+

CN107403114B - Input locking structure and method - Google Patents

Input locking structure and method Download PDF

Info

Publication number
CN107403114B
CN107403114B CN201710613078.4A CN201710613078A CN107403114B CN 107403114 B CN107403114 B CN 107403114B CN 201710613078 A CN201710613078 A CN 201710613078A CN 107403114 B CN107403114 B CN 107403114B
Authority
CN
China
Prior art keywords
input
locking
state
content
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710613078.4A
Other languages
Chinese (zh)
Other versions
CN107403114A (en
Inventor
庞伟振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Metabrain Intelligent Technology Co Ltd
Original Assignee
Suzhou Inspur Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Inspur Intelligent Technology Co Ltd filed Critical Suzhou Inspur Intelligent Technology Co Ltd
Priority to CN201710613078.4A priority Critical patent/CN107403114B/en
Publication of CN107403114A publication Critical patent/CN107403114A/en
Application granted granted Critical
Publication of CN107403114B publication Critical patent/CN107403114B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种锁定输入的结构及方法,应用于计算机系统或包括手机的电子系统中,包括,锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态;控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。本发明的一种锁定输入的结构及方法与现有技术相比,有效防止了撞库等攻击手段,避免了因密码泄露而导致的数据丢失,避免了复杂的二次验证过程,有效提高了系统的安全性,实用性强,适用范围广泛,易于推广。

Figure 201710613078

The invention discloses a structure and method for locking input, which is applied to a computer system or an electronic system including a mobile phone, and includes a locking module for locking the input of the system, and in the locked state, any device input to the system is in an invalid state ; The control module is used to logically control the locking and unlocking of the system input, by judging whether the current system state is in a safe state, when the system is in a safe state, the system performs normal device input, and when it is in a non-safe state, the system locks the device input through the locking module . Compared with the prior art, the structure and method for locking input of the present invention can effectively prevent attack means such as credential stuffing, avoid data loss caused by password leakage, avoid complex secondary verification process, and effectively improve the The system is safe, practical, widely applicable, and easy to popularize.

Figure 201710613078

Description

一种锁定输入的结构及方法A structure and method for locking input

技术领域technical field

本发明涉及信息安全技术领域,具体地说是一种能够应用于计算机系统或手机系统的锁定输入的结构及方法。The invention relates to the technical field of information security, in particular to a structure and method for locking input that can be applied to a computer system or a mobile phone system.

背景技术Background technique

计算机(电脑)及手机已成为日常工作生活中不可或缺的重要设备,这些电子设备通过即时互联、信息共享等途径提高了我们的办公效率,方便了我们的生产、生活。在我们的工作、生产、生活中产生了大量的隐私数据信息保存在了相应的电子设备中,如何防止不法分子的窥窃、保护我们的信息安全已成为全社会、各领域共同关注的严重问题。Computers (computers) and mobile phones have become indispensable and important equipment in daily work and life. These electronic devices have improved our office efficiency and facilitated our production and life through real-time interconnection and information sharing. In our work, production and life, a large amount of private data and information are stored in the corresponding electronic devices. How to prevent the peeping and theft by criminals and protect our information security has become a serious issue of common concern to the whole society and various fields. .

现阶段为了避免他人的窥窃,系统最常用的手段就是引入用户名、秘钥验证机制,用户要想访问数据需要进行验证,验证成功则可以访问。At this stage, in order to avoid prying eyes from others, the most common method used by the system is to introduce a user name and secret key verification mechanism. Users need to verify if they want to access the data, and they can access if the verification is successful.

现阶段用户名、秘钥认证机制是最为广泛的安全手段,但很遗憾这种认证机制并不安全,用户的密码泄露,恶意的撞库都可以轻松破解从而登录获取数据,导致隐私信息的丢失。At this stage, the authentication mechanism of username and key is the most widely used security method. Unfortunately, this authentication mechanism is not secure. The user's password is leaked, and malicious credential stuffing can be easily cracked to log in to obtain data, resulting in the loss of private information. .

当前的安全手段如图1所示:首先获取数据信息请求,然后再进行密码认证,密码认证成功后再获取数据,但是在密码认证阶段如果密码泄露或者恶意撞库,最终会恶意攻入系统,从而获取隐私信息。The current security method is shown in Figure 1: first obtain the data information request, then perform password authentication, and then obtain the data after the password authentication is successful. to obtain private information.

综上描述,现有技术已经无法满足人们对于安全的需求,进而出现了加强型的保护策略,其中最为广泛的就是二次认证,在一定程度上加强了安全,但是依赖于其它的智能电子设备,而作为二次认证的设备本身是否安全也无法保证。比如通过短信二次认证,攻击者可以通过伪装基站或者入侵手机等方式在用户不知不觉的情况下拿到二次认证码而成功入侵系统。To sum up, the existing technology has been unable to meet people's needs for security, and then enhanced protection strategies have emerged, the most extensive of which is secondary authentication, which strengthens security to a certain extent, but relies on other intelligent electronic devices. , and the safety of the device itself as a secondary authentication cannot be guaranteed. For example, through SMS secondary authentication, the attacker can successfully intrude the system by disguising the base station or hacking the mobile phone to obtain the secondary authentication code without the user knowing it.

综上,安全系统依然很容易被攻破,并没有有效的防止入侵。To sum up, the security system is still easy to be broken, and there is no effective prevention of intrusion.

基于此,亟需一种能够有效提高系统安全性能的方案。Based on this, there is an urgent need for a solution that can effectively improve the security performance of the system.

发明内容SUMMARY OF THE INVENTION

本发明的技术任务是针对以上不足之处,提供一种能够有效提高系统安全性能、锁定输入的结构及方法。The technical task of the present invention is to provide a structure and method that can effectively improve the security performance of the system and lock the input in view of the above shortcomings.

一种锁定输入的结构,应用于计算机系统或包括手机的电子系统中,其结构包括,A structure for locking input, applied in a computer system or an electronic system including a mobile phone, the structure comprising,

锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态;The locking module is used to lock the system input, and any device input to the system is invalid in the locked state;

控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。The control module is used to logically control the locking and unlocking of the system input. By judging whether the current system state is in a safe state, the system performs normal device input when it is in a safe state, and locks the device input through the locking module when it is not in a safe state.

用于系统输入的设备包括键盘、鼠标、触控板、网络,当锁定模块锁定系统时,设备输入呈抛弃状态,即系统与设备相互隔离。The devices used for system input include keyboard, mouse, touchpad, and network. When the locking module locks the system, the device input is in an abandoned state, that is, the system and the device are isolated from each other.

所述系统输入的过程为:首先设备输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中;当锁定模块锁定该系统的设备输入时,则通过将该锁定模块插入到输入内容分发前,达到锁定输入的功能。The process of the system input is: first, the content input by the device is obtained by the input device driver, then the input content is converted into a kernel general key value through the input content processing module, and finally the input content is distributed to the application program; when the locking module locks the input content. When the device of the system is input, the function of locking the input is achieved by inserting the locking module before the distribution of the input content.

所述锁定模块通过hook机制插入到输入内容分发阶段,具体为:锁定模块在内容处理流程上插入一个检查点hook point,该处理流程是指输入内容分发之前,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The locking module is inserted into the input content distribution stage through the hook mechanism, specifically: the locking module inserts a checkpoint hook point on the content processing flow, and the processing flow refers to before the input content is distributed, to decide whether to allow or not according to the judgment of the control module This content continues to be distributed, implementing the prohibition of input while the system is locked.

所述控制模块判断当前系统状态是否安全的过程为:控制模块将是否有安全设备接入系统作为触发条件,当有安全设备接入系统时,且该安全设备通过安全认证后,当前系统处于安全状态,解锁设备,系统可通过设备输入内容;当无安全设备接入系统,或接入系统的安全设备未通过安全认证后,当前系统处于非安全状态,锁定设备,系统无法通过设备输入内容。The process of the control module judging whether the current system state is safe is as follows: the control module takes whether there is a safety device connected to the system as a trigger condition, when there is a safety device connected to the system, and after the safety device has passed the safety certification, the current system is in a safe state. status, unlock the device, the system can input content through the device; when no security device is connected to the system, or the security device connected to the system has not passed security authentication, the current system is in a non-secure state, the device is locked, and the system cannot input content through the device.

所述安全认证为指纹认证,即当安全设备接入系统后,查看安全设备自身的指纹信息与系统中录入的指纹信息是否匹配,当完全匹配时,触发所述控制模块解锁设备,设备输入的内容正常分发,否则无法进行内容分发的步骤。The security authentication is fingerprint authentication, that is, after the security device is connected to the system, it is checked whether the fingerprint information of the security device itself matches the fingerprint information entered in the system, and when it is completely matched, the control module is triggered to unlock the device. The content is distributed normally, otherwise the steps of content distribution cannot be performed.

一种锁定输入的方法,基于上述锁定输入的结构,其实现过程为:首先通过控制模块判断系统的状态是否安全,当系统处于安全状态时系统进行正常设备输入,即系统与输入设备呈连接状态,设备可正常输入内容给系统;当系统处于非安全状态时,通过锁定模块锁定设备输入,将系统与设备隔离。A method for locking input, based on the above structure of locking input, the implementation process is as follows: first, judge whether the state of the system is safe through a control module, and when the system is in a safe state, the system performs normal device input, that is, the system and the input device are in a connected state , the device can normally input content to the system; when the system is in an unsafe state, the device input is locked through the locking module to isolate the system from the device.

当系统处于安全状态时,系统进行正常设备输入的过程为:首先通过设备输入内容;然后将该输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中。When the system is in a safe state, the process of normal device input by the system is: firstly input content through the device; then the input content is obtained by the input device driver, and then the input content is converted into the kernel general key value through the input content processing module, Finally distribute the input to the application.

当系统处于非安全状态时,锁定系统使其无法进行设备输入的过程为:通过hook机制将锁定模块插入到输入内容分发前,使系统无法进入内容分发的步骤,从而达到锁定输入的功能。When the system is in a non-secure state, the process of locking the system to prevent device input is: insert the locking module before the input content distribution through the hook mechanism, so that the system cannot enter the content distribution step, so as to achieve the function of locking input.

通过hook机制插入的具体过程为:锁定模块在输入内容分发之前插入一个检查点hook point,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The specific process of inserting through the hook mechanism is as follows: the locking module inserts a checkpoint hook point before the distribution of the input content, to decide whether to allow the content to continue to be distributed according to the judgment of the control module, so as to prohibit input in the system locked state.

本发明的一种锁定输入的结构及方法和现有技术相比,具有以下有益效果:Compared with the prior art, a structure and method for locking input of the present invention has the following beneficial effects:

本发明的一种锁定输入的结构及方法,该方法中的锁定模块在内核模块中插入hook流程,直接有效的锁定了输入的分发,从而实现了输入的锁定;控制模块可以通过设备参数自动计算设备指纹信息,而不依赖于存储于外置设备中的密钥等信息,有效防止了撞库等攻击手段,避免了因密码泄露而导致的数据丢失,避免了复杂的二次验证过程,有效提高了系统的安全性,实用性强,适用范围广泛,易于推广。A structure and method for locking the input of the present invention, the locking module in the method inserts the hook process in the kernel module, directly and effectively locks the distribution of the input, thereby realizing the locking of the input; the control module can automatically calculate the parameters through the device. The fingerprint information of the device does not depend on the key and other information stored in the external device, which effectively prevents attacks such as credential stuffing, avoids data loss caused by password leakage, and avoids the complex secondary verification process. The security of the system is improved, the practicability is strong, the scope of application is wide, and it is easy to popularize.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to the provided drawings without creative work.

附图1为现有技术中信息安全手段的实现流程图。FIG. 1 is a flow chart of the realization of information security means in the prior art.

附图2为本发明结构的具体实施示意图。Figure 2 is a schematic diagram of a specific implementation of the structure of the present invention.

附图3为本发明方法的实施流程图。Fig. 3 is the implementation flow chart of the method of the present invention.

附图4为本发明方法的具体实施流程图。Figure 4 is a flow chart of the specific implementation of the method of the present invention.

附图5为本发明方法中控制模块的逻辑判断过程示例图。FIG. 5 is an example diagram of the logic judgment process of the control module in the method of the present invention.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本发明的方案,下面结合具体实施方式对本发明作进一步的详细说明。显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make those skilled in the art better understand the solution of the present invention, the present invention will be further described in detail below with reference to specific embodiments. Obviously, the described embodiments are only some, but not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

如附图2所示,一种锁定输入的结构,应用于计算机系统或包括手机的电子系统中,其结构包括,As shown in FIG. 2, a structure for locking input is applied in a computer system or an electronic system including a mobile phone, and its structure includes,

锁定模块,用于锁定系统输入,在锁定状态下对系统的任何设备输入均呈无效状态,也就是说,在锁定状态下抛弃对系统的输入控制如键盘鼠标的输入、来自远程的输入控制,做好系统的隔离特性。The locking module is used to lock the system input. In the locked state, any device input to the system is in an invalid state, that is, in the locked state, the input control to the system, such as keyboard and mouse input, input control from a remote, is abandoned. Do a good job of system isolation.

控制模块,用于对系统输入的锁定及解锁进行逻辑控制,通过判断当前系统状态是否处于安全状态,处于安全状态时系统进行正常设备输入,非安全状态时系统通过所述锁定模块锁定设备输入。The control module is used to logically control the locking and unlocking of the system input. By judging whether the current system state is in a safe state, the system performs normal device input when it is in a safe state, and locks the device input through the locking module when it is not in a safe state.

用于系统输入的设备包括键盘、鼠标、触控板、网络,当锁定模块锁定系统时,设备输入呈抛弃状态,即系统与设备相互隔离。The devices used for system input include keyboard, mouse, touchpad, and network. When the locking module locks the system, the device input is in an abandoned state, that is, the system and the device are isolated from each other.

所述系统输入的过程为:首先设备输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中;当锁定模块锁定该系统的设备输入时,则通过将该锁定模块插入到输入内容分发前,达到锁定输入的功能。The process of the system input is: first, the content input by the device is obtained by the input device driver, then the input content is converted into a kernel general key value through the input content processing module, and finally the input content is distributed to the application program; when the locking module locks the input content. When the device of the system is input, the function of locking the input is achieved by inserting the locking module before the distribution of the input content.

下面以键盘输入为例,系统内核对输入设备的一般处理流程如下:键盘输入

Figure 469921DEST_PATH_IMAGE001
键盘驱动获取输入并将其转换为内核通用键值代码
Figure 346610DEST_PATH_IMAGE001
内核输入事件处理(如封装成特定的格式)
Figure 296636DEST_PATH_IMAGE001
输入时间分发(如将输入时间写入一个文件)
Figure 625987DEST_PATH_IMAGE001
应用程序从文件中获取输入信息(按键值)。The following takes keyboard input as an example. The general processing flow of the system kernel for input devices is as follows: Keyboard input
Figure 469921DEST_PATH_IMAGE001
The keyboard driver takes the input and converts it to kernel generic key-value codes
Figure 346610DEST_PATH_IMAGE001
Kernel input event processing (eg encapsulated into a specific format)
Figure 296636DEST_PATH_IMAGE001
Input time distribution (eg writing input time to a file)
Figure 625987DEST_PATH_IMAGE001
The application gets input information (key values) from a file.

所述锁定模块通过hook机制插入到输入内容分发阶段,具体为:锁定模块在内容处理流程上插入一个检查点hook point,该处理流程是指输入内容分发之前,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The locking module is inserted into the input content distribution stage through the hook mechanism, specifically: the locking module inserts a checkpoint hook point on the content processing flow, and the processing flow refers to before the input content is distributed, to decide whether to allow or not according to the judgment of the control module This content continues to be distributed, implementing the prohibition of input while the system is locked.

所述控制模块判断当前系统状态是否安全的过程为:控制模块将是否有安全设备接入系统作为触发条件,当有安全设备接入系统时,且该安全设备通过安全认证后,当前系统处于安全状态,解锁设备,系统可通过设备输入内容;当无安全设备接入系统,或接入系统的安全设备未通过安全认证后,当前系统处于非安全状态,锁定设备,系统无法通过设备输入内容。The process of the control module judging whether the current system state is safe is as follows: the control module takes whether there is a safety device connected to the system as a trigger condition, when there is a safety device connected to the system, and after the safety device has passed the safety certification, the current system is in a safe state. status, unlock the device, the system can input content through the device; when no security device is connected to the system, or the security device connected to the system has not passed security authentication, the current system is in a non-secure state, the device is locked, and the system cannot input content through the device.

所述安全认证为指纹认证,即当安全设备接入系统后,查看安全设备自身的指纹信息与系统中录入的指纹信息是否匹配,当完全匹配时,触发所述控制模块解锁设备,设备输入的内容正常分发,否则无法进行内容分发的步骤。The security authentication is fingerprint authentication, that is, after the security device is connected to the system, it is checked whether the fingerprint information of the security device itself matches the fingerprint information entered in the system, and when it is completely matched, the control module is triggered to unlock the device. The content is distributed normally, otherwise the steps of content distribution cannot be performed.

一种锁定输入的方法,如附图3所示,基于上述锁定输入的结构,其实现过程为:A method for locking input, as shown in FIG. 3 , based on the above-mentioned structure for locking input, its implementation process is:

在计算机系统或手机系统中安装上述锁定输入的结构。The structure of the above lock input is installed in a computer system or a mobile phone system.

插入想要作为触发设备的外设,一般包括U盘、wifi网卡等可以支持热插拔的设备。Insert the peripheral you want to use as a trigger device, generally including U disk, wifi network card and other devices that can support hot swap.

打开设置界面,选择具体触发设备,查看系统能否匹配触发设备。Open the setting interface, select a specific trigger device, and check whether the system can match the trigger device.

最后进行锁定或解锁。Finally lock or unlock.

进一步的,如附图4、图5所示,在该方法中,首先通过控制模块判断系统的状态是否安全,当系统处于安全状态时系统进行正常设备输入,即系统与输入设备呈连接状态,设备可正常输入内容给系统;当系统处于非安全状态时,通过锁定模块锁定设备输入,将系统与设备隔离。Further, as shown in Figure 4 and Figure 5, in this method, first determine whether the state of the system is safe through the control module, when the system is in a safe state, the system performs normal device input, that is, the system and the input device are in a connected state, The device can normally input content to the system; when the system is in an unsafe state, the device input is locked through the locking module to isolate the system from the device.

当系统处于安全状态时,系统进行正常设备输入的过程为:首先通过设备输入内容;然后将该输入的内容由输入设备驱动获取,再通过输入内容处理模块将输入内容转换成内核通用键值,最后将输入内容分发到应用程序中。When the system is in a safe state, the process of normal device input by the system is: firstly input content through the device; then the input content is obtained by the input device driver, and then the input content is converted into the kernel general key value through the input content processing module, Finally distribute the input to the application.

当系统处于非安全状态时,锁定系统使其无法进行设备输入的过程为:通过hook机制将锁定模块插入到输入内容分发前,使系统无法进入内容分发的步骤,从而达到锁定输入的功能。When the system is in a non-secure state, the process of locking the system to prevent device input is: insert the locking module before the input content distribution through the hook mechanism, so that the system cannot enter the content distribution step, so as to achieve the function of locking input.

通过hook机制插入的具体过程为:锁定模块在输入内容分发之前插入一个检查点hook point,来根据控制模块的判断决定是否允许此内容继续分发,实现在系统锁定状态下禁止输入。The specific process of inserting through the hook mechanism is as follows: the locking module inserts a checkpoint hook point before the distribution of the input content, to decide whether to allow the content to continue to be distributed according to the judgment of the control module, so as to prohibit input in the system locked state.

本发明通过向系统内核中插入一个特定的安全模块,在需要时锁定系统输入即在锁定状态下,任何的输入信息都被抛弃实现,主要安全机制工作与内核态,安全系统自身的安全性得到了极大的提高。相对于现有方案即便用户密码泄露,如果系统输入依然是锁定状态攻击者依然无法控制系统,无法通过输入密码登录。即使通过恶意撞库方法而破解也会因无法对系统进行输入而无法实现,有效的提高了系统安全性。再次本发明避免了复杂的二次认证机制(如短信、电话等),防止了再次入侵的可能。By inserting a specific security module into the system kernel, the present invention locks the system input when needed, that is, in the locked state, any input information is discarded and realized, the main security mechanism works with the kernel state, and the security of the security system itself is obtained. greatly improved. Compared with the existing solution, even if the user password is leaked, if the system input is still locked, the attacker still cannot control the system and cannot log in by entering the password. Even if it is cracked by malicious credential stuffing method, it will not be realized because it cannot input the system, which effectively improves the security of the system. Again, the present invention avoids complicated secondary authentication mechanisms (such as short messages, telephone calls, etc.), and prevents the possibility of re-invasion.

通过上面具体实施方式,所述技术领域的技术人员可容易的实现本发明。本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想。应当指出,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以对本发明进行若干改进和修饰,这些改进和修饰也落入本发明权利要求的保护范围内。Through the above specific embodiments, those skilled in the art can easily implement the present invention. The principles and implementations of the present invention are described herein by using specific examples, and the descriptions of the above embodiments are only used to help understand the method and the core idea of the present invention. It should be pointed out that for those skilled in the art, without departing from the principle of the present invention, several improvements and modifications can also be made to the present invention, and these improvements and modifications also fall within the protection scope of the claims of the present invention.

Claims (4)

1. A structure for locking input, which is applied to a computer system or an electronic system comprising a mobile phone, is characterized in that the structure comprises,
the locking module is used for locking the system input and is in an invalid state for any equipment input of the system in a locking state;
the control module is used for carrying out logic control on locking and unlocking of system input, judging whether the current system state is in a safe state, carrying out normal equipment input by the system in the safe state, and locking the equipment input by the system through the locking module in the non-safe state;
the system input process comprises the following steps: firstly, the content input by the equipment is acquired by the input equipment driver, then the input content is converted into a kernel general key value through an input content processing module, and finally the input content is distributed to an application program; when the locking module locks the equipment input of the system, the locking module is inserted before the input content is distributed to achieve the function of locking the input;
the locking module is inserted into an input content distribution stage through a hook mechanism, and specifically comprises the following steps: the locking module inserts a check point hook point in a content processing flow, wherein the processing flow is to determine whether to allow the content to be continuously distributed according to the judgment of the control module before the input content is distributed, so that the input is forbidden in a system locking state;
the process that the control module judges whether the current system state is safe is as follows: the control module takes whether a safety device is accessed into the system as a trigger condition, when the safety device is accessed into the system and passes safety authentication, the current system is in a safety state, the device is unlocked, and the system can input content through the device; when no safety equipment is accessed to the system or the safety equipment accessed to the system fails to pass safety authentication, the current system is in a non-safety state, the equipment is locked, and the system cannot input contents through the equipment.
2. The structure of claim 1, wherein the device for system input comprises a keyboard, a mouse, a touch pad, and a network, and when the locking module locks the system, the device input is in a throw-away state, i.e. the system is isolated from the device.
3. The input locking structure according to claim 1, wherein the security authentication is fingerprint authentication, that is, after the security device accesses the system, it checks whether the fingerprint information of the security device itself matches the fingerprint information entered in the system, and when the fingerprint information matches the fingerprint information, the control module is triggered to unlock the device, and the content input by the device is normally distributed, otherwise, the step of content distribution cannot be performed.
4. A method for locking input is characterized in that based on the structure of the locking input, the implementation process is as follows: firstly, judging whether the state of the system is safe or not through a control module, and when the system is in the safe state, the system carries out normal equipment input, namely the system is in a connection state with input equipment, and the equipment can normally input contents to the system; when the system is in an unsafe state, the device input is locked through the locking module, and the system is isolated from the device;
when the system is in a safe state, the process of normal equipment input by the system is as follows: firstly, inputting content through equipment; then the input content is obtained by the drive of the input equipment, the input content is converted into a kernel general key value through an input content processing module, and finally the input content is distributed to an application program;
when the system is in an unsafe state, the process of locking the system to make the system unable to perform equipment input is as follows: the locking module is inserted into the input content distribution through a hook mechanism, so that the system cannot enter the content distribution step, and the input locking function is achieved;
the specific process of insertion by hook mechanism is: the locking module inserts a checkpoint hotspot before the input content is distributed to determine whether to allow the content to be continuously distributed according to the judgment of the control module, so that the input is forbidden in the system locking state.
CN201710613078.4A 2017-07-25 2017-07-25 Input locking structure and method Active CN107403114B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710613078.4A CN107403114B (en) 2017-07-25 2017-07-25 Input locking structure and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710613078.4A CN107403114B (en) 2017-07-25 2017-07-25 Input locking structure and method

Publications (2)

Publication Number Publication Date
CN107403114A CN107403114A (en) 2017-11-28
CN107403114B true CN107403114B (en) 2020-09-22

Family

ID=60401348

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710613078.4A Active CN107403114B (en) 2017-07-25 2017-07-25 Input locking structure and method

Country Status (1)

Country Link
CN (1) CN107403114B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108596592A (en) * 2018-04-19 2018-09-28 深圳鼎智通讯股份有限公司 A kind of triggering lock machine method of intelligent terminal

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6098171A (en) * 1998-03-31 2000-08-01 International Business Machines Corporation Personal computer ROM scan startup protection
CN1308277A (en) * 1999-11-01 2001-08-15 国际商业机器公司 Method and system for improving computer safety during ROM scanning
CN101167080A (en) * 2005-03-23 2008-04-23 株式会社Ihc Authentication system
CN101379458A (en) * 2006-01-30 2009-03-04 三洋电机株式会社 Input device for inputting password or the like and portable telephone device having the input device
CN101452345A (en) * 2007-10-22 2009-06-10 得逻辑公司 System lock
CN101663882A (en) * 2007-04-17 2010-03-03 诺基亚公司 Apparatuses and methods for facilitating user designation of device functions
CN102883037A (en) * 2011-06-28 2013-01-16 株式会社电装 Vehicular communication system, vehicular communication apparatus and portable terminal apparatus
CN102971690A (en) * 2010-07-02 2013-03-13 诺基亚公司 An apparatus and method for detecting a rocking movement of an electronic device and execute a function in response to the detected movement
CN103164350A (en) * 2011-12-16 2013-06-19 国民技术股份有限公司 Secure digital (SD) card device and method of regionally accessing SD card
CN103186373A (en) * 2011-12-29 2013-07-03 盛乐信息技术(上海)有限公司 System and method for realizing hot plugging of input equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6098171A (en) * 1998-03-31 2000-08-01 International Business Machines Corporation Personal computer ROM scan startup protection
CN1308277A (en) * 1999-11-01 2001-08-15 国际商业机器公司 Method and system for improving computer safety during ROM scanning
CN101167080A (en) * 2005-03-23 2008-04-23 株式会社Ihc Authentication system
CN101379458A (en) * 2006-01-30 2009-03-04 三洋电机株式会社 Input device for inputting password or the like and portable telephone device having the input device
CN101663882A (en) * 2007-04-17 2010-03-03 诺基亚公司 Apparatuses and methods for facilitating user designation of device functions
CN101452345A (en) * 2007-10-22 2009-06-10 得逻辑公司 System lock
CN102971690A (en) * 2010-07-02 2013-03-13 诺基亚公司 An apparatus and method for detecting a rocking movement of an electronic device and execute a function in response to the detected movement
CN102883037A (en) * 2011-06-28 2013-01-16 株式会社电装 Vehicular communication system, vehicular communication apparatus and portable terminal apparatus
CN103164350A (en) * 2011-12-16 2013-06-19 国民技术股份有限公司 Secure digital (SD) card device and method of regionally accessing SD card
CN103186373A (en) * 2011-12-29 2013-07-03 盛乐信息技术(上海)有限公司 System and method for realizing hot plugging of input equipment

Also Published As

Publication number Publication date
CN107403114A (en) 2017-11-28

Similar Documents

Publication Publication Date Title
CN101340281B (en) Method and system for safe login input on network
CN110651270B (en) Data access method and device
CN106326699B (en) Server reinforcing method based on file access control and process access control
CN109412812B (en) Data security processing system, method, device and storage medium
CN101588352B (en) Method and system for ensuring security of operating environment
CN105721159A (en) Operation system identity authentication method and operation system identity authentication system
Mohsin et al. Two factor vs multi-factor, an authentication battle in mobile cloud computing environments
CN101520831A (en) Safe terminal system and terminal safety method
WO2014079139A1 (en) Method and system for protecting data of mobile terminal
US20180239927A1 (en) Rollback protection for login security policy
CN113315637A (en) Security authentication method, device and storage medium
CN102831355B (en) The method of trusted path is set up in secure operating system
WO2017166689A1 (en) Privacy protection method and device
CN102521169B (en) Confidential USB (universal serial bus) memory disk with display screen and security control method of confidential USB memory disk
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN103970540B (en) Key Functions secure calling method and device
CN112905976A (en) User data protection method for security computer
CN108694329B (en) Mobile intelligent terminal security event credible recording system and method based on combination of software and hardware
JP2018536931A (en) Eavesdropping authentication and encryption system and method
CN107403114B (en) Input locking structure and method
US9262619B2 (en) Computer system and method for protecting data from external threats
CN102098313A (en) Waterproof wall system and authentication method thereof
CN104182667A (en) Screen lock based data protection method and device
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
CN103745143B (en) Computer protection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200825

Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Address before: 450000 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601

Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Patentee after: Suzhou Yuannao Intelligent Technology Co.,Ltd.

Country or region after: China

Address before: 215100 Building 9, No.1 guanpu Road, Guoxiang street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province

Patentee before: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd.

Country or region before: China

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载