EP1121781A4 - Adapter having secure function and computer secure system using it - Google Patents
Adapter having secure function and computer secure system using itInfo
- Publication number
- EP1121781A4 EP1121781A4 EP00948363A EP00948363A EP1121781A4 EP 1121781 A4 EP1121781 A4 EP 1121781A4 EP 00948363 A EP00948363 A EP 00948363A EP 00948363 A EP00948363 A EP 00948363A EP 1121781 A4 EP1121781 A4 EP 1121781A4
- Authority
- EP
- European Patent Office
- Prior art keywords
- secure
- key
- keyboard
- computer system
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/02—Input arrangements using manually operated switches, e.g. using keyboards or dials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Definitions
- This invention relates to adapter ("secure adapter”), to be installed and used between a computer system and a keyboard, which provides security function, and secure computer system using thereof, in particular, to configuration for transferring input information from keyboard to computer system in secure mode by encrypting the data, and for transferring information to computer system in clear mode without encryption.
- adapter secure adapter
- Internet brings a representative paradigm of creating informational environment for individuals, business and e-trade.
- Internet features openness and conformity, and surmounts difficulties in exchanging and sharing information resources whether used by an individual or a company, whereas the basic drawback of the Internet with respect to information protection and communication safety has been putting serious obstacles.
- information secure system which is operable for each service type or application whether communication is trusted or not, as is the case with information exchange over the Internet, .
- the computer operates by using direct connection between the keyboard and the system: the keyboard controller of the computer system receives a key code from the keyboard access port, transmits it to the computer system, and then application program in the computer system receives and uses this value.
- the object of the present invention is to solve the above problems in full and to tackle related technical issues.
- the object of the present invention is to prevent information (data) from being drained by other persons using methods not intended by user, such as hacking, enabling the user setting up a secure connection between the computer system and the keyboard for entering data from the keyboard into the computer system .
- the present invention can cope with such problems as reproduction and can deal with storing and processing of the data which requires secure handling.
- the present invention which is an adapter to transfer key code input information from the keyboard to the computer system, is configured to transfer the key code input information from the keyboard to the computer system after encrypting it only when the secure mode setup command is received from the keyboard or the computer system, and to transfer the information from the keyboard to the computer system without encrypting the data if the secure mode clear command is received or when in the clear secure mode state.
- the encrypted key code input information may be the information from all key codes, and only the character and numeral key codes other than special key codes, depending on setup configuration.
- Secure mode can be setup/cleared by using a special key ("secure key”), which is additionally installed on the keyboard, or using a combination of existing keys (e.g.,
- CTRL key + ALT key + SHIFT key + S key CTRL key + ALT key + SHIFT key + S key. Also, the application program under execution in the computer system can set up or clear the secure mode depending on the given conditions, although the user does not control the secure mode with the key.
- the configuration, for example, of a secure adapter for secure mode setup/clearing comprises the main processor to process secure mode setup/clearing commands and to create the secrete key in secure mode setting, the initial cipher to transfer the secrete key transmitted from the main processor to the keyboard controller of the computer system by encrypting the secrete key with the secure key from the computer system, and the stream cipher to encrypt the key code input information from the keyboard with the secrete key.
- the secure adapter in the present invention comprises: a computer connection coupled to the keyboard port of the computer; a keyboard connection coupled to the keyboard plug; a transmit/receive control on the computer to control communication with the computer system; a transmit/receive control on the keyboard to control communication with the keyboard; a main processor to create a secrete key, to perform secure mode setup/clearing according to the secure mode commands, and to exchange the data between the computer system and the keyboard; an initial cipher to encrypt the secrete key transferred from the main processor with the secure key from the computer system and then transmit the encrypted secret key to the computer system when the secure mode is set up; and, a stream cipher to encrypt the key code input information with the secrete key from the main processor and then to transmit the encrypted information to the computer system when the secure mode is set up.
- Said transmit/receive control on the computer writes all information to be transmitted on the input buffer first so that the control program transmits it at a proper time, and all received messages are written on the input buffer and can be used in other modules.
- Said transmit/receive control on the keyboard transmits the key code input information from the keyboard to the main processor, all commands transmitted are written on the buffer and this module transmits them at a proper time.
- Said stream cipher encrypts information transmitted from the main processor with the secrete key. While each different encryption function is applied because bits or characters of a plain text are encrypted, and thus different encryption function is applied and respective plain text bit is encrypted irregardless of other bits for stream cipher, unlike block cipher for which the same encryption function is applied to all plain texts, its encrypting speed is relatively high. Also, the impact of channel errors occurring in a certain bit during encryption or transmission process is advantageously applied only to the corresponding bit, but not propagated to other bits. However, configuration using block cipher instead of stream password can be used, if necessary.
- the secure adapter of the present invention is not necessarily to be a device separated from the keyboard and the computer system in design, and can be coupled with the computer body or with the keyboard.
- the transmit/receive means of the computer body and the keyboard may not be a cable, but the system can be designed so that radio information transmitter is installed on the keyboard and radio information receiver is installed on the computer body.
- a secure adapter connected between the computer system and the keyboard as an independent device is shown.
- an indication lamp showing operating state and a secure mode indication lamp (described below) are installed.
- a secure adapter of the present invention may include one or more indication lamps. These indication lamps show the operation mode of the secure adapter, the secure mode indication lamp shows secure state, and so on.
- the secure mode indication lamp is controlled by the main processor. Under secure mode, the secure mode indication lamp is on, and goes off when secure mode is cleared, while the lamp periodically blinks when secure mode state is disabled.
- the disabled secure mode state means the case when setting of the computer system, the secure key and/or the secrete key was not performed normally.
- the secure mode indication lamp is not only installed on the secure adapter, but on the front of the computer body, the keyboard or on the monitor as the case may be. If necessary, a small indicator (i.e., an icon type, etc.) can be displayed on the setup screen on the monitor to prompt whether the secure mode is set up or not.
- safe memory interworking with the main configuration of the secure adapter may be added.
- Said safe memory operates under the secure mode that an application program executed on the computer system established in necessary case, and is used for storing and processing encrypted data which requires separate security handling.
- said safe memory comprises: a safe memory interface to transmit a password transmitted from the main processor, or the password and the data which requires security (“secure data”), to an encryption/key operation processor, and to transmit the data received from a decoder to the main processor; an encryption/key operation processor to convert the password to the key ("the safe key”), and then, if the secure data is not received together with the password from the safe memory interface, to transmit the safe key to the decoder and to encrypt the password with the safe key by encryption algorithm and calculate the integrity identification value of the encrypted password (“password integrity identification value”) and then to transmit the password integrity identification value to a comparison/processor, and, if the secure data is received together with the password from the safe memory interface, to encrypt the secure data with the safe key and calculate the integrity identification value of the encrypted secure data (“encrypted data integrity identification value”) and then to transmit the encrypted data integrity identification value together with the "encrypted data” to the comparison/processor; a comparison/processor to transmit the stored data to the decoder
- the main processor of the secure adapter additionally has a function to transmit the password input request command to the computer system where the secure mode setup command received from the application program of the computer system is for the safe memory, and to transmit the password received from the keyboard to the safe memory.
- the safe memory does not store password separately, and executes decoding using the safe key converted from the password only when the user enters the same password as the password used for storing the encrypted data. Whether the correct password is entered is acknowledged as valid access only when values are the same after comparing the "password integrity identification value" stored in the encrypted data of the data storage memory with the "password integrity identification value” calculated after encryption with the safe key converted from the newly entered password.
- the safe key transferred from the encryption/key operation processor to the decoder is temporally stored on the buffer of the decoder and then the key is deleted from the buffer by the command from the comparison/processor, where the stored "password integrity identification value" and the "password integrity identification value” calculated from the newly entered password are not the same, as the result of execution of the comparison/processor.
- the conversion of password to a safe key may be executed using various known methods such as hash function or polynomial algorithms.
- Representative examples are the MAC hash function, the MDC hash function, the MD4 hash function, the MD5 hash function, the SHA hash function, the CRC algorithm, and so on.
- the integrity identification protects data against hacker's active attacks because it is used as a means to identify the person who performs the access.
- various known algorithms described above can be used, in particular Cyclic Redundancy Checking (CRC) algorithm is preferred.
- CRC Cyclic Redundancy Checking
- the CRC algorithm transmits the data of k+n bits by dividing the transmitted data into n+1 bit patterns and adding the remaining of n bits length occurred at the division to the end of data bits.
- the algorithm can be adjusted so that the data is organized as n bits at the point to receive the data and the received data is divided by the pattern, and then data transmission errors are found through the remaining values.
- the data transmission error identification algorithm configuration in communication is transformed and used, as the method to store the values to the data storage memory by calculating the CRC value ("encrypted data CRC value") of the data encrypted with the safe key converted from password and the CRC value of password ("password CRC value”), and to compare the "password CRC value” calculated from the password entered by the user with the "password CRC value” stored on the data storage memory when an application program of the computer system intends to acquire the data under the secure state.
- n is 16 or 32 bits. In the present invention, 16 bits are preferably used.
- the encryption algorithm used for encrypting with the safe key can be selected among various known encryption algorithms, or a separate algorithm can be developed and used.
- the "password integrity identification value" and the “encrypted data integrity identification value” are stored together in the data storage memory, the "password integrity identification value” being used to identify whether the password to newly enter data is correct, while the “encrypted data integrity identification value” being used to identify whether the encrypted data is stored without errors or with errors during storage. That is, it is possible to identify the above by repeatedly encrypting the decoded data with the safe key, calculating the integrity identification value of the encrypted data, and comparing the value with the encrypted data integrity identification value written on the data storage memory. Therefore, it is possible to confirm whether errors occurred in storing or decoding the encrypted data, by adding a separate module that can execute such a function or adding such a function to the basic configuration module.
- the encryption algorithm used in the safe memory may differ from the encryption algorithm used in the stream cipher of the secure adapter.
- the present invention also relates to the computer security system, which comprises the secure adapter, the keyboard and the computer system.
- a separate secure key for entering the secure mode setup/clearing command is incorporated in the keyboard and/or the secure mode setup/clearing command is created by the combination of existing key codes.
- the computer system has the secure key creation function, the encryption/decoding function with the secrete key and the encryption/decoding function with the secure key, and includes the keyboard manager with application program interface.
- the application program interface has the function to perform direct decoding in the application program of the computer system and/or provides the function with which the operating system of the computer system can perform decoding.
- the secure key created in the keyboard manager of the computer system is transmitted to the secure adapter in setting the secure mode.
- the secure key transmitted to the secure adapter encrypts the newly created secrete key from the adapter in each secure mode setup, and then retransmits the encrypted secrete key to the computer system.
- the secure adapter transmits the key code value entered from the keyboard to the computer system after encrypting the value with the secrete key. Then, the computer system processes the encrypted key code input information transmitted from the secure adapter after decoding the information with the stored secrete key.
- the computer system includes general operating system, application programs and so on in addition to the keyboard manager.
- the function to decode encrypted information may be incorporated to the keyboard manager, the operating system and/or application programs. Wherein, there are protocols between application programs and the keyboard manager, and between the operating system and the keyboard manager, to acquire the decoded information. This is to prevent the case that a third person can misuse the external interface of the keyboard for hacking purposes.
- the keyboard manager makes and sends the secure key to the secure adapter. Then the manager receives the secrete key encrypted by the secure key from the secure adapter in secure mode, and then receives key code input information encrypted by the secrete key from the secure adapter.
- the encrypted key code input information received from the secure adapter by the keyboard manager is not immediately decoded, but stored in a location of the keyboard manager or the computer system and only the signal that any key code is pressed is sent to the application program interface by the operating system.
- the application program interface interrupts the code and requests decoding of the key code first pressed to the keyboard manager. Then the keyboard manager transfers the stored encrypted key code input information to the application program interface after decoding it with the stored secrete key, and then the application program interface returns the decoded information to the application program as the result of examination.
- BIOS operation BIOS operation
- LOADER operation KERNEL operation
- keyboard manager operation O.S operation
- O.S operation is performed in sequence in applying power. Therefore, since the keyboard manager is executed while O.S is being loaded after a computer is energized, the keyboard manager is executed earlier than general hacking or application programs.
- the keyboard input information is not encrypted and transferred to the keyboard manager and then directly to application programs through the operating system.
- the main processor switches the system to secure mode and sends the password input request command to the computer system. If the computer system prompts for password input on screen, the user supplies the password, the password is transferred to the main processor through the keyboard transmit/receive control, and the main processor sends it to the interface of the safe memory.
- the data from an application program is transferred to the main processor and then the main processor receives and transfers the data to the safe memory interface.
- the safe memory interface transfers password and the secure data to the encryption/key operation processor
- the encryption/key operation processor converts the password to the safe key and encrypts the secure data and the password, using the safe key.
- the encryption/key operation processor calculates the CRC values of the encrypted password and the encrypted data, and then transmits the "encrypted data", the "password CRC value” and the "encrypted data CRC value" to the comparison/processor.
- the comparison/processor records the information to the data storage memory (refer to the Fig.8).
- the secure mode setup command from the application program is for decoding the stored encrypted information
- only the password transferred to the safe memory interface is sent to the encryption/key operation processor.
- the encryption/key operation processor encrypts password with the safe key after converting the password to the safe key, calculates the CRC value of the encrypted password ("password CRC value"), and then respectively transmits the "safe key” to the decoder, and the "password CRC value” to the comparison/processor.
- the comparison/processor scans the data storage memory and confirms whether the "password CRC value" stored in the memory is equal to the "password CRC value" received from the encryption/key operation processor.
- the comparison/processor receives and transfers the encrypted data from the data storage memory to the decoder.
- the decoder decodes the encrypted data from the comparison/processor with the safe key, and deletes the safe key after transmission of the data to the safe memory interface. If two values are not equal, the comparison/processor deletes the safe key stored on the decoder buffer and transmits password nonconformity to the computer system (refer to Fig.9).
- the process that the decoded data is encrypted again with the secrete key in the stream cipher and transmitted to the computer system is the same as the aforementioned description for the main configuration of a secure adapter. However, as the case may be, it is possible to organize the process where the data decoded in and transmitted from the safe memory can be transferred to the computer system without repeated encryption in the stream cipher.
- the present invention also relates to a method to secure the key code input information transferred from the keyboard using the secure computer system.
- the method comprises the steps for: transferring a secure key created in the keyboard manager of the computer system to the secure adapter in computer booting; creating a new secrete key in the main processor when the secure mode setup command from the keyboard or the computer system is transferred to the main processor of the secure adapter, and then transferring the secrete key to the initial cipher and the stream cipher of the secure adapter; encrypting the secrete key with the secure key in the initial cipher and then transferring the encrypted secrete key to the keyboard manager through the computer connection by the transmit/receive control on the computer; under secure mode, main processor transferring the information to the stream cipher if the key code input information of the keyboard is transferred to the main processor through the transmit/receive control on the keyboard, the stream cipher's encrypting the key code input information with the secrete key and transferring the encrypted information to the keyboard manager through computer connection by the transmit/receive control on the computer; computer system decoding the encrypted information using the secrete key; main processor transferring the secure mode clearing
- the configuration further comprises the step of: main processor transferring the password from the transmit/receive control on the keyboard and the secure data from the transmit/receive control on the computer to the safe memory after the main processor transfers the password input request command to the computer system, and safe memory encrypting and then storing the received data using the password, if secure mode setup is made by the command from the application program of the computer system and also for data storage requiring security; but main processor transferring the password from the transmit/receive control on the keyboard to the safe memory after the main processor transfers the password input request command to the computer system, and safe memory decoding the encrypted data with the password and then transferring the decoded data to the main processor where the password is correct, but not decoding the encrypted data where not correct, if secure mode setup is made by the command from the application program of the computer system and also for acquisition of the secure data.
- the keyboard manager of the computer system (not shown) transfers the secure key to the main processor through the computer connection by the transmit/receive control on the computer.
- the main processor turns on the operating indication lamp and sends the secure key to the initial cipher.
- the key code input information from the keyboard is transferred to the main processor through the keyboard connection by the transmit/receive control on the keyboard.
- the main processor turns on the secure mode indication lamp, creates and transfers the secrete key to the initial cipher and the stream cipher, and also the key code input information to the stream cipher, if the input information transferred from the keyboard is for secure mode setup.
- the initial cipher encrypts the secrete key with the secure key, and sends the encrypted secrete key to the keyboard manager of the computer system through the computer connection by the transmit/receive control on the computer.
- the stream cipher transfers the encrypted information to the keyboard manager of the computer system through the computer connection by the transmit/receive control of the computer after encrypting the key code input information, using the secrete key transmitted from the main processor.
- the process to handle the encrypted key code input information, transferred to the keyboard manager, in the computer system is referred to the details described before on the Fig.3 basis.
- the clear command is transferred to the main processor and the stream cipher by the transmit/receive control on the computer or the transmit/receive control on the keyboard.
- the main processor turns off the secure mode indication lamp and transfers the secure mode clearing command to the stream cipher.
- key code values transferred from the keyboard are transferred to the computer system through the computer connection by the transmit/receive control on the computer, without encryption in the stream cipher.
- the secure adapter goes in the disabled secure mode, and the main processor sends periodical ON and OFF signals to the secure mode indication lamp. Then, by the keyboard manager and the decoded data transfer protocol, the disabled secure mode state may be notified on the monitor as a message type and so on, and the keyboard input information is transferred to the keyboard manager without encryption.
- the Fig.8 shows the data storage process after encrypting data in the secure adapter with the incorporated safe memory
- the Fig.9 shows the process to decode the encrypted data.
- Fig. 1 shows a configuration of the module as an embodiment of a secure adapter according to the present invention
- Fig. 2 shows a view of an embodiment of a secure adapter, of the present invention, with connection between a computer system and a keyboard using cables;
- Fig. 3 shows a schematical diagram of a computer system in a computer secure system of the present invention
- Fig. 4 shows a configuration of a module that the safe memory is incorporated to a secure adapter of the Fig.l;
- Fig. 5 shows steps for secure mode setup in the present invention;
- Fig. 6 shows steps for clearing secure mode in the present invention;
- Fig. 7 shows steps for processing key code input information under secure mode;
- Fig. 8 shows steps for encrypting and storing data in a secure adapter of the Fig. 4;
- Fig. 9 shows steps for decoding stored data in a secure adapter of the Fig. 4.
- the secure adapter and the secure computer system employing thereof of the invention are used, it is possible to prevent third person from intruding into the computer system by hacking and stealing user's secrete data, for stock exchange, Internet banking, cyber transactions and other communications over the Internet, modem communications or for network data transfer.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
- Input From Keyboards Or The Like (AREA)
Abstract
A secure adapter and a secure computer system including thereof to safely transfer the key code input information from the keyboard to the computer system. The invention enables transferring the key code input information after encrypting it only when the secure mode setup command is received from the keyboard or the computer system, and transfer the information from the keyboard to the computer system without encryption if the secure mode clearing command is received or under the secure mode clear state. Also, if storage and processing of the data requires special secure handling, the data can be encrypted and decoded only when the user enters correct password, and safe memory which does not store separate password may be added. If the secure adapter and the computer secure system employing thereof of the present invention is used, it is possible to prevent a third person from intruding into the computer system by hacking and stealing user's secrete data, for stock exchange, Internet banking, cyber transactions and other communications over the Internet, modem communications or network data exchange.
Description
ADAPTER HAVING SECURE FUNCTION AND COMPUTER SECURE SYSTEM USING IT
Technical Field
This invention relates to adapter ("secure adapter"), to be installed and used between a computer system and a keyboard, which provides security function, and secure computer system using thereof, in particular, to configuration for transferring input information from keyboard to computer system in secure mode by encrypting the data, and for transferring information to computer system in clear mode without encryption.
Background Art
Development of computers and rapid growth of information exchange and communications over Internet has opened the way for quick and easy access to information. In particular, Internet brings a representative paradigm of creating informational environment for individuals, business and e-trade. Internet features openness and conformity, and surmounts difficulties in exchanging and sharing information resources whether used by an individual or a company, whereas the basic drawback of the Internet with respect to information protection and communication safety has been putting serious obstacles. Thus, what is needed is information secure system, which is operable for each service type or application whether communication
is trusted or not, as is the case with information exchange over the Internet, .
While development of information and computer communication enabled electronic transactions such as stock exchange, Internet banking, and other cyber transactions, when using Internet or modem communications, user's information (data) is often drained to other persons by illegal methods including hacking by third persons. For an experienced hacker, information stored on a computer connected to the Internet can be almost as available as the data on the same system. Thus, one cannot say information is safe just because it is stored on someone's computer. Additionally, as technical, marketing and other information is much transferred over the Internet and other media, and electronic transactions and economic activities are frequently performed, it is urgently required to safely protect each individual's information.
Normally, all data inputted from the computer keyboard is transferred, stored and processed in the computer system as is. That it is, the computer operates by using direct connection between the keyboard and the system: the keyboard controller of the computer system receives a key code from the keyboard access port, transmits it to the computer system, and then application program in the computer system receives and uses this value.
Accordingly, if a third person can receive this value from the keyboard port using hacking technique or get it somehow from keyboard controller, this can bring far- reaching effect when an unauthorized person is able to use someone's private data illegally.
Thus, the object of the present invention is to solve the above problems in full and to tackle related technical issues.
That is, the object of the present invention is to prevent information (data) from being drained by other persons using methods not intended by user, such as hacking, enabling the user setting up a secure connection between the computer system and the keyboard for entering data from the keyboard into the computer system .
Also, in the case of with additional safe memory, since the data can be encrypted/decoded only when the user supplies password, and the encryption password is not stored or preserved separately, the present invention can cope with such problems as reproduction and can deal with storing and processing of the data which requires secure handling.
Summary of Invention
To achieve the aforementioned objects, the present invention, which is an adapter to transfer key code input information from the keyboard to the computer system, is configured to transfer the key code input information from the keyboard to the computer system after encrypting it only when the secure mode setup command is received from the keyboard or the computer system, and to transfer the information from the keyboard to the computer system without encrypting the data if the secure mode clear command is received or when in the clear secure mode state.
At the secure mode, the encrypted key code input information may be the
information from all key codes, and only the character and numeral key codes other than special key codes, depending on setup configuration.
Secure mode can be setup/cleared by using a special key ("secure key"), which is additionally installed on the keyboard, or using a combination of existing keys (e.g.,
CTRL key + ALT key + SHIFT key + S key). Also, the application program under execution in the computer system can set up or clear the secure mode depending on the given conditions, although the user does not control the secure mode with the key.
Disclosure of Invention
The configuration, for example, of a secure adapter for secure mode setup/clearing comprises the main processor to process secure mode setup/clearing commands and to create the secrete key in secure mode setting, the initial cipher to transfer the secrete key transmitted from the main processor to the keyboard controller of the computer system by encrypting the secrete key with the secure key from the computer system, and the stream cipher to encrypt the key code input information from the keyboard with the secrete key.
With reference to Fig. 1, more detailed configuration, as possible embodiment of the secure adapter in the present invention, comprises: a computer connection coupled to the keyboard port of the computer; a keyboard connection coupled to the keyboard plug; a transmit/receive control on the computer to control communication with the computer system;
a transmit/receive control on the keyboard to control communication with the keyboard; a main processor to create a secrete key, to perform secure mode setup/clearing according to the secure mode commands, and to exchange the data between the computer system and the keyboard; an initial cipher to encrypt the secrete key transferred from the main processor with the secure key from the computer system and then transmit the encrypted secret key to the computer system when the secure mode is set up; and, a stream cipher to encrypt the key code input information with the secrete key from the main processor and then to transmit the encrypted information to the computer system when the secure mode is set up.
Said transmit/receive control on the computer writes all information to be transmitted on the input buffer first so that the control program transmits it at a proper time, and all received messages are written on the input buffer and can be used in other modules.
Said transmit/receive control on the keyboard transmits the key code input information from the keyboard to the main processor, all commands transmitted are written on the buffer and this module transmits them at a proper time.
Said stream cipher encrypts information transmitted from the main processor with the secrete key. While each different encryption function is applied because bits or characters of a plain text are encrypted, and thus different encryption function is applied and respective plain text bit is encrypted irregardless of other bits for stream cipher,
unlike block cipher for which the same encryption function is applied to all plain texts, its encrypting speed is relatively high. Also, the impact of channel errors occurring in a certain bit during encryption or transmission process is advantageously applied only to the corresponding bit, but not propagated to other bits. However, configuration using block cipher instead of stream password can be used, if necessary.
For computer connection and keyboard connection, 5V power is normally supplied, and they are connected with a communication line. However, the secure adapter of the present invention is not necessarily to be a device separated from the keyboard and the computer system in design, and can be coupled with the computer body or with the keyboard. In this case, the transmit/receive means of the computer body and the keyboard may not be a cable, but the system can be designed so that radio information transmitter is installed on the keyboard and radio information receiver is installed on the computer body. In the Fig. 2, an example of a secure adapter connected between the computer system and the keyboard as an independent device is shown. On the secure adapter, an indication lamp showing operating state and a secure mode indication lamp (described below) are installed.
A secure adapter of the present invention may include one or more indication lamps. These indication lamps show the operation mode of the secure adapter, the secure mode indication lamp shows secure state, and so on. In this case, the secure mode indication lamp is controlled by the main processor. Under secure mode, the secure mode indication lamp is on, and goes off when secure mode is cleared, while the lamp periodically blinks when secure mode state is disabled. The disabled secure mode state means the case when setting of the computer system, the secure key and/or the
secrete key was not performed normally. The secure mode indication lamp is not only installed on the secure adapter, but on the front of the computer body, the keyboard or on the monitor as the case may be. If necessary, a small indicator (i.e., an icon type, etc.) can be displayed on the setup screen on the monitor to prompt whether the secure mode is set up or not.
Depending on the case, safe memory interworking with the main configuration of the secure adapter may be added. Said safe memory operates under the secure mode that an application program executed on the computer system established in necessary case, and is used for storing and processing encrypted data which requires separate security handling.
More specifically, said safe memory comprises: a safe memory interface to transmit a password transmitted from the main processor, or the password and the data which requires security ("secure data"), to an encryption/key operation processor, and to transmit the data received from a decoder to the main processor; an encryption/key operation processor to convert the password to the key ("the safe key"), and then, if the secure data is not received together with the password from the safe memory interface, to transmit the safe key to the decoder and to encrypt the password with the safe key by encryption algorithm and calculate the integrity identification value of the encrypted password ("password integrity identification value") and then to transmit the password integrity identification value to a comparison/processor, and, if the secure data is received together with the password from the safe memory interface, to encrypt the secure data with the safe key and
calculate the integrity identification value of the encrypted secure data ("encrypted data integrity identification value") and then to transmit the encrypted data integrity identification value together with the "encrypted data" to the comparison/processor; a comparison/processor to transmit the stored data to the decoder if two integrity identification values are the same after comparing the "password integrity identification value" received from the encryption/key operation processor with the "password integrity identification value" stored in the data storage memory, to transmit password nonconformity to the computer and delete the temporally stored safe key on the decoder if the values are not the same, and to transmit the data to the data storage memory where "encrypted data" and "encrypted data integrity identification value" together with "password integrity identification value" are received from the encryption/key operation processor; a data storage memory to store the encrypted data, the encrypted data integrity identification value and the password integrity identification value; and a decoder to decode the encrypted data from the data storage memory with the safe key and then to transmit the decoded data to the safe memory interface.
In this case, the main processor of the secure adapter additionally has a function to transmit the password input request command to the computer system where the secure mode setup command received from the application program of the computer system is for the safe memory, and to transmit the password received from the keyboard to the safe memory.
The safe memory does not store password separately, and executes decoding using the safe key converted from the password only when the user enters the same
password as the password used for storing the encrypted data. Whether the correct password is entered is acknowledged as valid access only when values are the same after comparing the "password integrity identification value" stored in the encrypted data of the data storage memory with the "password integrity identification value" calculated after encryption with the safe key converted from the newly entered password.
Therefore, the safe key transferred from the encryption/key operation processor to the decoder is temporally stored on the buffer of the decoder and then the key is deleted from the buffer by the command from the comparison/processor, where the stored "password integrity identification value" and the "password integrity identification value" calculated from the newly entered password are not the same, as the result of execution of the comparison/processor.
The conversion of password to a safe key may be executed using various known methods such as hash function or polynomial algorithms. Representative examples are the MAC hash function, the MDC hash function, the MD4 hash function, the MD5 hash function, the SHA hash function, the CRC algorithm, and so on.
The integrity identification protects data against hacker's active attacks because it is used as a means to identify the person who performs the access. As a method to identify the integrity, various known algorithms described above can be used, in particular Cyclic Redundancy Checking (CRC) algorithm is preferred. In transmitting the data of K bits, the CRC algorithm transmits the data of k+n bits by dividing the transmitted data into n+1 bit patterns and adding the remaining of n bits length occurred
at the division to the end of data bits. The algorithm can be adjusted so that the data is organized as n bits at the point to receive the data and the received data is divided by the pattern, and then data transmission errors are found through the remaining values. Where the remainder is 0 at the point to receive the data, it is considered that there are no data transmission errors, and there are data transmission errors where it is 1. Accordingly, in the present invention, the data transmission error identification algorithm configuration in communication is transformed and used, as the method to store the values to the data storage memory by calculating the CRC value ("encrypted data CRC value") of the data encrypted with the safe key converted from password and the CRC value of password ("password CRC value"), and to compare the "password CRC value" calculated from the password entered by the user with the "password CRC value" stored on the data storage memory when an application program of the computer system intends to acquire the data under the secure state. Thus, if the stored CRC value and the newly calculated CRC value are the same, it is confirmed that the user who entered the same password with the password used in data storage has now access to the computer system. In the above, n is 16 or 32 bits. In the present invention, 16 bits are preferably used.
The encryption algorithm used for encrypting with the safe key can be selected among various known encryption algorithms, or a separate algorithm can be developed and used.
The "password integrity identification value" and the "encrypted data integrity identification value" are stored together in the data storage memory, the "password integrity identification value" being used to identify whether the password to newly
enter data is correct, while the "encrypted data integrity identification value" being used to identify whether the encrypted data is stored without errors or with errors during storage. That is, it is possible to identify the above by repeatedly encrypting the decoded data with the safe key, calculating the integrity identification value of the encrypted data, and comparing the value with the encrypted data integrity identification value written on the data storage memory. Therefore, it is possible to confirm whether errors occurred in storing or decoding the encrypted data, by adding a separate module that can execute such a function or adding such a function to the basic configuration module.
On the other hand, if each different password is used in storing the multitude of encrypted data at the same time or several times to the data storage memory, a different "password integrity identification value" is stored respectively for the encrypted data. That is to say, passwords may be set differently in storing data, and thus may be specific to the type of encrypted data. Accordingly, if necessary, it is possible to establish the password integrity identification value of the encrypted data stored on the data storage memory depending on the type of encrypted data. In the drain process of the encrypted data, all encrypted data with the same "password integrity identification value" are decoded.
The encryption algorithm used in the safe memory may differ from the encryption algorithm used in the stream cipher of the secure adapter.
The present invention also relates to the computer security system, which comprises the secure adapter, the keyboard and the computer system.
A separate secure key for entering the secure mode setup/clearing command is incorporated in the keyboard and/or the secure mode setup/clearing command is created by the combination of existing key codes. The computer system has the secure key creation function, the encryption/decoding function with the secrete key and the encryption/decoding function with the secure key, and includes the keyboard manager with application program interface. The application program interface has the function to perform direct decoding in the application program of the computer system and/or provides the function with which the operating system of the computer system can perform decoding.
The secure key created in the keyboard manager of the computer system is transmitted to the secure adapter in setting the secure mode. When the secure key transmitted to the secure adapter encrypts the newly created secrete key from the adapter in each secure mode setup, and then retransmits the encrypted secrete key to the computer system. The secure adapter transmits the key code value entered from the keyboard to the computer system after encrypting the value with the secrete key. Then, the computer system processes the encrypted key code input information transmitted from the secure adapter after decoding the information with the stored secrete key.
The computer system includes general operating system, application programs and so on in addition to the keyboard manager. The function to decode encrypted information may be incorporated to the keyboard manager, the operating system and/or application programs. Wherein, there are protocols between application programs and the keyboard manager, and between the operating system and the keyboard manager, to acquire the decoded information. This is to prevent the case that a third person can
misuse the external interface of the keyboard for hacking purposes.
Referring now to the Fig.3, an example that the computer system can be executed under Microsoft Windows 98 and the keyboard manager has the decoding function is described below. However, in addition to Windows 98, corresponding protocols are applicable for Windows 2000, Windows/NT, Unix, Linux and so on.
When the computer system is operated, the keyboard manager makes and sends the secure key to the secure adapter. Then the manager receives the secrete key encrypted by the secure key from the secure adapter in secure mode, and then receives key code input information encrypted by the secrete key from the secure adapter. The encrypted key code input information received from the secure adapter by the keyboard manager is not immediately decoded, but stored in a location of the keyboard manager or the computer system and only the signal that any key code is pressed is sent to the application program interface by the operating system.
On the one hand, when an application program needs to examine the transferred key code during operation, the application program interface interrupts the code and requests decoding of the key code first pressed to the keyboard manager. Then the keyboard manager transfers the stored encrypted key code input information to the application program interface after decoding it with the stored secrete key, and then the application program interface returns the decoded information to the application program as the result of examination.
With reference, if booting process of the computing system of the present
invention is checked, BIOS operation, LOADER operation, KERNEL operation, keyboard manager operation and O.S operation is performed in sequence in applying power. Therefore, since the keyboard manager is executed while O.S is being loaded after a computer is energized, the keyboard manager is executed earlier than general hacking or application programs.
On the other hand, when the secure mode is cleared, the keyboard input information is not encrypted and transferred to the keyboard manager and then directly to application programs through the operating system.
Referring now to the Fig.4, an example when safe memory is added to the main configuration of the secure adapter of the present invention is described below. This embodiment is defined to only the case when the integrity identification value is calculated using the CRC algorithm.
If storage or processing commands of the data which requires security together with the secure mode setup command from the application program of the computer system are sent to the main processor, the main processor switches the system to secure mode and sends the password input request command to the computer system. If the computer system prompts for password input on screen, the user supplies the password, the password is transferred to the main processor through the keyboard transmit/receive control, and the main processor sends it to the interface of the safe memory.
If the secure mode setup command from the application program is for data storage requiring security, the data from an application program is transferred to the
main processor and then the main processor receives and transfers the data to the safe memory interface. If the safe memory interface transfers password and the secure data to the encryption/key operation processor, the encryption/key operation processor converts the password to the safe key and encrypts the secure data and the password, using the safe key. On the other hand, the encryption/key operation processor calculates the CRC values of the encrypted password and the encrypted data, and then transmits the "encrypted data", the "password CRC value" and the "encrypted data CRC value" to the comparison/processor. The comparison/processor records the information to the data storage memory (refer to the Fig.8).
In the meantime, if the secure mode setup command from the application program is for decoding the stored encrypted information, only the password transferred to the safe memory interface is sent to the encryption/key operation processor. The encryption/key operation processor encrypts password with the safe key after converting the password to the safe key, calculates the CRC value of the encrypted password ("password CRC value"), and then respectively transmits the "safe key" to the decoder, and the "password CRC value" to the comparison/processor. The comparison/processor scans the data storage memory and confirms whether the "password CRC value" stored in the memory is equal to the "password CRC value" received from the encryption/key operation processor. If two CRC values are equal, the comparison/processor receives and transfers the encrypted data from the data storage memory to the decoder. The decoder decodes the encrypted data from the comparison/processor with the safe key, and deletes the safe key after transmission of the data to the safe memory interface. If two values are not equal, the comparison/processor deletes the safe key stored on the decoder buffer and transmits
password nonconformity to the computer system (refer to Fig.9).
The process that the decoded data is encrypted again with the secrete key in the stream cipher and transmitted to the computer system is the same as the aforementioned description for the main configuration of a secure adapter. However, as the case may be, it is possible to organize the process where the data decoded in and transmitted from the safe memory can be transferred to the computer system without repeated encryption in the stream cipher.
The present invention also relates to a method to secure the key code input information transferred from the keyboard using the secure computer system.
In particular, the method comprises the steps for: transferring a secure key created in the keyboard manager of the computer system to the secure adapter in computer booting; creating a new secrete key in the main processor when the secure mode setup command from the keyboard or the computer system is transferred to the main processor of the secure adapter, and then transferring the secrete key to the initial cipher and the stream cipher of the secure adapter; encrypting the secrete key with the secure key in the initial cipher and then transferring the encrypted secrete key to the keyboard manager through the computer connection by the transmit/receive control on the computer; under secure mode, main processor transferring the information to the stream cipher if the key code input information of the keyboard is transferred to the main processor through the transmit/receive control on the keyboard, the stream cipher's
encrypting the key code input information with the secrete key and transferring the encrypted information to the keyboard manager through computer connection by the transmit/receive control on the computer; computer system decoding the encrypted information using the secrete key; main processor transferring the secure mode clearing command to the stream cipher when the secure mode clearing command is transferred from the keyboard or the computer system to the main processor of the secure adapter; and when secure mode is cleared, the stream cipher transferring the transferred key code input information to the keyboard manager through the computer connection by the transmit/receive control on the computer without encryption, if the key code input information of the keyboard is transferred to the stream cipher through the transmit/receive control on the keyboard after passing through the keyboard connection.
Where the safe memory is incorporated into the main configuration of a secure adapter, the configuration further comprises the step of: main processor transferring the password from the transmit/receive control on the keyboard and the secure data from the transmit/receive control on the computer to the safe memory after the main processor transfers the password input request command to the computer system, and safe memory encrypting and then storing the received data using the password, if secure mode setup is made by the command from the application program of the computer system and also for data storage requiring security; but main processor transferring the password from the transmit/receive control on the keyboard to the safe memory after the main processor transfers the password input request command to the computer system, and safe memory decoding the encrypted data with the password and then transferring the decoded data to the main processor
where the password is correct, but not decoding the encrypted data where not correct, if secure mode setup is made by the command from the application program of the computer system and also for acquisition of the secure data.
On the basis of the Fig. 1 operation process of a secure adapter is described below in secure mode setting/clearing by the computer secure system of the present invention.
When the computer is booted (the process when the power is applied, operating system is initiated and then the computer goes into operation state), the keyboard manager of the computer system (not shown) transfers the secure key to the main processor through the computer connection by the transmit/receive control on the computer. The main processor turns on the operating indication lamp and sends the secure key to the initial cipher.
On the other hand, the key code input information from the keyboard is transferred to the main processor through the keyboard connection by the transmit/receive control on the keyboard. The main processor turns on the secure mode indication lamp, creates and transfers the secrete key to the initial cipher and the stream cipher, and also the key code input information to the stream cipher, if the input information transferred from the keyboard is for secure mode setup. The initial cipher encrypts the secrete key with the secure key, and sends the encrypted secrete key to the keyboard manager of the computer system through the computer connection by the transmit/receive control on the computer. On the other hand, the stream cipher transfers the encrypted information to the keyboard manager of the computer system through the
computer connection by the transmit/receive control of the computer after encrypting the key code input information, using the secrete key transmitted from the main processor. The process to handle the encrypted key code input information, transferred to the keyboard manager, in the computer system is referred to the details described before on the Fig.3 basis.
If the secure mode clearing command is directed from the computer system or the keyboard, the clear command is transferred to the main processor and the stream cipher by the transmit/receive control on the computer or the transmit/receive control on the keyboard. The main processor turns off the secure mode indication lamp and transfers the secure mode clearing command to the stream cipher. Thereafter, key code values transferred from the keyboard are transferred to the computer system through the computer connection by the transmit/receive control on the computer, without encryption in the stream cipher.
The process to handle the not-encrypted key code input information, transferred to the keyboard manager in the computer system is referred to the details described before on the basis of the Fig.3.
If the secure key is not acquired from the keyboard manager of the computer system during booting the computer, the secure adapter goes in the disabled secure mode, and the main processor sends periodical ON and OFF signals to the secure mode indication lamp. Then, by the keyboard manager and the decoded data transfer protocol, the disabled secure mode state may be notified on the monitor as a message type and so on, and the keyboard input information is transferred to the keyboard manager without
encryption.
In Fig.5 through Fig.7, the secure mode setup process, the secure mode clear process and key code input information processing process under the secure mode of the present invention is shown in more details.
The Fig.8 shows the data storage process after encrypting data in the secure adapter with the incorporated safe memory, and the Fig.9 shows the process to decode the encrypted data.
Those who are skilled in prior art may assume various changes and modifications within the scope of the present invention on the basis of the above description.
Brief Description of Drawings
Fig. 1 shows a configuration of the module as an embodiment of a secure adapter according to the present invention;
Fig. 2 shows a view of an embodiment of a secure adapter, of the present invention, with connection between a computer system and a keyboard using cables;
Fig. 3 shows a schematical diagram of a computer system in a computer secure system of the present invention;
Fig. 4 shows a configuration of a module that the safe memory is incorporated to a secure adapter of the Fig.l; Fig. 5 shows steps for secure mode setup in the present invention;
Fig. 6 shows steps for clearing secure mode in the present invention; Fig. 7 shows steps for processing key code input information under secure mode;
Fig. 8 shows steps for encrypting and storing data in a secure adapter of the Fig. 4; and
Fig. 9 shows steps for decoding stored data in a secure adapter of the Fig. 4.
Industrial Applicability
If the secure adapter and the secure computer system employing thereof of the invention are used, it is possible to prevent third person from intruding into the computer system by hacking and stealing user's secrete data, for stock exchange, Internet banking, cyber transactions and other communications over the Internet, modem communications or for network data transfer.
Claims
What is claimed is:
1. A secure adapter to transfer key code input from a keyboard to a computer system, characterized in a configuration to transfer input from the keyboard to the computer system after encryption if a secure mode setup command is received from the keyboard or the computer system, and to transfer the input from the keyboard to the computer system without encryption if a secure mode clearing command is received or under cleared secure mode.
2. A secure adapter according to Claim 1, further comprising: a main processor to process the secure mode setup/clear command and to create a secrete key in setting secure mode; an initial cipher to encrypt the secrete key transferred from the main processor with the secure key from the computer system and then to transfer the encrypted secrete key to the computer system; and a stream cipher to encrypt the key code input information from the keyboard with the secrete key and then to transfer the encrypted information to the computer system.
3. A secure adapter according to Claim 1, further comprising: a computer connection coupled to a keyboard port of the computer; a keyboard connection coupled to a keyboard plug; a transmit/receive control on the computer to control communication with the computer system; a transmit/receive control on the keyboard to control communication with the
keyboard; a main processor to create a secrete key, to perform secure mode setup/clearing according to the secure mode related commands, and to inter-transmit information of the computer system and the keyboard; an initial cipher to encrypt the secrete key from the main processor with a secure key from the computer system and then to transmit the encrypted secrete key to the computer system, under secure mode; and a stream cipher to encrypt the key code input information with the secrete key from the main processor and then to transmit the encrypted information to the computer system, under secure mode.
4. The secure adapter according to Claim 1, further comprising a built-in secure mode indication lamp which is ON under secure mode, OFF under cleared secure mode, and periodically blinks under disabled secure mode.
5. The secure adapter according to any one of Claims 1 through 4, further employing safe memory operation under the secure mode set by an application program executed in the computer system, said safe memory comprising: a safe memory interface to transmit a password transmitted from the main processor, or the password and the data which requires security ("secure data"), to an encryption/key operation processor, and to transmit the data received from a decoder to the main processor; an encryption/key operation processor to convert the password to the key ("the safe key"), and then, if the secure data is not received together with the password from the safe memory interface, to transmit the safe key to the decoder and to encrypt the
password with the safe key by encryption algorithm and calculate the integrity identification value of the encrypted password ("password integrity identification value") and then to transmit the password integrity identification value to a comparison/processor, and, if the secure data is received together with the password from the safe memory interface, to encrypt the secure data with the safe key and calculate the integrity identification value of the encrypted secure data ("encrypted data integrity identification value") and then to transmit the encrypted data integrity identification value together with the "encrypted data" to the comparison/processor; a comparison/processor to transmit the stored data to the decoder if two integrity identification values are the same after comparing the "password integrity identification value" received from the encryption/key operation processor with the "password integrity identification value" stored in the data storage memory, to transmit password nonconformity to the computer and delete the temporally stored safe key on the decoder if the values are not the same, and to transmit the data to the data storage memory where "encrypted data" and "encrypted data integrity identification value" together with "password integrity identification value" are received from the encryption/key operation processor; a data storage memory to store the encrypted data, the encrypted data integrity identification value and the password integrity identification value; and a decoder to decode the encrypted data from the data storage memory with the safe key and then to transmit the decoded data to the safe memory interface, wherein, where the said safe memory is employed, the main processor additionally has the function to transmit the password input request command to the computer system, and to transmit the password received from the keyboard to the safe memory, if the secure mode setup command received from the application program of
the computer system is for the safe memory.
6. The secure adapter as claimed in Claim 5, where the said integrity identification value is calculated using the CRC algorithm.
7. A computer secure system comprising the secure adapter, the keyboard and the computer system according to any one of Claims 1 through 6, where a separate secure key for entering secure mode setup/clearing command is incorporated in said keyboard and/or the secure mode setup/clearing command can be created by the combination of existing key codes, the computer system has the secure key creation function, the encryption/decoding function with the secrete key and the encryption/decoding function with the secure key, and the keyboard manager with application program interface is included.
8. A method to secure key code input information comprising the steps of: transferring a secure key created in the keyboard manager of the computer system to the secure adapter in computer booting; creating a new secrete key in the main processor when the secure mode setup command from the keyboard or the computer system is transferred to the main processor of the secure adapter, and then transferring the secrete key to the initial cipher and the stream cipher of the secure adapter; encrypting the secrete key with the secure key in the initial cipher and then transferring the encrypted secrete key to the keyboard manager through the computer connection by the transmit/receive control on the computer; under secure mode, main processor transferring the information to the stream
cipher if the key code input information of the keyboard is transferred to the main processor through the transmit/receive control on the keyboard, the stream cipher's encrypting the key code input information with the secrete key and transferring the encrypted information to the keyboard manager through computer connection by the transmit/receive control on the computer; computer system decoding the encrypted information using the secrete key; main processor transferring the secure mode clearing command to the stream cipher when the secure mode clearing command is transferred from the keyboard or the computer system to the main processor of the secure adapter; and when secure mode is cleared, the stream cipher transferring the transferred key code input information to the keyboard manager through the computer connection by the transmit/receive control on the computer without encryption, if the key code input information of the keyboard is transferred to the stream cipher through the transmit/receive control on the keyboard after passing through the keyboard connection.
9. The method according to Claim 8, further characterized in that the decoding function using said secrete key is served by said keyboard manager of the computer system, or the operating system and/or application programs.
10. The method according to Claim 8, further characterized in that a protocol for acquiring decoded data exists between the keyboard manager and the application program, and between the keyboard manager and the application program.
11. The method according to Claim 8, further comprising the steps of: main processor transferring the password from the transmit/receive control on
the keyboard and the secure data from the transmit/receive control on the computer to the safe memory after the main processor transfers the password input request command to the computer system, and safe memory encrypting and then storing the received data using the password, if secure mode setup is made by the command from the application program of the computer system and also for data storage requiring security; but main processor transferring the password from the transmit/receive control on the keyboard to the safe memory after the main processor transfers the password input request command to the computer system, and safe memory decoding the encrypted data with the password and then transferring the decoded data to the main processor where the password is correct, but not decoding the encrypted data where not correct, if secure mode setup is made by the command from the application program of the computer system and also for acquisition of the secure data.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1019990031145A KR20010011667A (en) | 1999-07-29 | 1999-07-29 | Keyboard having secure function and system using the same |
KR9931145 | 1999-07-29 | ||
PCT/KR2000/000811 WO2001010079A1 (en) | 1999-07-29 | 2000-07-27 | Adapter having secure function and computer secure system using it |
Publications (2)
Publication Number | Publication Date |
---|---|
EP1121781A1 EP1121781A1 (en) | 2001-08-08 |
EP1121781A4 true EP1121781A4 (en) | 2004-07-28 |
Family
ID=19605639
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP00948363A Withdrawn EP1121781A4 (en) | 1999-07-29 | 2000-07-27 | Adapter having secure function and computer secure system using it |
Country Status (5)
Country | Link |
---|---|
EP (1) | EP1121781A4 (en) |
JP (1) | JP2003506921A (en) |
KR (2) | KR20010011667A (en) |
CN (1) | CN1319294A (en) |
WO (1) | WO2001010079A1 (en) |
Families Citing this family (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100402358B1 (en) * | 2001-03-02 | 2003-10-22 | 설동석 | User identification with an improved password input method and device |
KR20010082420A (en) * | 2001-06-19 | 2001-08-30 | 서정욱 | A USB Cryptographic Device |
WO2003003170A1 (en) * | 2001-06-27 | 2003-01-09 | Nokia Corporation | Personal user device and method for selecting a secured user input/ output mode in a personal user device |
EP1286242A1 (en) * | 2001-08-22 | 2003-02-26 | Sonera SmartTrust, Ltd. | System and method for protected data input of security data |
KR100378586B1 (en) * | 2001-08-29 | 2003-04-03 | 테커스 (주) | Anti Keylog method of ActiveX base and equipment thereof |
KR100447777B1 (en) * | 2002-07-24 | 2004-09-08 | 주식회사 잉카인터넷 | Hacking prevention of key stroke data |
KR100735727B1 (en) * | 2003-04-24 | 2007-07-06 | 테커스 (주) | Apparatus and method for hacking protection using virtural data transmission |
US20050015611A1 (en) * | 2003-06-30 | 2005-01-20 | Poisner David I. | Trusted peripheral mechanism |
US20040268143A1 (en) * | 2003-06-30 | 2004-12-30 | Poisner David I. | Trusted input for mobile platform transactions |
BR0302727A (en) * | 2003-07-08 | 2005-03-29 | Guido Costa Souza De Araujo | External keyboard encoder |
CN1918556A (en) | 2004-02-05 | 2007-02-21 | Kings情报通信 | Computer security apparatus and method using security input device driver |
JP4636809B2 (en) * | 2004-03-31 | 2011-02-23 | 富士通フロンテック株式会社 | Information processing terminal and information security protection method thereof |
CN100345078C (en) * | 2004-07-09 | 2007-10-24 | 中国民生银行股份有限公司 | Method of implementing cipher protection against computer keyboard information interfference |
DE102005008433A1 (en) * | 2005-02-24 | 2006-08-31 | Giesecke & Devrient Gmbh | Safety module for smart card, has interface receiving input data e.g. password, from input device, where input data from interface are processed using individual data and without transmitting data to another interface in operation mode |
US8250151B2 (en) | 2005-10-12 | 2012-08-21 | Bloomberg Finance L.P. | System and method for providing secure data transmission |
KR100734145B1 (en) * | 2005-10-12 | 2007-07-03 | 주식회사 안철수연구소 | Method of protecting hacking of a key input by using authorization of keyboard data |
US20080313370A1 (en) * | 2005-11-24 | 2008-12-18 | Hong Suk Kang | Guarding Method For Input Data By Usb Keyboard and Guarding System |
WO2007087360A2 (en) * | 2006-01-24 | 2007-08-02 | Eshun Kobi O | Method and apparatus for thwarting spyware |
JP4780304B2 (en) | 2006-02-13 | 2011-09-28 | 株式会社メガチップス | Semiconductor memory and data access method |
US20080120511A1 (en) * | 2006-11-17 | 2008-05-22 | Electronic Data Systems Corporation | Apparatus, and associated method, for providing secure data entry of confidential information |
IL180020A (en) | 2006-12-12 | 2013-03-24 | Waterfall Security Solutions Ltd | Encryption -and decryption-enabled interfaces |
IL180748A (en) | 2007-01-16 | 2013-03-24 | Waterfall Security Solutions Ltd | Secure archive |
US20080263672A1 (en) * | 2007-04-18 | 2008-10-23 | Hewlett-Packard Development Company L.P. | Protecting sensitive data intended for a remote application |
WO2009018685A1 (en) * | 2007-08-08 | 2009-02-12 | Kamfu Wong | The device and the method of encrypting and authenticating against trojan horse with one time key |
US8793786B2 (en) | 2008-02-08 | 2014-07-29 | Microsoft Corporation | User indicator signifying a secure mode |
IL192043A0 (en) * | 2008-06-10 | 2009-02-11 | Human Interface Security Ltd | User interface for secure data entry |
KR101006720B1 (en) * | 2008-07-04 | 2011-01-07 | 킹스정보통신(주) | Method of securing password in web pages and computer readable record medium on which a program therefor is recorded |
DE102008042180B4 (en) * | 2008-09-17 | 2010-09-23 | Zf Friedrichshafen Ag | Method and system for secure transmission of data |
DE102008050441A1 (en) * | 2008-10-08 | 2010-04-15 | Straub, Tobias | Autonomous device for protection of authenticity of e.g. electronic signature related to on-line banking, has interface for communication with computer, where energy required for computation is applied from storage unit or by energy source |
EP2184696A1 (en) * | 2008-10-31 | 2010-05-12 | Kirill Kretov | Method and module for protecting a password authorizing a user access to a computer application |
EP2202662A1 (en) * | 2008-12-24 | 2010-06-30 | Gemalto SA | Portable security device protecting against keystroke loggers |
KR101630462B1 (en) * | 2010-04-14 | 2016-06-14 | 주식회사 넥슨코리아 | Apparatus and Method for Securing a Keyboard |
KR101368772B1 (en) * | 2012-05-25 | 2014-02-28 | 이성만 | Method and Device for Protecting Key Input |
US9590978B2 (en) | 2012-12-21 | 2017-03-07 | Biobex, Llc | Verification of password using a keyboard with a secure password entry mode |
CN104008327B (en) * | 2013-02-26 | 2017-12-01 | 腾讯科技(深圳)有限公司 | A kind of secured inputting method and system |
CN104219208B (en) | 2013-06-03 | 2018-11-13 | 华为技术有限公司 | A kind of method, apparatus of data input |
IL235175A (en) | 2014-10-19 | 2017-08-31 | Frenkel Lior | Secure remote desktop |
KR101654249B1 (en) | 2015-04-07 | 2016-09-06 | 넷큐리티 주식회사 | Communication interface security system for computer |
IL250010B (en) | 2016-02-14 | 2020-04-30 | Waterfall Security Solutions Ltd | Secure connection with protected facilities |
US10097537B2 (en) | 2016-04-07 | 2018-10-09 | At&T Intellectual Property I, L.P. | Cloud-based authentication keyboard |
US10872043B2 (en) * | 2017-08-17 | 2020-12-22 | Microchip Technology Incorporated | Systems and methods for integrity checking of code or data in a mixed security system while preserving confidentiality |
US20220147613A1 (en) * | 2019-07-19 | 2022-05-12 | Hewlett-Packard Development Company, L.P. | Automatic password expiration based on password integrity |
US11681798B2 (en) | 2019-10-31 | 2023-06-20 | Kyndryl, Inc. | Security screening of a universal serial bus device |
CN113158268B (en) * | 2021-04-28 | 2022-10-21 | 福建金成信息科技有限公司 | Computer software encryption protection device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0272230A2 (en) * | 1986-12-15 | 1988-06-22 | DE LA RUE INTER INNOVATION Aktiebolag | An operator console for data communication purposes |
EP0587375A2 (en) * | 1992-09-04 | 1994-03-16 | ALGORITHMIC RESEARCH Ltd. | Security unit for data processor systems |
EP0588471A2 (en) * | 1992-09-17 | 1994-03-23 | International Business Machines Corporation | Trusted personal computer system with identification |
US5596718A (en) * | 1992-07-10 | 1997-01-21 | Secure Computing Corporation | Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor |
WO1997016779A2 (en) * | 1995-11-03 | 1997-05-09 | Esd Information Technology Entwicklungs Gmbh | Input security and transactions unit and process for input security and transactions involving digital information |
US5864666A (en) * | 1996-12-23 | 1999-01-26 | International Business Machines Corporation | Web-based administration of IP tunneling on internet firewalls |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5214429A (en) * | 1990-09-20 | 1993-05-25 | R.E.T.S. Sales And Service, Inc. | Computer method utilizing keyboard adapter |
US5388156A (en) * | 1992-02-26 | 1995-02-07 | International Business Machines Corp. | Personal computer system with security features and method |
US5550984A (en) * | 1994-12-07 | 1996-08-27 | Matsushita Electric Corporation Of America | Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information |
EP0754727B1 (en) * | 1995-07-17 | 1999-02-24 | Ube Industries, Ltd. | Polypropylene resin composition |
KR100281869B1 (en) * | 1995-07-28 | 2001-02-15 | 윤종용 | Personal computer with security function, security method thereof and installation and removal method thereof |
-
1999
- 1999-07-29 KR KR1019990031145A patent/KR20010011667A/en active Search and Examination
-
2000
- 2000-07-27 KR KR1020017003927A patent/KR100334720B1/en not_active IP Right Cessation
- 2000-07-27 CN CN00801562A patent/CN1319294A/en active Pending
- 2000-07-27 JP JP2001513852A patent/JP2003506921A/en active Pending
- 2000-07-27 WO PCT/KR2000/000811 patent/WO2001010079A1/en not_active Application Discontinuation
- 2000-07-27 EP EP00948363A patent/EP1121781A4/en not_active Withdrawn
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0272230A2 (en) * | 1986-12-15 | 1988-06-22 | DE LA RUE INTER INNOVATION Aktiebolag | An operator console for data communication purposes |
US5596718A (en) * | 1992-07-10 | 1997-01-21 | Secure Computing Corporation | Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor |
EP0587375A2 (en) * | 1992-09-04 | 1994-03-16 | ALGORITHMIC RESEARCH Ltd. | Security unit for data processor systems |
EP0588471A2 (en) * | 1992-09-17 | 1994-03-23 | International Business Machines Corporation | Trusted personal computer system with identification |
WO1997016779A2 (en) * | 1995-11-03 | 1997-05-09 | Esd Information Technology Entwicklungs Gmbh | Input security and transactions unit and process for input security and transactions involving digital information |
US5864666A (en) * | 1996-12-23 | 1999-01-26 | International Business Machines Corporation | Web-based administration of IP tunneling on internet firewalls |
Non-Patent Citations (2)
Title |
---|
SCHNEIER B: "Applied Cryptography, Second Edition", APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C, NEW YORK, JOHN WILEY & SONS, US, 1996, pages 31 - 38150, XP002248999, ISBN: 0-471-11709-9 * |
See also references of WO0110079A1 * |
Also Published As
Publication number | Publication date |
---|---|
WO2001010079A1 (en) | 2001-02-08 |
CN1319294A (en) | 2001-10-24 |
KR20010075411A (en) | 2001-08-09 |
EP1121781A1 (en) | 2001-08-08 |
KR20010011667A (en) | 2001-02-15 |
KR100334720B1 (en) | 2002-05-06 |
JP2003506921A (en) | 2003-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2001010079A1 (en) | Adapter having secure function and computer secure system using it | |
US7366916B2 (en) | Method and apparatus for an encrypting keyboard | |
KR101130415B1 (en) | A method and system for recovering password protected private data via a communication network without exposing the private data | |
EP2332089B1 (en) | Authorization of server operations | |
US7389536B2 (en) | System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer | |
JP5344716B2 (en) | Secure remote startup, boot, and login methods, systems, and programs from a mobile device to a computer | |
EP1415430B1 (en) | A method and a system for processing information in an electronic device | |
RU2352986C2 (en) | Dynamic substitution of usb data for efficient coding/decoding | |
US8250151B2 (en) | System and method for providing secure data transmission | |
US7085385B2 (en) | Method and apparatus for initiating strong encryption using existing SSL connection for secure key exchange | |
EP2080148B1 (en) | System and method for changing a shared encryption key | |
US20070101401A1 (en) | Method and apparatus for super secure network authentication | |
US20060048227A1 (en) | Client apparatus, server apparatus and authority control method | |
MXPA04004144A (en) | Secure communication with a keyboard or related device. | |
CA2272894A1 (en) | Information security method and apparatus | |
CN116070241A (en) | Mobile hard disk encryption control method | |
KR100562981B1 (en) | A system for encryption of wireless transmission from personal palm computer to world wide web terminals | |
CN111291398B (en) | Block chain-based authentication method and device, computer equipment and storage medium | |
US8904487B2 (en) | Preventing information theft | |
US20060277301A1 (en) | File protection for a network client | |
KR20100048323A (en) | Apparatus for and method of securing keyboard to evade stealth sniffing | |
CN101008927A (en) | Information processing device, portable terminal device and information processing execution control method | |
US20030101360A1 (en) | Method for industrially changing the passwords of AIX/UNIX users | |
KR100379675B1 (en) | Adapter Having Secure Function and Computer Secure System Using It | |
CN115146284A (en) | Data processing method and device, electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE |
|
17P | Request for examination filed |
Effective date: 20010705 |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20040611 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20040909 |