TWI506477B - Secure input method and system for virtual keyboard - Google Patents

Secure input method and system for virtual keyboard Download PDF

Info

Publication number
TWI506477B
TWI506477B TW103115004A TW103115004A TWI506477B TW I506477 B TWI506477 B TW I506477B TW 103115004 A TW103115004 A TW 103115004A TW 103115004 A TW103115004 A TW 103115004A TW I506477 B TWI506477 B TW I506477B
Authority
TW
Taiwan
Prior art keywords
security
input
keyboard
strings
rule
Prior art date
Application number
TW103115004A
Other languages
Chinese (zh)
Other versions
TW201541282A (en
Inventor
Long Fa Lo
Yu Hsuan Lee
Original Assignee
Joiiup Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Joiiup Technology Inc filed Critical Joiiup Technology Inc
Priority to TW103115004A priority Critical patent/TWI506477B/en
Application granted granted Critical
Publication of TW201541282A publication Critical patent/TW201541282A/en
Publication of TWI506477B publication Critical patent/TWI506477B/en

Links

Description

虛擬鍵盤之安全輸入方法與系統Virtual keyboard security input method and system

本發明係有關於一種虛擬鍵盤的安全輸入方法,特別是一種可防止側錄軟體或惡意程式側錄鍵盤按鍵的輸入訊息的安全輸入方法。The invention relates to a safe input method for a virtual keyboard, in particular to a safe input method for preventing input messages of a side recording software or a malicious program side recording keyboard button.

鍵盤為個人電腦中常見的輸入裝置,透過鍵盤的輸入,使用者可以輸入字串。除了文字的書寫外,更可以透過鍵盤的輸入帳號與密碼登入網站。但是一般的個人電腦並沒有在鍵盤與主機之間建立安全防護機制,所以利用鍵盤側錄的軟體可以輕易地取得鍵盤按鍵的訊號,使用者甚至不會知道有人在其電腦上側錄鍵盤按鍵的輸入訊息,造成個人帳號與密碼被盜取。因此,需要較高安全性的網站(例如網路銀行等),都會提供虛擬鍵盤讓使用者輸入密碼,防止使用者使用一般鍵盤導致帳號密碼竊取。舉例來說,當使用網路銀行時,在輸入密碼時都會跳出一個「虛擬鍵盤」,讓使用者利用滑鼠以點選的方式取代鍵盤按鍵來輸入密碼、登入網站。在使用虛擬鍵盤輸入密碼時,一般鍵盤側錄軟體或惡意程式無法記錄、監控到所點選的按鍵。因此在相對不安全環境中(例如網咖、機場或百貨公司等)的公共場所的電腦上輸入密碼時,透過滑鼠點按虛擬鍵盤的方式大部分都 可避免密碼被側錄與盜用。The keyboard is a common input device in a personal computer, and the user can input a string through the input of the keyboard. In addition to the writing of text, you can log in to the website through the keyboard's input account and password. However, the general personal computer does not establish a security protection mechanism between the keyboard and the host. Therefore, the software of the keyboard side recording can easily obtain the signal of the keyboard key, and the user does not even know that someone inputs the keyboard key input on the computer. The message caused the personal account and password to be stolen. Therefore, websites that require higher security (such as online banking, etc.) will provide a virtual keyboard for the user to enter a password to prevent the user from using the general keyboard to cause account password theft. For example, when using online banking, a "virtual keyboard" will be displayed when the password is entered, allowing the user to use the mouse to replace the keyboard button to enter a password and log into the website. When using the virtual keyboard to enter a password, the general keyboard side recording software or malicious program cannot record and monitor the selected button. Therefore, when you enter a password on a computer in a public place in a relatively unsafe environment (such as Internet cafes, airports, department stores, etc.), most of the way you click the virtual keyboard through the mouse It can prevent passwords from being recorded and stolen.

另外,隨著行動裝置(例如智慧手機或平板電腦等)的日益普及,虛擬鍵盤的應用層面也擴及到行動裝置上。第1A圖係顯示使用安卓(Android)系統之行動裝置的虛擬鍵盤示意圖,第1B圖係顯示使用蘋果(Apple)行動裝置的虛擬鍵盤的示意圖。如第1A圖與第1B圖所示,雖然不同系統的行動裝置的虛擬鍵盤10A或10B在使用上有些不同,但是字母的排列都是統一以QWERTY的布局設計為主,QWERTY鍵盤的字母與數字位置的安排次序都是固定的。在使用行動裝置的虛擬鍵盤時,若使用者需要輸入帳號或密碼,通常在同一欄位中需要同時輸入字母與數字,在行動裝置上的鍵盤需要做切換鍵盤配置才能在同一欄位同時輸入字母與數字,使用上有所不便。綜上,由於桌上電腦、筆記型電腦或行動裝置上所使用的虛擬鍵盤主要都是以QWERTY鍵盤的安排次序為設計,側錄軟體或惡意程式還是可以依照使用者點選的位置知道使用者輸入的字母為何,導致帳號密碼被監控。甚至當使用者在公共場所使用行動裝置的虛擬鍵盤時,旁人也很容易從使用者點選的位置猜到使用者輸入的字母。In addition, with the increasing popularity of mobile devices (such as smart phones or tablets), the application level of virtual keyboards has also expanded to mobile devices. Fig. 1A is a schematic diagram showing a virtual keyboard using a mobile device of an Android system, and Fig. 1B is a schematic view showing a virtual keyboard using an Apple mobile device. As shown in FIG. 1A and FIG. 1B, although the virtual keyboard 10A or 10B of the mobile device of different systems is somewhat different in use, the arrangement of the letters is unified with the QWERTY layout design, and the letters and numbers of the QWERTY keyboard. The order of placement is fixed. When using the virtual keyboard of the mobile device, if the user needs to input an account number or password, it is usually necessary to input letters and numbers in the same field at the same time. The keyboard on the mobile device needs to be switched keyboard configuration to input letters in the same field at the same time. With the number, it is inconvenient to use. In summary, since the virtual keyboards used on desktop computers, notebook computers or mobile devices are mainly designed in the order of QWERTY keyboards, the software or malware can be used to know the user according to the location selected by the user. The entered letter causes the account password to be monitored. Even when the user uses the virtual keyboard of the mobile device in a public place, it is easy for others to guess the letter entered by the user from the location selected by the user.

因此,存在一種需求設計虛擬鍵盤的安全輸入方法,讓側錄軟體或惡意程式無法監控到使用者的帳號密碼,甚至讓側錄軟體或惡意程式監控到的使用者的帳號密碼為錯誤的。Therefore, there is a need for a secure input method for designing a virtual keyboard, so that the side recording software or malicious program cannot monitor the user's account password, and even the user's account password monitored by the side recording software or malicious program is wrong.

本發明的目的在提供一種虛擬鍵盤的安全輸入方法,透過此安全輸入方法可以防止使用者輸入的訊息被側錄軟體或惡意程式監控。The object of the present invention is to provide a secure input method for a virtual keyboard, by which the user-entered message can be prevented from being monitored by a skimming software or a malicious program.

根據上述的目的,本發明揭露一種虛擬鍵盤的安全輸入方法,其包含下列步驟:設定複數個鍵盤配置;在該複數個鍵盤配置中設定至少一安全規則;於一欄位輸入時,變換該複數個鍵盤配置以接收複數個輸入字串;以及判斷若透過該複數個鍵盤配置所接收之該複數個輸入字串相符於該安全規則,則提供授權。According to the above objective, the present invention discloses a method for safely inputting a virtual keyboard, comprising the steps of: setting a plurality of keyboard configurations; setting at least one security rule in the plurality of keyboard configurations; and transforming the plural when inputting a field The keyboard is configured to receive a plurality of input strings; and to determine that the plurality of input strings received through the plurality of keyboard configurations conform to the security rule, providing authorization.

本發明的另一目的在提供一種虛擬鍵盤的安全輸入系統,將此系統安裝於行動裝置上,防止他人偷看使用者的輸入動作,而知道使用者輸入的訊息。Another object of the present invention is to provide a secure input system for a virtual keyboard that is installed on a mobile device to prevent others from peek at the user's input actions and to know the information entered by the user.

根據上述的目的,本發明揭露一種虛擬鍵盤的安全輸入系統,其包含設定模組、對應模組、安全模組、接收模組與判斷模組。設定模組用於設定複數個鍵盤配置。安全模組用於設定在該複數個鍵盤配置中的至少一安全規則。接收模組用於在一欄位輸入時,變換該複數個鍵盤配置以接收複數個輸入字串。判斷模組用於判斷若透過該複數個鍵盤配置所接收之該複數個輸入字串相符於該安全規則,則提供授權。According to the above objective, the present invention discloses a security input system for a virtual keyboard, which includes a setting module, a corresponding module, a security module, a receiving module, and a determining module. The setting module is used to set a plurality of keyboard configurations. The security module is configured to set at least one security rule in the plurality of keyboard configurations. The receiving module is configured to convert the plurality of keyboard configurations to receive a plurality of input strings when inputting in a field. The determining module is configured to determine that the plurality of input strings received through the plurality of keyboard configurations are consistent with the security rule, and the authorization is provided.

10A‧‧‧虛擬鍵盤10A‧‧‧Virtual Keyboard

10A‧‧‧虛擬鍵盤10A‧‧‧Virtual Keyboard

S202~S208‧‧‧步驟S202~S208‧‧‧Steps

30A‧‧‧虛擬鍵盤30A‧‧‧Virtual Keyboard

302A‧‧‧字母按鍵302A‧‧‧ letter button

304A‧‧‧數字按鍵304A‧‧‧Digital buttons

30B‧‧‧虛擬鍵盤30B‧‧‧Virtual Keyboard

302B‧‧‧字母按鍵302B‧‧‧ letter button

304B‧‧‧數字按鍵304B‧‧‧Digital buttons

306B‧‧‧字母按鍵306B‧‧‧ letter button

30C‧‧‧虛擬鍵盤30C‧‧‧Virtual Keyboard

302C‧‧‧字母按鍵302C‧‧‧ letter button

304C‧‧‧數字按鍵304C‧‧‧Digital buttons

30D‧‧‧虛擬鍵盤30D‧‧‧Virtual Keyboard

302D‧‧‧字母按鍵302D‧‧‧ letter button

304D‧‧‧數字按鍵304D‧‧‧Digital buttons

306D‧‧‧數學運算按鍵306D‧‧‧ math operation button

30E‧‧‧虛擬鍵盤30E‧‧‧Virtual Keyboard

302E‧‧‧字母按鍵302E‧‧‧ letter button

304E‧‧‧數字按鍵304E‧‧‧Digital buttons

306E‧‧‧數學運算按鍵306E‧‧‧Mathematical buttons

40‧‧‧安全輸入系統40‧‧‧Safe input system

402‧‧‧設定模組402‧‧‧Setting module

404‧‧‧安全模組404‧‧‧Security Module

406‧‧‧接收模組406‧‧‧ receiving module

408‧‧‧判斷模組408‧‧‧Judgement module

第1A圖係顯示使用安卓(Android)系統之行動裝置的虛擬鍵盤示意圖;第1B圖係顯示使用蘋果(Apple)行動裝置的虛擬鍵盤的示意圖;第2圖係顯示本發明之虛擬鍵盤的安全輸入方法的流程圖;第3A圖~第3E圖係顯示本發明實施例之具安全輸入方法的虛擬鍵盤 的示意圖;以及第4圖係顯示本發明之虛擬鍵盤的安全輸入系統方塊圖。1A is a schematic diagram showing a virtual keyboard using a mobile device of an Android system; FIG. 1B is a schematic diagram showing a virtual keyboard using an Apple mobile device; and FIG. 2 is a security input showing a virtual keyboard of the present invention; Flowchart of the method; FIG. 3A to FIG. 3E are diagrams showing a virtual keyboard with a safe input method according to an embodiment of the present invention; FIG. 4 is a block diagram showing a secure input system of the virtual keyboard of the present invention.

以下結合附圖對本發明的技術方案進行詳細說明。在此需要注意的是,不同的圖示中,相同的元件符號表示相同或相似的元件。以下所提及之附加圖式的面方向定義為垂直於該平面的法向量。在此,使用的方向用語是用以說明及理解本發明,而非用以限制本發明。The technical solution of the present invention will be described in detail below with reference to the accompanying drawings. It is to be noted that, in the different illustrations, the same element symbols represent the same or similar elements. The face direction of the additional pattern mentioned below is defined as the normal vector perpendicular to the plane. The directional terminology used herein is for the purpose of illustration and understanding of the invention.

第2圖係顯示本發明之虛擬鍵盤的安全輸入方法的流程圖。如第2圖所示,在步驟S202中,在虛擬鍵盤上設定複數個鍵盤配置(Keyboard Layout),每一複數個鍵盤配置的按鍵排列為隨機顯示,也就是說每次出現的鍵盤配置都不相同。在此步驟中,由於虛擬鍵盤非實體鍵盤,可以藉由程式設計更改其鍵盤配置,讓本發明的虛擬鍵盤的按鍵排列方式不同於傳統的QWERTY鍵盤的按鍵排列方式,且本發明的虛擬鍵盤的鍵盤配置同時包含字母按鍵與數字按鍵,甚至在本發明的虛擬鍵盤的鍵盤配置中還包含運算符號按鍵。舉例來說,當使用者要輸入密碼時,而此密碼為由六個字母與/或數字所組成的字串,在本發明的安全輸入方法中,可以當使用者輸入一個或多個字母與/或數字的字串後,變換鍵盤配置為另一種鍵盤排序,使用者再將其餘的字串輸入。Fig. 2 is a flow chart showing a method of safe input of the virtual keyboard of the present invention. As shown in FIG. 2, in step S202, a plurality of keyboard configurations (Keyboard Layout) are set on the virtual keyboard, and the keys of each of the plurality of keyboard configurations are randomly displayed, that is, each time the keyboard configuration is not displayed. the same. In this step, since the virtual keyboard is not a physical keyboard, the keyboard configuration can be changed by programming, so that the key arrangement of the virtual keyboard of the present invention is different from the key arrangement of the conventional QWERTY keyboard, and the virtual keyboard of the present invention The keyboard configuration includes both alphabetic keys and numeric keys, and even the arithmetic symbol keys are included in the keyboard configuration of the virtual keyboard of the present invention. For example, when the user wants to input a password, and the password is a string consisting of six letters and/or numbers, in the secure input method of the present invention, the user can input one or more letters with After the string of numbers or digits, the keyboard is configured to be sorted by another keyboard, and the user inputs the remaining strings.

在步驟S204中,在複數個鍵盤配置中設定至少一安全規則。為了避免虛擬鍵盤的鍵盤配置也被側錄軟體或惡意程式側錄或監控,在本發明的安全輸入方法中,更在虛擬鍵盤上設定安全規則,而此安全規 則可以由使用者自行設計,或者是依照虛擬鍵盤內建的一種演算法來設定安全規則。進一步來說,安全規則可以包含安全提示或安全字串,在此並不侷限。若安全規則包含安全提示,透過安全提示,使用者知道在虛擬鍵盤的某個鍵盤配置上輸入特定的字串。舉例來說,在本發明之安全輸入方法的安全規則包含安全提示,此安全提示為在虛擬鍵盤的某個鍵盤配置上將某些的特定字母的鍵盤顯示顏色不同於其他鍵盤,當使用者看到在虛擬鍵盤上的某些字母的顯示不同於其他字母,知道根據這些字母的提示,要在虛擬鍵盤輸入特定的字母。例如圖3B所示,若安全提示為將虛擬鍵盤上”b”、”e”與”w”等符號的按鍵的亮度不同於其他按鍵,而安全規則可以為輸入在虛擬鍵盤上提示符號依一順序位移的符號,例如提示符號的後兩位順序的符號,在此實施例中”b”、”e”與”w”等符號的後兩位順序的符號分別為”d”、”g”與”y”,因此使用者知道要輸入”d”、”g”與”y”。而且,每次使用虛擬鍵盤時,安全提示所顯現出亮度不同的符號都不相同,每次使用者所輸入的符號不同,符號在虛擬鍵盤的位置也不相同,甚至虛擬鍵盤的鍵盤配置也不相同,因此即使在電腦或行動裝置上存在側錄軟體或惡意程式,其側錄或監控到的個人訊息也不是有效的密碼或帳號。另外,在此需要說明的是,上述的符號是以英文字母的鍵盤為範例,但是在不同實施例中,所顯現亮度不同的符號也可以是數字或是其他標點符號,在此並不侷限。而且,在不同實施例中,安全規則也可以是輸入亮度不同的按鍵的右邊按鍵,並非僅侷限於將符號的順序作為安全規則的參考,任何符號的順序或者任何按鍵的位置都可以作為本發明的安全規則,且使用者可以依照個人的習慣或喜好更改,在此並不侷限。另外,本發明的安全規則也可以包含 安全字串,使用者記憶若干的字母或數字做為安全字串,在虛擬鍵盤隨機顯示的鍵盤配置中,使用者知道在此鍵盤配置中輸入特定的字串。或者安全規則為藉由此安全字串配合一演算法進行計算,再將計算結果輸入虛擬鍵盤中。In step S204, at least one security rule is set in a plurality of keyboard configurations. In order to prevent the keyboard configuration of the virtual keyboard from being skimmed or monitored by the side recording software or malicious program, in the security input method of the present invention, the security rule is set on the virtual keyboard, and the security rule is set. It can be designed by the user, or it can be set according to an algorithm built into the virtual keyboard. Further, security rules can include security prompts or security strings, which are not limited here. If the security rule contains a security prompt, the user knows to enter a specific string on a keyboard configuration of the virtual keyboard through a security prompt. For example, the security rule of the security input method of the present invention includes a security prompt for displaying a certain color of a certain letter on a keyboard configuration of a virtual keyboard differently from other keyboards when the user views The display of certain letters on the virtual keyboard is different from other letters, knowing that according to the prompts of these letters, you need to enter a specific letter on the virtual keyboard. For example, as shown in FIG. 3B, if the security prompt is to change the brightness of the keys of the symbols "b", "e" and "w" on the virtual keyboard from other keys, the security rule may be to input the prompt symbol on the virtual keyboard. The symbols of the sequential displacement, such as the symbols of the last two digits of the cue symbol, in this embodiment, the symbols of the last two digits of the symbols "b", "e" and "w" are "d", "g", respectively. With "y", the user knows to enter "d", "g" and "y". Moreover, each time the virtual keyboard is used, the security prompts show different symbols with different brightness. Each time the user inputs a different symbol, the position of the symbol on the virtual keyboard is different, and even the keyboard configuration of the virtual keyboard is not. The same, so even if there is a side recording software or malware on the computer or mobile device, the personal information that is recorded or monitored is not a valid password or account number. In addition, it should be noted that the above-mentioned symbols are exemplified by keyboards of English letters, but in different embodiments, symbols having different brightnesses may be numbers or other punctuation marks, which are not limited herein. Moreover, in different embodiments, the security rule may also be the right button of the button with different input brightness, and is not limited to the order of the symbols as a reference of the security rule, and the order of any symbol or the position of any button may be used as the present invention. The security rules, and the user can change according to personal habits or preferences, is not limited here. In addition, the security rules of the present invention may also include The security string, the user remembers a number of letters or numbers as a security string. In the keyboard configuration in which the virtual keyboard is randomly displayed, the user knows to input a specific string in the keyboard configuration. Or the security rule is to calculate by using the security string with an algorithm, and then input the calculation result into the virtual keyboard.

在步驟S206中,於一欄位輸入時,變換複數個鍵盤配置以接收複數個輸入字串。當使用者要在某一網站或應用程式(APP)輸入個人帳號或密碼時,在帳號或密碼的欄位輸入時,虛擬鍵盤的鍵盤配置會隨著使用者的設定變換。進一步來說,在同一個欄位中,本發明之虛擬鍵盤的鍵盤配置可以變換多次才能完成在此欄位的接收複數個輸入字串的步驟。而且虛擬鍵盤的鍵盤配置每變換一次,虛擬鍵盤上顯示不同於其他鍵盤配置的按鍵次序。另外,在不同實施例中,也可以設定在同一欄位中,部分輸入字串需要配合安全規則使用,而部分輸入字串則由使用者預先設定的密碼,無須配合安全規則使用,在此並不侷限。In step S206, when a field is input, a plurality of keyboard configurations are transformed to receive a plurality of input strings. When a user wants to enter a personal account or password on a website or application (APP), when the account or password field is entered, the keyboard configuration of the virtual keyboard changes with the user's settings. Further, in the same field, the keyboard configuration of the virtual keyboard of the present invention can be changed multiple times to complete the step of receiving a plurality of input strings in the field. Moreover, each time the keyboard configuration of the virtual keyboard is changed, the virtual keyboard displays a key sequence different from other keyboard configurations. In addition, in different embodiments, it may also be set in the same field, some input strings need to be used in conjunction with security rules, and some input strings are passwords preset by the user, and need not be used in conjunction with security rules. Not limited.

在步驟S208中,判斷若透過複數個鍵盤配置所接收之複數個輸入字串相符於安全規則,則提供授權。在本發明的安全輸入方法中,若透過複數個鍵盤配置所接收的輸入字串可以與預先設定安全規則對應,則可以提供授權,使用者可以登入網站或應用程式。透過上述之虛擬鍵盤的安全輸入方法,由於側錄軟體或惡意程式並不知道在虛擬鍵盤上存在輸入所需的安全規則,即使側錄軟體或惡意程式側錄或監控到使用者輸入的字串,但是依照本發明之安全輸入方法的安全規則,使用者下次輸入的字串或鍵盤位置不同於上次輸入的字串或鍵盤位置,側錄軟體或惡意程式的側錄或監控功能失效,達到在虛擬鍵盤安全輸入的目的。In step S208, it is determined that the authorization is provided if the plurality of input strings received through the plurality of keyboard configurations match the security rules. In the secure input method of the present invention, if the input string received through the plurality of keyboard configurations can correspond to a preset security rule, authorization can be provided, and the user can log in to the website or the application. Through the above-mentioned secure input method of the virtual keyboard, since the side recording software or the malicious program does not know that there is a security rule required for input on the virtual keyboard, even if the side recording software or malicious program logs or monitors the string input by the user. However, according to the security rule of the security input method of the present invention, the user enters a string or keyboard position differently from the last input string or keyboard position, and the side recording or monitoring function of the side recording software or malicious program is invalid. Achieve the purpose of safe input on the virtual keyboard.

第3A圖與第3B圖係顯示本發明實施例之具安全輸入方法的虛擬鍵盤的示意圖。如第3A圖所示,本發明之虛擬鍵盤30A的鍵盤排列方式不同於傳統QWERTY鍵盤的安排次序。而且,此虛擬鍵盤30A上同時具有字母按鍵302A與數字按鍵304A,讓使用者不用在字母按鍵302A與數字按鍵304A之間做切換。另外,本發明的虛擬鍵盤30A上的字母按鍵302A與數字按鍵304A的排列方式為隨機排列,讓側錄軟體或惡意程式無法參考傳統的QWERTY鍵盤的安排次序而知道使用者所輸入的字母或數字為何。舉例來說,安全規則為使用者輸入部分字串後,本發明的虛擬鍵盤30A會自動轉換到不同的鍵盤配置,例如當使用者在一欄位中輸入部分字串後,虛擬鍵盤30A轉換到如第3B圖所示的鍵盤配置30B。而在第3B圖的虛擬鍵盤30B上,其鍵盤配置不同於第3A圖所示的虛擬鍵盤30A,且同樣具有字母按鍵302B數字按鍵304B。另外,本發明的安全規則包含一安全提示,此安全提示為在某些字母按鍵306B的顯示不同於其餘的字母按鍵302B,由這些顯示不同的字母按鍵306B的安全提示,使用者知道根據安全提示於此欄位中輸入正確的訊息。3A and 3B are schematic views showing a virtual keyboard with a secure input method according to an embodiment of the present invention. As shown in FIG. 3A, the keyboard arrangement of the virtual keyboard 30A of the present invention is different from the arrangement order of the conventional QWERTY keyboard. Moreover, the virtual keyboard 30A has both a letter button 302A and a number button 304A, so that the user does not need to switch between the letter button 302A and the number button 304A. In addition, the arrangement of the alphabetic keys 302A and the numeric keys 304A on the virtual keyboard 30A of the present invention are randomly arranged, so that the side recording software or malicious program cannot know the alphabet or number input by the user by referring to the arrangement order of the conventional QWERTY keyboard. Why? For example, after the security rule inputs a partial string for the user, the virtual keyboard 30A of the present invention automatically switches to a different keyboard configuration. For example, when the user inputs a partial string in a field, the virtual keyboard 30A is switched to The keyboard configuration 30B as shown in Fig. 3B. On the virtual keyboard 30B of FIG. 3B, the keyboard configuration is different from the virtual keyboard 30A shown in FIG. 3A, and also has the alphanumeric button 302B numeric button 304B. In addition, the security rule of the present invention includes a security prompt that is different from the remaining alphanumeric buttons 302B in the display of certain alphanumeric buttons 306B, by which the user displays a different security alert for the alphanumeric button 306B, the user knows according to the security prompt Enter the correct message in this field.

依舊參閱第3A圖與第3B圖。當使用者要在一欄位中輸入個人帳號或密碼時,虛擬鍵盤30A或虛擬鍵盤30B就會跳出顯示在個人電腦或行動裝置的桌面上。在此實施例中,先出現的如第3A圖所示的虛擬鍵盤30A,其並不具有安全提示的虛擬鍵盤30A,但在不同實施例時,可以先出現如第3B圖所示具安全提示之鍵盤配置的虛擬鍵盤30B,在轉換到如第3A圖所示之不具安全提示的鍵盤配置的虛擬鍵盤30A,在此並不侷限。甚至從如第3B圖所示具安全提示之鍵盤配置的虛擬鍵盤30B切換到其它具安全提 示之另一鍵盤配置的虛擬鍵盤30C。而且在同一欄位輸入中,本發明的虛擬鍵盤30A(也可以是30B或30C)可以切換兩次以上,變換兩種以上不同的鍵盤配置,在此並不侷限。另外,在第3C圖的虛擬鍵盤30C中,虛擬鍵盤上”5”與”6”按鍵的亮度不同於其他按鍵,而安全規則為將在虛擬鍵盤30C上亮度不同數字按鍵搭配一數學演算法做運算,並將運算結果輸入虛擬鍵盤中。在此實施例中,所搭配的演算法為乘法,並將乘積所得出的數字次序顛倒。舉例來說,在第3C圖的數字按鍵”5”與”6”的亮度不同,其乘積結果為30,使用者知道要按”0”與”3”兩個數字按鍵。而本發明的實施例中,安全規則的演算法可以依照使用者的設定而改變,在此並不侷限。Still refer to Figures 3A and 3B. When the user wants to enter a personal account number or password in a field, the virtual keyboard 30A or the virtual keyboard 30B will jump out of the desktop displayed on the personal computer or mobile device. In this embodiment, the virtual keyboard 30A shown in FIG. 3A, which does not have the security prompt virtual keyboard 30A, appears in the first embodiment, but in different embodiments, the security prompt as shown in FIG. 3B may appear first. The virtual keyboard 30B of the keyboard configuration is not limited to the virtual keyboard 30A that is switched to the keyboard configuration without the security prompt as shown in FIG. 3A. Even switching from the virtual keyboard 30B with the security prompt keyboard configuration shown in FIG. 3B to other security mentions A virtual keyboard 30C of another keyboard configuration is shown. Moreover, in the same field input, the virtual keyboard 30A (which may also be 30B or 30C) of the present invention can be switched twice or more, and two or more different keyboard configurations are changed, which is not limited herein. In addition, in the virtual keyboard 30C of FIG. 3C, the brightness of the "5" and "6" buttons on the virtual keyboard is different from the other buttons, and the security rule is to use a mathematical algorithm to match the brightness of the digital keys on the virtual keyboard 30C. Operate and enter the result of the operation into the virtual keyboard. In this embodiment, the algorithm that is paired is multiplication and the order of the numbers resulting from the product is reversed. For example, in the 3C figure, the numerical keys "5" and "6" have different brightness, and the product result is 30, and the user knows to press two numeric keys of "0" and "3". In the embodiment of the present invention, the algorithm of the security rule may be changed according to the setting of the user, and is not limited herein.

第3D圖係顯示本發明另一實施例的虛擬鍵盤的示意圖。如第3D圖所示,虛擬鍵盤30D的鍵盤配置除了字母按鍵302D與數字按鍵304D外,更包含運算按鍵306D。在此實施例中,虛擬鍵盤30D上並沒有亮度不同的按鍵作為安全規則的安全提示,使用者須先記憶的若干數字做為安全字串,根據特定按鍵位置的數學運算符號將所設定的數字並利用此數學運算符號做數學運算。舉例來說,使用者預先記憶的數字為”1”、”3”與”9”,將這些數字做為安全字串,安全規則選擇設定特定位置的運算符號作運算。舉例來說,選擇在虛擬鍵盤的右下角位置的運算符號作運算,在第3D圖的右下角位置的數學運算按鍵306D為除法”/”的數學運算符號,根據此數學運算符號,使用者知道要作9/3/1的數學運算,並將運算結果”3”輸入在虛擬鍵盤上。3D is a schematic diagram showing a virtual keyboard of another embodiment of the present invention. As shown in FIG. 3D, the keyboard configuration of the virtual keyboard 30D includes an arithmetic button 306D in addition to the letter button 302D and the number button 304D. In this embodiment, there is no button with different brightness on the virtual keyboard 30D as a security prompt of the security rule. The user must first remember some numbers as a security string, and the set number according to the mathematical operation symbol of the specific button position. And use this mathematical operation symbol to do mathematical operations. For example, the numbers memorized by the user are "1", "3", and "9", and these numbers are used as security strings, and the security rules select arithmetic symbols for setting specific positions. For example, the arithmetic symbol at the lower right corner of the virtual keyboard is selected for operation, and the mathematical operation button 306D at the lower right corner of the 3D image is a mathematical operation symbol of the division "/". According to the mathematical operation symbol, the user knows To perform a mathematical operation of 9/3/1, and input the result of the operation "3" on the virtual keyboard.

第3E圖係顯示本發明又一實施例的虛擬鍵盤的示意圖。如第3E圖所示,虛擬鍵盤30E的鍵盤配置包含字母按鍵302E、數字按鍵304E 與數學運算按鍵306E,在此實施例中,安全規則可以是在任何鍵盤配置下,按壓特定位置的按鍵作為輸入字串。舉例來說,如第3E圖所示,在此虛擬鍵盤30E的鍵盤配置下,沒有任何的按鍵亮度不同於其他按鍵的提示下,使用者固定按壓在此虛擬鍵盤30E的右上角、左上角與左下角位置的按鍵,如在第3E圖中為”d”、"a”與”9”三個按鍵。或者,在不同實施例中,安全規則可以是按壓使用者預先設定之特定字母按鍵或數字按鍵的一預設相對位置之按鍵,例如左邊按鍵。舉例來說,如第3E圖所示,使用者預先設定的字串為”b”與”z”,字母按鍵”b”與”z”的左邊按鍵為”4”與”-”,因此使用者按壓”4”與”-”兩個按鍵。透過本發明之虛擬鍵盤的安全輸入方法,讓使用者在需要登入帳號或密碼的網際網路應用或應用程式中可以避免側錄軟體或惡意程式的側錄或監控,防止個人資料遭到竊取。Fig. 3E is a schematic view showing a virtual keyboard according to still another embodiment of the present invention. As shown in FIG. 3E, the keyboard configuration of the virtual keyboard 30E includes a letter button 302E and a number button 304E. With the mathematical operation button 306E, in this embodiment, the security rule may be a button that presses a specific position as an input string in any keyboard configuration. For example, as shown in FIG. 3E, in the keyboard configuration of the virtual keyboard 30E, without any button brightness different from that of other buttons, the user is fixedly pressed in the upper right corner and the upper left corner of the virtual keyboard 30E. The buttons in the lower left corner position are three buttons "d", "a" and "9" in Fig. 3E. Alternatively, in various embodiments, the security rule may be a button that presses a predetermined relative position of a particular alphanumeric or numeric button preset by the user, such as a left button. For example, as shown in FIG. 3E, the user-preset string is "b" and "z", and the left button of the letter buttons "b" and "z" is "4" and "-", so use Press the "4" and "-" buttons. Through the secure input method of the virtual keyboard of the present invention, the user can avoid the side recording or monitoring of the side recording software or malicious program in the internet application or application that needs to log in the account or password, and prevent the personal data from being stolen.

第4圖係顯示本發明之虛擬鍵盤的安全輸入系統方塊圖。如第4圖所示,在此實施例的安全輸入系統40包含設定模組402、安全模組404、接收模組406與判斷模組408。設定模組402在虛擬鍵盤中讓虛擬鍵盤的複數個鍵盤配置以隨機的方式顯示,安全模組404用於在複數個鍵盤配置上設定至少一安全規則,安全模組404可以在複數個鍵盤配置設定不同的安全規則或相同的安全規則,在此並不侷限。接收模組406在電腦或行動裝置的一欄位中,在變換的鍵盤配置接收複數個輸入字串。而判斷模組408判斷若透過鍵盤配置所接收之輸入字串相符於安全規則,則提供授權。透過本發明的安全輸入系統,讓讓側錄軟體或惡意程式無法側錄或猜中使用者所輸入的字串為何,使虛擬鍵盤在使用上更加的安全。Figure 4 is a block diagram showing the secure input system of the virtual keyboard of the present invention. As shown in FIG. 4, the security input system 40 of this embodiment includes a setting module 402, a security module 404, a receiving module 406, and a determining module 408. The setting module 402 allows a plurality of keyboard configurations of the virtual keyboard to be displayed in a random manner in the virtual keyboard. The security module 404 is configured to set at least one security rule on the plurality of keyboard configurations, and the security module 404 can be configured in multiple keyboard configurations. Setting different security rules or the same security rules is not limited here. The receiving module 406 receives a plurality of input strings in a converted keyboard configuration in a field of the computer or mobile device. The determining module 408 determines that the authorization string is provided if the input string received through the keyboard configuration matches the security rule. Through the security input system of the present invention, the virtual keyboard or the malicious program can not be side-recorded or guessed by the user to input the string, so that the virtual keyboard is more secure in use.

雖然本發明已用較佳實施例揭露如上,然其並非用以限定本 發明,本發明所屬技術領域中具有通常知識者,在不脫離本發明之精神和範圍內,當可作各種之更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. The invention is intended to be limited to the scope of the invention, and the scope of the invention is defined by the scope of the appended claims. Prevail.

S202~S208‧‧‧步驟S202~S208‧‧‧Steps

Claims (18)

一種虛擬鍵盤的安全輸入方法,其包含:設定複數個鍵盤配置;在該複數個鍵盤配置中設定至少一安全規則;於一欄位輸入時,變換該複數個鍵盤配置並根據該安全規則以接收複數個輸入字串;以及判斷若透過該複數個鍵盤配置所接收之該複數個輸入字串相符於該安全規則,則提供授權。A security input method for a virtual keyboard, comprising: setting a plurality of keyboard configurations; setting at least one security rule in the plurality of keyboard configurations; and transforming the plurality of keyboard configurations and receiving according to the security rules when inputting a field And a plurality of input strings; and determining that the plurality of input strings received through the plurality of keyboard configurations conform to the security rule, and providing authorization. 如申請專利範圍第1項所述之安全輸入方法,其中該安全規則更包含提供一安全提示。The security input method of claim 1, wherein the security rule further comprises providing a security prompt. 如申請專利範圍第2項所述之安全輸入方法,其中該安全提示為在每一該複數個鍵盤配置將至少一個該複數個字母按鍵或至少一該複數個數字按鍵的顯示方式與其餘該複數個鍵不同。The security input method of claim 2, wherein the security prompt is to display at least one of the plurality of letter keys or at least one of the plurality of numeric keys in each of the plurality of keyboard configurations and the remaining plurality of The keys are different. 如申請專利範圍第3項所述之安全輸入方法,其中每一該複數個鍵盤配置更包含至少一數學運算按鍵,且該安全規則為在每一該複數個鍵盤配置上選擇一預設位置的該運算符號按鍵,將該安全提示所預先設定的複數個數字根據該運算符號按鍵做運算,並將運算結果作為該複數個輸入字串。The security input method of claim 3, wherein each of the plurality of keyboard configurations further comprises at least one mathematical operation button, and the security rule is to select a preset position on each of the plurality of keyboard configurations. The arithmetic symbol button performs a calculation on the plurality of numbers preset by the security prompt according to the arithmetic symbol button, and uses the operation result as the plurality of input word strings. 如申請專利範圍第2項所述之方法,其中於該欄位輸入時,變換該複數個 鍵盤配置以接收該複數個輸入字串的步驟中,提供該安全提示於該複數個鍵盤配置上,根據該安全提示以輸入複數個輸入字串。The method of claim 2, wherein the plurality of fields are transformed when the field is input The step of the keyboard being configured to receive the plurality of input strings provides the security prompt on the plurality of keyboard configurations, and inputting a plurality of input strings according to the security prompt. 如申請專利範圍第2項所述之安全輸入方法,其中該安全規則為輸入在虛擬鍵盤上提示符號依一順序位移的符號。The security input method according to claim 2, wherein the security rule is a symbol that inputs a prompt symbol in a sequence on a virtual keyboard. 如申請專利範圍第1項所述之安全輸入方法,其中該安全規則包含設定複數個安全字串。The security input method of claim 1, wherein the security rule comprises setting a plurality of security strings. 如申請專利範圍第7項所述之方法,其中該安全規則為選擇該複數個安全字串作為該複數個輸入字串。The method of claim 7, wherein the security rule is to select the plurality of security strings as the plurality of input strings. 如申請專利範圍第7項所述之方法,其中該安全規則為根據該複數個安全字串依一數學演算法所得之運算結果作為該複數個輸入字串。The method of claim 7, wherein the security rule is the result of the operation according to the mathematical algorithm based on the plurality of security strings as the plurality of input strings. 如申請專利範圍第7項所述之安全輸入方法,其中該安全規則為按壓該複數個安全字串之一預設相對位置之按鍵。The security input method of claim 7, wherein the security rule is a button that presses one of the plurality of security strings to preset a relative position. 如申請專利範圍第1項所述之安全輸入方法,其中每一該複數個鍵盤配置的複數個字母按鍵與複數個數字按鍵為隨機排列。The security input method of claim 1, wherein the plurality of letter keys and the plurality of number keys of each of the plurality of keyboard configurations are randomly arranged. 如申請專利範圍第1項所述之安全輸入方法,其中該安全規則為按壓預 設鍵盤位置的按鍵作為該輸入字串。The security input method as described in claim 1, wherein the security rule is a press pre A button for setting the keyboard position is used as the input string. 如申請專利範圍第1項所述之安全輸入方法,其中該複數個鍵盤配置自動變換以接收該複數個輸入字串。The security input method of claim 1, wherein the plurality of keyboard configurations are automatically transformed to receive the plurality of input strings. 一種虛擬鍵盤的安全輸入系統,其包含:一設定模組用於讓該虛擬鍵盤的複數個鍵盤配置以隨機的方式顯示;一安全模組用於設定該複數個鍵盤配置之一安全規則;一接收模組用於在一欄位輸入時,在變換該複數個鍵盤配置上接收複數個輸入字串;以及一判斷模組用於判斷若透過該複數個鍵盤配置所接收之該複數個輸入字串相符於該安全規則,則提供授權。A security input system for a virtual keyboard, comprising: a setting module for displaying a plurality of keyboard configurations of the virtual keyboard in a random manner; and a security module for setting a security rule of the plurality of keyboard configurations; The receiving module is configured to receive a plurality of input strings on the plurality of keyboard configurations when inputting a field; and a determining module is configured to determine the plurality of input words received through the plurality of keyboard configurations The string matches the security rule and provides authorization. 如申請專利範圍第14項所述之安全輸入系統,其中該安全規則為按壓預設鍵盤位置的按鍵作為該輸入字串。The security input system of claim 14, wherein the security rule is a button for pressing a preset keyboard position as the input string. 如申請專利範圍第14項所述之安全輸入系統,其中該安全規則為按壓複數個安全字串之一預設相對位置之按鍵。The security input system of claim 14, wherein the security rule is a button that presses one of a plurality of security strings to preset a relative position. 如申請專利範圍第14項所述之安全輸入系統,其中該安全規則為根據複數個安全字串依一數學演算法所得之運算結果作為該複數個輸入字串。The security input system of claim 14, wherein the security rule is the result of the operation according to a mathematical algorithm based on a plurality of security strings as the plurality of input strings. 如申請專利範圍第14項所述之安全輸入系統,其中該安全規則為將複數個提示符號依一順序位移的符號作為該輸入字串。The security input system of claim 14, wherein the security rule is a symbol that shifts a plurality of cue symbols in an order as the input string.
TW103115004A 2014-04-25 2014-04-25 Secure input method and system for virtual keyboard TWI506477B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103115004A TWI506477B (en) 2014-04-25 2014-04-25 Secure input method and system for virtual keyboard

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103115004A TWI506477B (en) 2014-04-25 2014-04-25 Secure input method and system for virtual keyboard

Publications (2)

Publication Number Publication Date
TW201541282A TW201541282A (en) 2015-11-01
TWI506477B true TWI506477B (en) 2015-11-01

Family

ID=55220071

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103115004A TWI506477B (en) 2014-04-25 2014-04-25 Secure input method and system for virtual keyboard

Country Status (1)

Country Link
TW (1) TWI506477B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI659337B (en) * 2018-03-08 2019-05-11 三竹資訊股份有限公司 Method and computer program product of displaying a dynamic virtual keyboard

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9698777B1 (en) * 2016-05-23 2017-07-04 Nuvoton Technology Corporation Secured keyboard readout using capacitance matrix

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200905541A (en) * 2007-07-17 2009-02-01 Chunghwa Telecom Co Ltd Cipher inputting method of dynamic simulated keyboard
CN101971499A (en) * 2008-01-04 2011-02-09 尔格瓦克斯有限责任公司 Virtual keyboard and onscreen keyboard
TW201113754A (en) * 2009-10-15 2011-04-16 Acer Inc Multi-directional input method and electronic system thereof
TW201308188A (en) * 2011-08-04 2013-02-16 Chinatrust Commercial Bank Ltd Key display method of virtual keyboard

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200905541A (en) * 2007-07-17 2009-02-01 Chunghwa Telecom Co Ltd Cipher inputting method of dynamic simulated keyboard
CN101971499A (en) * 2008-01-04 2011-02-09 尔格瓦克斯有限责任公司 Virtual keyboard and onscreen keyboard
TW201113754A (en) * 2009-10-15 2011-04-16 Acer Inc Multi-directional input method and electronic system thereof
TW201308188A (en) * 2011-08-04 2013-02-16 Chinatrust Commercial Bank Ltd Key display method of virtual keyboard

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI659337B (en) * 2018-03-08 2019-05-11 三竹資訊股份有限公司 Method and computer program product of displaying a dynamic virtual keyboard

Also Published As

Publication number Publication date
TW201541282A (en) 2015-11-01

Similar Documents

Publication Publication Date Title
TWI676918B (en) Password input interface display method and system
CA2878298C (en) Character input method and system, terminal electronic device and storage medium
US20050251752A1 (en) Spy-resistant keyboard
RU2632122C2 (en) Method and password verification device for inspecting input password and computer system containing password verification device
US20100175016A1 (en) Security key inputting system for touch screen device
US9880737B2 (en) Changing keyboard layout automatically while entering a password
US20170286723A1 (en) Keyboard For Strong Password Input
US7836513B2 (en) System, method, and computer program product for secure input for mobile devices
JP5651742B1 (en) Password input method, input terminal, and input system
KR100880862B1 (en) Security method for user input data to electronic device
US20170249450A1 (en) Device and Method for Authenticating a User
TWI506477B (en) Secure input method and system for virtual keyboard
KR101122197B1 (en) Method of displaying virtual keypad for preventing the leaking of information
JP2015176268A (en) Electronic device and authentication method
CN105022494A (en) Safe input method and system of virtual keyboard
JP2012194648A (en) Authentication server, authentication system and authentication method of server
JP6493973B2 (en) Character string input method and program
EP3142038B1 (en) Authentication system and method
WO2010120055A2 (en) System and method for the security of keyboard input data
KR101544166B1 (en) Apparatus and method inputting data using touchscreen, and recording medium and program for executing the same
KR102394614B1 (en) Keypad input device and method
KR20140030406A (en) Privacy protection method for number and letter entry
KR101876271B1 (en) Method and apparatus for authentication using circulation secure keypad
US20180356976A1 (en) Electronic Device That Reduces Unauthorized Use by Third Person
JP2012185718A (en) Input device, input method, and program

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees