+

CN107403114A - A kind of structure and method for locking input - Google Patents

A kind of structure and method for locking input Download PDF

Info

Publication number
CN107403114A
CN107403114A CN201710613078.4A CN201710613078A CN107403114A CN 107403114 A CN107403114 A CN 107403114A CN 201710613078 A CN201710613078 A CN 201710613078A CN 107403114 A CN107403114 A CN 107403114A
Authority
CN
China
Prior art keywords
input
locking
content
state
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710613078.4A
Other languages
Chinese (zh)
Other versions
CN107403114B (en
Inventor
庞伟振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710613078.4A priority Critical patent/CN107403114B/en
Publication of CN107403114A publication Critical patent/CN107403114A/en
Application granted granted Critical
Publication of CN107403114B publication Critical patent/CN107403114B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种锁定输入的结构及方法,应用于计算机系统或包括手机的电子系统中,包括,锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态;控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。本发明的一种锁定输入的结构及方法与现有技术相比,有效防止了撞库等攻击手段,避免了因密码泄露而导致的数据丢失,避免了复杂的二次验证过程,有效提高了系统的安全性,实用性强,适用范围广泛,易于推广。

The invention discloses a structure and method for locking input, which is applied to a computer system or an electronic system including a mobile phone, and includes a locking module, which is used to lock system input, and in the locked state, any device input of the system is in an invalid state The control module is used to logically control the locking and unlocking of the system input. By judging whether the current system state is in a safe state, the system performs normal device input when it is in a safe state, and the system locks the device input through the locking module when it is not in a safe state. . Compared with the prior art, the lock input structure and method of the present invention can effectively prevent attack methods such as credentialing, avoid data loss caused by password leakage, avoid complicated secondary verification process, and effectively improve The system is safe and practical, has a wide range of applications and is easy to promote.

Description

一种锁定输入的结构及方法A structure and method for locking input

技术领域technical field

本发明涉及信息安全技术领域,具体地说是一种能够应用于计算机系统或手机系统的锁定输入的结构及方法。The invention relates to the technical field of information security, in particular to a structure and method that can be applied to a lock input of a computer system or a mobile phone system.

背景技术Background technique

计算机(电脑)及手机已成为日常工作生活中不可或缺的重要设备,这些电子设备通过即时互联、信息共享等途径提高了我们的办公效率,方便了我们的生产、生活。在我们的工作、生产、生活中产生了大量的隐私数据信息保存在了相应的电子设备中,如何防止不法分子的窥窃、保护我们的信息安全已成为全社会、各领域共同关注的严重问题。Computers (computers) and mobile phones have become indispensable and important devices in daily work and life. These electronic devices have improved our office efficiency and facilitated our production and life through instant interconnection and information sharing. In our work, production, and life, a large amount of private data information is stored in corresponding electronic devices. How to prevent criminals from spying and protect our information security has become a serious issue of common concern to the whole society and various fields. .

现阶段为了避免他人的窥窃,系统最常用的手段就是引入用户名、秘钥验证机制,用户要想访问数据需要进行验证,验证成功则可以访问。At this stage, in order to avoid other people’s snooping, the most common method used by the system is to introduce a user name and secret key authentication mechanism. If the user wants to access the data, he needs to verify it. If the authentication is successful, he can access it.

现阶段用户名、秘钥认证机制是最为广泛的安全手段,但很遗憾这种认证机制并不安全,用户的密码泄露,恶意的撞库都可以轻松破解从而登录获取数据,导致隐私信息的丢失。At present, the user name and secret key authentication mechanism is the most widely used security method, but unfortunately this authentication mechanism is not safe, the user's password is leaked, and malicious credential databases can be easily cracked to log in and obtain data, resulting in the loss of private information .

当前的安全手段如图1所示:首先获取数据信息请求,然后再进行密码认证,密码认证成功后再获取数据,但是在密码认证阶段如果密码泄露或者恶意撞库,最终会恶意攻入系统,从而获取隐私信息。The current security method is shown in Figure 1: first obtain the data information request, and then perform password authentication, and then obtain the data after the password authentication is successful. To obtain private information.

综上描述,现有技术已经无法满足人们对于安全的需求,进而出现了加强型的保护策略,其中最为广泛的就是二次认证,在一定程度上加强了安全,但是依赖于其它的智能电子设备,而作为二次认证的设备本身是否安全也无法保证。比如通过短信二次认证,攻击者可以通过伪装基站或者入侵手机等方式在用户不知不觉的情况下拿到二次认证码而成功入侵系统。To sum up, the existing technology can no longer meet people's needs for security, and then there are enhanced protection strategies, the most extensive of which is secondary authentication, which enhances security to a certain extent, but relies on other smart electronic devices , and the safety of the device itself as a secondary authentication cannot be guaranteed. For example, through SMS secondary authentication, an attacker can successfully invade the system by disguising the base station or hacking the mobile phone to obtain the secondary authentication code without the user's awareness.

综上,安全系统依然很容易被攻破,并没有有效的防止入侵。To sum up, the security system is still easy to be breached, and there is no effective prevention of intrusion.

基于此,亟需一种能够有效提高系统安全性能的方案。Based on this, there is an urgent need for a solution that can effectively improve system security performance.

发明内容Contents of the invention

本发明的技术任务是针对以上不足之处,提供一种能够有效提高系统安全性能、锁定输入的结构及方法。The technical task of the present invention is to provide a structure and method that can effectively improve system security performance and lock input in view of the above deficiencies.

一种锁定输入的结构,应用于计算机系统或包括手机的电子系统中,其结构包括,A structure for locking input, applied to a computer system or an electronic system including a mobile phone, the structure comprising,

锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态;The locking module is used to lock the system input, and any device input of the system is invalid in the locked state;

控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。The control module is used to logically control the locking and unlocking of the system input. By judging whether the current system state is in a safe state, the system performs normal device input when it is in a safe state, and the system locks device input through the locking module when it is not in a safe state.

用于系统输入的设备包括键盘、鼠标、触控板、网络,当锁定模块锁定系统时,设备输入呈抛弃状态,即系统与设备相互隔离。The devices used for system input include keyboard, mouse, touchpad, and network. When the locking module locks the system, the device input is discarded, that is, the system and the device are isolated from each other.

所述系统输入的过程为:首先设备输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中;当锁定模块锁定该系统的设备输入时,则通过将该锁定模块插入到输入内容分发前,达到锁定输入的功能。The process of system input is as follows: first, the content input by the device is obtained by the input device driver, and then the input content is converted into a kernel general key value by the input content processing module, and finally the input content is distributed to the application program; when the locking module locks the When the equipment of the system is input, the function of locking the input is achieved by inserting the locking module before the distribution of the input content.

所述锁定模块通过hook机制插入到输入内容分发阶段,具体为:锁定模块在内容处理流程上插入一个检查点hook point,该处理流程是指输入内容分发之前,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The locking module is inserted into the input content distribution stage through a hook mechanism, specifically: the locking module inserts a checkpoint hook point on the content processing flow, and the processing flow refers to whether to allow or not according to the judgment of the control module before the input content is distributed. This content continues to be distributed to prevent entry while the system is locked down.

所述控制模块判断当前系统状态是否安全的过程为:控制模块将是否有安全设备接入系统作为触发条件,当有安全设备接入系统时,且该安全设备通过安全认证后,当前系统处于安全状态,解锁设备,系统可通过设备输入内容;当无安全设备接入系统,或接入系统的安全设备未通过安全认证后,当前系统处于非安全状态,锁定设备,系统无法通过设备输入内容。The process of the control module judging whether the current system status is safe or not is: the control module takes whether there is a security device connected to the system as a trigger condition, when a security device is connected to the system, and after the security device passes the security authentication, the current system is in a safe state. Status, unlock the device, the system can input content through the device; when no security device is connected to the system, or the security device connected to the system has not passed the security authentication, the current system is in an unsafe state, the device is locked, and the system cannot input content through the device.

所述安全认证为指纹认证,即当安全设备接入系统后,查看安全设备自身的指纹信息与系统中录入的指纹信息是否匹配,当完全匹配时,触发所述控制模块解锁设备,设备输入的内容正常分发,否则无法进行内容分发的步骤。The security authentication is fingerprint authentication, that is, when the security device is connected to the system, check whether the fingerprint information of the security device itself matches the fingerprint information entered in the system, and when they match completely, trigger the control module to unlock the device, and the input The content is distributed normally, otherwise the steps of content distribution cannot be performed.

一种锁定输入的方法,基于上述锁定输入的结构,其实现过程为:首先通过控制模块判断系统的状态是否安全,当系统处于安全状态时系统进行正常设备输入,即系统与输入设备呈连接状态,设备可正常输入内容给系统;当系统处于非安全状态时,通过锁定模块锁定设备输入,将系统与设备隔离。A method of locking input, based on the structure of the above locking input, the implementation process is as follows: firstly, the control module judges whether the state of the system is safe, and when the system is in a safe state, the system performs normal device input, that is, the system and the input device are in a connected state , the device can normally input content to the system; when the system is in an unsafe state, the device input is locked through the locking module to isolate the system from the device.

当系统处于安全状态时,系统进行正常设备输入的过程为:首先通过设备输入内容;然后将该输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中。When the system is in a safe state, the normal device input process of the system is as follows: first input content through the device; then obtain the input content from the input device driver, and then convert the input content into kernel general key values through the input content processing module, Finally the input is distributed to the application.

当系统处于非安全状态时,锁定系统使其无法进行设备输入的过程为:通过hook机制将锁定模块插入到输入内容分发前,使系统无法进入内容分发的步骤,从而达到锁定输入的功能。When the system is in a non-secure state, the process of locking the system so that it cannot perform device input is: insert the locking module before the input content distribution through the hook mechanism, so that the system cannot enter the step of content distribution, so as to achieve the function of locking input.

通过hook机制插入的具体过程为:锁定模块在输入内容分发之前插入一个检查点hook point,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The specific process of inserting through the hook mechanism is: the lock module inserts a checkpoint hook point before the input content is distributed, and decides whether to allow the content to continue to be distributed according to the judgment of the control module, so as to prohibit input under the system lock state.

本发明的一种锁定输入的结构及方法和现有技术相比,具有以下有益效果:Compared with the prior art, a locking input structure and method of the present invention has the following beneficial effects:

本发明的一种锁定输入的结构及方法,该方法中的锁定模块在内核模块中插入hook流程,直接有效的锁定了输入的分发,从而实现了输入的锁定;控制模块可以通过设备参数自动计算设备指纹信息,而不依赖于存储于外置设备中的密钥等信息,有效防止了撞库等攻击手段,避免了因密码泄露而导致的数据丢失,避免了复杂的二次验证过程,有效提高了系统的安全性,实用性强,适用范围广泛,易于推广。A structure and method for locking input of the present invention, the locking module in the method is inserted into the hook process in the kernel module, directly and effectively locking the distribution of the input, thereby realizing the locking of the input; the control module can automatically calculate through the device parameters The fingerprint information of the device does not depend on the key and other information stored in the external device, which effectively prevents attacks such as credentialing, avoids data loss caused by password leakage, and avoids the complicated secondary verification process. The safety of the system is improved, the practicability is strong, the scope of application is wide, and it is easy to popularize.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

附图1为现有技术中信息安全手段的实现流程图。Accompanying drawing 1 is the implementation flowchart of information security means in the prior art.

附图2为本发明结构的具体实施示意图。Accompanying drawing 2 is the concrete implementation schematic diagram of the structure of the present invention.

附图3为本发明方法的实施流程图。Accompanying drawing 3 is the implementation flowchart of the method of the present invention.

附图4为本发明方法的具体实施流程图。Accompanying drawing 4 is the concrete implementation flowchart of the method of the present invention.

附图5为本发明方法中控制模块的逻辑判断过程示例图。Accompanying drawing 5 is an example diagram of the logical judgment process of the control module in the method of the present invention.

具体实施方式detailed description

为了使本技术领域的人员更好地理解本发明的方案,下面结合具体实施方式对本发明作进一步的详细说明。显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the present invention will be further described in detail below in conjunction with specific embodiments. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

如附图2所示,一种锁定输入的结构,应用于计算机系统或包括手机的电子系统中,其结构包括,As shown in Figure 2, a locking input structure is applied to a computer system or an electronic system including a mobile phone, and its structure includes,

锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态,也就是说,在锁定状态下抛弃对系统的输入控制如键盘鼠标的输入、来自远程的输入控制,做好系统的隔离特性。The locking module is used to lock the system input. In the locked state, any device input to the system is invalid. That is to say, in the locked state, the input control to the system such as keyboard and mouse input and remote input control is discarded. Do a good job of the isolation characteristics of the system.

控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。The control module is used to logically control the locking and unlocking of the system input. By judging whether the current system state is in a safe state, the system performs normal device input when it is in a safe state, and the system locks device input through the locking module when it is not in a safe state.

用于系统输入的设备包括键盘、鼠标、触控板、网络,当锁定模块锁定系统时,设备输入呈抛弃状态,即系统与设备相互隔离。The devices used for system input include keyboard, mouse, touchpad, and network. When the locking module locks the system, the device input is discarded, that is, the system and the device are isolated from each other.

所述系统输入的过程为:首先设备输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中;当锁定模块锁定该系统的设备输入时,则通过将该锁定模块插入到输入内容分发前,达到锁定输入的功能。The process of system input is as follows: first, the content input by the device is obtained by the input device driver, and then the input content is converted into a kernel general key value by the input content processing module, and finally the input content is distributed to the application program; when the locking module locks the When the equipment of the system is input, the function of locking the input is achieved by inserting the locking module before the distribution of the input content.

下面以键盘输入为例,系统内核对输入设备的一般处理流程如下:键盘输入键盘驱动获取输入并将其转换为内核通用键值代码内核输入事件处理(如封装成特定的格式)输入时间分发(如将输入时间写入一个文件)应用程序从文件中获取输入信息(按键值)。Taking keyboard input as an example below, the general processing flow of the input device by the system kernel is as follows: keyboard input The keyboard driver takes input and converts it to kernel-generic key-value codes Kernel input event processing (such as packaging into a specific format) Input time distribution (e.g. write input times to a file) The application gets the input information (key value) from the file.

所述锁定模块通过hook机制插入到输入内容分发阶段,具体为:锁定模块在内容处理流程上插入一个检查点hook point,该处理流程是指输入内容分发之前,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The locking module is inserted into the input content distribution stage through a hook mechanism, specifically: the locking module inserts a checkpoint hook point on the content processing flow, and the processing flow refers to whether to allow or not according to the judgment of the control module before the input content is distributed. This content continues to be distributed to prevent entry while the system is locked down.

所述控制模块判断当前系统状态是否安全的过程为:控制模块将是否有安全设备接入系统作为触发条件,当有安全设备接入系统时,且该安全设备通过安全认证后,当前系统处于安全状态,解锁设备,系统可通过设备输入内容;当无安全设备接入系统,或接入系统的安全设备未通过安全认证后,当前系统处于非安全状态,锁定设备,系统无法通过设备输入内容。The process of the control module judging whether the current system status is safe or not is: the control module takes whether there is a security device connected to the system as a trigger condition, when a security device is connected to the system, and after the security device passes the security authentication, the current system is in a safe state. Status, unlock the device, the system can input content through the device; when no security device is connected to the system, or the security device connected to the system has not passed the security authentication, the current system is in an unsafe state, the device is locked, and the system cannot input content through the device.

所述安全认证为指纹认证,即当安全设备接入系统后,查看安全设备自身的指纹信息与系统中录入的指纹信息是否匹配,当完全匹配时,触发所述控制模块解锁设备,设备输入的内容正常分发,否则无法进行内容分发的步骤。The security authentication is fingerprint authentication, that is, when the security device is connected to the system, check whether the fingerprint information of the security device itself matches the fingerprint information entered in the system, and when they match completely, trigger the control module to unlock the device, and the input The content is distributed normally, otherwise the steps of content distribution cannot be performed.

一种锁定输入的方法,如附图3所示,基于上述锁定输入的结构,其实现过程为:A method for locking input, as shown in accompanying drawing 3, based on the structure of the above-mentioned locking input, its implementation process is:

在计算机系统或手机系统中安装上述锁定输入的结构。Install the above-mentioned locking input structure in a computer system or a mobile phone system.

插入想要作为触发设备的外设,一般包括U盘、wifi网卡等可以支持热插拔的设备。Insert the peripherals that you want to be the trigger device, generally including U disk, wifi network card and other devices that can support hot swapping.

打开设置界面,选择具体触发设备,查看系统能否匹配触发设备。Open the setting interface, select a specific trigger device, and check whether the system can match the trigger device.

最后进行锁定或解锁。Finally lock or unlock.

进一步的,如附图4、图5所示,在该方法中,首先通过控制模块判断系统的状态是否安全,当系统处于安全状态时系统进行正常设备输入,即系统与输入设备呈连接状态,设备可正常输入内容给系统;当系统处于非安全状态时,通过锁定模块锁定设备输入,将系统与设备隔离。Further, as shown in Figure 4 and Figure 5, in this method, firstly, the control module judges whether the state of the system is safe, and when the system is in a safe state, the system performs normal device input, that is, the system is connected to the input device, The device can normally input content to the system; when the system is in an unsafe state, the device input is locked through the locking module to isolate the system from the device.

当系统处于安全状态时,系统进行正常设备输入的过程为:首先通过设备输入内容;然后将该输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中。When the system is in a safe state, the normal device input process of the system is as follows: first input content through the device; then obtain the input content from the input device driver, and then convert the input content into kernel general key values through the input content processing module, Finally the input is distributed to the application.

当系统处于非安全状态时,锁定系统使其无法进行设备输入的过程为:通过hook机制将锁定模块插入到输入内容分发前,使系统无法进入内容分发的步骤,从而达到锁定输入的功能。When the system is in a non-secure state, the process of locking the system so that it cannot perform device input is: insert the locking module before the input content distribution through the hook mechanism, so that the system cannot enter the step of content distribution, so as to achieve the function of locking input.

通过hook机制插入的具体过程为:锁定模块在输入内容分发之前插入一个检查点hook point,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The specific process of inserting through the hook mechanism is: the lock module inserts a checkpoint hook point before the input content is distributed, and decides whether to allow the content to continue to be distributed according to the judgment of the control module, so as to prohibit input under the system lock state.

本发明通过向系统内核中插入一个特定的安全模块,在需要时锁定系统输入即在锁定状态下,任何的输入信息都被抛弃实现,主要安全机制工作与内核态,安全系统自身的安全性得到了极大的提高。相对于现有方案即便用户密码泄露,如果系统输入依然是锁定状态攻击者依然无法控制系统,无法通过输入密码登录。即使通过恶意撞库方法而破解也会因无法对系统进行输入而无法实现,有效的提高了系统安全性。再次本发明避免了复杂的二次认证机制(如短信、电话等),防止了再次入侵的可能。The present invention inserts a specific security module into the system kernel, locks the system input when needed, that is, in the locked state, any input information is discarded, the main security mechanism works with the kernel state, and the security of the security system itself is obtained. greatly improved. Compared with the existing scheme, even if the user password is leaked, if the system input is still locked, the attacker still cannot control the system and cannot log in by entering the password. Even if it is cracked through a malicious credentialing method, it cannot be realized because it cannot be input to the system, which effectively improves system security. Again, the present invention avoids complex secondary authentication mechanisms (such as short messages, phone calls, etc.), and prevents the possibility of re-intrusion.

通过上面具体实施方式,所述技术领域的技术人员可容易的实现本发明。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。Through the above specific implementation manners, those skilled in the technical field can easily realize the present invention. In this paper, specific examples are used to illustrate the principle and implementation of the present invention, and the descriptions of the above embodiments are only used to help understand the method and core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principles of the present invention, some improvements and modifications can be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (10)

1.一种锁定输入的结构,应用于计算机系统或包括手机的电子系统中,其特征在于,其结构包括,1. A structure for locking input, applied to a computer system or an electronic system comprising a mobile phone, characterized in that its structure comprises, 锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态;The locking module is used to lock the system input, and any device input of the system is invalid in the locked state; 控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。The control module is used to logically control the locking and unlocking of the system input. By judging whether the current system state is in a safe state, the system performs normal device input when it is in a safe state, and the system locks device input through the locking module when it is not in a safe state. 2.根据权利要求1所述的一种锁定输入的结构,其特征在于,用于系统输入的设备包括键盘、鼠标、触控板、网络,当锁定模块锁定系统时,设备输入呈抛弃状态,即系统与设备相互隔离。2. A structure for locking input according to claim 1, wherein the equipment used for system input includes a keyboard, a mouse, a touch panel, and a network, and when the locking module locks the system, the equipment input is in a discarded state, That is, the system and equipment are isolated from each other. 3.根据权利要求1所述的一种锁定输入的结构,其特征在于,所述系统输入的过程为:首先设备输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中;当锁定模块锁定该系统的设备输入时,则通过将该锁定模块插入到输入内容分发前,达到锁定输入的功能。3. The structure of a kind of locking input according to claim 1, characterized in that, the process of the system input is: at first the content input by the device is acquired by the input device driver, and then the input content is converted into Kernel general key value, and finally distribute the input content to the application program; when the locking module locks the device input of the system, the function of locking the input can be achieved by inserting the locking module before the input content distribution. 4.根据权利要求3所述的一种锁定输入的结构,其特征在于,所述锁定模块通过hook机制插入到输入内容分发阶段,具体为:锁定模块在内容处理流程上插入一个检查点hookpoint,该处理流程是指输入内容分发之前,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。4. A structure for locking input according to claim 3, wherein the locking module is inserted into the input content distribution stage through a hook mechanism, specifically: the locking module inserts a checkpoint hookpoint on the content processing flow, This processing flow means that before the input content is distributed, it is determined whether to allow the content to continue to be distributed according to the judgment of the control module, so as to prohibit input in the system locked state. 5.根据权利要求1所述的一种锁定输入的结构,其特征在于,所述控制模块判断当前系统状态是否安全的过程为:控制模块将是否有安全设备接入系统作为触发条件,当有安全设备接入系统时,且该安全设备通过安全认证后,当前系统处于安全状态,解锁设备,系统可通过设备输入内容;当无安全设备接入系统,或接入系统的安全设备未通过安全认证后,当前系统处于非安全状态,锁定设备,系统无法通过设备输入内容。5. A lock input structure according to claim 1, characterized in that the process of the control module judging whether the current system state is safe or not is: the control module takes whether there is a security device connected to the system as a trigger condition, when there is When a security device is connected to the system, and the security device has passed security authentication, the current system is in a secure state, unlock the device, and the system can input content through the device; when no security device is connected to the system, or the security device connected to the system has not passed the security After authentication, the current system is in a non-secure state, the device is locked, and the system cannot input content through the device. 6.根据权利要求5所述的一种锁定输入的结构,其特征在于,所述安全认证为指纹认证,即当安全设备接入系统后,查看安全设备自身的指纹信息与系统中录入的指纹信息是否匹配,当完全匹配时,触发所述控制模块解锁设备,设备输入的内容正常分发,否则无法进行内容分发的步骤。6. A lock input structure according to claim 5, characterized in that the security authentication is fingerprint authentication, that is, after the security device is connected to the system, the fingerprint information of the security device itself and the fingerprint entered in the system can be checked Whether the information matches, when completely matched, the control module is triggered to unlock the device, and the content input by the device is distributed normally, otherwise the step of content distribution cannot be performed. 7.一种锁定输入的方法,其特征在于,基于上述锁定输入的结构,其实现过程为:首先通过控制模块判断系统的状态是否安全,当系统处于安全状态时系统进行正常设备输入,即系统与输入设备呈连接状态,设备可正常输入内容给系统;当系统处于非安全状态时,通过锁定模块锁定设备输入,将系统与设备隔离。7. A method for locking input, characterized in that, based on the structure of the above-mentioned locking input, its implementation process is: first judge whether the state of the system is safe by the control module, and when the system is in a safe state, the system performs normal equipment input, that is, the system It is connected to the input device, and the device can input content to the system normally; when the system is in an unsafe state, the device input is locked by the locking module to isolate the system from the device. 8.根据权利要求7所述的一种锁定输入的方法,其特征在于,当系统处于安全状态时,系统进行正常设备输入的过程为:首先通过设备输入内容;然后将该输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中。8. A method of locking input according to claim 7, characterized in that, when the system is in a safe state, the process of the system performing normal device input is as follows: first input content through the device; then input the input content The device driver obtains, and then converts the input content into kernel general key values through the input content processing module, and finally distributes the input content to the application program. 9.根据权利要求7所述的一种锁定输入的方法,其特征在于,当系统处于非安全状态时,锁定系统使其无法进行设备输入的过程为:通过hook机制将锁定模块插入到输入内容分发前,使系统无法进入内容分发的步骤,从而达到锁定输入的功能。9. A method of locking input according to claim 7, characterized in that, when the system is in a non-safe state, the process of locking the system so that it cannot perform device input is: insert the locking module into the input content through the hook mechanism Before distribution, the system cannot enter the step of content distribution, so as to achieve the function of locking input. 10.根据权利要求9所述的一种锁定输入的方法,其特征在于,通过hook机制插入的具体过程为:锁定模块在输入内容分发之前插入一个检查点hook point,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。10. A method for locking input according to claim 9, characterized in that the specific process of inserting through the hook mechanism is: the locking module inserts a checkpoint hook point before the input content is distributed, and decides according to the judgment of the control module Whether to allow this content to continue to be distributed, so that input is prohibited when the system is locked.
CN201710613078.4A 2017-07-25 2017-07-25 Input locking structure and method Active CN107403114B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710613078.4A CN107403114B (en) 2017-07-25 2017-07-25 Input locking structure and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710613078.4A CN107403114B (en) 2017-07-25 2017-07-25 Input locking structure and method

Publications (2)

Publication Number Publication Date
CN107403114A true CN107403114A (en) 2017-11-28
CN107403114B CN107403114B (en) 2020-09-22

Family

ID=60401348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710613078.4A Active CN107403114B (en) 2017-07-25 2017-07-25 Input locking structure and method

Country Status (1)

Country Link
CN (1) CN107403114B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108596592A (en) * 2018-04-19 2018-09-28 深圳鼎智通讯股份有限公司 A kind of triggering lock machine method of intelligent terminal

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6098171A (en) * 1998-03-31 2000-08-01 International Business Machines Corporation Personal computer ROM scan startup protection
CN1308277A (en) * 1999-11-01 2001-08-15 国际商业机器公司 Method and system for improving computer safety during ROM scanning
CN101167080A (en) * 2005-03-23 2008-04-23 株式会社Ihc Authentication system
CN101379458A (en) * 2006-01-30 2009-03-04 三洋电机株式会社 Input device for inputting password or the like and portable telephone device having the input device
CN101452345A (en) * 2007-10-22 2009-06-10 得逻辑公司 System lock
CN101663882A (en) * 2007-04-17 2010-03-03 诺基亚公司 Apparatuses and methods for facilitating user designation of device functions
CN102883037A (en) * 2011-06-28 2013-01-16 株式会社电装 Vehicular communication system, vehicular communication apparatus and portable terminal apparatus
CN102971690A (en) * 2010-07-02 2013-03-13 诺基亚公司 An apparatus and method for detecting a rocking movement of an electronic device and execute a function in response to the detected movement
CN103164350A (en) * 2011-12-16 2013-06-19 国民技术股份有限公司 Secure digital (SD) card device and method of regionally accessing SD card
CN103186373A (en) * 2011-12-29 2013-07-03 盛乐信息技术(上海)有限公司 System and method for realizing hot plugging of input equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6098171A (en) * 1998-03-31 2000-08-01 International Business Machines Corporation Personal computer ROM scan startup protection
CN1308277A (en) * 1999-11-01 2001-08-15 国际商业机器公司 Method and system for improving computer safety during ROM scanning
CN101167080A (en) * 2005-03-23 2008-04-23 株式会社Ihc Authentication system
CN101379458A (en) * 2006-01-30 2009-03-04 三洋电机株式会社 Input device for inputting password or the like and portable telephone device having the input device
CN101663882A (en) * 2007-04-17 2010-03-03 诺基亚公司 Apparatuses and methods for facilitating user designation of device functions
CN101452345A (en) * 2007-10-22 2009-06-10 得逻辑公司 System lock
CN102971690A (en) * 2010-07-02 2013-03-13 诺基亚公司 An apparatus and method for detecting a rocking movement of an electronic device and execute a function in response to the detected movement
CN102883037A (en) * 2011-06-28 2013-01-16 株式会社电装 Vehicular communication system, vehicular communication apparatus and portable terminal apparatus
CN103164350A (en) * 2011-12-16 2013-06-19 国民技术股份有限公司 Secure digital (SD) card device and method of regionally accessing SD card
CN103186373A (en) * 2011-12-29 2013-07-03 盛乐信息技术(上海)有限公司 System and method for realizing hot plugging of input equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108596592A (en) * 2018-04-19 2018-09-28 深圳鼎智通讯股份有限公司 A kind of triggering lock machine method of intelligent terminal

Also Published As

Publication number Publication date
CN107403114B (en) 2020-09-22

Similar Documents

Publication Publication Date Title
CN113841145B (en) Suppressing ransomware in integrated, isolated applications
CN101340281B (en) Method and system for safe login input on network
CN109412812B (en) Data security processing system, method, device and storage medium
US10915656B2 (en) Rollback protection for login security policy
WO2019127467A1 (en) Data access method and device
CN101166085A (en) Remote unlocking method and system
CN101588352B (en) Method and system for ensuring security of operating environment
US20150302201A1 (en) Device and method for processing transaction request in processing environment of trust zone
CN102184357B (en) Portable trustworthy private information processing system
CN105721159A (en) Operation system identity authentication method and operation system identity authentication system
CN102043804A (en) Secure Login Method of Database System
CN102024115B (en) Computer with user security subsystem
CN102609656A (en) USB (universal serial bus) key safety enhancing method and USB key safety enhancing system based on image identification
CN103970540B (en) Key Functions secure calling method and device
US9262619B2 (en) Computer system and method for protecting data from external threats
CN107403114B (en) Input locking structure and method
CN102098313A (en) Waterproof wall system and authentication method thereof
CN104361298A (en) Method and device for information safety and confidentiality
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
Kang et al. A study on the needs for enhancement of personal information protection in cloud computing security certification system
WO2016026333A1 (en) Data protection method, device and storage medium in connection between terminal and pc
CN114154126B (en) BMC login authentication method, device and medium
CN102393886B (en) Safety control method of mobile terminal, device and system
US20080263364A1 (en) System and method for providing access to a computer resource
CN202085191U (en) Data safe storage and transmission system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200825

Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Address before: 450000 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601

Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Patentee after: Suzhou Yuannao Intelligent Technology Co.,Ltd.

Country or region after: China

Address before: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Patentee before: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Country or region before: China

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载