TW201541274A - Data access method - Google Patents

Data access method Download PDF

Info

Publication number
TW201541274A
TW201541274A TW103113903A TW103113903A TW201541274A TW 201541274 A TW201541274 A TW 201541274A TW 103113903 A TW103113903 A TW 103113903A TW 103113903 A TW103113903 A TW 103113903A TW 201541274 A TW201541274 A TW 201541274A
Authority
TW
Taiwan
Prior art keywords
password
control unit
hardware control
input
module
Prior art date
Application number
TW103113903A
Other languages
Chinese (zh)
Inventor
hong-jian Zhou
Original Assignee
hong-jian Zhou
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by hong-jian Zhou filed Critical hong-jian Zhou
Priority to TW103113903A priority Critical patent/TW201541274A/en
Publication of TW201541274A publication Critical patent/TW201541274A/en

Links

Abstract

A data access method comprises the following steps: (A) when a host module receives an access request via an input module, the host module is in an offline state with a network; (B) when the host module receives an input data corresponding to a password and at the same time is in the offline state with a network, the host module transmits the input data to a hardware control unit; (C) when the hardware control unit receives the input data, the hardware control unit confirms, according to the input data, whether the password of the input data is in compliance with a pre-stored reference password; and (D) if the confirmation result of the hardware control unit is positive, the hardware control unit allows the access of a user data, and if the confirmation result of the hardware control unit is negative, the hardware control unit declines the access of the user data.

Description

資料存取方法 Data access method

本發明是有關於一種資料存取方法,特別是指一種需要輸入密碼的資料存取方法。 The present invention relates to a data access method, and more particularly to a data access method requiring a password.

隨著資訊科技的快速發展,逐漸改變了人們的生活形態,電腦與網際網路對現在的人們來說,已經是生活上不可或缺的一環,不論是個人的資料、或是公司商業資料都可透過電腦及網路的媒介來存取,但也因為現今網路普及化使得網路駭客也因此大量崛起,而進行惡意入侵、破壞電腦系統、竄改電腦內部資料等不法行為,進而對電腦資訊安全造成相當大的危害。 With the rapid development of information technology, people have gradually changed the way people live. Computers and the Internet are an indispensable part of life for people, whether they are personal information or company business materials. It can be accessed through the media of computers and the Internet, but also because of the popularity of the Internet, the Internet hackers have also risen a lot, and malicious acts such as malicious intrusion, destruction of computer systems, tampering with internal computer data, etc. Information security poses considerable harm.

為了避免重要的使用者資料被竊取、毀壞及盜用,往往使用密碼來保護重要的使用者資料,然而若用來保護使用者資料的密碼被盜取,將發生無法彌補的嚴重後果。已有許多技術被提出來避免駭客利用木馬程式側錄密碼,例如,中華民國第200905541號「動態虛擬鍵盤之密碼輸入方法」公開案揭露一種動態虛擬鍵盤之密碼輸入方法,係在使用者需要輸入機密資料時,虛擬鍵盤以旋轉之方式,動態地改變數字和字母的位置,以避免駭客依據螢幕上之絕對位置,側錄使用者輸入之密碼資料。 In order to prevent important user data from being stolen, destroyed and stolen, passwords are often used to protect important user data. However, if the password used to protect user data is stolen, serious consequences will be irreparable. A number of techniques have been proposed to prevent hackers from using trojans to record passwords. For example, the Republic of China No. 200905541 "Dynamic Virtual Keyboard Password Input Method" publication discloses a dynamic virtual keyboard password input method, which is required by users. When entering confidential information, the virtual keyboard dynamically changes the position of the numbers and letters in a rotating manner to prevent the hacker from recording the password data entered by the user according to the absolute position on the screen.

然而,隨著資訊科技的進步,駭客攻擊手法也日趨成熟與多樣化,惡意程式可以依據使用者滑鼠之點選辨識出使用者點選密碼之螢幕位置,並錄下使用者於利用該虛擬鍵盤點選密碼時的操作畫面,進而竊取使用者的密碼,因此,如何改善上述方法所面臨的缺點,並有效防止使用者資料被竊取的資訊安全問題,遂成為亟待解決的問題。 However, with the advancement of information technology, the hacker attack method has become more mature and diversified. The malicious program can identify the screen position of the user's click password according to the user's mouse click, and record the user's use of the screen. The virtual keyboard selects the operation screen when the password is selected, thereby stealing the user's password. Therefore, how to improve the shortcomings of the above method and effectively prevent the information security problem of the user's data being stolen becomes an urgent problem to be solved.

因此,本發明之目的,即在提供一種有效防止使用者資料被竊取的資料存取方法。 Accordingly, it is an object of the present invention to provide a method of accessing data that effectively prevents user data from being stolen.

於是本發明資料存取方法,適用於一資料存取系統,該資料存取系統包括一輸入模組、一預存有一參考密碼及對應該參考密碼之使用者資料的硬體控制單元以及一可與一網路連線且電連接該輸入模組與該硬體控制單元的主機模組,該方法包含以下步驟:(A)當該主機模組經由該輸入模組接收一存取請求時,該主機模組與該網路呈一離線狀態;(B)當該主機模組接收到對應於一密碼的輸入資料且同時與該網路呈該離線狀態時,該主機模組傳送該輸入資料至該硬體控制單元;(C)當該硬體控制單元接收該輸入資料時,該硬體控制單元根據該輸入資料,確認該輸入資料的密碼是否符合預存的該參考密碼;及(D)當該硬體控制單元之確認結果為是時,該硬體控制單元允許該使用者資料的存取,當該硬體控制單元之確認結果為否時,該硬體控制單元拒絕該使用者資料的存取。 Therefore, the data access method of the present invention is applicable to a data access system including an input module, a hardware control unit pre-stored with a reference password and a user data corresponding to the password, and an a network connection and electrically connecting the input module and the host module of the hardware control unit, the method comprising the following steps: (A) when the host module receives an access request via the input module, The host module and the network are in an offline state; (B) when the host module receives the input data corresponding to a password and simultaneously the offline state with the network, the host module transmits the input data to The hardware control unit (C), when the hardware control unit receives the input data, the hardware control unit confirms, according to the input data, whether the password of the input data meets the pre-stored reference password; and (D) When the confirmation result of the hardware control unit is YES, the hardware control unit allows access of the user data, and when the confirmation result of the hardware control unit is negative, the hardware control unit rejects the user data. Access.

本發明之功效在於,藉由該主機模組與該網路呈該離線狀態,並在該主機模組與該網路呈該離線狀態的條件下,才將對應於該密碼的該輸入資料傳送至該硬體控制單元,以進行該密碼與該參考密碼是否相同的確認,可避免駭客傳送一仿冒該輸入資料的非法輸入資料至該硬體控制單元,進而避免駭客竊取該使用者資料。 The effect of the present invention is that the host module and the network are in the offline state, and the input data corresponding to the password is transmitted under the condition that the host module and the network are in the offline state. The confirmation to the hardware control unit to determine whether the password is the same as the reference password can prevent the hacker from transmitting an illegal input data that is counterfeit to the input data to the hardware control unit, thereby preventing the hacker from stealing the user data. .

1‧‧‧輸入模組 1‧‧‧Input module

2‧‧‧主機模組 2‧‧‧Host module

21‧‧‧網路通訊介面 21‧‧‧Internet communication interface

22‧‧‧記憶體 22‧‧‧ memory

23‧‧‧處理器 23‧‧‧ Processor

3‧‧‧硬體控制單元 3‧‧‧ hardware control unit

4‧‧‧顯示模組 4‧‧‧Display module

501~505‧‧‧步驟 501~505‧‧‧Steps

601~607‧‧‧步驟 601~607‧‧‧Steps

本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是一系統方塊圖,說明利用本發明資料存取方法的一資料存取系統;圖2是一流程圖,說明本發明資料存取方法之第一較佳實施例;及圖3是一流程圖,說明本發明資料存取方法之第二較佳實施例。 Other features and advantages of the present invention will be apparent from the embodiments of the present invention, wherein: Figure 1 is a system block diagram illustrating a data access system utilizing the data access method of the present invention; A flow chart illustrating a first preferred embodiment of the data access method of the present invention; and FIG. 3 is a flow chart illustrating a second preferred embodiment of the data access method of the present invention.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。 Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same reference numerals.

參閱圖1,本發明資料存取方法之第一較佳實施例,適用於一資料存取系統。該資料存取系統包含一輸入模組1、一主機模組2、一硬體控制單元3及一顯示模組4。 Referring to Figure 1, a first preferred embodiment of the data access method of the present invention is applicable to a data access system. The data access system includes an input module 1, a host module 2, a hardware control unit 3, and a display module 4.

該輸入模組1可操作來產生一存取請求及對應 於一密碼的輸入資料。在本較佳實施例中,該輸入模組1為一鍵盤。 The input module 1 is operable to generate an access request and corresponding Input data for a password. In the preferred embodiment, the input module 1 is a keyboard.

該主機模組2包括一網路通訊介面21、一記憶體22及一電連接該網路通訊介面21、該記憶體22、該輸入模組1、該顯示模組4及該硬體控制單元3的處理器23。該網路通訊介面21可操作在一與一網路連接的連線狀態或一與該網路斷開的離線狀態。該記憶體22儲存有可執行於該處理器23的一主機應用程式及一網路偵測程式。 The host module 2 includes a network communication interface 21, a memory 22, and an electrical connection interface 21, the memory 22, the input module 1, the display module 4, and the hardware control unit. 3 processor 23. The network communication interface 21 can operate in a wired state connected to a network or an offline state disconnected from the network. The memory 22 stores a host application executable by the processor 23 and a network detection program.

當該處理器23接收到來自該輸入模組1的該存取請求時,該處理器23執行該主機應用程式以使該網路通訊介面21操作在該離線狀態,且該處理器23執行該主機應用程式以啟動該網路偵測程式的執行,該處理器23執行該網路偵測程式以偵測該網路介面是否維持在該離線狀態。當該網路偵測程式之執行的偵測結果指示該網路通訊介面21是在該離線狀態同時該處理器23接收到來自該輸入模組1的該輸入資料時,該處理器23執行該主機應用程式以使該顯示模組4呈現與該密碼無關之多個預設字碼,並將該輸入資料傳送至該硬體控制單元3,其中該等預設字碼具有與該密碼相同數量的字元。 When the processor 23 receives the access request from the input module 1, the processor 23 executes the host application to operate the network communication interface 21 in the offline state, and the processor 23 executes the The host application starts the execution of the network detection program, and the processor 23 executes the network detection program to detect whether the network interface is maintained in the offline state. When the detection result of the execution of the network detection program indicates that the network communication interface 21 is in the offline state and the processor 23 receives the input data from the input module 1, the processor 23 executes the The host application causes the display module 4 to present a plurality of preset words unrelated to the password, and transmits the input data to the hardware control unit 3, wherein the preset words have the same number of words as the password yuan.

該硬體控制單元3預存有一參考密碼及對應該參考密碼之使用者資料。在本較佳實施例中,該硬體控制單元3的實施態樣為一晶片,可透過將該晶片設置於一安全數位(Secure Digital,簡稱SD)卡而與該主機模組2電連接,但不以此為限,亦可透過將該晶片設置於一USB隨 身碟而與該主機模組2電連接,當該晶片設置於該SD卡時,該主機模組2還包括一安全數位傳輸介面;當該晶片設置於該USB隨身碟時,該主機模組2還包括一通用序列匯流排傳輸介面。 The hardware control unit 3 prestores a reference password and user data corresponding to the password. In the preferred embodiment, the hardware control unit 3 is implemented as a chip, and is electrically connected to the host module 2 by being disposed on a Secure Digital (SD) card. But not limited to this, you can also set the chip to a USB The host module 2 further includes a secure digital transmission interface when the chip is disposed on the SD card, and the host module is disposed when the chip is disposed on the USB flash drive. 2 also includes a universal serial bus transmission interface.

當該硬體控制單元3接收到來自該主機模組2的輸入資料時,該硬體控制單元3根據該輸入資料確認該輸入資料的密碼是否符合該硬體控制單元3預存的該參考密碼,當該硬體控制單元3之確認結果為是時,該硬體控制單元3允許該使用者資料的存取,當該硬體控制單元3之確認結果為否時,該硬體控制單元3拒絕該使用者資料的存取。 When the hardware control unit 3 receives the input data from the host module 2, the hardware control unit 3 confirms, according to the input data, whether the password of the input data meets the reference password pre-stored by the hardware control unit 3, When the confirmation result of the hardware control unit 3 is YES, the hardware control unit 3 allows access of the user data, and when the confirmation result of the hardware control unit 3 is negative, the hardware control unit 3 rejects Access to this user profile.

該顯示模組4用以呈現與該密碼無關之該等預設字碼(如,‘*’字元),其中呈現於該顯示模組4的該等預設字碼具有與該密碼相同數量的字元。 The display module 4 is configured to display the preset words (eg, '*' characters) irrelevant to the password, wherein the preset words presented in the display module 4 have the same number of words as the password. yuan.

參閱圖1與圖2,本發明資料存取方法之第一較佳實施例包含以下步驟。 Referring to Figures 1 and 2, a first preferred embodiment of the data access method of the present invention comprises the following steps.

如步驟501所示,當該主機模組2之處理器23經由該輸入模組1接收該存取請求時,該主機模組2之處理器23執行該主機應用程式以使該主機模組2之網路通訊介面21操作在該離線狀態,且該主機模組2之處理器23執行該主機應用程式以啟動該網路偵測程式的執行。 As shown in step 501, when the processor 23 of the host module 2 receives the access request via the input module 1, the processor 23 of the host module 2 executes the host application to make the host module 2 The network communication interface 21 operates in the offline state, and the processor 23 of the host module 2 executes the host application to start execution of the network detection program.

如步驟502所示,當該主機模組2之處理器23接收到利用該輸入模組1所產生且對應於該密碼的輸入資料且同時該網路偵測程式之執行的偵測結果指示該網路通 訊介面21呈該離線狀態時,該主機模組2之處理器23執行該主機應用程式以使該顯示模組4呈現與該密碼無關之預設字碼,並將該輸入資料傳送至該硬體控制單元3,其中該等預設字碼具有與該密碼相同數量的字元。 As shown in step 502, when the processor 23 of the host module 2 receives the input data generated by the input module 1 and corresponding to the password, and the detection result of the network detection program is executed, the detection result indicates Network access When the interface 21 is in the offline state, the processor 23 of the host module 2 executes the host application to cause the display module 4 to present a preset word irrelevant to the password, and transmit the input data to the hardware. Control unit 3, wherein the preset words have the same number of characters as the password.

如步驟503所示,當該硬體控制單元3接收該輸入資料時,該硬體控制單元3根據該輸入資料,確認該輸入資料的密碼是否符合預存的該參考密碼,當該硬體控制單元3之確認結果為是時,繼續進行步驟504;當該硬體控制單元3之確認結果為否時,繼續進行步驟505。 As shown in step 503, when the hardware control unit 3 receives the input data, the hardware control unit 3 confirms, according to the input data, whether the password of the input data meets the pre-stored reference password, when the hardware control unit When the confirmation result of 3 is YES, step 504 is continued; when the confirmation result of the hardware control unit 3 is NO, step 505 is continued.

如步驟504所示,該硬體控制單元3允許該使用者資料的存取。 As shown in step 504, the hardware control unit 3 allows access to the user profile.

如步驟505所示,該硬體控制單元3拒絕該使用者資料的存取。 As shown in step 505, the hardware control unit 3 rejects access to the user profile.

值得一提的是,當該網路偵測程式之執行的偵測結果指示該網路通訊介面21呈該連線狀態時,該處理器23執行該主機應用程式以於該顯示模組4呈現一錯誤訊息,且不接收該輸入資料之輸入,其中,該錯誤訊息例如可為網路呈連線狀態,輸入資料有被竊取之風險的文字訊息。 It is worth mentioning that when the detection result of the execution of the network detection program indicates that the network communication interface 21 is in the connection state, the processor 23 executes the host application to be presented in the display module 4. An error message, and the input of the input data is not received, wherein the error message may be, for example, a text message in which the network is connected and the input data is at risk of being stolen.

由上述說明,可將本實施例的優點歸納如下:藉由該處理器23執行該主機應用程式以使該網路通訊介面21操作在該離線狀態,並在該網路偵測程式之執行的偵測結果指示該網路通訊介面21是該離線狀態的條件下,才將對應於該密碼的該輸入資料傳送至該硬體控制單元3,以進 行該密碼與該參考密碼是否相同的確認,可避免駭客傳送一仿冒該輸入資料的非法輸入資料至該硬體控制單元3,由於該主機模組2是在該離線狀態的條件下,才傳送該輸入資料至該硬體控制單元3,因此駭客無法在該離線狀態的條件下傳送該非法輸入資料至該硬體控制單元3,進而避免駭客竊取該使用者資料。 From the above description, the advantages of the embodiment can be summarized as follows: the processor 23 executes the host application to operate the network communication interface 21 in the offline state, and executes the network detection program. The detection result indicates that the network communication interface 21 is in the offline state, and the input data corresponding to the password is transmitted to the hardware control unit 3 to The confirmation that the password is the same as the reference password can prevent the hacker from transmitting an illegal input data that is counterfeit to the input data to the hardware control unit 3, because the host module 2 is in the offline state. The input data is transmitted to the hardware control unit 3, so the hacker cannot transmit the illegal input data to the hardware control unit 3 under the offline condition, thereby preventing the hacker from stealing the user data.

本發明資料存取方法之第二較佳實施例可由類似如圖1的資料存取系統來實施,其差別在於,當該主機模組2之處理器23接收到來自該輸入模組1的該存取請求時,該處理器23回應於該存取請求,執行該主機應用程式以傳送一密碼輸入介面請求至該硬體控制單元3。 A second preferred embodiment of the data access method of the present invention can be implemented by a data access system similar to that of FIG. 1 with the difference that when the processor 23 of the host module 2 receives the input from the input module 1 Upon accessing the request, the processor 23 executes the host application to transmit a password input interface request to the hardware control unit 3 in response to the access request.

當該硬體控制單元3接收到來自該主機模組2之密碼輸入介面請求時,該硬體控制單元3回應於該密碼輸入介面請求,產生一包括一動態鍵盤的密碼輸入介面,並將該密碼輸入介面傳送至該處理器23,該處理器23執行該主機應用程式使該密碼輸入介面顯示在該顯示模組4上,以致該輸入資料是利用該輸入模組1點擊顯示在該顯示模組4上的動態鍵盤而產生,其中,該輸入資料包含多個對應於該密碼且位於該動態鍵盤的座標位置。在本較佳實施例中,該輸入模組1為一觸控面板或一滑鼠。 When the hardware control unit 3 receives the password input interface request from the host module 2, the hardware control unit 3 generates a password input interface including a dynamic keyboard in response to the password input interface request, and the The password input interface is sent to the processor 23, and the processor 23 executes the host application to display the password input interface on the display module 4, so that the input data is clicked and displayed on the display module by using the input module 1 The dynamic keyboard on group 4 is generated, wherein the input data includes a plurality of coordinate positions corresponding to the password and located at the dynamic keyboard. In the preferred embodiment, the input module 1 is a touch panel or a mouse.

在該輸入資料傳送至該硬體控制單元3前,該處理器23執行該主機應用程式以加密該等座標位置。 The processor 23 executes the host application to encrypt the coordinate locations before the input data is transferred to the hardware control unit 3.

當該硬體控制單元3接收到來自該主機模組2的輸入資料時,該硬體控制單元3解密經該主機模組2加 密的該等座標位置,且根據解密的該等座標位置辨識出該密碼。 When the hardware control unit 3 receives the input data from the host module 2, the hardware control unit 3 decrypts the host module 2 The coordinate positions are dense, and the password is recognized based on the decrypted coordinates.

參閱圖1與圖3,本發明資料存取方法之第二較佳實施例包含以下步驟。 Referring to Figures 1 and 3, a second preferred embodiment of the data access method of the present invention comprises the following steps.

如步驟601所示,當該主機模組2之處理器23經由該輸入模組1接收該存取請求時,該主機模組2之處理器23執行該主機應用程式以使該主機模組2之網路通訊介面21操作在該離線狀態,且該主機模組2之處理器23執行該主機應用程式以啟動該網路偵測程式的執行。 As shown in step 601, when the processor 23 of the host module 2 receives the access request via the input module 1, the processor 23 of the host module 2 executes the host application to make the host module 2 The network communication interface 21 operates in the offline state, and the processor 23 of the host module 2 executes the host application to start execution of the network detection program.

如步驟602所示,該主機模組2之處理器23回應於該存取請求,執行該主機應用程式以傳送該密碼輸入介面請求至該硬體控制單元3。 As shown in step 602, the processor 23 of the host module 2 executes the host application to transmit the password input interface request to the hardware control unit 3 in response to the access request.

如步驟603所示,當該硬體控制單元3接收到來自該主機模組2之密碼輸入介面請求時,該硬體控制單元3回應於該密碼輸入介面請求,產生包含該動態鍵盤的該密碼輸入介面,並將該密碼輸入介面傳送至該處理器23,該處理器23執行該主機應用程式使該密碼輸入介面顯示在該顯示模組4上,其中,該輸入資料是利用該輸入模組1點擊顯示在該顯示模組4上的動態鍵盤而產生,且該輸入資料包含對應於該密碼且位於該動態鍵盤的該等座標位置。 As shown in step 603, when the hardware control unit 3 receives the password input interface request from the host module 2, the hardware control unit 3 generates the password including the dynamic keyboard in response to the password input interface request. The input interface is transmitted to the processor 23, and the processor 23 executes the host application to display the password input interface on the display module 4, wherein the input data is utilized by the input module 1 is generated by clicking on a dynamic keyboard displayed on the display module 4, and the input data includes the coordinates corresponding to the password and located at the coordinates of the dynamic keyboard.

如步驟604所示,當該主機模組2之處理器23接收到該輸入資料且同時該網路偵測程式之執行的偵測結果指示該網路通訊介面21呈該離線狀態時,該主機模組2 之處理器23執行該主機應用程式以使該顯示模組4呈現與該密碼無關之預設字碼,並加密該等座標位置,且將加密的該等座標位置傳送至該硬體控制單元3,其中該等預設字碼具有與該密碼相同數量的字元。 As shown in step 604, when the processor 23 of the host module 2 receives the input data and the detection result of the network detection program indicates that the network communication interface 21 is in the offline state, the host Module 2 The processor 23 executes the host application to cause the display module 4 to present a preset word code irrelevant to the password, and encrypt the coordinate positions, and transmit the encrypted coordinate positions to the hardware control unit 3, Wherein the preset words have the same number of characters as the password.

如步驟605所示,當該硬體控制單元3接收該輸入資料時,該硬體控制單元3解密經該主機模組2加密的該等座標位置,且根據解密的該等座標位置辨識出該密碼,並確認該輸入資料的密碼是否符合預存的該參考密碼,當該硬體控制單元3之確認結果為是時,繼續進行步驟606;當該硬體控制單元3之確認結果為否時,繼續進行步驟607。 As shown in step 605, when the hardware control unit 3 receives the input data, the hardware control unit 3 decrypts the coordinate positions encrypted by the host module 2, and recognizes the coordinates according to the decrypted coordinates. a password, and confirming whether the password of the input data meets the pre-stored reference password. When the confirmation result of the hardware control unit 3 is YES, proceeding to step 606; when the confirmation result of the hardware control unit 3 is no, Proceed to step 607.

如步驟606所示,該硬體控制單元3允許該使用者資料的存取。 As shown in step 606, the hardware control unit 3 allows access to the user profile.

如步驟607所示,該硬體控制單元3拒絕該使用者資料的存取。 As shown in step 607, the hardware control unit 3 rejects access to the user profile.

由上述說明,可將本實施例的優點歸納如下:藉由該處理器23執行該主機應用程式以使該網路通訊介面21操作在該離線狀態,並在該網路偵測程式之執行的偵測結果指示該網路通訊介面21是該離線狀態的條件下,才將對應於該密碼的該輸入資料傳送至該硬體控制單元3,以進行該密碼與該參考密碼是否相同的確認,可避免駭客傳送仿冒該輸入資料的該非法輸入資料至該硬體控制單元3,進而避免駭客竊取該使用者資料。此外,藉由提供包括該動態鍵盤的該密碼輸入介面,使得對應於該密碼的輸入資料 難以被直接辨識出該密碼,再者,藉由將該等座標位置經由該主機模組2進行加密,可提供該等座標位置更進一步的保護。 From the above description, the advantages of the embodiment can be summarized as follows: the processor 23 executes the host application to operate the network communication interface 21 in the offline state, and executes the network detection program. The detection result indicates that the network communication interface 21 is in the offline state, and the input data corresponding to the password is transmitted to the hardware control unit 3 to confirm whether the password and the reference password are the same. The hacker can be prevented from transmitting the illegal input data spoofing the input data to the hardware control unit 3, thereby preventing the hacker from stealing the user data. In addition, the input data corresponding to the password is made by providing the password input interface including the dynamic keyboard. It is difficult to directly recognize the password, and further, by encrypting the coordinate positions via the host module 2, further protection of the coordinate positions can be provided.

綜上所述,藉由該主機模組2之處理器23執行該主機應用程式以使該網路通訊介面21操作在該離線狀態,並在該網路偵測程式之執行的偵測結果指示該網路通訊介面21是該離線狀態的條件下,才將對應於該密碼的該輸入資料傳送至該硬體控制單元3,以進行該密碼與該參考密碼是否相同的確認,可避免駭客傳送仿冒該輸入資料的該非法輸入資料至該硬體控制單元3,進而避免駭客竊取對應該參考密碼之該使用者資料,故確實能達成本發明之目的。 In summary, the processor 23 of the host module 2 executes the host application to operate the network communication interface 21 in the offline state, and the detection result indication of the execution of the network detection program is The network communication interface 21 is in the offline state, and the input data corresponding to the password is transmitted to the hardware control unit 3 to confirm whether the password and the reference password are the same, thereby avoiding the hacker. The illegal input data counterfeiting the input data is transmitted to the hardware control unit 3, thereby preventing the hacker from stealing the user data corresponding to the reference password, so that the object of the present invention can be achieved.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。 The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, that is, the simple equivalent changes and modifications made by the patent application scope and patent specification content of the present invention, All remain within the scope of the invention patent.

501~505‧‧‧步驟 501~505‧‧‧Steps

Claims (7)

一種資料存取方法,適用於一資料存取系統,該資料存取系統包括一輸入模組、一預存有一參考密碼及對應該參考密碼之使用者資料的硬體控制單元以及一可與一網路連線且電連接該輸入模組與該硬體控制單元的主機模組,該方法包含以下步驟:(A)當該主機模組經由該輸入模組接收一存取請求時,該主機模組與該網路呈一離線狀態;(B)當該主機模組接收到對應於一密碼的輸入資料且同時與該網路呈該離線狀態時,該主機模組傳送該輸入資料至該硬體控制單元;(C)當該硬體控制單元接收該輸入資料時,該硬體控制單元根據該輸入資料,確認該輸入資料的密碼是否符合預存的該參考密碼;及(D)當該硬體控制單元之確認結果為是時,該硬體控制單元允許該使用者資料的存取,當該硬體控制單元之確認結果為否時,該硬體控制單元拒絕該使用者資料的存取。 A data access method is applicable to a data access system, the data access system includes an input module, a hardware control unit prestored with a reference password and a user data corresponding to the password, and a network with a network The circuit is connected and electrically connected to the input module and the host module of the hardware control unit, and the method includes the following steps: (A) when the host module receives an access request via the input module, the host module The group is offline with the network; (B) when the host module receives the input data corresponding to a password and simultaneously displays the offline status with the network, the host module transmits the input data to the hard (C) when the hardware control unit receives the input data, the hardware control unit confirms, according to the input data, whether the password of the input data meets the pre-stored reference password; and (D) when the hard When the confirmation result of the body control unit is YES, the hardware control unit allows access of the user data, and when the confirmation result of the hardware control unit is negative, the hardware control unit rejects access of the user data. 如請求項1所述的資料存取方法,其中,在該步驟(B)中,該輸入資料是利用該輸入模組所產生。 The data access method of claim 1, wherein in the step (B), the input data is generated by using the input module. 如請求項1所述的資料存取方法,該資料存取系統還包括一電連接該主機模組的顯示模組,在該步驟(A)與步驟(B)之間,還包含以下步驟:(E)該主機模組回應於該存取請求,傳送一密碼輸入 介面請求至該硬體控制單元;及(F)當該硬體控制單元接收到來自該主機模組之密碼輸入介面請求時,該硬體控制單元回應於該密碼輸入介面請求,產生一密碼輸入介面,並將該密碼輸入介面傳送至該主機模組,該主機模組使該密碼輸入介面顯示在該顯示模組上,該輸入資料是利用該輸入模組,並經由該密碼輸入介面之操作而產生。 The data access method of claim 1, the data access system further comprising a display module electrically connected to the host module, and between the step (A) and the step (B), the method further comprises the following steps: (E) the host module transmits a password input in response to the access request The interface requests to the hardware control unit; and (F) when the hardware control unit receives the password input interface request from the host module, the hardware control unit generates a password input in response to the password input interface request Interface, and the password input interface is transmitted to the host module, the host module displays the password input interface on the display module, and the input data is utilized by the input module and operates through the password input interface And produced. 如請求項3所述的資料存取方法,其中,在該步驟(B)中,當該主機模組接收到該輸入資料時,該主機模組使該顯示模組顯示與該密碼無關之多個預設字碼,其中該等預設字碼具有與該密碼相同數量的字元。 The data access method of claim 3, wherein, in the step (B), when the host module receives the input data, the host module causes the display module to display a maximum number of passwords. Pre-set words, wherein the preset words have the same number of characters as the password. 如請求項3所述的資料存取方法,其中,在該步驟(F)中,該密碼輸入介面包括一動態鍵盤,該輸入資料是利用該輸入模組點擊顯示在該顯示模組上的動態鍵盤而產生。 The data access method of claim 3, wherein in the step (F), the password input interface comprises a dynamic keyboard, and the input data is dynamically displayed by clicking on the display module by using the input module. Produced by the keyboard. 如請求項5所述的資料存取方法,其中,在該步驟(F)中,該輸入資料包含多個對應於該密碼且位於該動態鍵盤的座標位置,繼而在該步驟(C)中,當該硬體控制單元接收到該輸入資料時,該硬體控制單元還根據該等座標位置辨識出該密碼,並確認該輸入資料的密碼是否符合預存的該參考密碼。 The data access method of claim 5, wherein in the step (F), the input data includes a plurality of coordinate positions corresponding to the password and located at the dynamic keyboard, and then in the step (C), When the hardware control unit receives the input data, the hardware control unit further identifies the password according to the coordinate positions, and confirms whether the password of the input data meets the pre-stored reference password. 如請求項6所述的資料存取方法,其中,在該步驟(B)中,當該主機模組接收到對應於該密碼的輸入資料且同時與該網路呈離線狀態時,該主機模組加密該等座標位 置,並傳送加密的該等座標位置至該硬體控制單元,繼而在該步驟(C)中,該硬體控制單元在執行該密碼的辨識前,將加密的該等座標位置解密。 The data access method of claim 6, wherein in the step (B), when the host module receives the input data corresponding to the password and simultaneously goes offline with the network, the host module Group encrypts the coordinate positions And transmitting the encrypted coordinate positions to the hardware control unit, and then in the step (C), the hardware control unit decrypts the encrypted coordinate positions before performing the identification of the password.
TW103113903A 2014-04-16 2014-04-16 Data access method TW201541274A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103113903A TW201541274A (en) 2014-04-16 2014-04-16 Data access method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103113903A TW201541274A (en) 2014-04-16 2014-04-16 Data access method

Publications (1)

Publication Number Publication Date
TW201541274A true TW201541274A (en) 2015-11-01

Family

ID=55220494

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103113903A TW201541274A (en) 2014-04-16 2014-04-16 Data access method

Country Status (1)

Country Link
TW (1) TW201541274A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI669625B (en) * 2017-11-30 2019-08-21 大陸商北京集創北方科技股份有限公司 Method for protecting PIN code of touch screen and information processing device using same

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI669625B (en) * 2017-11-30 2019-08-21 大陸商北京集創北方科技股份有限公司 Method for protecting PIN code of touch screen and information processing device using same

Similar Documents

Publication Publication Date Title
US10187211B2 (en) Verification of password using a keyboard with a secure password entry mode
EP3084674B1 (en) Techniques for integrated endpoint and network detection and eradication of attacks
CN107567630B (en) Isolation of trusted input/output devices
EP3198516B1 (en) Method for privileged mode based secure input mechanism
KR101878149B1 (en) Device, system, and method of secure entry and handling of passwords
TWI514187B (en) Systems and methods for providing anti-malware protection on storage devices
CN112513857A (en) Personalized cryptographic security access control in a trusted execution environment
TW201539247A (en) Password input and verification method and system thereof
US9235732B2 (en) Secure communication methods
CN101529366A (en) Identification and visualization of trusted user interface objects
US8954747B2 (en) Protecting keystrokes received from a keyboard in a platform containing embedded controllers
WO2018223797A1 (en) Data response method, terminal apparatus, and server
US9356787B2 (en) Secure communication architecture including sniffer
KR101429304B1 (en) Entering confidential information on an untrusted machine
US9111123B2 (en) Firmware for protecting data from software threats
KR100985076B1 (en) Apparatus and method for protecting data in usb devices
KR102542213B1 (en) Real-time encryption/decryption security system and method for data in network based storage
US20050044408A1 (en) Low pin count docking architecture for a trusted platform
TW201541274A (en) Data access method
Balisane et al. Trusted execution environment-based authentication gauge (TEEBAG)
US10235541B2 (en) System and method for confidential data management
JP2024009256A (en) Authentication factor file, server, leakage detection method, and program
JP2016072747A (en) Data provision device, data introduction receiving device, data transmission/reception system, portable recording medium, data provision method, data introduction receiving method, data transmission/reception method, data provision program, and data introduction receiving program
CN115151906A (en) Protecting device separation using bus encryption
TW201534167A (en) Antivirus encryption wireless router