TW201533603A - Key protecting method and a computing apparatus - Google Patents

Abstract

A key protecting method includes the steps of: in response to receipt of an access request, configuring a control application program to generate a key confirmation request; in response to receipt of the key confirmation request, configuring a key protecting device to generate a key input request to prompt a user for a key input; upon receipt of the key input, the key protecting device determining if the key input matches a predefined key preset therein; the key protecting device entering an execution mode if it is determined that the key input matches the predefined key; and the key protecting device entering a failure mode if it is determined that the key input does not match the predefined key.

Description

Password protection method

The invention relates to a password protection method, in particular to a password protection method implemented by hardware.

The 21st century is a highly information-based society. The advancement and development of science and technology allows us to use computers to deal with all kinds of things in life, such as document processing, database management, accounting calculation, computer graphics, digital photography, With image processing, CD burning, multimedia production, etc., computers can provide fast, direct, high quality and satisfactory service.

However, because people's dependence on computers is increasing, many financial companies also launch online services for customers to easily operate fund-related actions such as transfer, purchase of funds, stocks, etc. through the Internet. However, social events such as cracking, stealing and misappropriation of many users' computer accounts and passwords have also occurred in an endless stream. Among them, computer users have been hacked by Trojans for poisoning and are the largest computer-related crimes.

In short, the so-called Trojan horse program is a program that allows the victim to inadvertently execute it in a confusing manner; for example, a stranger or a poisoned relative has sent a malicious executable file (a Trojan horse program) to a user, and when the user mistakenly believes that it is shared by friends and family At the time of execution of the harmless file, the user becomes the victim of the Trojan attack, and any passwords or materials entered later are stolen and displayed. Therefore, the Trojan horse program is different from the general virus. It does not self-reproduce and does not deliberately infect other files. Trojans have hidden, automatic startup, deception, self-recovery, destruction, and transmission of data. Attracting users to download execution or installation, the illegal person who provides the Trojan horse program opens the computer portal of the Trojan horse aggressor, so that the trojan programmer can arbitrarily destroy, steal the file or operation screen of the cultivator, and even remotely control the Trojan horse program. Infringement of the computer. In addition, according to the purpose of the Trojan horse program: its ultimate purpose is to collect intelligence, wait for the opportunity to perform the destruction task, as a springboard for penetration. The means include hiding, occupying, remote control, intercepting packets, recording keyboard input data, destroying, transmitting the situation, providing packet transfer to the springboard function, and the like.

Therefore, how to effectively prevent the password from being stolen, so that the operating system cannot obtain the password input by the user, has become a direction that the relevant industry is trying to study.

Accordingly, it is an object of the present invention to provide a method of password protection.

Therefore, the password protection method of the present invention is implemented in a computing system, and the computing system includes a host device configured with an operating system and a display unit, a password protection device and an input device, wherein the operating system is installed with a control An application, the password protection device being independent of the host device and operating between the host device and the input device And including a control unit, a password comparison unit and a processing unit, the method comprising the steps of: (a) the control application of the operating system generates a password confirmation request after receiving a first access request; After receiving the password confirmation request, the control unit of the password protection device generates a password input request, wherein the password input request is transmitted to the host device and displayed on the display unit to prompt a user to utilize the input device. Performing a password input; (c) after receiving the password input from the input device, the control unit of the password protection device transmits the input status information to the control application, and the input status information is processed to be displayed on the display unit, And the input status information includes a preset string or a random character unrelated to the password input; (d) the password matching unit of the password protection device receives the password input, and compares whether the password input is preset or not Determining a password by one of the password matching units; (e) if it is determined in the step (d) that the password input meets the preset password, the password protection device Entering an execution mode to transmit the determination result obtained in the step (d) to the control application, and allowing the control application to transmit to the one of the password protection units to process the processing unit requested by the password protection device And (f) if the password input is determined to be different from the preset password in the step (d), the password protection device enters a failure mode.

The effect of the invention is that the password protection device is directly The password input is received, and the verification comparison is performed. After the comparison is confirmed, the subsequent processing operation is performed. Therefore, the password does not return the password protection device, and the risk of the password being stolen by other malicious programs is avoided.

1‧‧‧Host device

11‧‧‧ storage unit

111‧‧‧Operating system

112‧‧‧Control application

113‧‧‧USB driver

114‧‧‧Display driver

115‧‧‧SATA driver

116‧‧‧File System

117‧‧‧Application

12‧‧‧Central Processing Unit

13‧‧‧Display unit

2‧‧‧ password protection device

21‧‧‧Control unit

22‧‧‧Password comparison unit

23‧‧‧Processing unit

3‧‧‧Input device

61~70‧‧‧ Password Confirmation Procedure

81~85‧‧‧ Password replacement steps

Other features and effects of the present invention will be apparent from the following description of the drawings, wherein: FIG. 1 is a block diagram illustrating a preferred embodiment of various component arrangements in the cryptographic protection method of the present invention. FIG. 2 is a flow chart illustrating the password verification operation flow associated with the preferred embodiment; and FIG. 3 is a flow chart illustrating the password replacement operation flow associated with the preferred embodiment.

The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

Referring to FIG. 1 and FIG. 2, a preferred embodiment of the password protection method of the present invention is implemented in an arithmetic system, and a password confirmation program and a password replacement program are executed through the operation system.

The computing system includes a host device 1, a password protection device 2, and an input device 3. The password protection device 2 is connected between the host device 1 and the input device 3. The password protection device 2 includes a control unit 21, a password comparison unit 22, and a processing unit 23; the host device 1 The implementation may be a computer and has at least one storage unit 11, a central processing unit 12, and a display unit 13.

In the preferred embodiment, the host device 1 has an operating system 111 stored in the storage unit 11, for example, Windows®; the storage unit 11 can be a universal serial bus (USB). One of the discs, portable hard drives or hard drives, but not limited to this. In addition, the operating system 111 is equipped with a control application 112.

It is worth mentioning that the password protection device 2 is a separately sold product, which is independent of the host device 1 and can be packaged together with the control application 112.

Password confirmation procedure:

Wherein, the password confirmation program comprises the following steps:

First, as shown in step 61, the control application 112 of the operating system 111 generates a password confirmation request after receiving a first access request; wherein the first access request is input to the password protection device through the input device 3. 2, and the password protection device 2 forwards to the control application 112 or through an operation/instruction input by the user in the control application 112.

It should be noted that, in the preferred embodiment, the implementation of the control application 112 is installed on an operating system 111 such as Microsoft Windows (Windows) to establish the host device 1 and the password protection. The message transmission bridge between the two devices, and the information input by the input device 3 must be monitored and intercepted by the password protection device 2 before being transmitted. The password protection device 2 is transmitted to the operating system 111 in the host device 1; and the first access request is generated by a first hotkey input by the user from the input device 3 to trigger the password protection. The device 2 transmits the first access request to the control application 112; wherein, in the preferred embodiment, the input device 3 is a keyboard, and the first hotkey input can be at least one input from the keyboard. Buttons, such as P, ALT+P or CTRL+ALT+P, etc., but are not limited thereto, and may also be combinations of other hot keys.

Next, as shown in step 62, after receiving the password confirmation request, the control unit 21 of the password protection device 2 generates a password input request and displays it on the display unit 13 through the processing of the central processing unit 13 to prompt The user uses the input device 3 to perform a password input and a user account input.

Then, as shown in step 63, upon receiving the password input and the input of the user account from the input device 3, the password protection device 2 transmits a password input status information to the control application 112, and by using the The processing of the central processing unit 12 is displayed on the display unit 13; wherein the password input status information may include a preset word that is independent of the password input performed by the user and has a character length equal to the character length of the password input. A string or random character, and a character whose length is equal to or different from the input of the user account made by the user, and the character length is equal to the character length of the input of the user account.

It is emphasized here that the password input is not transmitted to the host device 1 by the password protection device 2, even if the control application 112 is installed in the host device 1, the password input is only protected by the password. Set 2 to know.

Instead, the password protection device 2 generates the "input status information" which is only relevant to the number of characters entered by the password and provides the same to the host device 1. For example, suppose the user inputs the password input through the input device 3, such as "1234", the password protection device 2 does not transmit "1234" to the control application 112 installed on the host device 1, but only Transmitting one of the number of characters used in the response to the password input to the control application 112, so that the host device 1 cannot know the real content of the password input; wherein the input status information may be, for example, "****" or "&*%#" and so on, but not limited to this.

Next, as shown in step 64, the password matching unit 22 of the password protection device 2 determines whether the password input conforms to a preset password preset to the password protection device 2 and corresponding to the input of the user account. In particular, the password matching unit 22 of the password protection device 2 compares the password input with the preset password.

In the preferred embodiment, the preset password is stored in the password comparison unit 22 in advance, and may be pre-committed in the password comparison unit 22 according to the user's command/command. Set a password to add, change, or delete.

Then, as shown in step 65, if the result of the determination in step 64 is that the password input meets the preset password, it indicates that the password input of the user is correct, and the password protection device 2 then enters an execution mode and performs subsequent steps. Step 66 to step 68: If the result of the determination in step 64 is no, the password protection device 2 enters a loss as shown in step 69. The mode is defeated, and step 70 is performed, wherein the control unit 21 returns a password verification failure message to the control application 112, and presents the failure result to a display unit 13 (such as a screen) via the processing of the central processing unit 12. .

However, steps 66 through 68 in the preferred embodiment are as follows:

When the password comparison is correct, as shown in step 66, the control unit 21 of the password protection device 2 transmits a password verification success message to the control application 112, and is presented on the display via the processing of the central processing unit 12. On unit 13.

Moreover, after the password comparison is successful, in addition to performing the above step 66, the control unit 21 of the password protection device 22 also allows a processing request to be transmitted from the control application 112 to the password protection as shown in step 67. The device 22 is executed by the processing unit 23 of the password protection device 22, and in the preferred embodiment, as shown in step 68, the processing unit 23 performs file reconstruction or converts a file to be hidden. One of the read and write-only states.

In summary, any input through the input device 3 is blocked by the password protection device 2 during the verification of the password by the password protection device 2. Once the password is verified by the password protection device 2 and the user wants to perform the input device 3 on the host device 1, for example, word processing, the input via the input device 3 is no longer blocked, and It can be transferred to the host device 1 by the password protection device 2. In other words, the password protection device 2, which operates in conjunction with the control application 112, can determine when to prevent the input of the input device 3 from being accessed via the host device 1. It is asked, and when the host device 1 can be accessed by the input of the input device 3, which can act as a guardian of the password, but does not hinder other input operations on the host device 1.

In addition, it should be additionally noted that, after the foregoing step 70, in addition to immediately terminating the password verification procedure of the present invention, step 61 may be returned again, prompting the user to perform password input again, and in order to prevent the unscrupulous person from using each The password attempt method of the violent method is cracked, such as a dictionary attack, when the password matching unit 22 of the password protection device 2 accumulates the password for a predetermined number of times (for example, three times), or accumulates a predetermined time within a specific period. After the number of times, all operations of the control application 112 and the password protection device 2 are terminated to enhance the effectiveness of the present invention in preventing passwords from being cracked. However, in practice, other conventional techniques may be employed or may be developed in the future. The technique, and thus the implementation of the subsequent protection of the number of password entries, is not an improved feature of the present invention, and therefore will not be described herein.

Password replacement procedure:

The password replacement program includes the following steps:

First, as shown in step 81, in response to receiving one of the second access requests, the control application 112 of the operating system 111 generates a password replacement request.

It should be noted that the second access request is generated by the second hotkey input by the user from the input device 3 or by the operation/instruction input by the user in the control application 112. The password protection device 2 is triggered to transmit the access request to the control application 112. In the preferred embodiment, the input device 3 is a keyboard, and the first The two hotkey inputs can be at least one button input from the keyboard.

Next, as shown in step 82, after receiving the password replacement request, the control unit 21 of the password protection device 2 generates another password input request and processes it on the display unit 13 after being processed by the central processing unit 12 to prompt The user performs a current password entry, a second new password entry, and a user account entry.

Then, as shown in step 83, after receiving the current password input, the second new password input, and the input of the user account from the input device 3, the password protection device 2 transmits the input status information to the control application. Program 112. The input status information is then processed by the central processing unit 12 for presentation on the display unit 13; wherein the input status information can include a plurality of presets that are unrelated to the current/old password input and the user account input. String or random character.

It is emphasized again that the current password input, the second new password input, and the input of the user account are not transmitted to the host device 1, including the control application 112 installed therein; and protected by the password The device 2 generates input status information relating only to the number of characters entered by the password for transmission to the control application 112 for display for viewing by the user.

Then, as shown in step 84, the password comparison unit 22 determines whether the input of the current password matches the preset password of the preset password in the password protection device 2 by comparing the current password with the group and the preset password. And compared to the second new password input to determine whether it is consistent.

Finally, as shown in step 85, if the step 84 is determined When the current password input meets the preset password, and the second new password input is consistent, the new password is stored in the password comparison unit 22 of the password protection device 2. Otherwise, return to step 81.

Next, an actual operation example will be given for the password protection method of the present invention to further explain in detail:

When the user wants to hide the file by using the present invention, first, the user executes the control application 112 installed in the operating system 111; then, the control application 112 transmits the USB through the USB driver 113. The password confirmation request is transmitted to the control unit 21 in the password protection device 2; again, the control unit 21 activates the password comparison unit 22 and transmits the user through the input device 3 directly connected to the password protection device 2. The entered password input is compared, and the password input is found to match the previously stored preset password. The password comparison unit 22 returns the password verification success message to the control unit 21, and then sequentially transmits the USB. The driver 113, the control application 112, and the display driver 114 are presented on the display unit 13. Then, the control unit 21 notifies the processing unit 23 to perform subsequent file processing, and therefore, when the processing unit 23 receives the request When the attribute adjustment operation is performed on the file, the processing unit 23 coordinates with a file system 116 by a SATA driver 115, that is, The file is converted to a hidden attribute and the job that the user wants to accomplish is completed.

It should be noted that, in the above-mentioned practical example, it is assumed that the password protection device 2 is connected to the operating system 111 of the storage unit 11 through the USB interface, so that the USB driver 113 is required to transmit the message as an intermediary. The bridge is provided, of course, in practice, the password protection device 2 can also transmit information to the operating system 111 through other forms of connection, which is generally easy to change and reused by those having relevant backgrounds, and therefore should not be used. It is limited to those disclosed in the preferred embodiment.

In addition, after the password verification unit 22 successfully authenticates the password, the user can transmit a message to the control application 112 through the control unit 21, and then use the control application 112 to an application 117 ( Such as a word processing application, etc., the instructions are issued, and the services provided by the application 117 (such as paperwork, etc.) are completed.

In summary, the password protection method of the present invention firstly transmits the access request to the host device 1 by the password protection device 2 according to the access request generated by the input device 3, and then passes through the control of the operating system 111. The application 112 returns the password confirmation request, and when the control unit 21 receives the password confirmation request, the control unit 21 in turn causes the password comparison unit 22 to verify the password transmitted by the user using the input device 3, And determining whether to enter the execution mode, in order to facilitate the subsequent processing of the job, therefore, the comparison of the password is directly transmitted to the password comparison unit 22 through the input device 3 for verification, only the password The protection device 2 is carried out and is not transmitted to the operation system 111. Therefore, the password does not occur because the operation system 111 is stolen by a malicious person, so that the object of the present invention can be achieved.

However, the above is only the preferred embodiment of the present invention, and the scope of the present invention cannot be limited thereto, that is, the simple equivalent change and repair according to the scope of the patent application and the patent specification of the present invention. Decorations are still within the scope of the invention patent.

61~70‧‧‧ Password Confirmation Procedure

Claims (12)

A password protection method is implemented in a computing system, and the computing system includes a host device configured with an operating system and a display unit, a password protection device, and an input device, wherein the operating system is installed with a control application. The password protection device is independent of the host device and operates between the host device and the input device, and includes a control unit, a password comparison unit and a processing unit. The method includes the following steps: (a) The control application of the operating system generates a password confirmation request after receiving a first access request; (b) the control unit of the password protection device generates a password input request after receiving the password confirmation request, wherein the password input The request is transmitted to the host device and displayed on the display unit to prompt a user to perform a password input using the input device, the password is not transmitted to the operating system; (c) receiving the password from the input device After the password is input, the control unit of the password protection device transmits the input status information to the control application, the input The status information is processed to be displayed on the display unit, and the input status information includes a predetermined string or random character unrelated to the password input; (d) the password protection unit of the password protection device receives the password input And determining whether the password input meets the preset password in one of the password comparison units; (e) if the password input is determined to be in the step (d) When the password is set, the password protection device enters an execution mode to transmit the determination result obtained in the step (d) to the control application, and allows the control request to be transmitted from the control application to the password protection unit to process the request. The processing unit of the password protection device executes; and (f) if the password input is determined to be different from the preset password in the step (d), the password protection device enters a failure mode. The password protection method according to claim 1, wherein in the step (e), when the execution mode is entered, the processing function of the processing unit is file reconstruction, or converting a file into a hidden, read-only, and only Write one of the states. The password protection method according to claim 1, wherein in the step (f), the control unit transmits a password verification failure message to the control application, and returns to the step (a) to wait for another password. Confirm the request. The password protection method according to claim 3, wherein in the step (f), the password protection device continuously tracks the number of times of entering the failure mode, and after the accumulation reaches a predetermined number of times, the control application and the password The protection device is terminated. The password protection method according to claim 3, wherein in the step (f), the password protection device continuously tracks the number of times of entering the failure mode, and after accumulating a predetermined number of times in a specific period, the control application The program and the password protection device are terminated. The password protection method according to claim 1, wherein in the step (f), the control unit transmits a password verification failure message to the control The program, and then the control application and the password protection device terminate operation. The password protection method according to claim 1, wherein in the step (e), the control unit transmits a password verification success message to the control application. The password protection method of claim 1, wherein the control application and the control unit communicate by a universal sequence bus that is coupled between the two. The password protection method of claim 1, wherein in the step (a) the first access request is generated by a first hot key input from the input device. The password protection method of claim 1, wherein in the step (b), the password input request is further used to prompt the user to input a user account, and in the step (c), the input The status information further includes another preset string or random character unrelated to the input of the user account. In the step (d), the password matching unit of the password protection device determines whether the password input is in accordance with the preset. The password comparison unit has a preset password. The password protection method according to claim 1, wherein after the step (f), the method further comprises the following steps: (g) the control application of the operating system generates a password replacement request after receiving a second access request. (h) after receiving the password replacement request, the control unit of the password protection device generates another password input request, and the other password input is requested. The request is transmitted to the host device and displayed on the display unit to prompt the user to perform a current password input and a second new password input by using the input device; (i) receiving the current password input and the secondary password After input, the control unit of the password protection device transmits input status information to the control application, so that the input status information is processed to be independent of the current password input and the second password input and includes the preset string or The random character is displayed on the display unit; (j) the password matching unit of the password protection device determines whether the current password input meets the preset password preset to the password protection device, and simultaneously compares the second new password Whether the input is consistent; and (k) if it is determined in the step (j) that the current password input meets the preset password, and the second new password input is consistent, the password protection device stores the new password as the preset password. The password protection method according to claim 11, wherein in the step (g), the second access request is generated by a second hot key input from the input device.