸入裝置 3‧‧‧Input device

61~70‧‧‧密碼確認步驟 61~70‧‧‧ Password Confirmation Procedure

81~85‧‧‧密碼更換步驟 81~85‧‧‧ Password replacement steps

本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是一方塊圖,說明本發明密碼保護方法中,各元件配置態樣的一較佳實施例;圖2是一流程圖,說明該較佳實施例所相關之密碼確認運作流程;及圖3是一流程圖,說明該較佳實施例所相關之密碼更換運作流程。 Other features and effects of the present invention will be apparent from the following description of the drawings, wherein: FIG. 1 is a block diagram illustrating a preferred embodiment of various component arrangements in the cryptographic protection method of the present invention. FIG. 2 is a flow chart illustrating the password verification operation flow associated with the preferred embodiment; and FIG. 3 is a flow chart illustrating the password replacement operation flow associated with the preferred embodiment.

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之一較佳實施例的詳細說明中,將可清楚的呈現。 The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

參閱圖1及圖2,本發明密碼保護方法的較佳實施例,執行於運算系統中,並可透過該運算系統執行一密碼確認程序及一密碼更換程序。 Referring to FIG. 1 and FIG. 2, a preferred embodiment of the password protection method of the present invention is implemented in an arithmetic system, and a password confirmation program and a password replacement program are executed through the operation system.

該運算系統包括一主機裝置1、一密碼保護裝置2及一輸入裝置3,該密碼保護裝置2係連接於該主機裝置1及該輸入裝置3之間。該密碼保護裝置2包括一控制單元21、一密碼比對單元22及一處理單元23;該主機裝置1 之實施態樣可為電腦並至少具有一儲存單元11、一中央處理單元12及一顯示單元13。 The computing system includes a host device 1, a password protection device 2, and an input device 3. The password protection device 2 is connected between the host device 1 and the input device 3. The password protection device 2 includes a control unit 21, a password comparison unit 22, and a processing unit 23; the host device 1 The implementation may be a computer and has at least one storage unit 11, a central processing unit 12, and a display unit 13.

在本較佳實施例中,該主機裝置1擁有儲存於該儲存單元11中的一作業系統111,例如,Windows®;該儲存單元11可為通用序列匯流排(Universal Serial Bus,簡稱USB)隨身碟、可攜式硬碟或硬碟其中一者,但不限於此。此外,該作業系統111安裝有一控制應用程式112。 In the preferred embodiment, the host device 1 has an operating system 111 stored in the storage unit 11, for example, Windows®; the storage unit 11 can be a universal serial bus (USB). One of the discs, portable hard drives or hard drives, but not limited to this. In addition, the operating system 111 is equipped with a control application 112.

值得一提的是,該密碼保護裝置2為一可單獨出售的產品、其獨立於該主機裝置1之外,並可搭配該控制應用程式112一同封裝。 It is worth mentioning that the password protection device 2 is a separately sold product, which is independent of the host device 1 and can be packaged together with the control application 112.

密碼確認程序: Password confirmation procedure:

其中,該密碼確認程序包含以下步驟: Wherein, the password confirmation program comprises the following steps:

首先,如步驟61所示,該作業系統111之控制應用程式112於收到一第一訪問請求後產生一密碼確認請求;其中,該第一訪問請求透過該輸入裝置3輸入至該密碼保護裝置2,並由該密碼保護裝置2轉發至該控制應用程式112,或透過使用者在該控制應用程式112輸入的操作/指令。 First, as shown in step 61, the control application 112 of the operating system 111 generates a password confirmation request after receiving a first access request; wherein the first access request is input to the password protection device through the input device 3. 2, and the password protection device 2 forwards to the control application 112 or through an operation/instruction input by the user in the control application 112.

值得注意的是,在本較佳實施例中,該控制應用程式112之實施態樣是安裝於一如微軟視窗(Windows)之作業系統111上,用以建立該主機裝置1及和該密碼保護裝置2兩者間之訊息傳送橋樑,且該輸入裝置3所輸入之訊息皆須先經過該密碼保護裝置2監控攔截後才透過 該密碼保護裝置2傳至主機裝置1中的作業系統111;而該第一訪問請求是藉由一使用者從該輸入裝置3所輸入之一第一熱鍵所產生,用以觸發該密碼保護裝置2將該第一訪問請求傳送至該控制應用程式112;其中,在本較佳實施例中,該輸入裝置3為一鍵盤,且該第一熱鍵輸入可為至少一個從該鍵盤輸入的按鍵,如P、ALT+P或CTRL+ALT+P等,但不限於此,亦可為其他熱鍵之組合方式。 It should be noted that, in the preferred embodiment, the implementation of the control application 112 is installed on an operating system 111 such as Microsoft Windows (Windows) to establish the host device 1 and the password protection. The message transmission bridge between the two devices, and the information input by the input device 3 must be monitored and intercepted by the password protection device 2 before being transmitted. The password protection device 2 is transmitted to the operating system 111 in the host device 1; and the first access request is generated by a first hotkey input by the user from the input device 3 to trigger the password protection. The device 2 transmits the first access request to the control application 112; wherein, in the preferred embodiment, the input device 3 is a keyboard, and the first hotkey input can be at least one input from the keyboard. Buttons, such as P, ALT+P or CTRL+ALT+P, etc., but are not limited thereto, and may also be combinations of other hot keys.

其次,如步驟62所示,該密碼保護裝置2之控制單元21於接收該密碼確認請求後,產生一密碼輸入請求並透過該中央處理單元13的處理來顯示於該顯示單元13上,以提示該使用者利用該輸入裝置3進行一密碼輸入及一使用者帳號之輸入。 Next, as shown in step 62, after receiving the password confirmation request, the control unit 21 of the password protection device 2 generates a password input request and displays it on the display unit 13 through the processing of the central processing unit 13 to prompt The user uses the input device 3 to perform a password input and a user account input.

再來,如步驟63所示,在從該輸入裝置3接收該密碼輸入及使用者帳號之輸入時,該密碼保護裝置2將一密碼輸入狀態資訊傳送到該控制應用程式112,並藉由該中央處理單元12的處理以顯示在該顯示單元13上;其中該密碼輸入狀態資訊可包括與該使用者所進行的密碼輸入無關且字元長度等於該密碼輸入之字元長度之一預設字串或隨機字元,及與該使用者所進行的使用者帳號之輸入一致或無關且字元長度等於使用者帳號之輸入的字元長度之字元。 Then, as shown in step 63, upon receiving the password input and the input of the user account from the input device 3, the password protection device 2 transmits a password input status information to the control application 112, and by using the The processing of the central processing unit 12 is displayed on the display unit 13; wherein the password input status information may include a preset word that is independent of the password input performed by the user and has a character length equal to the character length of the password input. A string or random character, and a character whose length is equal to or different from the input of the user account made by the user, and the character length is equal to the character length of the input of the user account.

在此強調的是,該密碼輸入並非通過該密碼保護裝置2向該主機裝置1傳遞,即使該控制應用程式112被安裝在該主機裝置1中,該密碼輸入只被該密碼保護裝 置2得知。 It is emphasized here that the password input is not transmitted to the host device 1 by the password protection device 2, even if the control application 112 is installed in the host device 1, the password input is only protected by the password. Set 2 to know.

反而是,該密碼保護裝置2產生該“輸入狀態資訊”,其僅相關於該密碼輸入之字元上的數目,並提供相同的至該主機裝置1。舉例來說,假設該使用者透過該輸入裝置3輸入該密碼輸入如,“1234”,該密碼保護裝置2不傳送“1234”至被安裝在該主機裝置1的該控制應用程式112,但僅傳送用於反應該密碼輸入中的字元的數目之一輸入狀態資訊,至該控制應用程式112,以使得該主機裝置1無法得知該密碼輸入之真實內容;其中該輸入狀態資訊例如可為“****”或“&*%#”等等,但不限於此。 Instead, the password protection device 2 generates the "input status information" which is only relevant to the number of characters entered by the password and provides the same to the host device 1. For example, suppose the user inputs the password input through the input device 3, such as "1234", the password protection device 2 does not transmit "1234" to the control application 112 installed on the host device 1, but only Transmitting one of the number of characters used in the response to the password input to the control application 112, so that the host device 1 cannot know the real content of the password input; wherein the input status information may be, for example, "****" or "&*%#" and so on, but not limited to this.

接著,如步驟64所示,該密碼保護裝置2之密碼比對單元22判定該密碼輸入是否符合預設在該密碼保護裝置2且對應於該使用者帳號之輸入的一預設密碼。特別是,透過該密碼保護裝置2之密碼比對單元22比對該密碼輸入及該預設密碼。 Next, as shown in step 64, the password matching unit 22 of the password protection device 2 determines whether the password input conforms to a preset password preset to the password protection device 2 and corresponding to the input of the user account. In particular, the password matching unit 22 of the password protection device 2 compares the password input with the preset password.

在本較佳實施例中,該預設密碼於實際運用上,是事先儲存於該密碼比對單元22內,亦可依該使用者之指令/命令,對該密碼比對單元22內之預設密碼進行新增、變更或刪除。 In the preferred embodiment, the preset password is stored in the password comparison unit 22 in advance, and may be pre-committed in the password comparison unit 22 according to the user's command/command. Set a password to add, change, or delete.

再來,如步驟65所示,若步驟64的判定結果為該密碼輸入符合該預設密碼,則表示該使用者之密碼輸入正確,該密碼保護裝置2繼而進入一執行模式,並進行後續之步驟66至步驟68的相關處理;若該步驟64之判定結果為否,則如步驟69所示,該密碼保護裝置2進入一失 敗模式,並進行步驟70,其中該控制單元21回傳一密碼驗證失敗訊息至該控制應用程式112,並將失敗結果經由該中央處理單元12的處理呈現於一顯示單元13(如螢幕)上。 Then, as shown in step 65, if the result of the determination in step 64 is that the password input meets the preset password, it indicates that the password input of the user is correct, and the password protection device 2 then enters an execution mode and performs subsequent steps. Step 66 to step 68: If the result of the determination in step 64 is no, the password protection device 2 enters a loss as shown in step 69. The mode is defeated, and step 70 is performed, wherein the control unit 21 returns a password verification failure message to the control application 112, and presents the failure result to a display unit 13 (such as a screen) via the processing of the central processing unit 12. .

然而,在本較佳實施例中的步驟66至步驟68則分別如下: However, steps 66 through 68 in the preferred embodiment are as follows:

當密碼比對正確無誤時,如步驟66所示,該密碼保護裝置2的該控制單元21傳送一密碼驗證成功訊息至該控制應用程式112,並經由該中央處理單元12的處理呈現於該顯示單元13上。 When the password comparison is correct, as shown in step 66, the control unit 21 of the password protection device 2 transmits a password verification success message to the control application 112, and is presented on the display via the processing of the central processing unit 12. On unit 13.

再者,於密碼比對成功後,除進行上述步驟66外,亦進行如步驟67所示,該密碼保護裝置22的該控制單元21允許一處理請求從該控制應用程式112傳送至該密碼保護裝置22,並由該密碼保護裝置22的該處理單元23執行,且在本較佳實施例中,如步驟68所示,該處理單元23繼而進行檔案重建、或將一檔案轉為隱藏、唯讀及唯寫狀態之其中一者。 Moreover, after the password comparison is successful, in addition to performing the above step 66, the control unit 21 of the password protection device 22 also allows a processing request to be transmitted from the control application 112 to the password protection as shown in step 67. The device 22 is executed by the processing unit 23 of the password protection device 22, and in the preferred embodiment, as shown in step 68, the processing unit 23 performs file reconstruction or converts a file to be hidden. One of the read and write-only states.

概括來說,在由該密碼保護裝置2驗證密碼的過程中,任何通過該輸入裝置3之輸入均被該密碼保護裝置2阻擋。一旦密碼通過該密碼保護裝置2之驗證是正確的,且使用者欲在該主機裝置1上通過該輸入裝置3執行,例如,文字處理,則經由輸入裝置3之輸入則不再被阻擋,並可由該密碼保護裝置2傳遞至主機裝置1。換言之,與該控制應用程式112偕同運作的該密碼保護裝置2,其可判斷何時防止該輸入裝置3的輸入經由該主機裝置1被訪 問,及何時可以通過該輸入裝置3的輸入使該主機裝置1被訪問,其可作為密碼的守護者,但並不妨礙在該主機裝置1上的其他輸入操作。 In summary, any input through the input device 3 is blocked by the password protection device 2 during the verification of the password by the password protection device 2. Once the password is verified by the password protection device 2 and the user wants to perform the input device 3 on the host device 1, for example, word processing, the input via the input device 3 is no longer blocked, and It can be transferred to the host device 1 by the password protection device 2. In other words, the password protection device 2, which operates in conjunction with the control application 112, can determine when to prevent the input of the input device 3 from being accessed via the host device 1. It is asked, and when the host device 1 can be accessed by the input of the input device 3, which can act as a guardian of the password, but does not hinder other input operations on the host device 1.

此外,須補充說明的是,於前述步驟70之後,除立即終止本發明之密碼驗證程序外,亦可再次重回步驟61,而提示該使用者再次進行密碼輸入,且為了避免不法人士運用各式暴力法的密碼嘗試方法破解,如字典攻擊(dictionary attack),當該密碼保護裝置2之密碼比對單元22對該密碼累積到達預定次數(如三次),或於一特定期間內累積到達預定次數後,該控制應用程式112及該密碼保護裝置2之所有運作即終止,以加強本發明防止密碼被破解之功效,然而,在實際運用上,亦可採用其他的習知技術或未來發展出的技術,且因此密碼輸入次數後續防護之實作方式並非本發明改良的特徵,故在此不再贅述。 In addition, it should be additionally noted that, after the foregoing step 70, in addition to immediately terminating the password verification procedure of the present invention, step 61 may be returned again, prompting the user to perform password input again, and in order to prevent the unscrupulous person from using each The password attempt method of the violent method is cracked, such as a dictionary attack, when the password matching unit 22 of the password protection device 2 accumulates the password for a predetermined number of times (for example, three times), or accumulates a predetermined time within a specific period. After the number of times, all operations of the control application 112 and the password protection device 2 are terminated to enhance the effectiveness of the present invention in preventing passwords from being cracked. However, in practice, other conventional techniques may be employed or may be developed in the future. The technique, and thus the implementation of the subsequent protection of the number of password entries, is not an improved feature of the present invention, and therefore will not be described herein.

密碼更換程序: Password replacement procedure:

其中,該密碼更換程序包含以下步驟: The password replacement program includes the following steps:

首先,如步驟81所示,回應於收到之一第二訪問請求後,該作業系統111之控制應用程式112產生一密碼更換請求。 First, as shown in step 81, in response to receiving one of the second access requests, the control application 112 of the operating system 111 generates a password replacement request.

值得注意的是,該第二訪問請求是藉由該使用者從該輸入裝置3所輸入之一第二熱鍵所產生或由該使用者在該控制應用程式112輸入的操作/指令,用以觸發該密碼保護裝置2將該訪問請求傳送至該控制應用程式112。其中,在本較佳實施例中,該輸入裝置3係為鍵盤,且該第 二熱鍵輸入可為至少一個從該鍵盤輸入的按鍵。 It should be noted that the second access request is generated by the second hotkey input by the user from the input device 3 or by the operation/instruction input by the user in the control application 112. The password protection device 2 is triggered to transmit the access request to the control application 112. In the preferred embodiment, the input device 3 is a keyboard, and the first The two hotkey inputs can be at least one button input from the keyboard.

其次,如步驟82所示,該密碼保護裝置2之控制單元21於接收該密碼更換請求後,產生另一密碼輸入請求並透過該中央處理單元12處理後顯示於該顯示單元13上,以提示該使用者進行一目前密碼輸入、二次新密碼輸入,以及一使用者帳號之輸入。 Next, as shown in step 82, after receiving the password replacement request, the control unit 21 of the password protection device 2 generates another password input request and processes it on the display unit 13 after being processed by the central processing unit 12 to prompt The user performs a current password entry, a second new password entry, and a user account entry.

再來,如步驟83所示,在從該輸入裝置3接收該目前密碼輸入、該二次新密碼輸入,以及該使用者帳號之輸入,該密碼保護裝置2將輸入狀態資訊傳送至該控制應用程式112。該輸入狀態資訊繼而被該中央處理單元12處理以呈現於該顯示單元13上;其中該輸入狀態資訊可包括與該目前/舊有密碼輸入及該使用者帳號之輸入不相關的多個預設字串或隨機字元。 Then, as shown in step 83, after receiving the current password input, the second new password input, and the input of the user account from the input device 3, the password protection device 2 transmits the input status information to the control application. Program 112. The input status information is then processed by the central processing unit 12 for presentation on the display unit 13; wherein the input status information can include a plurality of presets that are unrelated to the current/old password input and the user account input. String or random character.

再次強調的是,該目前密碼輸入、該二次新密碼輸入,以及該使用者帳號之輸入均不被傳送至該主機裝置1,包括安裝在其中的該控制應用程式112;而由該密碼保護裝置2所產生僅相關於密碼輸入之字元的數目之輸入狀態資訊,其用以傳送至該控制應用程式112以被顯示而供該使用者查看。 It is emphasized again that the current password input, the second new password input, and the input of the user account are not transmitted to the host device 1, including the control application 112 installed therein; and protected by the password The device 2 generates input status information relating only to the number of characters entered by the password for transmission to the control application 112 for display for viewing by the user.

接著,如步驟84所示,該密碼比對單元22藉由比對該組目前密碼與該組預設密碼以判定該目前密碼之輸入是否符合預設在該密碼保護裝置2的該組預設密碼,且比對該二次新密碼輸入以判定是否一致。 Then, as shown in step 84, the password comparison unit 22 determines whether the input of the current password matches the preset password of the preset password in the password protection device 2 by comparing the current password with the group and the preset password. And compared to the second new password input to determine whether it is consistent.

最後,如步驟85所示,若該步驟84中經判定 該目前密碼輸入符合該預設密碼,且該二次新密碼輸入一致,則將該新密碼存入該密碼保護裝置2之密碼比對單元22。反之,則回到該步驟81。 Finally, as shown in step 85, if the step 84 is determined When the current password input meets the preset password, and the second new password input is consistent, the new password is stored in the password comparison unit 22 of the password protection device 2. Otherwise, return to step 81.

接著,在此將針對本發明密碼保護方法舉出一實際運作例子以做更進一步地詳盡說明: Next, an actual operation example will be given for the password protection method of the present invention to further explain in detail:

當該使用者欲利用本發明對該檔案進行隱藏處理時,首先,該使用者執行安裝於該作業系統111中的控制應用程式112;接著,該控制應用程式112透過一USB驅動程式113將該密碼確認請求傳送至該密碼保護裝置2內之控制單元21;再來,該控制單元21便啟動該密碼比對單元22,並將該使用者透過與該密碼保護裝置2直接連結之輸入裝置3所鍵入之密碼輸入進行比對,經比對發現該密碼輸入與原先儲存之預設密碼相符,該密碼比對單元22便將密碼驗證成功訊息回傳給該控制單元21,再依序透過USB驅動程式113、控制應用程式112、顯示驅動程式114而呈現於該顯示單元13上;然後,該控制單元21便通知該處理單元23進行後續的檔案處理,因此,當該處理單元23接到須對該檔案進行屬性調整作業時,該處理單元23藉由一SATA驅動程式115與一檔案系統(file system)116進行協調後,即將該檔案轉換為隱藏屬性,而完成該使用者所欲達成之作業。 When the user wants to hide the file by using the present invention, first, the user executes the control application 112 installed in the operating system 111; then, the control application 112 transmits the USB through the USB driver 113. The password confirmation request is transmitted to the control unit 21 in the password protection device 2; again, the control unit 21 activates the password comparison unit 22 and transmits the user through the input device 3 directly connected to the password protection device 2. The entered password input is compared, and the password input is found to match the previously stored preset password. The password comparison unit 22 returns the password verification success message to the control unit 21, and then sequentially transmits the USB. The driver 113, the control application 112, and the display driver 114 are presented on the display unit 13. Then, the control unit 21 notifies the processing unit 23 to perform subsequent file processing, and therefore, when the processing unit 23 receives the request When the attribute adjustment operation is performed on the file, the processing unit 23 coordinates with a file system 116 by a SATA driver 115, that is, The file is converted to a hidden attribute and the job that the user wants to accomplish is completed.

值得一提的是,上述之實際例子中,乃假設該密碼保護裝置2是透過USB介面與該儲存單元11之作業系統111連接,故須該USB驅動程式113作為中介的訊息傳 送橋樑,當然,於實務上,該密碼保護裝置2亦可以是透過其他形式的連結埠與該作業系統111進行訊息傳遞,此為一般具有相關領域背景者所易於變化轉用,因此並不應以該較佳實施例中所揭露者為限。 It should be noted that, in the above-mentioned practical example, it is assumed that the password protection device 2 is connected to the operating system 111 of the storage unit 11 through the USB interface, so that the USB driver 113 is required to transmit the message as an intermediary. The bridge is provided, of course, in practice, the password protection device 2 can also transmit information to the operating system 111 through other forms of connection, which is generally easy to change and reused by those having relevant backgrounds, and therefore should not be used. It is limited to those disclosed in the preferred embodiment.

此外,該使用者亦可於該密碼比對單元22對於該密碼驗證成功後,透過該控制單元21將訊息傳遞至該控制應用程式112,再藉由該控制應用程式112對一應用程式117(如文書處理應用程式等)進行指令下達,而完成該應用程式117所提供之服務(如文書作業等)。 In addition, after the password verification unit 22 successfully authenticates the password, the user can transmit a message to the control application 112 through the control unit 21, and then use the control application 112 to an application 117 ( Such as a word processing application, etc., the instructions are issued, and the services provided by the application 117 (such as paperwork, etc.) are completed.

歸納上述,本發明密碼保護方法,首先須藉由該密碼保護裝置2依據由該輸入裝置3所產生之該訪問請求,將該訪問請求傳送至該主機裝置1後,透過該作業系統111之控制應用程式112回傳該密碼確認請求,且該控制單元21於接收到密碼確認請求時,轉而令該密碼比對單元22對該使用者利用該輸入裝置3所傳送之密碼進行驗證比對,而決定是否進入該執行模式,以利後續之處理作業的進行,因此,該密碼之比對是直接地透過該輸入裝置3而傳交予該密碼比對單元22來進行核對,僅於該密碼保護裝置2內進行,而未傳出至該作業系統111內,所以該密碼即不會發生因該作業系統111遭受不法人士植入惡意程式而被竊取,故確實能夠達到本發明之目的。 In summary, the password protection method of the present invention firstly transmits the access request to the host device 1 by the password protection device 2 according to the access request generated by the input device 3, and then passes through the control of the operating system 111. The application 112 returns the password confirmation request, and when the control unit 21 receives the password confirmation request, the control unit 21 in turn causes the password comparison unit 22 to verify the password transmitted by the user using the input device 3, And determining whether to enter the execution mode, in order to facilitate the subsequent processing of the job, therefore, the comparison of the password is directly transmitted to the password comparison unit 22 through the input device 3 for verification, only the password The protection device 2 is carried out and is not transmitted to the operation system 111. Therefore, the password does not occur because the operation system 111 is stolen by a malicious person, so that the object of the present invention can be achieved.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及專利說明書內容所作之簡單的等效變化與修 飾,皆仍屬本發明專利涵蓋之範圍內。 However, the above is only the preferred embodiment of the present invention, and the scope of the present invention cannot be limited thereto, that is, the simple equivalent change and repair according to the scope of the patent application and the patent specification of the present invention. Decorations are still within the scope of the invention patent.

61~70‧‧‧密碼確認步驟 61~70‧‧‧ Password Confirmation Procedure

Claims (12)

一種密碼保護方法,執行於一運算系統中,且該運算系統包括一配置有一作業系統與一顯示單元之主機裝置、一密碼保護裝置及一輸入裝置,其中,該作業系統安裝有一控制應用程式,該密碼保護裝置係獨立於該主機裝置之外且運作於該主機裝置及該輸入裝置之間,並包括一控制單元、一密碼比對單元及一處理單元,該方法包含以下步驟:(a)該作業系統之控制應用程式於收到一第一訪問請求後產生一密碼確認請求;(b)該密碼保護裝置之控制單元於接收該密碼確認請求後,產生一密碼輸入請求,其中該密碼輸入請求被傳送至該主機裝置並顯示於該顯示單元上,以提示一使用者利用該輸入裝置進行一密碼輸入,該密碼不會被傳至該作業系統;(c)在從該輸入裝置接收該密碼輸入後,該密碼保護裝置之控制單元傳送輸入狀態資訊至該控制應用程式,該輸入狀態資訊被處理以顯示在該顯示單元上,且該輸入狀態資訊包括與該密碼輸入無關的一預設字串或隨機字元;(d)該密碼保護裝置之密碼比對單元接收該密碼輸入,並比對該密碼輸入是否符合預設在該密碼比對單元之一預設密碼;(e)若該步驟(d)中經判定該密碼輸入符合該預 設密碼,則該密碼保護裝置進入一執行模式,以將該步驟(d)中得到的判定結果傳送至該控制應用程式,並允許從該控制應用程式傳送至該密碼保護單元之一處理請求被該密碼保護裝置的該處理單元執行;以及(f)若該步驟(d)中經判定該密碼輸入與該預設密碼相異,則該密碼保護裝置進入一失敗模式。 A password protection method is implemented in a computing system, and the computing system includes a host device configured with an operating system and a display unit, a password protection device, and an input device, wherein the operating system is installed with a control application. The password protection device is independent of the host device and operates between the host device and the input device, and includes a control unit, a password comparison unit and a processing unit. The method includes the following steps: (a) The control application of the operating system generates a password confirmation request after receiving a first access request; (b) the control unit of the password protection device generates a password input request after receiving the password confirmation request, wherein the password input The request is transmitted to the host device and displayed on the display unit to prompt a user to perform a password input using the input device, the password is not transmitted to the operating system; (c) receiving the password from the input device After the password is input, the control unit of the password protection device transmits the input status information to the control application, the input The status information is processed to be displayed on the display unit, and the input status information includes a predetermined string or random character unrelated to the password input; (d) the password protection unit of the password protection device receives the password input And determining whether the password input meets the preset password in one of the password comparison units; (e) if the password input is determined to be in the step (d) When the password is set, the password protection device enters an execution mode to transmit the determination result obtained in the step (d) to the control application, and allows the control request to be transmitted from the control application to the password protection unit to process the request. The processing unit of the password protection device executes; and (f) if the password input is determined to be different from the preset password in the step (d), the password protection device enters a failure mode. 如請求項1所述的密碼保護方法,其中,在該步驟(e)中,當進入該執行模式時,該處理單元之處理功能為檔案重建、或將一檔案轉為隱藏、唯讀及唯寫狀態之其中一者。 The password protection method according to claim 1, wherein in the step (e), when the execution mode is entered, the processing function of the processing unit is file reconstruction, or converting a file into a hidden, read-only, and only Write one of the states. 如請求項1所述的密碼保護方法,其中,在該步驟(f)中,該控制單元傳送一密碼驗證失敗訊息至該控制應用程式,並再回到該步驟(a)以等待另一個密碼確認請求。 The password protection method according to claim 1, wherein in the step (f), the control unit transmits a password verification failure message to the control application, and returns to the step (a) to wait for another password. Confirm the request. 如請求項3所述的密碼保護方法,其中,在該步驟(f)中,該密碼保護裝置持續追蹤進入該失敗模式的次數,並在累積到達一預定次數後,該控制應用程式及該密碼保護裝置終止運作。 The password protection method according to claim 3, wherein in the step (f), the password protection device continuously tracks the number of times of entering the failure mode, and after the accumulation reaches a predetermined number of times, the control application and the password The protection device is terminated. 如請求項3所述的密碼保護方法,其中,在該步驟(f)中,該密碼保護裝置持續追蹤進入該失敗模式的次數,並在一特定期間內累積到達一預定次數後,該控制應用程式及該密碼保護裝置終止運作。 The password protection method according to claim 3, wherein in the step (f), the password protection device continuously tracks the number of times of entering the failure mode, and after accumulating a predetermined number of times in a specific period, the control application The program and the password protection device are terminated. 如請求項1所述的密碼保護方法,其中,在該步驟(f)中,該控制單元傳送一密碼驗證失敗訊息至該控制應 用程式,繼而該控制應用程式及該密碼保護裝置終止運作。 The password protection method according to claim 1, wherein in the step (f), the control unit transmits a password verification failure message to the control The program, and then the control application and the password protection device terminate operation. 如請求項1所述的密碼保護方法,其中,在該步驟(e)中,該控制單元傳送一密碼驗證成功訊息至該控制應用程式。 The password protection method according to claim 1, wherein in the step (e), the control unit transmits a password verification success message to the control application. 如請求項1所述的密碼保護方法,其中,該控制應用程式與該控制單元係藉由耦接於兩者之間的通用序列匯流排來進行通訊。 The password protection method of claim 1, wherein the control application and the control unit communicate by a universal sequence bus that is coupled between the two. 如請求項1所述的密碼保護方法,其中,在該步驟(a)中該第一訪問請求是藉由從該輸入裝置所輸入的一第一熱鍵所產生。 The password protection method of claim 1, wherein in the step (a) the first access request is generated by a first hot key input from the input device. 如請求項1所述的密碼保護方法,其中,在該(b)步驟中,該密碼輸入請求還用以提示該使用者進行一使用者帳號之輸入,在該(c)步驟中,該輸入狀態資訊還包括與該使用者帳號之輸入無關的另一預設字串或隨機字元,在該(d)步驟中,該密碼保護裝置之密碼比對單元判定該密碼輸入是否符合預設在該密碼比對單元之一預設密碼。 The password protection method of claim 1, wherein in the step (b), the password input request is further used to prompt the user to input a user account, and in the step (c), the input The status information further includes another preset string or random character unrelated to the input of the user account. In the step (d), the password matching unit of the password protection device determines whether the password input is in accordance with the preset. The password comparison unit has a preset password. 如請求項1所述的密碼保護方法,其中,在該(f)步驟之後,還包含以下步驟:(g)該作業系統之控制應用程式於收到一第二訪問請求後產生一密碼更換請求;(h)該密碼保護裝置之控制單元於接收該密碼更換請求後,產生另一密碼輸入請求,且該另一密碼輸入請 求被傳送至該主機裝置並顯示於該顯示單元上,以提示該使用者利用該輸入裝置進行一目前密碼輸入及二次新密碼輸入;(i)在接收該目前密碼輸入及該二次密碼輸入後,該密碼保護裝置之該控制單元傳送輸入狀態資訊至該控制應用程式,使該輸入狀態資訊被處理以將與該目前密碼輸入及該二次密碼輸入無關且包含該預設字串或隨機字元顯示在該顯示單元;(j)該密碼保護裝置之密碼比對單元判定該目前密碼輸入是否符合與預設在該密碼保護裝置之該預設密碼,且同時比較該二次新密碼輸入是否一致;以及(k)若該步驟(j)中經判定該目前密碼輸入符合該預設密碼,且該二次新密碼輸入一致,則該密碼保護裝置儲存該新密碼以作為該預設密碼。 The password protection method according to claim 1, wherein after the step (f), the method further comprises the following steps: (g) the control application of the operating system generates a password replacement request after receiving a second access request. (h) after receiving the password replacement request, the control unit of the password protection device generates another password input request, and the other password input is requested. The request is transmitted to the host device and displayed on the display unit to prompt the user to perform a current password input and a second new password input by using the input device; (i) receiving the current password input and the secondary password After input, the control unit of the password protection device transmits input status information to the control application, so that the input status information is processed to be independent of the current password input and the second password input and includes the preset string or The random character is displayed on the display unit; (j) the password matching unit of the password protection device determines whether the current password input meets the preset password preset to the password protection device, and simultaneously compares the second new password Whether the input is consistent; and (k) if it is determined in the step (j) that the current password input meets the preset password, and the second new password input is consistent, the password protection device stores the new password as the preset password. 如請求項11所述的密碼保護方法,其中,在該步驟(g)中該第二訪問請求是藉由從該輸入裝置所輸入的一第二熱鍵所產生。 The password protection method according to claim 11, wherein in the step (g), the second access request is generated by a second hot key input from the input device.
TW103129541A 2014-02-25 2014-08-27 Password protection method TWI546694B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US14/190,041 US20140177831A1 (en) 2008-09-24 2014-02-25 Key protecting method and a computing apparatus

Publications (2)

Publication Number Publication Date
TW201533603A true TW201533603A (en) 2015-09-01
TWI546694B TWI546694B (en) 2016-08-21

Family

ID=54694790

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103129541A TWI546694B (en) 2014-02-25 2014-08-27 Password protection method

Country Status (1)

Country Link
TW (1) TWI546694B (en)

Also Published As

Publication number Publication date
TWI546694B (en) 2016-08-21

Similar Documents

Publication Publication Date Title
US7509679B2 (en) Method, system and computer program product for security in a global computer network transaction
US8230514B2 (en) Method for preventing key logger from hacking data typed on keyboard through authorization of keyboard data
US8176324B1 (en) Method and system for a secure virtual keyboard
US9716706B2 (en) Systems and methods for providing a covert password manager
RU2632122C2 (en) Method and password verification device for inspecting input password and computer system containing password verification device
US7444517B2 (en) Method for protecting a user's password
US8925073B2 (en) Method and system for preventing password theft through unauthorized keylogging
KR102074074B1 (en) Secure cryptocurrency sending method using cryptocurrency transaction analysis and remote attestation
JP6072091B2 (en) Secure access method and secure access device for application programs
US20140173714A1 (en) Information processing apparatus, and lock execution method
TWI451740B (en) Hardware Password Verification Method and Its System
JP5841818B2 (en) Information processing program, information processing apparatus, information processing method, and information processing system
TWI246297B (en) Apparatus and method for securely inputting and transmitting private data associated with a user to a server
Creutzburg The strange world of keyloggers-an overview, Part I
US9760699B2 (en) User authentication
TWI546694B (en) Password protection method
KR101235293B1 (en) History managing method for steal-proofing user account and system therefor
US20140177831A1 (en) Key protecting method and a computing apparatus
JP2005301360A (en) Authentication security system
EP4402858A1 (en) Credential input detection and threat analysis
JP2009193188A (en) Continuation management program, continuation management device, and continuation management system

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees
MM4A Annulment or lapse of patent due to non-payment of fees