WO2009018684A1 - The keyboard for encrypting and authenticating against trojan horse with one time key - Google Patents

The keyboard for encrypting and authenticating against trojan horse with one time key Download PDF

Info

Publication number
WO2009018684A1
WO2009018684A1 PCT/CN2007/002383 CN2007002383W WO2009018684A1 WO 2009018684 A1 WO2009018684 A1 WO 2009018684A1 CN 2007002383 W CN2007002383 W CN 2007002383W WO 2009018684 A1 WO2009018684 A1 WO 2009018684A1
Authority
WO
WIPO (PCT)
Prior art keywords
keyboard
authentication
key
main chip
data
Prior art date
Application number
PCT/CN2007/002383
Other languages
French (fr)
Chinese (zh)
Inventor
Kamfu Wong
Original Assignee
Kamfu Wong
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kamfu Wong filed Critical Kamfu Wong
Priority to PCT/CN2007/002383 priority Critical patent/WO2009018684A1/en
Priority to CN200780100185.1A priority patent/CN101933315B/en
Publication of WO2009018684A1 publication Critical patent/WO2009018684A1/en
Priority to HK11105543.8A priority patent/HK1151660A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • An encrypted authentication keyboard that can be used against Trojan horses with a disposable one-time key
  • the present invention relates to the field of information transmission security, and in particular to an encrypted authentication keyboard for authentication
  • Some organizations that require high network security such as financial institutions, use some two-factor authentication methods to combat hackers, such as using security tokens (Token).
  • Token security tokens
  • the security encoder when the user logs in to the financial institution's server, the security encoder generates a code. In addition to entering the correct user password, the user must enter the correct code to log in to the financial institution's server.
  • These security encoders usually have a built-in key. When used, the security coder generates a security code by complex algorithm calculation according to factors such as time, and uses the same key in the financial institution's server, according to time. The factor is calculated by the same algorithm to generate a code.
  • the code generated by the financial institution's server is the same as the security code generated by the security codec, the identity of the security coder can be authenticated, and the user password is checked. At the same time, the security code and user password can be authenticated to log in successfully.
  • this two-factor authentication method can improve the network security problem, some network security problems are still not properly solved. For example, some hackers use various intrusion methods to place the Trojan horse in the user's computer and connect to the user.
  • the financial institution's server intercepts the data input by the user on the computer keyboard through the Trojan horse program, including the account number, the account password and the security code input by the user, the hacker immediately logs in to the financial institution's server and steals the data according to the intercepted data. Money in the user's account. Many people I am afraid that my computer may be hacked and installed a Trojan horse program, so I dare not use the financial transaction service of financial institutions. This is an extremely problem to be solved.
  • the object of the present invention is to achieve such an encryption authentication keyboard for authenticating identity and encrypting data, characterized in that the main structure of the keyboard includes a main chip (1), a keyboard controller (2), Button (3), communication interface (4), mode button (5), display device (6), the encrypted authentication keyboard has a standard mode and an encryption mode, and in the standard mode, the data input on the button (3) It will be directly output on the communication interface (4).
  • the encryption mode the data input on the button (3) will be temporarily saved on the main chip (1).
  • press the mode button (5) once to switch to the standard mode.
  • the main chip (1) extracts an unused key according to a predetermined program (A) encrypts the temporarily stored data and then outputs it through the communication interface (4).
  • the main chip (1) is provided with a CPU and a memory, and is connected with a keyboard controller (2), a communication interface (4), a display device (6) and the like, and operates according to a predetermined program to realize the identity of the authenticated user in the server and
  • Each of the predetermined functions includes encrypting the data input by the user in the encryption mode, displaying the prompt information through the display device (6), transmitting the data through the communication interface (4), and the keyboard controller (2) and each button (3)
  • the mode key (5) is connected, operates according to a predetermined program, realizes reading the data input by the user through each button (3), and transmits the data input by the user to the main chip (1) for further processing; as well as,
  • the main chip ⁇ uses the key input by the user in the encryption mode through each button (3) to the key
  • ( ⁇ ) Encrypt the input data and transmit it to the server through the communication interface (4).
  • the server decrypts the data using the key ( ⁇ ) paired with the key ( ⁇ ) to restore the data input by the user, and Check the content of the data. After checking, the user's identity authentication is successful, and then the server will perform corresponding operations according to the data content.
  • the main chip (1) of the encrypted authentication keyboard of the present invention is instantly transmitted by the keyboard controller (2) to the main chip (1) by the main chip (1).
  • the display device (6) instantly displays the data input by the user, and temporarily stores the data in the main chip (1).
  • the main chip (1) When the data temporarily stored in the main chip (1) reaches the specified size, or when the operating mode of the main chip (1) is switched from the encryption mode to the standard mode, the main chip (1) will be from the main chip (1) according to a predetermined program. Extract an unused key ( ⁇ ) and an index number (C) corresponding to the key ( ⁇ ), and use the key ( ⁇ ) to encrypt the data temporarily stored in the encryption mode together with the chip number (D).
  • the ciphertext, and then the ciphertext, the index number (C), the chip number (D), and the like constitute an authentication package, and the authentication package is transmitted to the server through the communication interface (4) output, and the server adopts the key ( ⁇ )
  • the paired key ( ⁇ ) decrypts the ciphertext to restore the data entered by the user, and after the main chip (1) encrypts the temporarily stored data, the temporarily stored data is deleted, and the piece is deleted.
  • the key ( ⁇ ) is deleted or discarded or marked as used, so that the key ( ⁇ ) is not used again by the main chip (1).
  • the invention has the advantages that the user can input important information on the keyboard in the encryption mode, and the key data is encrypted by using the one-time key, and then sent out by the keyboard, even if the hacker uses the Trojan horse program to intercept The encrypted data sent from the keyboard is taken, and the content of the important data input by the user cannot be cracked.
  • the keyboard of the present invention is particularly suitable for the online banking service requiring high security, and the account number can be secretly entered through the keyboard of the present invention. , sensitive account information such as account password and amount.
  • FIG. 1 is a block diagram of a first embodiment of an encrypted authentication keyboard of the present invention
  • FIG. 2 is a block diagram of a second embodiment of the encrypted authentication keyboard of the present invention
  • FIG. 3 is an encrypted authentication of the present invention
  • FIG. 4 is a schematic perspective view of a fourth embodiment of the cryptographic authentication keyboard of the present invention
  • FIG. 5 is a perspective view of a fifth embodiment of the cryptographic authentication keyboard of the present invention.
  • Figure 6 is a schematic perspective view of a sixth embodiment of the encryption authentication keyboard of the present invention
  • Figure 7 is a block diagram showing a seventh embodiment of the encryption authentication keyboard of the present invention
  • FIG. 9 is a schematic perspective view showing the ninth embodiment of the cryptographic authentication keyboard of the present invention.
  • FIG. In the figures, the same numerals represent the same devices and components, and the drawings are schematic for illustrating the main features and configurations of the keyboard of the present invention.
  • FIG. 1 is a block diagram of a first embodiment of an encryption authentication keyboard of the present invention.
  • the main structure of the encryption authentication keyboard shown in the figure includes a main chip (1) and a keyboard controller (2).
  • the display device (6) and the like are connected, operate according to a predetermined program, and realize the identity of the authenticated user in the server and various predetermined functions, including encrypting the data input by the user in the encryption mode, displaying the prompt information through the display device (6),
  • the data is transmitted through the communication interface (4), and the keyboard controller (2) is connected to each button (3) and the mode button (5), and operates according to a predetermined program, so that the reading user inputs through each button (3).
  • the user input data is transferred to the main chip (1) for further processing; and, the main chip (1) will input the data input by the user through each button (3) in the encryption mode, and input with the key (A)
  • the data is encrypted, and then transmitted to the server through the communication interface (4>, and the server uses the key (B) paired with the key (A) to decrypt the data and restore the data input by the user, and check the data content, check After the error is correct, the user's identity authentication is successful, and then the server will perform corresponding operations according to the data content.
  • the communication interface (4) may be a wireless communication device, or a wired communication device, or a Bluetooth device, or an infrared device, or a USB interface, or an RS-232 interface, or a PS2 keyboard interface.
  • the main chip (1) shown in the figure further includes a unique chip number (D), and is provided with a plurality of keys (A) and a plurality of index numbers (C), each of which The index number (C) corresponds to a key (A), and each index number (C) is different from each other.
  • D unique chip number
  • the index number (C) corresponds to a key (A)
  • each index number (C) is different from each other.
  • the working mode of the main chip (1) of the cryptographic authentication keyboard of the present invention includes a standard mode and an encryption mode, wherein, in the standard mode, the data input by the user on the button (3) is immediately controlled by the keyboard controller (2) Transferred to the main chip (1), the main chip (1) directly transfers the data input by the user to the communication interface (4) output; in the encryption mode, the data input by the user on the button (3) is instantly controlled by the keyboard
  • the device (2) is transferred to the main chip (1), and the main chip (1) displays the data input by the user through the display device (6), and temporarily stores the data in the main chip (1);
  • the working mode of the main chip (1) is switched from the encryption mode to the standard mode
  • the main chip (1) will be from the main chip (1) according to a predetermined program.
  • the ciphertext, and then the ciphertext, the index number, the chip number (D), and the like constitute an authentication package, and the authentication package is output to the server through the communication interface (4), and the main chip (1) will temporarily store the data.
  • the key (A) is deleted or discarded or marked as used, so that the key (A) is not used again by the main chip (1).
  • each authentication account corresponds to a main chip of the keyboard (1), and the chip number (D) of the main chip (1) corresponding to the account is stored in the authentication account and one Account password, each authentication account stores multiple keys (B) and multiple index numbers (C), and each index number (C) corresponds to one key (B).
  • the key (B) in each authentication account is paired with the key (A) in the main chip (1) corresponding to the account, and each key (B) has a matching key (A).
  • Each pair of paired keys (A) and keys (B) have the same index number (C).
  • an authentication account is opened in the server in advance, and the server generates a plurality of pairs of keys and a plurality of sequential index numbers (C) in a random manner by various methods, each pair
  • the key is assigned an index number (C)
  • each pair of keys is stored in the main chip (1) and the authentication account of the encrypted authentication keyboard together with the assigned index number (C), and stored in the main chip (1). It is called the key (A), and the key (B) stored in the authentication account.
  • the encryption algorithm used is an asymmetric cryptographic algorithm, the key (A) and the key (B) are pairs of each other.
  • the key (A) is a pair of identical keys.
  • the data can be decrypted using the key (B) paired with the key (A).
  • various algorithms can be used, such as Data Encryption Standard (DES), Triple Data Encryption Standard (Triple-DES), RSA algorithm (RSA algorithm), one-time password ( One Time Pad), Public Key Infrastructure (PKI) and other algorithms can well achieve the object of the present invention.
  • DES Data Encryption Standard
  • Triple-DES Triple Data Encryption Standard
  • RSA algorithm RSA algorithm
  • PKI Public Key Infrastructure
  • the mode key (5) shown in the figure is mainly used to select the working mode of the main chip (1).
  • the main chip (1) In the standard mode, when the user presses the mode key (5) once, the main chip (1) is immediately Switching the operating mode to the encryption mode, and when the user presses the mode button (5) once, the main chip (1) immediately switches the operating mode to the standard mode.
  • the main chip (1) of the keyboard of the present invention is further provided with an unlock password. Before the working mode of the main chip (1) is switched from the standard mode to the encryption mode, the user must input the correct unlock password through the button (3), the main chip ( 1) Switch the working mode to the encryption mode. This further enhances the security of the cryptographic authentication keyboard of the present invention.
  • the cryptographic authentication keyboard of the present invention can be applied to terminals that need to transmit important data to a server, such as a computer, a mobile phone, a set top box remote controller, etc., and the terminal and the server are provided by the user using the cryptographic authentication keyboard of the present invention.
  • a server such as a computer, a mobile phone, a set top box remote controller, etc.
  • the terminal and the server are provided by the user using the cryptographic authentication keyboard of the present invention.
  • the server In the package, find the ciphertext, index number (C), chip number (D) from the contents of the authentication package, and find the authentication account corresponding to the chip number (D) in the server from the chip number (D).
  • the user extracts a key (B) from the authentication account with the index number (C) to decrypt the ciphertext and restore the data and chip number (D) input by the user.
  • the chip number (D) is checked.
  • the server can confirm that the authentication package is from the main chip that owns the chip number (D).
  • the key (B) will be deleted or discarded or marked as used, so that the key (B) will not be used by the server again.
  • a server refers to a host of a computer to be accessed by a user, such as a server of various types of online banking, a database server, an email server, and the like, a computer host or a computer system or a computer program that requires authentication of a user.
  • the encrypted authentication keyboard outputs the encrypted data to the server
  • the encrypted data is transmitted to the server through a device including a terminal connected to the encrypted authentication keyboard, a network, etc., for convenience of explanation, relevant in this specification. The description is omitted and is simply summarized as outputting data to the server.
  • FIG. 2 is a block diagram showing a second embodiment of the cryptographic authentication keyboard of the present invention.
  • the main structure of the main chip (1) shown in the figure includes a key card (101) and an interface circuit (102). And a connector (103), wherein the key fob (101) is a separate component separated from other components, and the interface circuit (102) is connected through the connector (103), the interface circuit (102) Connected to the keyboard controller (2), communication interface (4), mode button (5), display device (6) and other components, the key card (101) is equipped with CPU and memory, chip number (D), and more Strip key
  • the connector (103) may be a USB interface connector, or an SD memory card interface connector, or a MINI-SD memory card interface connector, or an MMC Memory card interface connector, or interface connector for memory card or memory card device such as RS-MMC memory card interface connector.
  • the second embodiment is different from the first embodiment in that, in the second embodiment, the main chip (1) is divided into two parts, a key card (101) and an interface circuit (102). Interface power The part of the road (102) and the keyboard controller (2), the button (3), the communication interface (4), the mode button (5), the display device (6), etc. are disposed in the keyboard, and through the connector (103) The key card (101) is plugged in. When the key card (101) is plugged into the keyboard through the connector (103), the user can encrypt the input data through the key card (101) in the encryption mode. The design of the keyboard and the key card (101) is different, so that different people can use the same encrypted authentication keyboard. As long as the user inserts his own key card (101) into the keyboard, the keyboard becomes the user immediately. The personal encryption authentication keyboard, after the use of the key card (101) is pulled out of the keyboard, the keyboard can be used by others.
  • FIG. 3 is a schematic perspective view showing the third embodiment of the encrypted authentication keyboard of the present invention
  • FIG. 4 is a schematic perspective view showing the fourth embodiment of the encrypted authentication keyboard of the present invention
  • 5 is a schematic perspective view of a fifth embodiment of the cryptographic authentication keyboard of the present invention
  • FIGS. 3 to 5 respectively show an example in which the present invention is applied to a terminal device, including the computer keyboard and the diagram shown in FIG.
  • the above examples are used to illustrate the features of the present invention.
  • the cryptographic authentication keyboard of the present invention can be applied to all devices having a keyboard for inputting data by the user.
  • the main chip (1) of the broken line portion shown in FIG. 1 and the keyboard controller (2) are combined into one controller, and for example, the interface circuit (102) and the connector of the broken line portion shown in FIG. 2 are 103) Combining with the keyboard controller (2) or the like as a controller, or combining the main chip (1), the keyboard controller (2), the communication interface (4), etc. into one unit, can also realize the present invention well The purpose is all within the scope of protection of the present invention.
  • FIG. 6 is a schematic perspective view of a sixth embodiment of the cryptographic authentication keyboard of the present invention, showing a portable small wireless keyboard, the main structure of the sixth embodiment and the second embodiment. Basically the same, except the communication of the encrypted authentication keyboard of the sixth embodiment
  • the interface (4) is an interface using a wireless communication method, and may be an infrared device, a Bluetooth device, or a wireless communication device used with a smart card wireless reader, or other wireless communication device.
  • the encryption authentication keyboard of this embodiment can be used for identity authentication purposes of bank cards such as credit cards and debit cards.
  • the key card ⁇ shown in FIG. 6 is a bank card issued by a financial institution, including various credit cards and loans.
  • a bank card such as a card is used in conjunction with an encrypted authentication keyboard and a store POS.
  • the key card (101) into the connector (103) of the encrypted authentication keyboard, input the bank account password and amount, encrypt the data input by the user by the encrypted authentication keyboard, and then put the card on the POS machine to read the card.
  • the encrypted data is transmitted to the bank's accounting server through the POS machine, and the bank's accounting server decrypts the encrypted data and checks the data content to verify the identity of the cardholder. After the verification is successful, the bank performs the relevant payment. operating.
  • FIG. 7 is a block diagram showing a seventh embodiment of the cryptographic authentication keyboard of the present invention.
  • the structure of the cryptographic authentication keyboard further includes a storage device interface (7).
  • the device interface (7) is connected to the external storage device (8), and is mainly used for storing the authentication package through the storage device interface (7) to the external storage device (8), and the storage device (8) Including various types of USB memory devices, SD memory cards, Mini-SD memory cards, MMC memory cards, RS-MCC memory cards and other memory devices.
  • the encrypted authentication keyboard of this embodiment can store the encrypted data, that is, the authentication data packet, through the communication interface (4), and can store the authentication data package in the storage device (8), and then transmit it to the server through other channels. .
  • FIG. 8 is a schematic perspective view of the eighth embodiment of the cryptographic authentication keyboard of the present invention.
  • the present embodiment is different from the previous embodiments in that the display of the cryptographic authentication keyboard of the eighth embodiment is different.
  • the device (6) is externally connected to the encryption authentication keyboard.
  • the display device (6) is both a display of the computer (9) and a display device (6) for encrypting the authentication keyboard, as shown in FIG. (6) Connected to the encrypted authentication keyboard via cable (601)
  • the display device (6) is connected to the display interface of the computer (9) through another cable (602), and the communication interface (4) of the encrypted authentication keyboard is connected to the keyboard interface of the computer (9) through the keyboard cable (401).
  • the data input on the button (3) will be directly output to the computer (9) in the communication interface (4); in the encryption mode, the data input on the button (3) will Immediately transmitted from the keyboard controller (2) to the main chip (1), the input data is instantly transmitted to the display device (6) by the main chip (1), and the main chip (1) temporarily stores the input data.
  • the display device (6) when the display device (6) receives the data transmitted from the encrypted authentication keyboard, the display device (6) immediately displays the received data on the screen of the display device (6) according to a predetermined program.
  • the display device (6) ends the display of the data transmitted by the encrypted authentication keyboard.
  • the advantage of this embodiment is that the display of the original computer (9) is used as the display device (6).
  • the general computer display is provided with a processor and a memory device, etc., as long as an interface is added in the display to receive the encrypted authentication keyboard.
  • the data output in the secret mode is OK, so that the encryption of the authentication keyboard can reduce the cost of setting the display, and the screen of the computer (9) has a larger screen area and can display more input data.
  • the object of the present invention can be well achieved regardless of whether the display device (6) of the encrypted authentication keyboard is externally connected to the computer (9) display or the manner of the foregoing embodiments. The scope of protection.
  • FIG. 8 shows that the embodiment can be further improved.
  • the cable (601) can be incorporated into the keyboard cable (401) and the cable (602), that is, one more group is added to the original keyboard cable (401). Wiring and pins, and a set of such wiring and pins are added to the cable (602). This additional set of wiring and pins is the wiring and pins of the original cable (601), and then through the computer (9). The additional set of wires and pins are connected from the keyboard interface to the display interface, which reduces the number of cables that are externally wired to the encrypted authentication keyboard, although a new set of wires and pins are added.
  • FIG. 9 is a schematic perspective view of a ninth embodiment of the cryptographic authentication keyboard of the present invention.
  • the present embodiment is different from the eighth embodiment in that the cryptographic authentication keyboard of the embodiment is disposed at On a notebook computer, the display screen of the notebook computer is a display device (6) for encrypting the authentication keyboard, the notebook computer is equal to the computer (9) in the eighth embodiment, and the encryption authentication keyboard and the computer (9) are integrated.
  • the components of the encrypted authentication keyboard and the computer (9) and the display device (6) constitute a notebook computer, and their operation modes and functions are the same as those of the eighth embodiment, and the present invention can be well realized. The purpose is all within the scope of protection of the present invention.
  • the cryptographic authentication keyboard of the invention has the advantages of simple structure, easy operation, safety and reliability, low cost, and can effectively counter the Trojan horse program, and ensures that some important data input through the terminal keyboard can be safely transmitted to the server, especially for some online banking services. It is also suitable for servers that involve confidential information, and its implementation will bring good social and economic benefits.

Abstract

The keyboard for encrypting and authenticating has normal mode and encryption mode. In the normal mode, the information inputted in the keyboard (3) is outputted through the communication interface (4) directly. In the encryption mode, the information inputted in the keyboard (3) is saved on the main chip (1) temporarily. When all the information is inputted, and the mode key (5) is pressed to change the encryption mode to the normal mode, the main chip (1) uses one key (A) which is not used before to encrypt the saved information, and outputs it through the communication interface (4). Because the information is not outputted in the encryption mode, and the information is encrypted by the one-time key before it is outputted. So even the encrypted information is obtained by the Trojan horse of hacker, the information can not be decrypted correctly.

Description

可对抗木马程式采用用完即弃一次性密钥的加密认证键盘  An encrypted authentication keyboard that can be used against Trojan horses with a disposable one-time key
【技术领域】 [Technical Field]
本发明涉及信息传送安全领域,特别是涉及一种用于认证的加密认证键 盘  The present invention relates to the field of information transmission security, and in particular to an encrypted authentication keyboard for authentication
【技术背景】 【technical background】
由于现时一般网络的安全性问题, 经常会发生黑客盗用他人账户的事 件, 一些对网络安全性要求高的机构, 例如金融机构, 采用一些双因素认 证手段来对抗黑客, 例如采用保安编码器 (Token Device) , 用户登入金 融机构的服务器时, 由保安编码器产生一个编码, 用户除了要输入正确的 用户口令外, 还要输入正确的编码才能登入金融机构的服务器。 这些保安 编码器一般内置有一条密钥, 使用时由保安编码器根据时间等因素, 通过 复杂的算法计算产生一个保安编码, 而在金融机构的服务器内也采用相同 的一条密钥, 根据时间等因素通过相同的算法计算产生一个编码, 如果金 融机构的服务器所产生的编码与接收到由保安编码器所产生的保安编码相 同, 就可认证该保安编码器的身份, 加上核对用户口令, 要同时通过保安 编码和用户口令的认证, 才能成功登入。 这种双因素认证手段虽然可以改 善网络安全的问题, 但仍然有部份网络保安问题未妥善解决, 例如一些黑 客采用各种入侵方法, 将木马程式置于用户的计算机内, 在用户连线到金 融机构的服务器时, 通过木马程式截取用户在计算机键盘上按键输入的资 料, 包括账户号码、 账户口令和用户输入的保安编码等, 然后黑客根据截 取到资料, 即时登入金融机构的服务器, 盜取用户账户内的钱。 很多人由 于害怕自己的计算机可能会被黑客入侵安装了木马程式, 所以不敢使用金 融机构的网上交易服务, 这是一个极待解决的问题。 Due to the current security problems of the general network, there are often incidents of hackers stealing other people's accounts. Some organizations that require high network security, such as financial institutions, use some two-factor authentication methods to combat hackers, such as using security tokens (Token). Device), when the user logs in to the financial institution's server, the security encoder generates a code. In addition to entering the correct user password, the user must enter the correct code to log in to the financial institution's server. These security encoders usually have a built-in key. When used, the security coder generates a security code by complex algorithm calculation according to factors such as time, and uses the same key in the financial institution's server, according to time. The factor is calculated by the same algorithm to generate a code. If the code generated by the financial institution's server is the same as the security code generated by the security codec, the identity of the security coder can be authenticated, and the user password is checked. At the same time, the security code and user password can be authenticated to log in successfully. Although this two-factor authentication method can improve the network security problem, some network security problems are still not properly solved. For example, some hackers use various intrusion methods to place the Trojan horse in the user's computer and connect to the user. When the financial institution's server intercepts the data input by the user on the computer keyboard through the Trojan horse program, including the account number, the account password and the security code input by the user, the hacker immediately logs in to the financial institution's server and steals the data according to the intercepted data. Money in the user's account. Many people I am afraid that my computer may be hacked and installed a Trojan horse program, so I dare not use the financial transaction service of financial institutions. This is an extremely problem to be solved.
【发明内容】 [Summary of the Invention]
本发明的目的,在于提供一种具有加密认证功能的键盘, 能将用户从键 盘上输入的重要敏感的资料加密后输出, 避免这些重要敏感的资料在传送 过程中外泄。  It is an object of the present invention to provide a keyboard having an encryption authentication function, which can encrypt and output important sensitive data input by a user from a keyboard to prevent these important sensitive materials from being leaked during transmission.
本发明的目的是这样实现的,采用这样一种加密认证键盘,用于认证身 份和加密资料, 其特征在于, 所述的键盘主要结构包括有主芯片 (1 ) 、 键 盘控制器(2)、按键(3)、通讯接口 (4)、模式键(5)、显示装置(6), 所述加密认证键盘,具有标准模式和加密模式, 在标准模式下,在按键(3) 上输入的资料会直接在通讯接口 (4) 输出, 在加密模式下, 在按键(3) 上输入的资料会暂时保存在主芯片 (1) , 输入完成后, 按一次模式键(5) 切换为标准模式时, 主芯片 (1)就会按预定程序提取一条未用的密钥 (A) 将暂存的资料加密, 然后通过通讯接口 (4) 输出。  The object of the present invention is to achieve such an encryption authentication keyboard for authenticating identity and encrypting data, characterized in that the main structure of the keyboard includes a main chip (1), a keyboard controller (2), Button (3), communication interface (4), mode button (5), display device (6), the encrypted authentication keyboard has a standard mode and an encryption mode, and in the standard mode, the data input on the button (3) It will be directly output on the communication interface (4). In the encryption mode, the data input on the button (3) will be temporarily saved on the main chip (1). After the input is completed, press the mode button (5) once to switch to the standard mode. The main chip (1) extracts an unused key according to a predetermined program (A) encrypts the temporarily stored data and then outputs it through the communication interface (4).
其中,  among them,
主芯片(1)内设有 CPU和存储器,并与键盘控制器(2)、通讯接口(4)、 显示装置(6)等部件相连接, 按预定程序运作, 实现认证用户在服务器的 身份和各项预定功能, 包括将用户在加密模式下输入的资料加密、 通过显 示装置 (6) 显示提示信息、 通过通讯接口 (4) 发送资料等, 以及, 键盘 控制器 (2)与各按键(3)及模式键(5)相连接, 按预定程序运作, 实现 读取用户通过各按键(3)输入的资料,将用户输入的资料传送到主芯片(1 ) 作进一步处理; 以及, The main chip (1) is provided with a CPU and a memory, and is connected with a keyboard controller (2), a communication interface (4), a display device (6) and the like, and operates according to a predetermined program to realize the identity of the authenticated user in the server and Each of the predetermined functions includes encrypting the data input by the user in the encryption mode, displaying the prompt information through the display device (6), transmitting the data through the communication interface (4), and the keyboard controller (2) and each button (3) And the mode key (5) is connected, operates according to a predetermined program, realizes reading the data input by the user through each button (3), and transmits the data input by the user to the main chip (1) for further processing; as well as,
主芯片 α)将用户在加密模式下通过各按键(3)输入的资料, 以密钥 The main chip α) uses the key input by the user in the encryption mode through each button (3) to the key
(Α) 将输入的资料加密, 再通过通讯接口 (4) 传送给服务器, 由服务器 使用与该密钥 (Α) 相配对的密钥 (Β)将资料解密还原出用户所输入的资 料, 并核对资料内容, 核对无误后表示用户的身份认证成功, 然后服务器 才会根据资料内容进行相应的操作。 (Α) Encrypt the input data and transmit it to the server through the communication interface (4). The server decrypts the data using the key (Β) paired with the key (Α) to restore the data input by the user, and Check the content of the data. After checking, the user's identity authentication is successful, and then the server will perform corresponding operations according to the data content.
以及,  as well as,
本发明的加密认证键盘的主芯片(1 )在加密模式下,用户在各按键(3) 上输入的资料会即时由键盘控制器(2)传送到主芯片(1), 由主芯片(1 ) 通过显示装置(6) 即时将用户所输入的资料显示出来, 并将所述的资料暂 时保存在主芯片 (1) 内。  In the encryption mode, the main chip (1) of the encrypted authentication keyboard of the present invention is instantly transmitted by the keyboard controller (2) to the main chip (1) by the main chip (1). The display device (6) instantly displays the data input by the user, and temporarily stores the data in the main chip (1).
当主芯片(1) 内暂存的资料到达指定的大小时, 或主芯片(1 ) 的工作 模式由加密模式切换为标准模式时,主芯片(1)会按预定程序从主芯片(1) 内提取一条未用的密钥 (Α)和对应该密钥 (Α) 的索引号(C) , 使用该密 钥(Α)将在加密模式下暂存的资料连同芯片编号 (D)进行加密成为密文, 然后将密文、 索引号 (C) 、 芯片编号 (D) 等组成认证资料包, 并将该认 证资料包通过通讯接口(4)输出传送给服务器, 由服务器采用与该密钥(Α) 相配对的密钥(Β)将密文解密还原出用户所输入的资料, 以及,主芯片(1) 将暂存的资料加密后, 就会将暂存的资料删除, 并将该条密钥 (Α)删除或 弃置或标记为已用, 使该条密钥 (Α) 不会再次被主芯片 (1 )使用。  When the data temporarily stored in the main chip (1) reaches the specified size, or when the operating mode of the main chip (1) is switched from the encryption mode to the standard mode, the main chip (1) will be from the main chip (1) according to a predetermined program. Extract an unused key (Α) and an index number (C) corresponding to the key (Α), and use the key (Α) to encrypt the data temporarily stored in the encryption mode together with the chip number (D). The ciphertext, and then the ciphertext, the index number (C), the chip number (D), and the like constitute an authentication package, and the authentication package is transmitted to the server through the communication interface (4) output, and the server adopts the key ( Α) The paired key (Β) decrypts the ciphertext to restore the data entered by the user, and after the main chip (1) encrypts the temporarily stored data, the temporarily stored data is deleted, and the piece is deleted. The key (Α) is deleted or discarded or marked as used, so that the key (Α) is not used again by the main chip (1).
这样就实现了本发明的目的。  This achieves the object of the present invention.
本发明的优点是用户可于加密模式下在键盘输入的重要资料,而且是采 用一次性密钥将重要资料加密后才由键盘送出, 即使黑客釆用木马程式截 取了从键盘送出的已加密资料, 也无法破解出用户所输入的重要资料的内 容, 本发明的键盘特别适合应用于要求高度安全性的网上银行服务, 通过 本发明的键盘可以保密输入账户号码、 账户口令、 金额等敏感重要资料。 The invention has the advantages that the user can input important information on the keyboard in the encryption mode, and the key data is encrypted by using the one-time key, and then sent out by the keyboard, even if the hacker uses the Trojan horse program to intercept The encrypted data sent from the keyboard is taken, and the content of the important data input by the user cannot be cracked. The keyboard of the present invention is particularly suitable for the online banking service requiring high security, and the account number can be secretly entered through the keyboard of the present invention. , sensitive account information such as account password and amount.
【附图说明】 [Description of the Drawings]
图 1是本发明的加密认证键盘的第一实施例的方框结构说明图; 图 2是本发明的加密认证键盘的第二实施例的方框结构说明图; 图 3是本发明的加密认证键盘的第三实施例的形像化立体示意图; 图 4是本发明的加密认证键盘的第四实施例的形像化立体示意图; 图 5是本发明的加密认证键盘的第五实施例的形像化立体示意图; 图 6是本发明的加密认证键盘的第六实施例的形像化立体示意图; 图 7是本发明的加密认证键盘的第七实施例的方框结构说明图; 图 8是本发明的加密认证键盘的第八实施例的形像化立体示意图; 图 9是本发明的加密认证键盘的第九实施例的形像化立体示意图。 图中, 相同的数字代表相同的装置、 部件器件, 附图是示意性的, 用以 说明本发明的键盘的主要特征和构成。  1 is a block diagram of a first embodiment of an encrypted authentication keyboard of the present invention; FIG. 2 is a block diagram of a second embodiment of the encrypted authentication keyboard of the present invention; FIG. 3 is an encrypted authentication of the present invention; FIG. 4 is a schematic perspective view of a fourth embodiment of the cryptographic authentication keyboard of the present invention; FIG. 5 is a perspective view of a fifth embodiment of the cryptographic authentication keyboard of the present invention. Figure 6 is a schematic perspective view of a sixth embodiment of the encryption authentication keyboard of the present invention; Figure 7 is a block diagram showing a seventh embodiment of the encryption authentication keyboard of the present invention; FIG. 9 is a schematic perspective view showing the ninth embodiment of the cryptographic authentication keyboard of the present invention. FIG. In the figures, the same numerals represent the same devices and components, and the drawings are schematic for illustrating the main features and configurations of the keyboard of the present invention.
【具体实施方式】 【detailed description】
下面结合附图, 对本发明的方法作进一步详细说明。  The method of the present invention will be further described in detail below with reference to the accompanying drawings.
参阅图 1, 图 1是本发明的加密认证键盘的第一实施例的方框结构说明 图,图中示出的加密认证键盘主要结构包括有主芯片(1 )、键盘控制器(2)、 按键 (3) 、 通讯接口 (4) 、 模式键 (5) 、 显示装置 (6) , 其中, 主芯 片 (1 ) 内设有 CPU和存储器, 并与键盘控制器(2) 、 通讯接口 (4) 、 显 示装置 (6)等部件相连接, 按预定程序运作, 实现认证用户在服务器的身 份和各项预定功能, 包括将用户在加密模式下输入的资料加密、 通过显示 装置 (6) 显示提示信息、 通过通讯接口 (4) 发送资料等, 以及, 键盘控 制器(2) 与各按键(3)及模式键(5)相连接, 按预定程序运作, 实现读 取用户通过各按键(3)输入的资料, 将用户输入的资料传送到主芯片 (1) 作迸一步处理; 以及, 主芯片 (1 )将在加密模式下用户通过各按键 (3) 输入的资料, 以密钥 (A)将输入的资料加密, 再通过通讯接口 (4〉 传送 给服务器, 由服务器使用与该密钥 (A) 相配对的密钥 (B) 将资料解密还 原出用户所输入的资料, 并核对资料内容, 核对无误后表示用户的身份认 证成功, 然后服务器才会根据资料内容进行相应的操作。 1 is a block diagram of a first embodiment of an encryption authentication keyboard of the present invention. The main structure of the encryption authentication keyboard shown in the figure includes a main chip (1) and a keyboard controller (2). Button (3), communication interface (4), mode button (5), display device (6), wherein the main chip (1) is provided with a CPU and a memory, and a keyboard controller (2), a communication interface (4) ) The display device (6) and the like are connected, operate according to a predetermined program, and realize the identity of the authenticated user in the server and various predetermined functions, including encrypting the data input by the user in the encryption mode, displaying the prompt information through the display device (6), The data is transmitted through the communication interface (4), and the keyboard controller (2) is connected to each button (3) and the mode button (5), and operates according to a predetermined program, so that the reading user inputs through each button (3). Data, the user input data is transferred to the main chip (1) for further processing; and, the main chip (1) will input the data input by the user through each button (3) in the encryption mode, and input with the key (A) The data is encrypted, and then transmitted to the server through the communication interface (4>, and the server uses the key (B) paired with the key (A) to decrypt the data and restore the data input by the user, and check the data content, check After the error is correct, the user's identity authentication is successful, and then the server will perform corresponding operations according to the data content.
其中,  among them,
所述的通讯接口 (4)可以是无线通讯装置、 或有线通讯装置、 或蓝芽 装置、 或红外线装置、 或 USB接口、 或 RS- 232接口、 或 PS2键盘接口。  The communication interface (4) may be a wireless communication device, or a wired communication device, or a Bluetooth device, or an infrared device, or a USB interface, or an RS-232 interface, or a PS2 keyboard interface.
继续参阅图 1, 图中示出的主芯片 (1) 内还包括有一个唯一的芯片编 号 (D) , '并设有多条密钥 (A) 和多个索引号 (C) , 每一个索引号 (C) 对应一条密钥 (A) , 以及, 各个索引号 (C) 是互不相同的。  Continuing to refer to FIG. 1, the main chip (1) shown in the figure further includes a unique chip number (D), and is provided with a plurality of keys (A) and a plurality of index numbers (C), each of which The index number (C) corresponds to a key (A), and each index number (C) is different from each other.
此外, 本发明的加密认证键盘的主芯片 (1 ) 的工作模式包括有标准模 式和加密模式, 其中, 在标准模式下, 用户在按键(3)上输入的资料会即 时由键盘控制器(2)传送到主芯片 (1 ) , 由主芯片 (1 )将用户输入的资 料直接转到通讯接口 (4)输出; 在加密模式下, 用户在按键(3) 上输入 的资料会即时由键盘控制器(2)传送到主芯片(1 ) , 由主芯片 (1 )通过 显示装置(6) 即时将用户所输入的资料显示出来, 并将所述的资料暂时保 存在主芯片 (1) 内; 当主芯片 (1 ) 的工作模式由加密模式切换为标准模 式时, 或主芯片 (1 ) 内暂存的资料到达指定的大小时, 例如暂存的资料的 大小为 16位元组时, 主芯片 (1)会按预定程序从主芯片 (1) 内提取一条 未用的密钥 (A) 和对应该密钥 (A) 的索引号 (C) , 使用该密钥 (A)将 在加密模式下暂存的资料连同芯片编号(D)进行加密成为密文, 然后将密 文、 索引号、 芯片编号 (D) 等组成认证资料包, 并将该认证资料包通过通 讯接口 (4) 输出给服务器, 以及, 主芯片 (1 ) 将暂存的资料加密后, 就 会将该条密钥 (A) 删除或弃置或标记为已用', 使该条密钥 (A) 不会再次 被主芯片 (1 ) 使用。 In addition, the working mode of the main chip (1) of the cryptographic authentication keyboard of the present invention includes a standard mode and an encryption mode, wherein, in the standard mode, the data input by the user on the button (3) is immediately controlled by the keyboard controller (2) Transferred to the main chip (1), the main chip (1) directly transfers the data input by the user to the communication interface (4) output; in the encryption mode, the data input by the user on the button (3) is instantly controlled by the keyboard The device (2) is transferred to the main chip (1), and the main chip (1) displays the data input by the user through the display device (6), and temporarily stores the data in the main chip (1); When the working mode of the main chip (1) is switched from the encryption mode to the standard mode When the data temporarily stored in the main chip (1) reaches the specified size, for example, when the size of the temporarily stored data is 16 bytes, the main chip (1) will be from the main chip (1) according to a predetermined program. Extract an unused key (A) and an index number (C) corresponding to the key (A), and use the key (A) to encrypt the data temporarily stored in the encryption mode together with the chip number (D). The ciphertext, and then the ciphertext, the index number, the chip number (D), and the like constitute an authentication package, and the authentication package is output to the server through the communication interface (4), and the main chip (1) will temporarily store the data. After encryption, the key (A) is deleted or discarded or marked as used, so that the key (A) is not used again by the main chip (1).
在服务器方面, 服务器内设有多个认证账户,每一个认证账户对应一个 键盘的主芯片 (1 ) , 认证账户内储存有该账户所对应的主芯片 (1) 的芯 片编号 (D) 和一个账户密码, 每一认证账户内储存有多条密钥 (B) 和多 个索引号 (C) , 每一个索引号 (C)对应一条密钥 (B) ,  On the server side, there are multiple authentication accounts in the server, and each authentication account corresponds to a main chip of the keyboard (1), and the chip number (D) of the main chip (1) corresponding to the account is stored in the authentication account and one Account password, each authentication account stores multiple keys (B) and multiple index numbers (C), and each index number (C) corresponds to one key (B).
以及,  as well as,
每一认证账户内的密钥(B)与该账户对应的主芯片(1 ) 内的密钥(A) 成配对关系, 每一条密钥 (B)有一条相配对的密钥 (A) , 每一对相配对 的密钥 (A) 和密钥 (B) 它们所对应的索引号 (C) 是相同的。  The key (B) in each authentication account is paired with the key (A) in the main chip (1) corresponding to the account, and each key (B) has a matching key (A). Each pair of paired keys (A) and keys (B) have the same index number (C).
在设置方面,使用本发明的加密认证键盘前,要预先在服务器开设一个 认证账户, 并由服务器通过各种方法随机方式产生多对密钥和多个顺序的 索引号 (C) , 每一对密钥分配一个索引号 (C) , 然后将每一对密钥分别 连同所分配的索引号 (C) 储存到加密认证键盘的主芯片 (1 )和认证账户 内, 储存到主芯片 (1 ) 的称为密钥 (A) , 而储存到认证账户的称为密钥 (B) , 如果采用的加密算法是非对称密码算法, 密钥 (A)和密钥 (B) 就 是一对互相配对的密钥, 如果采用的加密算法是对称密码算法, 密钥 (A) 和密钥 (B)就是一对相同的密钥, 当使其中一条密钥 (A) 将资料加密后, 可以使用与该密钥 (A) 相配对的密钥 (B) 将资料解密。 在加密和解密算 法方面, 可以采用各类不同的算法, 例如数据加密标准 (Data Encryption Standard - DES) 、 三重数据加密标准 (Triple - DES) 、 RSA加密演算 法(RSA algorithm)、一次性密码(One Time Pad)、公钥基础架构(Public Key Infrastructure - PKI )等算法, 都可很好地实现本发明的目的。 In terms of setting, before using the encrypted authentication keyboard of the present invention, an authentication account is opened in the server in advance, and the server generates a plurality of pairs of keys and a plurality of sequential index numbers (C) in a random manner by various methods, each pair The key is assigned an index number (C), and then each pair of keys is stored in the main chip (1) and the authentication account of the encrypted authentication keyboard together with the assigned index number (C), and stored in the main chip (1). It is called the key (A), and the key (B) stored in the authentication account. If the encryption algorithm used is an asymmetric cryptographic algorithm, the key (A) and the key (B) are pairs of each other. Key, if the encryption algorithm used is a symmetric cryptographic algorithm, the key (A) The key (B) is a pair of identical keys. When one of the keys (A) is encrypted, the data can be decrypted using the key (B) paired with the key (A). In terms of encryption and decryption algorithms, various algorithms can be used, such as Data Encryption Standard (DES), Triple Data Encryption Standard (Triple-DES), RSA algorithm (RSA algorithm), one-time password ( One Time Pad), Public Key Infrastructure (PKI) and other algorithms can well achieve the object of the present invention.
继续参阅图 1, 图中示出的模式键(5)主要用于选择主芯片 (1 ) 的工 作模式, 在标准模式下, 当用户按一次模式键(5 ) 后, 主芯片 (1 ) 立即 将工作模式切换为加密模式, 以及, 当用户按一次模式键(5 ) 后, 主芯片 ( 1 ) 立即将工作模式切换为标准模式。  Continuing to refer to FIG. 1, the mode key (5) shown in the figure is mainly used to select the working mode of the main chip (1). In the standard mode, when the user presses the mode key (5) once, the main chip (1) is immediately Switching the operating mode to the encryption mode, and when the user presses the mode button (5) once, the main chip (1) immediately switches the operating mode to the standard mode.
本发明的键盘的主芯片(1 )还设有开锁口令, 在主芯片(1 ) 的工作模 式由标准模式切换为加密模式前, 用户必须通过按键(3)输入正确的开锁 口令, 主芯片 (1 )才将工作模式切换为加密模式。 这样可进一步加强本发 明的加密认证键盘的安全性。  The main chip (1) of the keyboard of the present invention is further provided with an unlock password. Before the working mode of the main chip (1) is switched from the standard mode to the encryption mode, the user must input the correct unlock password through the button (3), the main chip ( 1) Switch the working mode to the encryption mode. This further enhances the security of the cryptographic authentication keyboard of the present invention.
本发明的加密认证键盘可以应用于一些需要将重要资料传给与服务器 的终端机, 例如计算机、 手机、 机顶盒遥控器等终端机, 在用户使用设置 了本发明的加密认证键盘的终端机与服务器连线时, 当输入一些重要资料 时, 例如账户号码、 口令、 支付金额、 服务确认信息等, 可将键盘切换至 加密模式, 然后才在键盘上输入重要资料, 输入完成后用户只要按一次模 式键(5 ) , 主芯片 (1 ) 就会将用户所输入的资料加密成为认证资料包传 送给服务器, 服务器每次接收到由键盘的主芯片 (1 ) 通过通讯接口 (4) 输出的认证资料包时, 从认证资料包内容找出密文、 索引号 (C) 、 芯片编 号 (D) , 从芯片编号 (D)在服务器内找到该芯片编号 (D) 对应的认证账 户, 从认证账户内提取一条与该索引号 (C) 对应对的密钥 (B)将密文解 密还原出用户所输入的资料及芯片编号(D),解密成功后核对芯片编号(D) 无误后, 服务器就可确认该认证资料包是从拥有该芯片编号(D) 的主芯片The cryptographic authentication keyboard of the present invention can be applied to terminals that need to transmit important data to a server, such as a computer, a mobile phone, a set top box remote controller, etc., and the terminal and the server are provided by the user using the cryptographic authentication keyboard of the present invention. When connecting, when inputting some important information, such as account number, password, payment amount, service confirmation information, etc., you can switch the keyboard to the encryption mode, and then input the important data on the keyboard. After the input is completed, the user only needs to press the mode once. The key (5), the main chip (1) encrypts the data input by the user into an authentication data package and transmits it to the server. The server receives the authentication data output by the main chip of the keyboard (1) through the communication interface (4). In the package, find the ciphertext, index number (C), chip number (D) from the contents of the authentication package, and find the authentication account corresponding to the chip number (D) in the server from the chip number (D). The user extracts a key (B) from the authentication account with the index number (C) to decrypt the ciphertext and restore the data and chip number (D) input by the user. After the decryption succeeds, the chip number (D) is checked. After the error is correct, the server can confirm that the authentication package is from the main chip that owns the chip number (D).
( 1) 所发出的, 以及, 服务器将资料解密后, 就会将该条密钥 (B)删除 或弃置或标记为已用, 使该条密钥 (B)不会再次被服务器使用。 (1) If the server issues the data, the key (B) will be deleted or discarded or marked as used, so that the key (B) will not be used by the server again.
在本说明书中, 服务器是指用户要访问的计算机主机, 例如各类网上银 行的服务器, 资料库服务器、 电邮服务器等等各类需要认证用户身份的计 算机主机或计算机系统或计算机程序等。 此外, 加密认证键盘将已加密的 资料输出给服务器时, 已加密的资料是通过包括与加密认证键盘相连接的 终端机、 网络等设备传送到服务器, 为了方便说明, 在本说明书中将有关 的描述省略, 只简单地概括为将资料输出给服务器。  In this specification, a server refers to a host of a computer to be accessed by a user, such as a server of various types of online banking, a database server, an email server, and the like, a computer host or a computer system or a computer program that requires authentication of a user. In addition, when the encrypted authentication keyboard outputs the encrypted data to the server, the encrypted data is transmitted to the server through a device including a terminal connected to the encrypted authentication keyboard, a network, etc., for convenience of explanation, relevant in this specification. The description is omitted and is simply summarized as outputting data to the server.
参阅图 2, 图 2是本发明的加密认证键盘的第二实施例的方框结构说明 图,图中示出的主芯片( 1 )主要结构包括有密钥卡( 101 )、接口电路( 102 )、 连接器 (103 ) , 其中, 密钥卡 (101 )是单独的, 与其它部件相隔开的部 件, 和接口电路(102 )是通过连接器(103)相连接, 接口电路(102) 与 键盘控制器 (2) 、 通讯接口 (4) 、 模式键 (5) 、 显示装置 (6) 等部件 相连接, 密钥卡 (101 ) 内设有 CPU和存储器、 芯片编号 (D) 、 多条密钥 Referring to FIG. 2, FIG. 2 is a block diagram showing a second embodiment of the cryptographic authentication keyboard of the present invention. The main structure of the main chip (1) shown in the figure includes a key card (101) and an interface circuit (102). And a connector (103), wherein the key fob (101) is a separate component separated from other components, and the interface circuit (102) is connected through the connector (103), the interface circuit (102) Connected to the keyboard controller (2), communication interface (4), mode button (5), display device (6) and other components, the key card (101) is equipped with CPU and memory, chip number (D), and more Strip key
(A) 和多个索引号 .(C) , 以及, 所述的连接器 (103)可以是 USB接口连 接器、 或 SD记忆卡接口连接器、 或 MINI- SD记忆卡接口连接器、 或 MMC记 忆卡接口连接器、或 RS- MMC记忆卡接口连接器等记忆卡或忆卡装置的接口 连接器。 (A) and a plurality of index numbers (C), and the connector (103) may be a USB interface connector, or an SD memory card interface connector, or a MINI-SD memory card interface connector, or an MMC Memory card interface connector, or interface connector for memory card or memory card device such as RS-MMC memory card interface connector.
.第二实施例与第一实施例相比,不同之处在于第二实施例中,将主芯片 ( 1 )一分为二分为密钥卡 (101) 和接口电路(102)两部份, 其中接口电 路 (102) 部份与键盘控制器 (2) 、 按键 (3) 、 通讯接口 (4) 、 模式键 (5) 、 显示装置 (6)等部件设置于键盘内, 并且通过连接器(103)供密 钥卡 (101 )插接, 当密钥卡 (101 )通过连接器 (103) 插接到键盘后, 用 户就可在加密模式下通过密钥卡(101)将输入的资料加密。 这样键盘与密 钥卡 (101 ) 分离的设计, 可以方便不同的人使用同一个的加密认证键盘, 只要用户将自己的密钥卡(101 )插到键盘内, 该键盘就立即变成为用户个 人的加密认证键盘, 用完后将密钥卡(101) 拔离键盘, 该键盘就可供其他 人使用。 The second embodiment is different from the first embodiment in that, in the second embodiment, the main chip (1) is divided into two parts, a key card (101) and an interface circuit (102). Interface power The part of the road (102) and the keyboard controller (2), the button (3), the communication interface (4), the mode button (5), the display device (6), etc. are disposed in the keyboard, and through the connector (103) The key card (101) is plugged in. When the key card (101) is plugged into the keyboard through the connector (103), the user can encrypt the input data through the key card (101) in the encryption mode. The design of the keyboard and the key card (101) is different, so that different people can use the same encrypted authentication keyboard. As long as the user inserts his own key card (101) into the keyboard, the keyboard becomes the user immediately. The personal encryption authentication keyboard, after the use of the key card (101) is pulled out of the keyboard, the keyboard can be used by others.
参阅图 3至图 5, 图 3是本发明的加密认证键盘的第三实施例的形像化 立体示意图, 图 4是本发明的加密认证键盘的第四实施例的形像化立体示 意图, 图 5是本发明的加密认证键盘的第五实施例的形像化立体示意图, 图 3至图 5分别示出了本发明应用于不出终端设备的例子, 包括图 3所示 的计算机键盘、 图 4所示的手机键盘、 图 5所示的机顶盒遥控器键盘等。 以上各例子用以说明本发明的特点, 本发明的加密认证键盘可以应用于所 有设有键盘供用户输入资料的装置, 在不离开本发明的精神情况下, 实施 细节可以作一些调整, 例如将图 1中所示的虚线部份的主芯片 (1)与键盘 控制器(2)合并为一个控制器, 又例如将图 2中所示的虚线部份的接口电 路 (102) 、 连接器(103) 与键盘控制器(2)等合并为一个控制器, 或将 主芯片 (1) 、 键盘控制器(2) 、 通讯接口 (4) 等合并为一个整体, 也可 很好都实现本发明的目的, 都是属于本发明的保护范围。  3 to FIG. 5, FIG. 3 is a schematic perspective view showing the third embodiment of the encrypted authentication keyboard of the present invention, and FIG. 4 is a schematic perspective view showing the fourth embodiment of the encrypted authentication keyboard of the present invention. 5 is a schematic perspective view of a fifth embodiment of the cryptographic authentication keyboard of the present invention, and FIGS. 3 to 5 respectively show an example in which the present invention is applied to a terminal device, including the computer keyboard and the diagram shown in FIG. The mobile phone keyboard shown in Fig. 4, the set top box remote control keyboard shown in Fig. 5, and the like. The above examples are used to illustrate the features of the present invention. The cryptographic authentication keyboard of the present invention can be applied to all devices having a keyboard for inputting data by the user. Without departing from the spirit of the present invention, the implementation details can be adjusted, for example, The main chip (1) of the broken line portion shown in FIG. 1 and the keyboard controller (2) are combined into one controller, and for example, the interface circuit (102) and the connector of the broken line portion shown in FIG. 2 are 103) Combining with the keyboard controller (2) or the like as a controller, or combining the main chip (1), the keyboard controller (2), the communication interface (4), etc. into one unit, can also realize the present invention well The purpose is all within the scope of protection of the present invention.
参阅图 6, 图 6是本发明的加密认证键盘的第六实施例的形像化立体示 意图, 图中示出的是一个便携式的小型无线键盘, 第六实施例的主要结构 与第二实施例基本相同, 不同之处在于第六实施例的加密认证键盘的通讯 接口 (4) 是采用无线通讯方式的接口, 可以是红外线装置、 或蓝芽装置、 或配合智能卡无线阅读器使用的无线通讯装置, 或其他的无线通讯装置。 本实施例的加密认证键盘可以用于各类信用卡、 借记卡等银行卡的身份认 证用途, 图 6中示出的密钥卡 αου就是由金融机构发出的银行卡, 包括 各类信用卡、 借记卡等银行卡, 在支付时配合加密认证键盘和商店的 POS 机使用。 支付时要将密钥卡 (101 )放入加密认证键盘的连接器 (103) 内, 输入银行账户密码和金额, 由加密认证键盘将用户输入的资料加密, 然后 将卡放到 POS机上读卡, 将已加密资料通过 POS机传送到银行的账务服务 器, 由银行的账务服务器将已加密的资料解密和核对资料内容来验证持卡 人的身份, 验证成功后银行才迸行相关的支付操作。 Referring to FIG. 6, FIG. 6 is a schematic perspective view of a sixth embodiment of the cryptographic authentication keyboard of the present invention, showing a portable small wireless keyboard, the main structure of the sixth embodiment and the second embodiment. Basically the same, except the communication of the encrypted authentication keyboard of the sixth embodiment The interface (4) is an interface using a wireless communication method, and may be an infrared device, a Bluetooth device, or a wireless communication device used with a smart card wireless reader, or other wireless communication device. The encryption authentication keyboard of this embodiment can be used for identity authentication purposes of bank cards such as credit cards and debit cards. The key card αου shown in FIG. 6 is a bank card issued by a financial institution, including various credit cards and loans. A bank card such as a card is used in conjunction with an encrypted authentication keyboard and a store POS. When paying, put the key card (101) into the connector (103) of the encrypted authentication keyboard, input the bank account password and amount, encrypt the data input by the user by the encrypted authentication keyboard, and then put the card on the POS machine to read the card. The encrypted data is transmitted to the bank's accounting server through the POS machine, and the bank's accounting server decrypts the encrypted data and checks the data content to verify the identity of the cardholder. After the verification is successful, the bank performs the relevant payment. operating.
参阅图 7, 图 7是本发明的加密认证键盘的第七实施例的方框结构说明 图, 图中示出的的加密认证键盘的结构还包括有储存装置接口 (7) , 所述 的储存装置接口 (7) 与外接的储存装置 (8) 相连接, 主要用于将认证资 料包通过储存装置接口 (7) 储存到外接的储存装置 (8) , 以及, 所述的 储存装置 (8) 包括各类 USB记忆装置、 SD记忆卡、 Mini- SD记忆卡、 MMC 记忆卡、 RS- MMC记忆卡等记忆装置。 本实施例的加密认证键盘除了可将加 密后的资料即认证资料包通过通讯接口 (4) 即时输出外, 更可将认证资料 包储存在储存装置(8) 内, 然后通过其他途径传送到服务器。  Referring to FIG. 7, FIG. 7 is a block diagram showing a seventh embodiment of the cryptographic authentication keyboard of the present invention. The structure of the cryptographic authentication keyboard further includes a storage device interface (7). The device interface (7) is connected to the external storage device (8), and is mainly used for storing the authentication package through the storage device interface (7) to the external storage device (8), and the storage device (8) Including various types of USB memory devices, SD memory cards, Mini-SD memory cards, MMC memory cards, RS-MCC memory cards and other memory devices. The encrypted authentication keyboard of this embodiment can store the encrypted data, that is, the authentication data packet, through the communication interface (4), and can store the authentication data package in the storage device (8), and then transmit it to the server through other channels. .
参阅图 8, 图 8是本发明的加密认证键盘的第八实施例的形像化立体示 意图, 本实施例与前面各实施例相比, 不同之处在于第八实施例的加密认 证键盘的显示装置(6) 是外接的, 是与加密认证键盘前独分离的, 显示装 置 (6) 既是计算机(9) 的显示器, 也是加密认证键盘的显示装置 (6) , 如图 8所示, 显示装置 (6) 通过电缆 (601) 与加密认证键盘相连接, 同 时显示装置(6)通过另一电缆(602)与计算机(9)的显示器接口相连接, 此外, 加密认证键盘的通讯接口 (4)过键盘电缆 (401 )与计算机 (9) 的 键盘接口相连接, 在加密认证键盘的标准模式下, 在按键(3)上输入的资 料会直接在通讯接口 (4)输出到计算机(9) ; 在加密模式下, 在按键(3) 上输入的资料会即时由键盘控制器(2)传送到主芯片(1), 由主芯片(1) 将输入的资料即时传送给显示装置 (6) , 并且主芯片 (1 ) 会将输入述的 资料暂时保存在主芯片 (1 ) 内, 当显示装置 (6) 收到加密认证键盘传送 来的资料, 显示装置 (6)会立即按预定的程序, 将收到的资料在显示装置 (6)的屏幕上显示出来,当加密认证键盘切换回标准模式时,显示装置(6) 就会结束显示显示由加密认证键盘所传送来的资料。 本实施例的好处是利 用原来计算机 (9) 的显示器作为显示装置 (6) , 一般的计算机显示器内 都设有处理器和记忆体等器件, 只要在显示器内加设一个接口接收由加密 认证键盘在保密模式下输出的资料就可以了, 这样加密认证键盘就可以减 省了设置显示屏的成本, 而且计算机(9) 的显示器的屏幕面积比较大, 可 以显示更多输入的资料。 无论加密认证键盘的显示装置(6)采用本实施例 的方式外接到计算机 (9)显示器, 或是采用前面各实施例的方式, 都可很 好地实现本发明的目的, 都是属于本发明的保护范围。 Referring to FIG. 8, FIG. 8 is a schematic perspective view of the eighth embodiment of the cryptographic authentication keyboard of the present invention. The present embodiment is different from the previous embodiments in that the display of the cryptographic authentication keyboard of the eighth embodiment is different. The device (6) is externally connected to the encryption authentication keyboard. The display device (6) is both a display of the computer (9) and a display device (6) for encrypting the authentication keyboard, as shown in FIG. (6) Connected to the encrypted authentication keyboard via cable (601) The display device (6) is connected to the display interface of the computer (9) through another cable (602), and the communication interface (4) of the encrypted authentication keyboard is connected to the keyboard interface of the computer (9) through the keyboard cable (401). Connection, in the standard mode of the encryption authentication keyboard, the data input on the button (3) will be directly output to the computer (9) in the communication interface (4); in the encryption mode, the data input on the button (3) will Immediately transmitted from the keyboard controller (2) to the main chip (1), the input data is instantly transmitted to the display device (6) by the main chip (1), and the main chip (1) temporarily stores the input data. In the main chip (1), when the display device (6) receives the data transmitted from the encrypted authentication keyboard, the display device (6) immediately displays the received data on the screen of the display device (6) according to a predetermined program. When the encrypted authentication keyboard is switched back to the standard mode, the display device (6) ends the display of the data transmitted by the encrypted authentication keyboard. The advantage of this embodiment is that the display of the original computer (9) is used as the display device (6). The general computer display is provided with a processor and a memory device, etc., as long as an interface is added in the display to receive the encrypted authentication keyboard. The data output in the secret mode is OK, so that the encryption of the authentication keyboard can reduce the cost of setting the display, and the screen of the computer (9) has a larger screen area and can display more input data. The object of the present invention can be well achieved regardless of whether the display device (6) of the encrypted authentication keyboard is externally connected to the computer (9) display or the manner of the foregoing embodiments. The scope of protection.
参阅图 8, 图 8示出实施例可作进一步的改进, 可以将电缆 (601 ) 合 并到键盘电缆 (401 )和电缆(602)里, 即在原来的键盘电缆(401 ) 内增 设多一组接线和接脚, 同时在电缆(602) 内也增设多这样的一组接线和接 脚, 这增设的一组接线和接脚就是原来电缆(601) 的接线和接脚, 然后通 过计算机(9) 将增设的一组接线和接脚从键盘接口连接到显示器接口, 这 样可减了加密认证键盘对外接线的电缆数量, 虽然增设的一组接线和接脚 是通过计算机(9)才连接到显示器, 但是这增设的一组接线和接脚与计算 机 (9) 内部主板是物理上分离的, 以保证安全。 将电缆 (601 ) 合并到键 盘电缆 (401 ) 和电缆 (602) 里, 都可很好地实现本发明的目的, 都是属 于本发明的保护范围。 Referring to FIG. 8, FIG. 8 shows that the embodiment can be further improved. The cable (601) can be incorporated into the keyboard cable (401) and the cable (602), that is, one more group is added to the original keyboard cable (401). Wiring and pins, and a set of such wiring and pins are added to the cable (602). This additional set of wiring and pins is the wiring and pins of the original cable (601), and then through the computer (9). The additional set of wires and pins are connected from the keyboard interface to the display interface, which reduces the number of cables that are externally wired to the encrypted authentication keyboard, although a new set of wires and pins are added. It is connected to the display through the computer (9), but this additional set of wiring and pins is physically separated from the internal motherboard of the computer (9) for security. The incorporation of the cable (601) into the keyboard cable (401) and the cable (602) achieves the objects of the present invention well and is within the scope of the present invention.
参阅图 9, 图 9是本发明的加密认证键盘的第九实施例的形像化立体示 意图, 本实施例与第八实施例相比, 不同之处在于本实施例的加密认证键 盘是设置在笔记本型计算机上, 笔记本型计算机的显示屏就是加密认证键 盘的显示装置 (6) , 笔记本型计算机等于第八实施例中的计算机 (9) , 加密认证键盘与计算机(9) 是整合在一起的, 如图 9所示, 加密认证键盘 的各部件与计算机 (9) 和显示装置 (6) 组成笔记本型计算机, 它们的操 作方式和功能与第八实施例相同, 都可很好地实现本发明的目的, 都是属 于本发明的保护范围。  Referring to FIG. 9, FIG. 9 is a schematic perspective view of a ninth embodiment of the cryptographic authentication keyboard of the present invention. The present embodiment is different from the eighth embodiment in that the cryptographic authentication keyboard of the embodiment is disposed at On a notebook computer, the display screen of the notebook computer is a display device (6) for encrypting the authentication keyboard, the notebook computer is equal to the computer (9) in the eighth embodiment, and the encryption authentication keyboard and the computer (9) are integrated. As shown in FIG. 9, the components of the encrypted authentication keyboard and the computer (9) and the display device (6) constitute a notebook computer, and their operation modes and functions are the same as those of the eighth embodiment, and the present invention can be well realized. The purpose is all within the scope of protection of the present invention.
本发明的加密认证键盘结构简单、 操作容易、 安全可靠、 成本低廉, 而 且能有效对抗木马程式, 保障一些通过终端机键盘输入的重要的资料能安 全地传送到服务器, 尤其适用于一些网上银行服务、 服务股票交易等用途, 也适合应用于一些涉及机密资料的服务器, 它的实施, 会带来良好的社会 效益和经济效益。  The cryptographic authentication keyboard of the invention has the advantages of simple structure, easy operation, safety and reliability, low cost, and can effectively counter the Trojan horse program, and ensures that some important data input through the terminal keyboard can be safely transmitted to the server, especially for some online banking services. It is also suitable for servers that involve confidential information, and its implementation will bring good social and economic benefits.

Claims

权 利 要 求 Rights request
1. 一种加密认证键盘, 用于认证身份和加密资料, 其特征在于, 所述的 加密认证键盘主要结构包括有主芯片 (1 ) 、 键盘控制器 (2) 、 按键An encrypted authentication keyboard for authenticating an identity and encrypting data, characterized in that: the main structure of the encrypted authentication keyboard comprises a main chip (1), a keyboard controller (2), and a button
(3) 、 通讯接口 (4) 、 模式键 (5) 、 显示装置 (6) , 所述加密认 证键盘, 具有标准模式和加密模式, 在标准模式下, 在按键 (3)上输 入的资料会直接在通讯接口 (4) 输出, 在加密模式下, 在按键 (3) 上输入的资料会暂时保存在主芯片 (1) , 输入完成后, 按一次模式键(3), communication interface (4), mode key (5), display device (6), the encrypted authentication keyboard, has a standard mode and an encryption mode, in the standard mode, the data input on the button (3) will Directly output on the communication interface (4). In the encryption mode, the data input on the button (3) is temporarily saved on the main chip (1). After the input is completed, press the mode button once.
(5) 切换为标准模式时, 主芯片 (1 ) 就会按预定程序提取一条未用 的密钥 (A) 将暂存的资料加密, 然后通过通讯接口 (4)输出。 (5) When switching to the standard mode, the main chip (1) extracts an unused key according to the predetermined program (A) Encrypts the temporarily stored data and outputs it via the communication interface (4).
2. 如权利要求 1所述的加密认证键盘, 其中, 主芯片 (1 ) 内设有 CPU和 存储器, 并与键盘控制器(2) 、 通讯接口 (4) 、 显示装置 (6)等部 件相连接, 按预定程序运作, 实现认证用户在服务器的身份和各项预 定功能,包括将用户在加密模式下输入的资料加密、通过显示装置(6) 显示提示信息、通过通讯接口(4)发送资料等, 以及,键盘控制器(2) 与各按键 (3)及模式键 (5) 相连接, 按预定程序运作, 实现读取用 户通过各按键(3)输入的资料, 将用户输入的资料传送到主芯片 (1) 作进一步处理; 2. The cryptographic authentication keyboard according to claim 1, wherein the main chip (1) is provided with a CPU and a memory, and is associated with a keyboard controller (2), a communication interface (4), a display device (6), and the like. Connect, operate according to a predetermined program, realize the identity of the authenticated user in the server and various predetermined functions, including encrypting the data input by the user in the encryption mode, displaying the prompt information through the display device (6), and transmitting the data through the communication interface (4) And, the keyboard controller (2) is connected with each button (3) and the mode button (5), operates according to a predetermined program, and reads data input by the user through each button (3), and transmits the data input by the user. Go to the main chip (1) for further processing;
以及,  as well as,
主芯片(1 )将用户在加密模式下通过各按键(3)输入的资料, 以密钥 (A)将输入的资料加密, 再通过通讯接口 (4)传送给服务器, 由服务 器使用与该密钥(A)相配对的密钥(B)将资料解密还原出用户所输入 的资料, 并核对资料内容, 核对无误后表示用户的身份认证成功, 然后 服务器才会根据资料内容进行相应的操作。 The main chip (1) encrypts the input data by the key (A) in the data input by the user through the keys (3) in the encryption mode, and transmits the data to the server through the communication interface (4), which is used by the server and the secret The key (B) paired with the key (A) decrypts the data and restores the input by the user. The information, and check the content of the data, after verifying that the user's identity authentication is successful, then the server will perform the corresponding operation according to the data content.
3. 如权利要求 1或 2所述的加密认证键盘, 其特征在于, 所述的通讯接 口 (4) 可以是无线通讯装置、 或有线通讯装置、 或蓝芽装置、 或红外 线装置、 或 USB接口、 或 RS-232接口、 或 PS2键盘接口。 The cryptographic authentication keyboard according to claim 1 or 2, wherein the communication interface (4) is a wireless communication device, or a wired communication device, or a Bluetooth device, or an infrared device, or a USB interface. , or RS-232 interface, or PS2 keyboard interface.
4. 如权利要求 1或 2所述的加密认证键盘, 其特征在于, 所述的主芯片The cryptographic authentication keyboard according to claim 1 or 2, wherein the main chip
( 1) 内还包括有一个唯一的芯片编号 (D) 。 (1) Also included is a unique chip number (D).
5. 如权利要求 1或 2所述的加密认证键盘, 其特征在于, 所述的主芯片The cryptographic authentication keyboard according to claim 1 or 2, wherein the main chip
( 1 ) 内设有多条密钥 (A) 和多个索引号 (C) , 每一个索引号 (C) 对应一条密钥 (A) , 以及, 各个索引号 (C) 是互不相同的。 (1) There are multiple keys (A) and multiple index numbers (C), each index number (C) corresponds to one key (A), and each index number (C) is different from each other. .
6. 如权利要求 1或 2所述的加密认证键盘, 其特征在于, 在加密模式下, 用户在按键 (3) 上输入的资料会即时由键盘控制器 (2)传送到主芯 片 (1 ) , 由主芯片 (1 )通过显示装置 (6) 即时将用户所输入的资料 显示出来, 并将所述的资料暂时保存在主芯片 (1) 内。 6. The cryptographic authentication keyboard according to claim 1 or 2, wherein in the encryption mode, the data input by the user on the button (3) is immediately transmitted by the keyboard controller (2) to the main chip (1). The main chip (1) displays the data input by the user through the display device (6), and temporarily stores the data in the main chip (1).
7. 如权利要求 1所述的加密认证键盘, 其特征在于, 所述的模式键 (5) 主要用于选择主芯片 (1) 的工作模式, 在标准模式下, 当用户按一次 模式键 (5)后, 主芯片 (1)立即将工作模式切换为加密模式, 以及, 当用户按一次模式键 (5 )后, 主芯片 (1 ) 立即将工作模式切换为标 准模式。 7. The cryptographic authentication keyboard according to claim 1, wherein the mode key (5) is mainly used to select an operation mode of the main chip (1), and in the standard mode, when the user presses the mode key once ( 5) After the main chip (1) immediately switches the working mode to the encryption mode, and, When the user presses the mode button (5) once, the main chip (1) immediately switches the operating mode to the standard mode.
8. 如权利要求 1或 2或 7所述的加密认证键盘, 其特征在于, 当所述的 主芯片 (1) 内暂存的资料到达指定的大小时, 或主芯片 (1 ) 的工作 模式由加密模式切换为标准模式时, 主芯片 α)会按预定程序从主芯 片(1)内提取一条未用的密钥(Α)和对应该密钥(Α)的索引号(C), 使用该密钥 (Α) 将在加密模式下暂存的资料连同芯片编号 (D) 进行 加密成为密文, 然后将密文、 索引号、 芯片编号 (D)等组成认证资料 包, 并将该认证资料包通过通讯接口 (4)输出给服务器, 以及, 主芯 片 (1 )将暂存的资料加密后, 就会将暂存的资料删除, 并将该条密钥The cryptographic authentication keyboard according to claim 1 or 2 or 7, wherein when the data temporarily stored in the main chip (1) reaches a specified size, or the working mode of the main chip (1) When switching from the encryption mode to the standard mode, the master chip α) extracts an unused key (Α) from the main chip (1) and an index number (C) corresponding to the key (Α) according to a predetermined program. The key (Α) encrypts the data temporarily stored in the encryption mode together with the chip number (D) into a ciphertext, and then composes the ciphertext, the index number, the chip number (D), etc. into the authentication package, and the authentication is performed. The data packet is output to the server through the communication interface (4), and after the main chip (1) encrypts the temporarily stored data, the temporarily stored data is deleted, and the key is deleted.
(Α) 删除或弃置或标记为已用, 使该条密钥 (Α) 不会再次被主芯片 ( 1) 使用。 (Α) Delete or discard or mark as used so that the key (Α) will not be used again by the main chip ( 1).
9. 如权利要求 8所述的加密认证键盘, 其特征在于, 所述的加密认证键 盘的结构还包括有储存装置接口 (7) , 所述的储存装置接口 (7) 与 外接的储存装置(8)相连接, 主要用于将认证资料包通过储存装置接 口 (7)储存到外接的储存装置(8) , 以及, 所述的储存装置 (8)包 括各类 USB记忆装置、 SD记忆卡、 Mini- SD记忆卡、匿 C记忆卡、 RS-MMC 记忆卡等记忆装置。 The cryptographic authentication keyboard according to claim 8, wherein the structure of the encrypted authentication keyboard further comprises a storage device interface (7), the storage device interface (7) and an external storage device ( 8) The connection is mainly used for storing the authentication package through the storage device interface (7) to the external storage device (8), and the storage device (8) includes various USB memory devices, SD memory cards, Mini-SD memory card, hidden C memory card, RS-MMC memory card and other memory devices.
10. 如权利要求 1或 2或 7所述的加密认证键盘, 其特征在于, 所述的主 芯片 (1 )还设有开锁口令, 在主芯片 (1 ) 的工作模式由标准模式切 换为加密模式前, 用户必须通过按键 (3)输入正确的开锁口令, 主芯 片 (1 )才将工作模式切换为加密模式。 10. The cryptographic authentication keyboard according to claim 1 or 2 or 7, wherein the main chip (1) is further provided with an unlock password, and the working mode of the main chip (1) is cut by a standard mode. Before switching to the encryption mode, the user must enter the correct unlock password by pressing the button (3), and the main chip (1) switches the working mode to the encryption mode.
11. 如权利要求 1或 2或 3或 4或 5或 6或 7或 8或 9或 10所述的加密认 证键盘,其特征在于,所述的主芯片(1 )主要结构包括有密钥卡(101 )、 接口电路(102) 、 连接器 (103) , 其中, 密钥卡 (101)是单独的, 与其它部件相隔开的部件, 和接口电路 (102) 是通过连接器 (103 ) 相连接, 接口电路 (102)与键盘控制器(2) 、 通讯接口 (4) 、 模式 键(5) 、 显示装置 (6) 等部件相连接, 密钥卡 (101 ) 内设有 CPU和 存储器、 芯片编号 (D) 、 多条密钥 (A)和多个索引号 (C) 。 11. The cryptographic authentication keyboard according to claim 1 or 2 or 3 or 4 or 5 or 6 or 7 or 8 or 9 or 10, wherein said main chip (1) main structure comprises a key card (101), interface circuit (102), connector (103), wherein the key card (101) is separate, separate from other components, and the interface circuit (102) is through the connector (103) Connected, the interface circuit (102) is connected to the keyboard controller (2), the communication interface (4), the mode key (5), the display device (6), etc., and the key card (101) is provided with a CPU and a memory. , chip number (D), multiple keys (A) and multiple index numbers (C).
12. 如权利要求 11所述的加密认证键盘,其特征在于,所述的连接器(103) 可以是 USB接口连接器、 或 SD记忆卡接口连接器、 或 MINI- SD记忆卡 接口连接器、或 MMC记忆卡接口连接器、或 RS- MMC记忆卡接口连接器。 12. The cryptographic authentication keyboard of claim 11, wherein the connector (103) is a USB interface connector, or an SD memory card interface connector, or a MINI-SD memory card interface connector, Or MMC memory card interface connector, or RS-MMC memory card interface connector.
13. 如权利要求 11所述的加密认证键盘, 其特征在于, 所述密钥卡(101) 就是由金融机构发出的银行卡, 包括各类信用卡、 借记卡等银行卡, 在支付时配合加密认证键盘使用。 一种服务器, 与加密认证键盘相配合, 用于用户身份认证, 其特征在 于, 所述的服务器内设有多个认证账户, 每一个认证账户对应一个键 盘的主芯片 (1 ) , 认证账户内储存有该账户所对应的主芯片 (1 ) 的 芯片编号 (D)和一个账户密码, 每一认证账户内储存有多条密钥 (B) 和多个索引号 (C〉 , 每一个索引号 (C)对应一条密钥 (B) , 以及, The cryptographic authentication keyboard according to claim 11, wherein the key card (101) is a bank card issued by a financial institution, and includes bank cards such as various credit cards and debit cards, and is matched at the time of payment. Encrypted authentication keyboard is used. A server, in combination with an encryption authentication keyboard, is used for user identity authentication, wherein the server is provided with a plurality of authentication accounts, and each authentication account corresponds to a main chip of the keyboard (1), and the authentication account is Storing the main chip (1) corresponding to the account Chip number (D) and an account password, each authentication account stores multiple keys (B) and multiple index numbers (C>, each index number (C) corresponds to a key (B), and
每一认证账户内的密钥(B)与该账户对应的主芯片(1 ) 内的密钥(A) 成配对关系, 每一条密钥(B)有一条相配对的密钥(A) , 每一对相配 对的密钥 (A) 和密钥 (B) 它们所对应的索引号 (C) 是相同的。 如权利要求 14所述服务器, 其特征在于, 所述的服务器每次接收到由 键盘的主芯片 (1 ) 通过通讯接口 (4) 输出的认证资料包时, 从认证 资料包内容找出密文、 索引号(C)、芯片编号(D) , 从芯片编号(D) 在服务器内找到该芯片编号(D)对应的认证账户, 从认证账户内提取 一条与该索引号 (C) 对应对的密钥 (B) 将密文解密还原出用户所输 入的资料及芯片编号 (D) , 解密成功后核对芯片编号 (D) 无误后, 服务器就可确认该认证资料包是从拥有该芯片编号(D) 的主芯片 (1 ) 所发出的, 以及, 服务器将资料解密后, 就会将该条密钥 (B)删除或 弃置或标记为已用, 使该条密钥 (B)不会再次被服务器使用。 The key (B) in each authentication account is paired with the key (A) in the main chip (1) corresponding to the account, and each key (B) has a matching key (A). Each pair of paired keys (A) and keys (B) have the same index number (C). The server according to claim 14, wherein each time the server receives the authentication data packet outputted by the main chip (1) of the keyboard through the communication interface (4), the ciphertext is found from the content of the authentication data package. , index number (C), chip number (D), from the chip number (D), find the authentication account corresponding to the chip number (D) in the server, and extract one from the authentication account with the index number (C) The key (B) decrypts the ciphertext and restores the data and chip number (D) input by the user. After the decryption is successful and the chip number (D) is verified, the server can confirm that the authentication packet is from the own chip number ( D) is issued by the main chip (1), and after the server decrypts the data, the key (B) is deleted or discarded or marked as used, so that the key (B) will not be used again. Used by the server.
PCT/CN2007/002383 2007-08-08 2007-08-08 The keyboard for encrypting and authenticating against trojan horse with one time key WO2009018684A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/CN2007/002383 WO2009018684A1 (en) 2007-08-08 2007-08-08 The keyboard for encrypting and authenticating against trojan horse with one time key
CN200780100185.1A CN101933315B (en) 2007-08-08 2007-08-08 The keyboard for encrypting and authenticating against trojan horse with one time key
HK11105543.8A HK1151660A1 (en) 2007-08-08 2011-06-02 The keyboard for encrypting and authenticating against trojan horse with one time key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2007/002383 WO2009018684A1 (en) 2007-08-08 2007-08-08 The keyboard for encrypting and authenticating against trojan horse with one time key

Publications (1)

Publication Number Publication Date
WO2009018684A1 true WO2009018684A1 (en) 2009-02-12

Family

ID=40340929

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/002383 WO2009018684A1 (en) 2007-08-08 2007-08-08 The keyboard for encrypting and authenticating against trojan horse with one time key

Country Status (3)

Country Link
CN (1) CN101933315B (en)
HK (1) HK1151660A1 (en)
WO (1) WO2009018684A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297399A (en) * 2012-03-01 2013-09-11 董建飞 Method and system for improving safety of intelligent secret key equipment

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI488067B (en) * 2012-11-29 2015-06-11 Chi Pei Wang A method and a device for preventing the computer device from being screened on the screen
CN104123512B (en) * 2014-07-17 2018-02-02 天地融科技股份有限公司 Realize the method and apparatus switched between intelligent cipher key equipment pattern
CN107590383A (en) * 2017-08-30 2018-01-16 浙江九州量子信息技术股份有限公司 A kind of main password protecting System and method for based on SOC

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002045339A1 (en) * 2000-11-29 2002-06-06 Temasek Polytechnic Enhance authorization system and method for computer security
CN1427351A (en) * 2001-12-17 2003-07-02 北京兆日科技有限责任公司 User's identity authentication method of dynamic electron cipher equipment and its resources sharing system
CN1622508A (en) * 2004-12-13 2005-06-01 刘云清 One-time password table based one-time password generation and authentication system and method
CN2794067Y (en) * 2005-06-06 2006-07-05 刘亚宁 Enciphering device of key signal in phonetic telecommunication tool
CN1832596A (en) * 2005-03-07 2006-09-13 蔡林川 Method for enciphering to personal handy phone
WO2007051769A1 (en) * 2005-11-02 2007-05-10 Gemplus Method for the secure deposition of digital data, associated method for recovering digital data, associated devices for implementing methods, and system comprising said devices
CN1992592A (en) * 2005-12-30 2007-07-04 腾讯科技(深圳)有限公司 System and method of dynamic password identification

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002045339A1 (en) * 2000-11-29 2002-06-06 Temasek Polytechnic Enhance authorization system and method for computer security
CN1427351A (en) * 2001-12-17 2003-07-02 北京兆日科技有限责任公司 User's identity authentication method of dynamic electron cipher equipment and its resources sharing system
CN1622508A (en) * 2004-12-13 2005-06-01 刘云清 One-time password table based one-time password generation and authentication system and method
CN1832596A (en) * 2005-03-07 2006-09-13 蔡林川 Method for enciphering to personal handy phone
CN2794067Y (en) * 2005-06-06 2006-07-05 刘亚宁 Enciphering device of key signal in phonetic telecommunication tool
WO2007051769A1 (en) * 2005-11-02 2007-05-10 Gemplus Method for the secure deposition of digital data, associated method for recovering digital data, associated devices for implementing methods, and system comprising said devices
CN1992592A (en) * 2005-12-30 2007-07-04 腾讯科技(深圳)有限公司 System and method of dynamic password identification

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103297399A (en) * 2012-03-01 2013-09-11 董建飞 Method and system for improving safety of intelligent secret key equipment

Also Published As

Publication number Publication date
HK1151660A1 (en) 2012-02-03
CN101933315B (en) 2014-03-26
CN101933315A (en) 2010-12-29

Similar Documents

Publication Publication Date Title
US20200074469A1 (en) Secure wireless card reader
CN100495430C (en) Biometric authentication apparatus, terminal device and automatic transaction machine
US9413535B2 (en) Critical security parameter generation and exchange system and method for smart-card memory modules
US6594759B1 (en) Authorization firmware for conducting transactions with an electronic transaction system and methods therefor
EP1349034B1 (en) Service providing system in which services are provided from service provider apparatus to service user apparatus via network
US7861015B2 (en) USB apparatus and control method therein
US20020016913A1 (en) Modifying message data and generating random number digital signature within computer chip
US8132244B2 (en) Mobile smartcard based authentication
EP2098985A2 (en) Secure financial reader architecture
JP2000222362A (en) Method and device for realizing multiple security check point
CN101483654A (en) Method and system for implementing authentication and data safe transmission
JP2010170561A (en) Portable electronic charge and authorization device and method therefor
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
AU2010324525A1 (en) A method and system for providing an internet based transaction
CN101000703A (en) Electronic payment terminal capable of ensuring confidentiality and integrity of information transmission
WO2009018684A1 (en) The keyboard for encrypting and authenticating against trojan horse with one time key
WO2000017758A1 (en) Secure data entry peripheral device
WO2011060739A1 (en) Security system and method
KR20090132818A (en) Double security system using usb token finger print
JP4964048B2 (en) Authentication system and authentication method using non-contact IC and portable information terminal
WO2008154872A1 (en) A mobile terminal, a method and a system for downloading bank card information or payment application information
JPH10149103A (en) Method and system for authentication
KR101872261B1 (en) Ic card information security transmission system and online payment method using the same
KR101394147B1 (en) How to use Certificate safely at Mobile Terminal
KR101471006B1 (en) Method for Operating Certificate

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780100185.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07785293

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07785293

Country of ref document: EP

Kind code of ref document: A1