TWM575144U - Computing equipment using password of operating system to encrypt and decrypt - Google Patents

Computing equipment using password of operating system to encrypt and decrypt Download PDF

Info

Publication number
TWM575144U
TWM575144U TW107212896U TW107212896U TWM575144U TW M575144 U TWM575144 U TW M575144U TW 107212896 U TW107212896 U TW 107212896U TW 107212896 U TW107212896 U TW 107212896U TW M575144 U TWM575144 U TW M575144U
Authority
TW
Taiwan
Prior art keywords
application
operating system
password
account
module
Prior art date
Application number
TW107212896U
Other languages
Chinese (zh)
Inventor
林志能
蔡家宏
李奇諺
連子清
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW107212896U priority Critical patent/TWM575144U/en
Publication of TWM575144U publication Critical patent/TWM575144U/en

Links

Abstract

一種透過作業系統驗證密碼以進行加解密之計算設備,其透過計算設備所執行之應用程式在輸入包含密碼的帳號資料後,呼叫在計算設備中運行之作業系統的應用程式介面,使作業系統判斷帳號資料是否通過驗證,並在帳號資料通過驗證時,應用程式使用密碼加密或解密作業目標之技術手段,可以達成產生兼顧安全性與可用性之應用程式的加密方式的技術功效。 A computing device that verifies a password through an operating system for encryption and decryption, and the application executed by the computing device calls the application interface of the operating system running in the computing device after inputting the account data containing the password, so that the operating system determines Whether the account data is verified or not, and when the account data is verified, the application uses a password to encrypt or decrypt the target of the job, which can achieve the technical effect of generating an encryption method that takes into consideration the security and usability of the application.

Description

透過作業系統驗證密碼以進行加解密之計算設備 A computing device that verifies a password through an operating system for encryption and decryption

一種加解密的計算設備,特別係指一種透過作業系統驗證密碼以進行加解密之計算設備。 A computing device for encrypting and decrypting, in particular, a computing device that verifies a password through an operating system for encryption and decryption.

隨著硬體與網路技術的發展,行動裝置的選擇越來越多,推陳出新的速度也越來越快。而隨著行動裝置的發展,行動裝置逐漸取代傳統的電腦。 With the development of hardware and network technology, the choice of mobile devices is increasing, and the speed of innovation is getting faster and faster. With the development of mobile devices, mobile devices have gradually replaced traditional computers.

由於人們越來越習慣在行動裝置上完成以往使用電腦所進行的事情,例如查找資料、玩遊戲、購物、繳費、查看帳戶等,因此,安裝於行動裝置的各種應用程式儲存越來越多與使用者相關的敏感資料,例如銀行帳號資料、信用卡資料、個人資料、憑證等,為了保護這些敏感資料,某些應用程式在開發時會寫入一個固定的金鑰,讓應用程式使用固定的金鑰加密敏感資料,但這樣的方式實際上並不安全,一旦應用程式所使用的固定金鑰被破解,使用相同應用程式之使用者的敏感資料通通有被取得的風險。 As people become more accustomed to doing things that have been done on computers using mobile devices, such as finding information, playing games, shopping, paying bills, checking accounts, etc., the various applications installed on mobile devices are more and more stored. User-related sensitive information, such as bank account information, credit card information, personal data, vouchers, etc. In order to protect these sensitive materials, some applications will write a fixed key during development to allow the application to use a fixed amount of gold. The key encrypts sensitive data, but this method is actually not secure. Once the fixed key used by the application is cracked, the sensitive data of the user using the same application is at risk.

因此,有的應用程式將金鑰改為使用與行動裝置有關的裝置識別資料,例如行動裝置或行動裝置中特定硬體元件的序號、IMEI等,由於裝置識別資料大多與行動裝置為一對一的對應關係,因此,即使某一台行動裝置上之應用程式所使用的金鑰被破解,但使用相同應用程式之其他裝置所使用的金鑰不同,因此,使用相同應用程式之其他裝置上的敏感資料仍然無法被輕易取得。 Therefore, some applications change the key to use the device identification data related to the mobile device, such as the serial number of the specific hardware component in the mobile device or the mobile device, IMEI, etc., since the device identification data is mostly one-to-one with the mobile device. Correspondence, therefore, even if the key used by an application on a mobile device is cracked, the keys used by other devices using the same application are different, and therefore, on other devices using the same application. Sensitive data still cannot be easily obtained.

然而,上述使用與行動裝置有關的裝置識別資料做為金鑰的方式並不是適合所有的應用程式,而僅僅適合無需備份的應用程式,因為每個行動裝置的裝置識別資料不同,表示安裝於各個行動裝置上之相同應用程式所使用的金鑰也不相同,使用某個行動裝置之裝置識別資料所加密的檔案無法使用其他行動裝置之裝置識別資料解密,因此,在該行動裝置上的應用程式被複製到其他行動裝置上時,將無法被使用。 However, the above method of using the device identification data related to the mobile device as a key is not suitable for all applications, but only for an application that does not need to be backed up, because the device identification data of each mobile device is different, indicating that it is installed in each The same application used on the mobile device uses different keys. The file encrypted by the device identification data of a mobile device cannot be decrypted using the device identification data of other mobile devices. Therefore, the application on the mobile device is used. When copied to other mobile devices, it will not be used.

綜上所述,可知先前技術中長期以來一直存在安全性較低的加密方式可以在所有應用程式中被使用,但安全性較高的加密方式僅有部分應用程式可以使用的問題,因此有必要提出改進的技術手段,來解決此一問題。 In summary, it can be seen that the encryption method with low security in the prior art has been used in all applications, but the security method with high security is only a problem that some applications can use, so it is necessary An improved technical means is proposed to solve this problem.

有鑒於先前技術存在安全性較高之加密方式僅有部分應用程式適合使用的問題,本創作遂揭露一種透過作業系統驗證密碼以進行加解密之計算設備,其中:本創作所揭露之透過作業系統驗證密碼以進行加解密之計算設備,該計算設備至少包含:周邊輸入裝置;匯流排;處理器,透過匯流排與周邊輸入裝置電性連接,用以執行作業系統及安裝於作業系統中之應用程式,藉以透過周邊輸入裝置提供輸入帳號資料,帳號資料包含作業系統所記錄之目標帳號及與目標帳號對應之密碼,及用以提供應用程式選擇作業目標,並提供應用程式呼叫作業系統之應用程式介面,使作業系統判斷帳號資料是否通過驗證,並提供應用程式於帳號資料通過驗證時,使用密碼加密或解密作業目標。 In view of the problem that the prior art has a high security encryption method, and only some applications are suitable for use, the present invention discloses a computing device for verifying a password through an operating system for encryption and decryption, wherein: the operating system disclosed by the present invention a computing device for verifying a password for encryption and decryption, the computing device comprising at least: a peripheral input device; a bus bar; a processor electrically connected to the peripheral input device through the bus bar for executing the operating system and the application installed in the operating system The program provides input account information through the peripheral input device, the account data includes the target account recorded by the operating system and the password corresponding to the target account, and an application for providing an application selection target and providing an application call operation system The interface enables the operating system to determine whether the account data has been verified, and provides an application to encrypt or decrypt the job target using the password when the account data is verified.

本創作所揭露之計算設備如上,與先前技術之間的差異在於本創作透過計算設備中的應用程式在輸入帳號資料後,呼叫作業系統之應用程式介面,使計算設備中的作業系統判斷帳號資料是否通過驗證,應用程式並在帳號資料通過驗證時,使用密碼加密或解密作業目標,藉以解決先前技術所存在的問題,並可以達成使應用程式之加密方式兼顧安全性與可用性的技術功效。 The computing device disclosed in the present application is as above, and the difference from the prior art is that the application in the computing device inputs the account information, calls the application interface of the operating system, and causes the operating system in the computing device to determine the account data. Whether it is verified, the application uses the password to encrypt or decrypt the job target when the account data is verified, to solve the problems of the prior art, and to achieve the technical effect of making the application encryption and security and usability.

10‧‧‧計算設備 10‧‧‧ Computing equipment

11‧‧‧作業系統 11‧‧‧Operating system

15‧‧‧處理器 15‧‧‧ processor

16‧‧‧記憶體模組 16‧‧‧ memory module

17‧‧‧匯流排 17‧‧‧ Busbar

18‧‧‧周邊輸出裝置 18‧‧‧ peripheral output device

19‧‧‧周邊輸入裝置 19‧‧‧ peripheral input device

100‧‧‧應用程式 100‧‧‧Application

110‧‧‧目標選擇模組 110‧‧‧Target selection module

120‧‧‧輸入模組 120‧‧‧Input module

130‧‧‧系統呼叫模組 130‧‧‧System Call Module

150‧‧‧加解密模組 150‧‧‧Addition and decryption module

步驟210‧‧‧選擇作業目標 Step 210‧‧‧Select the target of the operation

步驟220‧‧‧提供輸入帳號資料,帳號資料包含作業系統所記錄之目標帳號及相對應之密碼 Step 220‧‧‧ Provide input account information, the account data includes the target account recorded by the operating system and the corresponding password

步驟222‧‧‧取得作業系統所記錄之所有帳號 Step 222‧‧‧Get all the accounts recorded by the operating system

步驟224‧‧‧提供由所有帳號中選出目標帳號 Step 224‧‧‧ Provide the target account selected from all accounts

步驟226‧‧‧提供輸入與目標帳號對應之密碼 Step 226‧‧‧ Provide the password corresponding to the target account

步驟230‧‧‧呼叫作業系統之應用程式介面,使作業系統判斷目標帳號及密碼是否通過驗證 Step 230‧‧‧ Call the application interface of the operating system to enable the operating system to determine whether the target account and password have been verified

步驟240‧‧‧判斷帳號資料是否通過驗證 Step 240‧‧‧Determine whether the account data has been verified

步驟250‧‧‧使用密碼加密或解密作業目標 Step 250‧‧‧Use a password to encrypt or decrypt the job target

第1A圖為本創作所提之透過作業系統驗證密碼以進行加解密之計算設備之元件示意圖。 Figure 1A is a schematic diagram of the components of the computing device for verifying the password through the operating system for encryption and decryption.

第1B圖為本創作所提之透過作業系統驗證密碼以進行加解密之應用程式之模組示意圖。 Figure 1B is a schematic diagram of the module of the application for verifying the password through the operating system for encryption and decryption.

第2A圖為本創作所提之透過作業系統驗證密碼以進行加解密之方法流程圖。 Figure 2A is a flow chart of the method for verifying passwords through the operating system for encryption and decryption.

第2B圖為本創作所提之輸入目標帳號及密碼之方法流程圖。 Figure 2B is a flow chart of the method for inputting the target account and password proposed by the author.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。 The features and implementations of the present invention will be described in detail below in conjunction with the drawings and the embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.

本創作可以由作業系統完成預先登錄在作業系統中之目標帳號的驗證,並使用通過驗證之目標帳號所對應的密碼對指定的檔案加密或解密,藉以提供使用者足夠的安全性以及可使用性。 The author can complete the verification of the target account pre-registered in the operating system by the operating system, and encrypt or decrypt the specified file by using the password corresponding to the verified target account, thereby providing the user with sufficient security and usability. .

本創作應用在如「第1A圖」所示之計算設備10上,本創作所提之計算設備10包含但不限於一個或多個處理器15、一個或多個記憶體模組16、以及連接不同元件(包括記憶體模組16和處理器15)的匯流排17等元件,例如,計算設備可以是手機、平板、導航裝置、多媒體播放機、電子書閱讀機、電子辭典、掌上型電動玩具等。透過所包含之多個元件,計算設備10可以載入並執行作業系統,使作業系統在計算設備10上運行,同時,計算設備10也可以執行安裝於作業系統中的應用程式。 The present application is applied to a computing device 10 as shown in FIG. 1A. The computing device 10 of the present application includes, but is not limited to, one or more processors 15, one or more memory modules 16, and connections. Components such as bus bars 17 of different components (including memory module 16 and processor 15), for example, computing devices may be mobile phones, tablets, navigation devices, multimedia players, e-book readers, electronic dictionaries, palm-type electric toys. Wait. Through the various components included, computing device 10 can load and execute the operating system to cause the operating system to run on computing device 10, while computing device 10 can also execute applications installed in the operating system.

本創作所提之計算設備10的匯流排17可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。 The busbar 17 of the computing device 10 of the present application may include one or more types, including, for example, a data bus, an address bus, a control bus, and an expansion function convergence. Bus types such as expansion bus, and/or local bus. Busbars for computing devices include, but are not limited to, side-by-side industry standard architecture (ISA) busses, peripheral component interconnect (PCI) busses, video electronic standards associations (VESA) local busses, and tandem universal sequence busses (USB), Fast Peripheral Component Interconnect (PCI-E) bus, etc.

本創作所提之計算設備10的處理器15與匯流排17耦接。處理器15包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全在處理晶片上,或全部或部分在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理器。處理器15可為處理單元、微處理器或任何合適的處理元件。若計 算設備10為多處理器設備,也就是計算設備10包含多個處理器15,則計算設備10所包含的處理器15都相同或類似,且透過匯流排17耦接與通訊。 The processor 15 of the computing device 10 of the present invention is coupled to the busbar 17. The processor 15 includes a register group or a scratchpad space, and the register set or scratchpad space may be entirely on the processing wafer, or wholly or partially outside the processing wafer and via a dedicated electrical connection and/or via The bus bar is coupled to the processor. Processor 15 can be a processing unit, a microprocessor, or any suitable processing element. If The computing device 10 is a multi-processor device, that is, the computing device 10 includes a plurality of processors 15. The processors 15 included in the computing device 10 are all the same or similar, and are coupled and communicated through the bus bar 17.

計算設備10的處理器15可以與晶片組(圖中未示)耦接或透過匯流排17與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。另外,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。 The processor 15 of the computing device 10 can be coupled to a chip set (not shown) or electrically connected to the chip set via the bus bar 17. A chipset consists of one or more integrated circuits (ICs) that contain a memory controller and a peripheral input/output (I/O) controller. The chipset typically provides input and memory management functions, as well as providing a plurality of general purpose and/or dedicated registers, timers, etc., wherein the general purpose and/or dedicated registers and timers are coupled or One or more processors electrically coupled to the chip set are accessed or used. In addition, the memory controller and the peripheral input/output controller may be included in one integrated circuit, or may be implemented using two or more integrated circuits.

處理器15可以透過記憶體控制器存取記憶體模組和大容量儲存區中的資料,例如,記憶體控制器可以存取包含快取記憶體、或硬碟機中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory,NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置,例如,硬碟機、光碟、磁帶機、隨身碟(快閃記憶體)、固態硬碟(Solid State Disk,SSD)、或任何其他儲存裝置等。 The processor 15 can access the data in the memory module and the large-capacity storage area through the memory controller. For example, the memory controller can access the data included in the cache memory or the hard disk drive. The above memory module includes any type of volatile memory and/or non-volatile memory (NVRAM) memory, such as static random access memory (SRAM), dynamic random access. Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The mass storage area described above may include any type of storage device, such as a hard disk drive, a compact disc, a tape drive, a flash drive (flash memory), a solid state disk (SSD), or any other storage device. Wait.

處理器15也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置18、周邊輸入裝置19、通訊介面(圖中未示)、以及GPS接收器(圖中未示)等周邊裝置或介面通訊。周邊輸入裝置19可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置18可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置19與周邊輸出裝置 18也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路設備、非同步傳輸模式(ATM)設備、DSL數據機、纜線(Cable)數據機等。處理器15可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠進行資料的輸入與輸出,也能夠與具有上述描述之元件的另一個計算設備進行通訊。 The processor 15 can also pass through the peripheral output/input controller via peripheral peripheral input/output bus and peripheral output device 18, peripheral input device 19, communication interface (not shown), and peripheral devices such as GPS receivers (not shown). Or interface communication. The peripheral input device 19 can be any type of input device, such as a keyboard, a mouse, a trackball, a trackpad, a rocker, etc., and the peripheral output device 18 can be any type of output device, such as a display, a printer, etc., surrounding Input device 19 and peripheral output device 18 can also be the same device, such as a touch screen. The communication interface can include a wireless communication interface and/or a wired communication interface, and the wireless communication interface can include a wireless local area network such as Wi-Fi, Zigbee, Bluetooth, infrared, near field communication (NFC), mobile communication network, or other wireless data transmission. The interface of the protocol, the wired communication interface can be an Ethernet device, an asynchronous transfer mode (ATM) device, a DSL data machine, a cable (data) data machine, and the like. The processor 15 can periodically poll various peripheral devices and interfaces to enable the computing device to perform input and output of data, as well as to communicate with another computing device having the elements described above.

以下先以「第1B圖」本創作所提之透過作業系統驗證密碼以進行加解密之應用程式模組示意圖來說明本創作的運作。如「第1B圖」所示,本創作之系統應用於應用程式100中,含有目標選擇模組110、輸入模組120、系統呼叫模組130、以及加解密模組150。其中,應用程式100被安裝於作業系統11中,作業系統11在計算設備10中運行,且計算設備10的處理器在執行應用程式100的程式碼後,本創作所提之目標選擇模組110、輸入模組120、系統呼叫模組130、以及加解密模組150等模組可以被產生並運作。 The following is a description of the operation of this creation by using the schematic diagram of the application module for verifying the password through the operating system to verify and decrypt the code in the "1B". As shown in FIG. 1B, the system of the present application is applied to the application 100, and includes a target selection module 110, an input module 120, a system call module 130, and an encryption/decryption module 150. The application 100 is installed in the operating system 11, the operating system 11 is running in the computing device 10, and after the processor of the computing device 10 executes the program code of the application 100, the target selection module 110 proposed by the author Modules such as input module 120, system call module 130, and encryption and decryption module 150 can be generated and operated.

目標選擇模組110負責選擇作業目標。目標選擇模組110所選擇的作業目標為應用程式100所包含的一個或多個檔案或與應用程式100安裝在同一作業系統11中之一個或多個其他程式。其中,目標選擇模組110可以依據設定選擇特定的一個或多個作業目標,也可以依據使用者使用計算設備10之周邊輸入裝置19所產生的確認、選取或點擊等目標選擇訊號選擇使用者指定的一個或多個作業目標。 The target selection module 110 is responsible for selecting a job target. The job target selected by the target selection module 110 is one or more files included in the application 100 or one or more other programs installed in the same operating system 11 as the application 100. The target selection module 110 may select a specific one or more job targets according to the settings, or may select a user designation according to a target selection signal generated by the user using the peripheral input device 19 of the computing device 10, such as confirmation, selection, or click. One or more job targets.

輸入模組120負責提供輸入帳號資料,更詳細的,輸入模組120可以依據計算設備10之周邊輸入裝置19所產生鍵入、滑動或點擊等操作訊號輸入 帳號資料。輸入模組120提供輸入的帳號資料包含目標帳號及與目標帳號對應的密碼,其中,目標帳號通常已被安裝應用程式100之作業系統11所記錄。換句話說,被安裝應用程式100之作業系統11中可以記錄一個或多個帳號,而目標帳號是被安裝應用程式100之作業系統11所記錄之帳號中的一個。 The input module 120 is responsible for providing input account information. In more detail, the input module 120 can input, input, slide, click, and the like according to the peripheral input device 19 of the computing device 10. Account information. The input module 120 provides the input account data including the target account and the password corresponding to the target account, wherein the target account is usually recorded by the operating system 11 of the installed application 100. In other words, one or more accounts can be recorded in the operating system 11 of the installed application 100, and the target account is one of the accounts recorded by the operating system 11 of the installed application 100.

一般而言,輸入模組120提供輸入之目標帳號與密碼通常都是由一定數量的字母、數字與符號任意排列而成。輸入模組120除了可以依據使用者使用計算設備10的周邊輸入裝置19依序輸入目標帳號中的字母、數字、或符號之操作所產生之帳號輸入訊號轉換產生目標帳號外,也可以透過計算設備10的周邊輸出裝置18顯示系統呼叫模組130由作業系統11取得之作業系統11所記錄的所有帳號,並依據使用者使用周邊輸入裝置19進行點擊或選取之操作所產生的帳號選擇訊號選擇其中一個被顯示的帳號,被選擇的帳號即為目標帳號。另外,輸入模組120除了將使用者使用周邊輸入裝置19依序輸入字母、數字、與符號之操作所產生的密碼輸入訊號轉換產生為密碼外,也可以將使用者使用周邊輸入裝置19輸入手勢、選擇圖片等操作所產生的密碼輸入訊號轉換為密碼,藉以透過周邊輸入裝置19提供使用者輸入密碼。 In general, the target account and password provided by the input module 120 are usually arranged by a certain number of letters, numbers and symbols. The input module 120 can also generate a target account according to the account input signal generated by the user inputting the letters, numbers, or symbols in the target account by using the peripheral input device 19 of the computing device 10, and can also generate the target account through the computing device. The peripheral output device 18 of the display unit 10 displays all the account accounts recorded by the operating system 11 obtained by the system call module 130, and selects according to the account selection signal generated by the user using the peripheral input device 19 to perform a click or select operation. A displayed account, the selected account is the target account. In addition, the input module 120 converts the password input signal generated by the user's operation of inputting letters, numbers, and symbols in sequence by the peripheral input device 19 to generate a password, and may also input the gesture by the user using the peripheral input device 19. The password input signal generated by the operation of selecting a picture or the like is converted into a password, so that the user inputs the password through the peripheral input device 19.

系統呼叫模組130負責呼叫安裝應用程式100之作業系統11所提供的應用程式介面(API),並負責接收所呼叫之應用程式介面所傳送的資料或訊號,其中,隨著需求的不同,系統呼叫模組130所呼叫的應用程式介面也會不同。例如,系統呼叫模組130可以呼叫取得帳號的應用程式介面,使得作業系統11透過計算設備10的處理器15將所記錄的所有帳號傳回給系統呼叫模組130。 The system call module 130 is responsible for calling the application interface (API) provided by the operating system 11 of the installation application 100, and is responsible for receiving data or signals transmitted by the called application interface, wherein, depending on the requirements, the system The application interface called by the call module 130 will also be different. For example, the system call module 130 can call the application interface of the account to enable the operating system 11 to transmit all of the recorded accounts back to the system call module 130 via the processor 15 of the computing device 10.

又如,系統呼叫模組130可以呼叫帳號驗證的應用程式介面,並將輸入模組120提供輸入的帳號資料透過帳號驗證的應用程式介面提供給作業 系統11,使得作業系統11可以透過計算設備10的處理器15判斷系統呼叫模組130所提供的帳號資料是否通過驗證,並可以將判斷結果傳回系統呼叫模組130。 For another example, the system call module 130 can call the application interface of the account verification, and provide the input account data provided by the input module 120 to the application through the account verification application interface. The system 11 allows the operating system 11 to determine whether the account information provided by the system call module 130 has passed the verification by the processor 15 of the computing device 10, and can transmit the determination result back to the system call module 130.

也就是說,作業系統11可以透過計算設備10的處理器15判斷系統呼叫模組130所傳送之帳號資料中的目標帳號是否為作業系統11所記錄的帳號之一,並判斷帳號資料中與目標帳號對應的密碼是否與作業系統11所記錄之目標帳號的密碼相同。若作業系統11判斷帳號資料中的目標帳號不是作業系統11所記錄的帳號,則作業系統11可以判斷帳號資料沒有通過驗證,又若作業系統11判斷帳號資料中的目標帳號為作業系統11所記錄的帳號,但帳號資料中與目標帳號對應的密碼與作業系統11所記錄之目標帳號的密碼不同,作業系統11同樣可以判斷帳號資料沒有通過驗證。換句話說,只有在作業系統11判斷帳號資料中的目標帳號是作業系統11所記錄的帳號,且帳號資料中與目標帳號對應的密碼與作業系統11所記錄之目標帳號的密碼也相同,作業系統11才可以判斷帳號資料通過驗證。 That is, the operating system 11 can determine whether the target account in the account data transmitted by the system call module 130 is one of the accounts recorded by the operating system 11 through the processor 15 of the computing device 10, and determine the account data and the target. Whether the password corresponding to the account is the same as the password of the target account recorded by the operating system 11. If the operating system 11 determines that the target account in the account data is not the account recorded by the operating system 11, the operating system 11 can determine that the account data has not passed the verification, and if the operating system 11 determines that the target account in the account data is recorded by the operating system 11 The account number, but the password corresponding to the target account in the account data is different from the password of the target account recorded by the operating system 11, and the operating system 11 can also determine that the account data has not passed the verification. In other words, only the target account in the account system is determined by the operating system 11 as the account recorded by the operating system 11, and the password corresponding to the target account in the account data is the same as the password of the target account recorded in the operating system 11 The system 11 can judge the account data to pass the verification.

值得一提的是,在大部分的作業系統11中,系統呼叫模組130需要獲得作業系統11的帳號資訊使用權限才可以呼叫作業系統11所提供之與帳號相關的應用程式介面。一般而言,使用者可以操做作業系統11使得作業系統11透過計算設備10的處理器15先行設定應用程式100擁有帳號資訊使用權限;若使用者沒有預先在作業系統11中設定應用程式100擁有帳號資訊使用權限,則在系統呼叫模組130呼叫與帳號相關的應用程式介面時,系統呼叫模組130可以透過計算設備10的周邊輸出裝置18提示使用者到作業系統11中設定應用程式100擁有帳號資訊使用權限,或是由處理器15執行作業系統11的特定程序使得作業系統11透過周邊輸出裝置18詢問使用者是否讓應用程式100擁有帳號資訊使用權 限。其中,當使用者透過計算設備10的周邊輸入裝置19選擇同意讓應用程式100擁有帳號資訊使用權限時,作業系統11可以透過處理器15設定應用程式100擁有帳號資訊使用權限,反之,作業系統11通常可以拒絕系統呼叫模組130的呼叫。因此,在系統呼叫模組130呼叫作業系統11所提供的應用程式介面前,可以先判斷使用者是否在作業系統11中先行設定應用程式100擁有帳號資訊使用權限,例如透過作業系統11所提供的應用程式介面檢查應用程式100是否擁有帳號資訊使用權限或檢查應用程式100的設定值(但本創作並不以此為限),若應用程式100擁有帳號資訊使用權限,則系統呼叫模組130可以呼叫作業系統11所提供的應用程式介面,若應用程式100沒有帳號資訊使用權限,則系統呼叫模組130可以產生並顯示設定應用程式100擁有帳號資訊使用權限的提示訊息;但實際上,系統呼叫模組130也可以不判斷而直接呼叫作業系統11所提供的應用程式介面,若應用程式100擁有帳號資訊使用權限,則系統呼叫模組130可以直接取得作業系統11所記錄之所有帳號,而若應用程式100沒有帳號資訊使用權限,則系統呼叫模組130將無法取得作業系統11所記錄之任何帳號,在部分的實施例中,作業系統11可以透過處理器產生錯誤訊息或警示訊息並透過周邊輸出裝置18顯示被產生的錯誤訊息或警示訊息,或是透過處理器15產生應用程式100需要擁有帳號資訊使用權限的提示訊息並透過周邊輸出裝置18顯示被產生的提示訊息。 It is worth mentioning that in most operating systems 11, the system call module 130 needs to obtain the account information usage right of the operating system 11 to call the account-related application interface provided by the operating system 11. In general, the user can operate the operating system 11 so that the operating system 11 first sets the application 100 to have the account information usage right through the processor 15 of the computing device 10; if the user does not pre-set the application 100 in the operating system 11 When the system call module 130 calls the account-related application interface, the system call module 130 can prompt the user to set the application 100 to the operating system 11 through the peripheral output device 18 of the computing device 10. The account information usage authority or the specific program of the operating system 11 executed by the processor 15 causes the operating system 11 to inquire through the peripheral output device 18 whether the application 100 has the account information usage right. limit. When the user selects to allow the application 100 to have the account information usage right through the peripheral input device 19 of the computing device 10, the operating system 11 can set the application 100 to have the account information usage permission through the processor 15, and vice versa, the operating system 11 Calls to the system call module 130 can typically be rejected. Therefore, before the system call module 130 calls the application program provided by the operating system 11, the user may first determine whether the application 100 has the account information usage right in the operating system 11, for example, provided by the operating system 11. The application interface checks whether the application 100 has the account information usage right or checks the setting value of the application 100 (but the present invention is not limited thereto). If the application 100 has the account information usage right, the system call module 130 can If the application 100 does not have the account information usage right, the system call module 130 can generate and display a prompt message for setting the application server 100 to use the account information; but in reality, the system calls The module 130 can also directly call the application interface provided by the operating system 11 without determining. If the application 100 has the account information usage right, the system call module 130 can directly obtain all the accounts recorded by the operating system 11, and if The application 100 does not have the right to use the account information, then the system calls The module 130 will not be able to obtain any account recorded by the operating system 11. In some embodiments, the operating system 11 can generate an error message or an alert message through the processor and display the generated error message or warning message through the peripheral output device 18. Or, the processor 100 generates a prompt message that the application 100 needs to have the account information usage right and displays the generated prompt message through the peripheral output device 18.

加解密模組150負責在系統呼叫模組130所接收到判斷結果表示帳號資料通過驗證時,使用輸入模組120提供輸入之帳號資料中的密碼加密或解密目標選擇模組110所選擇的作業目標。而若系統呼叫模組130所接收到判斷結果表示帳號資料沒有通過驗證,則加解密模組150可以拒絕對目標選擇模組110所選擇的作業目標進行加密或解密的操作。其中,加解密模組150可以將多個作 業目標組合併加密為一個資料檔,也可以分別對各個作業目標加密產生多個資料檔。 The encryption and decryption module 150 is responsible for encrypting or decrypting the target selected by the target selection module 110 by using the input module 120 to provide the password in the input account data when the system call module 130 receives the determination result indicating that the account data is verified. . If the system call module 130 receives the determination result that the account data has not passed the verification, the encryption and decryption module 150 may reject the operation of encrypting or decrypting the job target selected by the target selection module 110. Wherein, the encryption and decryption module 150 can be used for multiple The industry target is combined and encrypted into one data file, and multiple data files can be separately generated for each job target.

一般而言,加解密模組150可以依據應用程式100的定義或使用者的操作,選擇加密或解密目標選擇模組110所選擇的作業目標,但本創作並不以此為限。 In general, the encryption/decryption module 150 can select to encrypt or decrypt the target object selected by the target selection module 110 according to the definition of the application 100 or the operation of the user, but the creation is not limited thereto.

在部分的實施例中,加解密模組150可以依據輸入模組120提供輸入之帳號資料中的密碼產生金鑰,並可以使用所產生的金鑰加密或解密作業目標。例如,加解密模組150可以依據被做為密碼之圖片的數量及/或順序產生金要、或對被做為密碼之手勢的軌跡運算以產生金鑰,但本創作並不以此為限。 In some embodiments, the encryption and decryption module 150 may generate a key according to the password in the input account data provided by the input module 120, and may use the generated key to encrypt or decrypt the job target. For example, the encryption and decryption module 150 may generate a key or a trajectory operation of a gesture as a password to generate a key according to the number and/or order of pictures as passwords, but the creation is not limited thereto. .

接著以第一實施例來解說本創作的運作系統與方法,並請參照「第2A圖」本創作所提之透過作業系統驗證密碼以進行加解密之方法流程圖。在本實施例中,假設本創作應用在資料備份還原程式中,藉以在備份還原的過程中被保護被備份出來的所有資料。 Next, the operation system and method of the present creation are explained in the first embodiment, and please refer to the flowchart of the method for verifying the password through the operating system to perform encryption and decryption according to the "2A". In this embodiment, it is assumed that the authoring application is in the data backup and restore program, so that all the materials backed up are protected during the backup and restore process.

在使用者執行資料備份還原程式(應用程式100)中的備份功能後,目標選擇模組110可以選擇作業目標(步驟210)。在本實施例中,假設使用者可以透過目標選擇模組110所提供的目標選擇介面選擇安裝於作業系統11中的所有程式與所有檔案,目標選擇模組110可以將使用者所選擇之安裝於作業系統11中的所有程式與檔案)做為作業目標。 After the user performs the backup function in the data backup and restore program (application 100), the target selection module 110 can select the job target (step 210). In this embodiment, it is assumed that the user can select all the programs and all the files installed in the operating system 11 through the target selection interface provided by the target selection module 110. The target selection module 110 can install the selected ones of the user. All programs and files in the operating system 11 are targeted for the job.

在目標選擇模組110選擇作業目標後,輸入模組120可以提供輸入帳號資料(步驟220)。在本實施例中,假設如「第2B圖」之流程所示,系統呼叫模組130可以呼叫作業系統11所提供的應用程式介面以取得作業系統11所記錄之所有帳號(步驟222),並可以將所取得之所有帳號提供給輸入模組120, 輸入模組120可以顯示系統呼叫模組130所取得之所有帳號的清單,並可以提供使用者選擇其中一個帳號做為目標帳號(步驟224),以及在使用者選擇目標帳號後,提供使用者輸入與被選擇之目標帳號對應的密碼(步驟226),如此,使用者便可以透過輸入模組120完成帳號資料的輸入。 After the target selection module 110 selects the job target, the input module 120 can provide input account information (step 220). In this embodiment, it is assumed that the system call module 130 can call the application interface provided by the operating system 11 to obtain all the accounts recorded by the operating system 11 (step 222), as shown in the flow of "FIG. 2B". All the obtained accounts can be provided to the input module 120. The input module 120 can display a list of all accounts obtained by the system call module 130, and can provide the user to select one of the accounts as the target account (step 224), and provide user input after the user selects the target account. The password corresponding to the selected target account (step 226), so that the user can complete the input of the account data through the input module 120.

要說明的是,在系統呼叫模組130可以呼叫作業系統11所提供的應用程式介面以取得作業系統11所記錄之所有帳號(步驟222)時,系統呼叫模組130需要獲得帳號資訊使用權限。在本實施例中,系統呼叫模組130可以直接呼叫作業系統11所提供的應用程式介面,若使用者已預先設定應用程式100擁有帳號資訊使用權限,則系統呼叫模組130可以順利的呼叫作業系統11所提供的應用程式介面;若使用者沒有預先設定應用程式100擁有帳號資訊使用權限,則在系統呼叫模組130呼叫應用程式介面時,作業系統11可以彈出確認視窗或對話方塊詢問使用者是否讓應用程式100擁有帳號資訊使用權限,假設使用者選擇同意,則系統呼叫模組130可以順利的呼叫作業系統11所提供的應用程式介面,但要是使用者選擇不同,則應用程式100顯示錯誤訊息並關閉。 It should be noted that when the system call module 130 can call the application interface provided by the operating system 11 to obtain all the accounts recorded by the operating system 11 (step 222), the system call module 130 needs to obtain the account information usage rights. In this embodiment, the system call module 130 can directly call the application interface provided by the operating system 11. If the user has preset the application 100 to have the account information usage right, the system call module 130 can smoothly call the operation. The application interface provided by the system 11; if the user does not preset the application 100 to have the account information usage right, when the system call module 130 calls the application interface, the operating system 11 can pop up a confirmation window or a dialog box to query the user. Whether the application 100 has the account information usage right, if the user chooses to agree, the system call module 130 can smoothly call the application interface provided by the operating system 11, but if the user selects differently, the application 100 displays an error. The message is closed.

在輸入模組120提供輸入帳號資料(步驟220)後,系統呼叫模組130可以呼叫作業系統11的應用程式介面,並透過所呼叫之應用程式介面將輸入模組120提供輸入的帳號資料傳送給作業系統11,使得作業系統11可以判斷系統呼叫模組130所傳送之帳號資料中的目標帳號與相對應的密碼是否通過驗證(步驟230),並可以透過系統呼叫模組130所呼叫的應用程式介面將判斷結果傳回系統呼叫模組130。 After the input module 120 provides the input account data (step 220), the system call module 130 can call the application interface of the operating system 11 and transmit the input account data provided by the input module 120 to the called application interface. The operating system 11 is configured to enable the operating system 11 to determine whether the target account number and the corresponding password in the account data transmitted by the system call module 130 are verified (step 230), and can be used to call the application called by the system call module 130. The interface passes the determination result back to the system call module 130.

在系統呼叫模組130取得作業系統11傳回的判斷結果後,加解密模組150可以依據系統呼叫模組130所取得之判斷結果判斷輸入模組120提供輸 入的帳號資料是否通過驗證(步驟240)。若加解密模組150判斷輸入模組120提供輸入的帳號資料沒有通過驗證,則加解密模組150將不會執行加密或解密作業。 After the system call module 130 obtains the determination result returned by the operating system 11, the encryption and decryption module 150 can determine that the input module 120 provides the input according to the judgment result obtained by the system call module 130. Whether the entered account data has passed the verification (step 240). If the encryption/decryption module 150 determines that the input account data provided by the input module 120 has not passed the verification, the encryption/decryption module 150 will not perform the encryption or decryption operation.

而若加解密模組150判斷輸入模組120提供輸入的帳號資料通過驗證,則加解密模組150可以使用輸入模組120提供輸入之帳號資料中的密碼執行加密或解密作業(步驟250)。在本實施例中,由於此時是備份功能被執行,因此,加解密模組150可以執行加密作業,假設加解密模組150可以將目標選擇模組110所選擇的作業目標(安裝於作業系統11中的所有程式與檔案)組合為一個檔案後,使用輸入模組120提供輸入的密碼對組合產生的檔案加密以產生一個資料檔,如此,資料備份還原程序便完成資料備份作業。 If the encryption/decryption module 150 determines that the input account module provides the input account data for verification, the encryption and decryption module 150 can perform the encryption or decryption operation by using the input module 120 to provide the password in the input account data (step 250). In this embodiment, since the backup function is executed at this time, the encryption and decryption module 150 can perform an encryption operation, and the encryption/decryption module 150 can select the target object selected by the target selection module 110 (installed in the operating system). After all the programs and files in 11 are combined into one file, the input module 120 is used to provide the input password to encrypt the combined file to generate a data file. Thus, the data backup and restore program completes the data backup operation.

當使用者要將所備份的資料還原時,可以執行資料備份還原程式(應用程式100)中的還原功能,則目標選擇模組110可以選擇作業目標(步驟210)。在本實施例中,假設使用者可以透過目標選擇模組110所提供的目標選擇介面選擇先前備份產生的資料檔,目標選擇模組110可以顯示資料檔中所包含的所有檔案與程式,並提供使用者選擇,若使用者選擇了其中的兩個程式以及一個檔案,則目標選擇模組110可以將使用者所選擇的程式與檔案做為作業目標。 When the user wants to restore the backed up data, the restore function in the data backup and restore program (application 100) can be executed, and the target selection module 110 can select the job target (step 210). In this embodiment, it is assumed that the user can select the data file generated by the previous backup through the target selection interface provided by the target selection module 110, and the target selection module 110 can display all the files and programs included in the data file, and provide The user selects, if the user selects two programs and one file, the target selection module 110 can use the program and file selected by the user as the work target.

在目標選擇模組110選擇作業目標後,輸入模組120可以提供輸入帳號資料(步驟220)。在本實施例中,假設同樣如「第2B圖」之流程,使用者可以透過輸入模組120完成帳號資料的輸入。 After the target selection module 110 selects the job target, the input module 120 can provide input account information (step 220). In this embodiment, it is assumed that the user can complete the input of the account data through the input module 120, as in the process of "2B".

在輸入模組120提供輸入帳號資料(步驟220)後,系統呼叫模組130可以呼叫作業系統11的應用程式介面,並透過所呼叫之應用程式介面將輸入 模組120提供輸入的帳號資料傳送給作業系統11,使得作業系統11可以判斷系統呼叫模組130所傳送之帳號資料中的目標帳號與相對應的密碼是否通過驗證(步驟230),並可以透過系統呼叫模組130所呼叫的應用程式介面將判斷結果傳回系統呼叫模組130。 After the input module 120 provides input account information (step 220), the system call module 130 can call the application interface of the operating system 11 and input through the called application interface. The module 120 provides the input account data to the operating system 11, so that the operating system 11 can determine whether the target account and the corresponding password in the account data transmitted by the system call module 130 pass the verification (step 230), and can pass through The application interface called by the system call module 130 transmits the determination result back to the system call module 130.

在系統呼叫模組130取得作業系統11傳回的判斷結果後,加解密模組150可以依據系統呼叫模組130所取得之判斷結果判斷輸入模組120提供輸入的帳號資料是否通過驗證(步驟240)。若加解密模組150判斷輸入模組120提供輸入的帳號資料通過驗證,則加解密模組150可以使用輸入模組120提供輸入之帳號資料中的密碼執行加密或解密作業(步驟250)。在本實施例中,由於此時是還原功能被執行,因此,加解密模組150可以執行解密作業,也就是使用輸入模組120提供輸入的密碼解密目標選擇模組110所選擇的作業目標,也就是解密使用者所選擇的兩個程式與一個檔案,如此,資料備份還原程式便完成資料還原作業。 After the system call module 130 obtains the determination result returned by the operating system 11, the encryption and decryption module 150 can determine whether the input account data provided by the input module 120 is verified according to the judgment result obtained by the system call module 130 (step 240). ). If the encryption/decryption module 150 determines that the input account data provided by the input module 120 is verified, the encryption and decryption module 150 can perform an encryption or decryption operation by using the password in the input account data provided by the input module 120 (step 250). In this embodiment, since the restore function is executed at this time, the encryption and decryption module 150 can perform the decryption operation, that is, the input target module 120 provides the input password to decrypt the target object selected by the target selection module 110. That is, the two programs and one file selected by the user are decrypted, and thus the data backup and restore program completes the data restoration operation.

如此,透過本創作,只要使用者所使用者裝置上的作業系統11可以提供本創作之系統呼叫模組130所呼叫的應用程式介面,不論使用者是在同一裝置上進行備份還原,或是在不同裝置上進行備份還原,都可以順利的完成,不會發生在還原時無法解密不同裝置上所進行之備份資料的問題。 Thus, through the creation, the operating system 11 on the user device of the user can provide the application interface called by the system call module 130 of the author, whether the user performs backup or restore on the same device, or Backup and restore on different devices can be completed smoothly, and there is no problem that the backup data on different devices cannot be decrypted during the restoration.

繼續以第二實施例來解說本創作的運作系統與方法,同樣請參照「第2A圖」。在本實施例中,假設本創作被用來保護應用程式100之資料庫中所記錄之資料,但本創作並不以此為限。 The operation system and method of the present creation will be explained in the second embodiment. Please refer to "2A". In this embodiment, it is assumed that the present creation is used to protect the data recorded in the database of the application 100, but the creation is not limited thereto.

在應用程式100開始執行時,或是應用程式100需要存取資料庫時,本創作可以被執行以解密資料庫,使得應用程式100可以存取資料庫。首先, 目標選擇模組110可以選擇作業目標(步驟210)。在本實施例中,由於此時應用程式100為了要進行資料存取,因此應用程式100可以定義作業目標為資料庫,如此,目標選擇模組110可以依據應用程式100的定義,選擇資料庫做為作業目標。 When the application 100 begins execution, or when the application 100 needs to access the database, the author can be executed to decrypt the database so that the application 100 can access the database. First of all, The target selection module 110 can select a job target (step 210). In this embodiment, the application 100 can define a job target as a database in order to perform data access. Thus, the target selection module 110 can select a database according to the definition of the application 100. For the job target.

在目標選擇模組110選擇作業目標(步驟210)後,輸入模組120可以提供輸入帳號資料(步驟220)。在本實施例中,假設使用者可以預先在應用程式100中設定之帳號資料,加解密模組150可以加密使用者所設定的帳號資料並儲存,如此,當輸入模組120需要提供輸入帳號資料時,加解密模組150可以將預先儲存在應用程式100中之帳號資料解密,使得輸入模組120可以取得解密後之帳號資料,藉以完成帳號資料的輸入。 After the target selection module 110 selects the job target (step 210), the input module 120 can provide input account information (step 220). In this embodiment, it is assumed that the user can pre-set the account data in the application 100, and the encryption and decryption module 150 can encrypt the account data set by the user and store it. Thus, when the input module 120 needs to provide input account data. The encryption and decryption module 150 can decrypt the account data stored in the application 100 in advance, so that the input module 120 can obtain the decrypted account data, thereby completing the input of the account data.

之後,系統呼叫模組130可以呼叫作業系統11的應用程式介面,並透過所呼叫之應用程式介面將輸入模組120輸入帳號資料傳送給作業系統11,使得作業系統11可以判斷系統呼叫模組130所傳送之帳號資料中的目標帳號與相對應的密碼是否通過驗證(步驟230),並可以透過系統呼叫模組130所呼叫的應用程式介面將判斷結果傳回系統呼叫模組130。在本實施例中,假設系統呼叫模組130呼叫作業系統11的應用程式介面時,系統呼叫模組130需要獲得帳號資訊使用權限,否則作業系統11將拒絕系統呼叫模組130的呼叫,則系統呼叫模組130可以先判斷使用者是否在作業系統11中先行設定應用程式100擁有帳號資訊使用權限,若使用者沒有預先設定應用程式100擁有帳號資訊使用權限,則系統呼叫模組130可以產生並顯示提示訊息以提示使用者設定應用程式100擁有帳號資訊使用權限,並可以在使用者設定應用程式100擁有帳號資訊使用權限後,再次判斷使用者是否在作業系統11中先行設定應用程式100擁有帳號資訊使 用權限;而若系統呼叫模組130判斷使用者已設定應用程式100擁有帳號資訊使用權限,則系統呼叫模組130可以順利的呼叫作業系統11所提供的應用程式介面,若使用者在安裝應用程式100時已設定應用程式100擁有帳號資訊使用權限,則系統呼叫模組130可以順利的呼叫作業系統11所提供的應用程式介面。 Thereafter, the system call module 130 can call the application interface of the operating system 11 and transmit the input data of the input module 120 to the operating system 11 through the called application interface, so that the operating system 11 can determine the system call module 130. Whether the target account and the corresponding password in the transmitted account data are verified (step 230), and the judgment result can be transmitted back to the system call module 130 through the application interface called by the system call module 130. In this embodiment, when the system call module 130 calls the application interface of the operating system 11, the system call module 130 needs to obtain the account information usage right, otherwise the operating system 11 will reject the call of the system call module 130, then the system The call module 130 can first determine whether the user has the right to use the account information in the operating system 11 to set the application 100. If the user does not preset the application 100 to have the account information usage right, the system call module 130 can generate and A prompt message is displayed to prompt the user to set the application 100 to have the account information usage right, and after the user setting application 100 has the account information usage permission, it can be determined again whether the user first sets the application 100 to have the account in the operating system 11. Information If the system call module 130 determines that the user has set the application 100 to have the account information usage right, the system call module 130 can smoothly call the application interface provided by the operating system 11 if the user is installing the application. When the program 100 has set the application 100 to have the account information usage right, the system call module 130 can smoothly call the application interface provided by the operating system 11.

在作業系統11透過系統呼叫模組130所呼叫的應用程式介面將判斷結果傳回系統呼叫模組130後,若加解密模組150判斷輸入模組120提供輸入的帳號資料沒有通過驗證,則應用程式100可以產生錯誤訊息並關閉。 After the operating system 11 transmits the determination result to the system call module 130 through the application interface called by the system call module 130, if the encryption and decryption module 150 determines that the input account data provided by the input module 120 has not passed the verification, the application is applied. Program 100 can generate an error message and close.

而若加解密模組150判斷輸入模組120提供輸入的帳號資料通過驗證,則加解密模組150可以使用輸入模組120輸入帳號資料中的密碼執行加密或解密作業(步驟250)。在本實施例中,由於此時應用程式100準備要存取資料庫,因此,加解密模組150可以依據應用程式100的定義執行解密作業,也就是使用輸入模組120所輸入之密碼解密應用程式100的資料庫。 If the encryption and decryption module 150 determines that the input account module provides the input account data for verification, the encryption and decryption module 150 can use the input module 120 to input the password in the account data to perform an encryption or decryption operation (step 250). In this embodiment, since the application 100 is ready to access the database at this time, the encryption and decryption module 150 can perform the decryption operation according to the definition of the application 100, that is, decrypt the application by using the password input by the input module 120. The database of program 100.

在應用程式100被關閉時,本創作同樣會被執行以加密需要被保護的資料庫。首先,目標選擇模組110可以選擇作業目標(步驟210)。在本實施例中,應用程式100同樣可以定義作業目標為資料庫,如此,目標選擇模組110可以依據應用程式100的定義,選擇資料庫做為作業目標。 When the application 100 is closed, the author will also be executed to encrypt the database that needs to be protected. First, the target selection module 110 can select a job target (step 210). In this embodiment, the application 100 can also define the job target as a database. Thus, the target selection module 110 can select the database as the job target according to the definition of the application 100.

在目標選擇模組110選擇作業目標(步驟210)後,輸入模組120可以提供輸入帳號資料(步驟220)。在本實施例中,假設輸入模組120可以直接使用前述解密資料庫時所取得的帳號資料,也可以如前述,由加解密模組150可以將使用者預先在應用程式100中所設定之帳號資料解密,使得輸入模組120取得解密後之帳號資料以完成帳號資料的輸入。 After the target selection module 110 selects the job target (step 210), the input module 120 can provide input account information (step 220). In this embodiment, it is assumed that the input module 120 can directly use the account data obtained when the decrypted database is used. Alternatively, as shown above, the encryption and decryption module 150 can set the account set by the user in the application 100 in advance. The data is decrypted, so that the input module 120 obtains the decrypted account data to complete the input of the account data.

之後,系統呼叫模組130可以呼叫作業系統11的應用程式介面,並透過所呼叫之應用程式介面將輸入模組120輸入帳號資料傳送給作業系統11,使得作業系統11可以判斷系統呼叫模組130所傳送之帳號資料中的目標帳號與相對應的密碼是否通過驗證(步驟230),並可以透過系統呼叫模組130所呼叫的應用程式介面將判斷結果傳回系統呼叫模組130。 Thereafter, the system call module 130 can call the application interface of the operating system 11 and transmit the input data of the input module 120 to the operating system 11 through the called application interface, so that the operating system 11 can determine the system call module 130. Whether the target account and the corresponding password in the transmitted account data are verified (step 230), and the judgment result can be transmitted back to the system call module 130 through the application interface called by the system call module 130.

若加解密模組150判斷輸入模組120提供輸入的帳號資料通過驗證,則加解密模組150可以使用輸入模組120輸入之帳號資料中的密碼執行加密或解密作業(步驟250)。在本實施例中,由於此時應用程式100準備要關閉,因此,加解密模組150可以依據應用程式100的定義執行加密作業,也就是使用輸入模組120所輸入之密碼加密應用程式100的資料庫。 If the encryption and decryption module 150 determines that the input account data provided by the input module 120 is verified, the encryption and decryption module 150 can perform an encryption or decryption operation using the password in the account data input by the input module 120 (step 250). In this embodiment, since the application 100 is ready to be closed at this time, the encryption and decryption module 150 can perform an encryption operation according to the definition of the application 100, that is, using the password input by the input module 120 to encrypt the application 100. database.

如此,透過本創作,應用程式100中所記錄的資料可以獲得保護,同時,即使應用程式100被備份到不同裝置上執行,只要安裝應用程式之裝置的作業系統11提供本創作所呼叫之應用程式介面,應用程式100的資料庫同樣可以順利的完成解密與加密作業,不會因為安裝在不同裝置上而導致無法存取原有的資料。 Thus, through the creation, the data recorded in the application 100 can be protected, and even if the application 100 is backed up to be executed on a different device, the operating system 11 of the device in which the application is installed provides the application called by the author. Interface, the application library's database can also successfully complete the decryption and encryption operations, and will not be able to access the original data because it is installed on different devices.

上述兩實施例中,在加解密模組150使用輸入模組120輸入之帳號資料中的密碼加密或解密目標選擇模組110所選擇的作業目標時(步驟250)時,加解密模組150可以先依據輸入模組120輸入之密碼產生金鑰,再使用金鑰加密或解密作業目標。例如,當輸入模組120提供輸入之密碼為手勢、圖片、或是選擇特定的選項時,加解密模組150可以依據被輸入之手勢的軌跡、圖片的資訊或圖片分析後的資料、或被選擇之選項的內容或相對應的資料產生金鑰,再使用金鑰加密或解密作業目標。 In the above two embodiments, when the encryption/decryption module 150 encrypts or decrypts the job target selected by the target selection module 110 by using the password in the account data input by the input module 120 (step 250), the encryption and decryption module 150 may The key is generated according to the password input by the input module 120, and then the key is used to encrypt or decrypt the job target. For example, when the input module 120 provides the input password as a gesture, a picture, or selects a specific option, the encryption and decryption module 150 can be based on the trajectory of the input gesture, the information of the picture, or the information analyzed by the picture, or Select the content of the selected option or the corresponding data to generate the key, and then use the key to encrypt or decrypt the job target.

綜上所述,可知本創作與先前技術之間的差異在於具有計算設備的應用程式在輸入帳號資料後,呼叫運行在計算設備中之作業系統的應用程式介面,使作業系統判斷帳號資料是否通過驗證,並在帳號資料通過驗證時,應用程式使用密碼加密或解密作業目標之技術手段,藉由此一技術手段可以來解決先前技術所存在安全性較高之加密方式僅有部分應用程式適合使用的問題,進而達成使應用程式之加密方式兼顧安全性與可用性的技術功效。 In summary, it can be seen that the difference between the present creation and the prior art is that the application having the computing device calls the application interface of the operating system running in the computing device after inputting the account data, so that the operating system determines whether the account data passes. Verification, and when the account data is verified, the application uses the password to encrypt or decrypt the target of the job. This technology can solve the security method with high security in the prior art. Only some applications are suitable for use. The problem, in turn, achieves the technical power of making the application encrypted with both security and usability.

再者,本創作之透過作業系統驗證密碼以進行加解密之方法,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。 Furthermore, the method for verifying passwords through the operating system for encryption and decryption can be implemented in hardware, software or a combination of hardware and software, or can be implemented in a centralized manner in a computer system or distributed in different components. The decentralized implementation of several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。 Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.

Claims (10)

一種透過作業系統驗證密碼以進行加解密之計算設備,該計算設備至少包含: 一周邊輸入裝置; 一匯流排; 一處理器,透過該匯流排與該周邊輸入裝置電性連接,用以執行一作業系統及安裝於該作業系統中之一應用程式,藉以透過該周邊輸入裝置提供輸入一帳號資料,該帳號資料包含該作業系統所記錄之一目標帳號及與該目標帳號對應之一密碼,及用以提供該應用程式選擇一作業目標,並提供該應用程式呼叫該作業系統之一應用程式介面,使該作業系統判斷該帳號資料是否通過驗證,並提供該應用程式於該帳號資料通過驗證時,使用該密碼加密或解密該作業目標。A computing device for verifying a password through an operating system for encryption and decryption, the computing device comprising: at least one peripheral input device; a bus bar; a processor electrically connected to the peripheral input device through the bus bar for performing a An operating system and an application installed in the operating system, by which an input account data is provided through the peripheral input device, the account data includes a target account recorded by the operating system and a password corresponding to the target account, and Providing the application to select a job target, and providing the application to call an application interface of the operating system, so that the operating system determines whether the account data is verified, and provides the application when the account data is verified. Use this password to encrypt or decrypt the job target. 如申請專利範圍第1項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該作業目標為該應用程式中之至少一檔案或安裝於該作業系統中之至少一其他程式或檔案。The computing device for verifying a password through an operating system for encrypting and decrypting as described in claim 1, wherein the job target is at least one file in the application or at least one other program or file installed in the operating system. . 如申請專利範圍第1項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該處理器是提供該應用程式呼叫該作業系統之另一應用程式介面以取得該作業系統所記錄之所有帳號,並提供該應用程式依據該周邊輸入裝置所產生之一帳號選擇訊號由該些帳號中選出其中之一做為該目標帳號,及提供該應用程式依據該周邊輸入裝置所產生之一密碼輸入訊號產生與該目標帳號對應之該密碼。A computing device for verifying a password through an operating system for encrypting and decrypting as described in claim 1, wherein the processor is to provide the application to call another application interface of the operating system to obtain the record recorded by the operating system. All accounts, and providing one of the account selection signals generated by the application according to the peripheral input device, one of the accounts is selected as the target account, and providing the application with a password generated according to the peripheral input device The input signal generates the password corresponding to the target account. 如申請專利範圍第3項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該密碼輸入訊號是由該周邊輸入裝置提供依序輸入字母、數字、與符號產生、提供輸入手勢產生、或提供選擇圖片產生。The computing device for verifying a password through an operating system to perform encryption and decryption according to claim 3, wherein the password input signal is provided by the peripheral input device to sequentially input letters, numbers, and symbols, and provide input gestures. Or provide a selection of images to generate. 如申請專利範圍第1項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該處理器更用以判斷該應用程式是否獲得該作業系統之一帳號資訊使用權限,並於該應用程式獲得該帳號資訊使用權限時,提供該應用程式呼叫該應用程式介面。The computing device for verifying a password through the operating system to perform encryption and decryption according to the first aspect of the patent application, wherein the processor is further configured to determine whether the application obtains an account information usage right of the operating system, and the application When the program obtains access to the account information, the application is provided to call the application interface. 如申請專利範圍第1項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該處理器更用以提供該應用程式依據該密碼產生一金鑰,並使用該金鑰加密或解密該作業目標。The computing device for verifying a password for decryption and decryption through an operating system according to claim 1, wherein the processor is further configured to provide the application to generate a key according to the password, and use the key to encrypt or decrypt the key. The job target. 如申請專利範圍第6項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該密碼是圖片之數量及/或順序、或手勢的軌跡。The computing device that verifies the password through the operating system to perform encryption and decryption as described in claim 6 of the patent application, wherein the password is the number and/or order of the pictures, or the trajectory of the gesture. 如申請專利範圍第6項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該處理器是提供該應用程式依據設定選擇該作業目標,或提供該應用程式依據周邊輸入裝置所產生之操作訊號選擇該作業目標。A computing device for verifying a password through an operating system for encrypting and decrypting as described in claim 6 wherein the processor provides the application to select the job target according to the setting, or provides the application according to the peripheral input device. The operation signal selects the job target. 如申請專利範圍第6項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該處理器更用以提供該應用程式加密該帳號資料,使該應用程式儲存加密後之該帳號資料。The computing device for verifying a password for decryption and decryption through an operating system as described in claim 6, wherein the processor is further configured to provide the application to encrypt the account data, so that the application stores the encrypted account data. . 如申請專利範圍第9項所述之透過作業系統驗證密碼以進行加解密之計算設備,其中該處理器更用以提供該應用程式解密該帳號資料,使該應用程式取得該帳號資料。The computing device for verifying a password for decryption and decryption through the operating system, as described in claim 9, wherein the processor is further configured to provide the application to decrypt the account data, so that the application obtains the account data.
TW107212896U 2018-09-21 2018-09-21 Computing equipment using password of operating system to encrypt and decrypt TWM575144U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107212896U TWM575144U (en) 2018-09-21 2018-09-21 Computing equipment using password of operating system to encrypt and decrypt

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107212896U TWM575144U (en) 2018-09-21 2018-09-21 Computing equipment using password of operating system to encrypt and decrypt

Publications (1)

Publication Number Publication Date
TWM575144U true TWM575144U (en) 2019-03-01

Family

ID=66591602

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107212896U TWM575144U (en) 2018-09-21 2018-09-21 Computing equipment using password of operating system to encrypt and decrypt

Country Status (1)

Country Link
TW (1) TWM575144U (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI709099B (en) * 2018-09-21 2020-11-01 臺灣網路認證股份有限公司 System for encrypting and decrypting through operation system verifies code and method thereof
TWI757925B (en) * 2020-10-22 2022-03-11 臺灣網路認證股份有限公司 System for making two applications run simultaneously by calling input program and method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI709099B (en) * 2018-09-21 2020-11-01 臺灣網路認證股份有限公司 System for encrypting and decrypting through operation system verifies code and method thereof
TWI757925B (en) * 2020-10-22 2022-03-11 臺灣網路認證股份有限公司 System for making two applications run simultaneously by calling input program and method thereof

Similar Documents

Publication Publication Date Title
CN101529366B (en) Identification and visualization of trusted user interface objects
CN104982005B (en) Implement the computing device and method of the franchise cryptographic services in virtualized environment
US9582656B2 (en) Systems for validating hardware devices
CN100470565C (en) Secure license management
CN107431924B (en) Device theft protection associating device identifiers with user identifiers
WO2017034312A1 (en) Apparatus and method for trusted execution environment based secure payment transactions
CN109104281A (en) Tokenized hardware security module
EP2947594A2 (en) Protecting critical data structures in an embedded hypervisor system
US11228421B1 (en) Secure secrets to mitigate against attacks on cryptographic systems
TW201539247A (en) Password input and verification method and system thereof
TW201723918A (en) Secure subsystem
CN112149144A (en) Aggregate cryptographic engine
CN105283921A (en) Non-volatile memory operations
GB2522032A (en) Controlling the configuration of computer systems
CN113574828A (en) Security chip, security processing method and related equipment
TWM575144U (en) Computing equipment using password of operating system to encrypt and decrypt
US20150227755A1 (en) Encryption and decryption methods of a mobile storage on a file-by-file basis
US10148669B2 (en) Out-of-band encryption key management system
US20190273609A1 (en) Mutually authenticated adaptive management interfaces for interaction with sensitive infrastructure
EP3044721B1 (en) Automatic pairing of io devices with hardware secure elements
WO2023061262A1 (en) Image processing method and apparatus, and device and storage medium
US8935771B2 (en) System, method, and computer security device having virtual memory cells
TWI709099B (en) System for encrypting and decrypting through operation system verifies code and method thereof
TW200846972A (en) Method for generating and using a key for encryption and decryption in a computer device
TWI690192B (en) System for providing signature entities to sign electronic document in order for generating signed document and method thereof

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees