+

CN102664887A - Input information protecting method, device and system - Google Patents

Input information protecting method, device and system Download PDF

Info

Publication number
CN102664887A
CN102664887A CN201210115703XA CN201210115703A CN102664887A CN 102664887 A CN102664887 A CN 102664887A CN 201210115703X A CN201210115703X A CN 201210115703XA CN 201210115703 A CN201210115703 A CN 201210115703A CN 102664887 A CN102664887 A CN 102664887A
Authority
CN
China
Prior art keywords
encryption algorithm
data unit
input information
protocol data
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210115703XA
Other languages
Chinese (zh)
Inventor
程元斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jianghan University
Original Assignee
Jianghan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jianghan University filed Critical Jianghan University
Priority to CN201210115703XA priority Critical patent/CN102664887A/en
Publication of CN102664887A publication Critical patent/CN102664887A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an input information protecting method, an input information protecting device and an input information protecting system, belonging to the technical field of information security. The input information protecting method comprises the following steps: receiving a protocol data unit which is sent by a host computer by an input information security protecting device, wherein the protocol data unit comprises encryption algorithm parameters; according to corresponding relations of preset encryption algorithm parameters and encryption algorithms, selecting the encryption algorithms corresponding to the encryption algorithm parameters in the protocol data unit; acquiring data input by a user; encrypting the data input by the user by the selected encryption algorithms; and sending the encrypted data to the host computer. Multiple corresponding rations of the encryption algorithms and the encryption algorithm parameters are arranged in the input information security protecting device, the protocol data unit comprises the encryption algorithm parameters corresponding to a network service program, and thus the encryption algorithms corresponding to the network service program are appointed, so that the input information protecting method, the input information protecting device and the input information protecting system are good in university and can ensure the security of information input by the user.

Description

输入信息保护方法、装置和系统Input information protection method, device and system

技术领域 technical field

本发明涉及信息安全技术领域,尤其涉及一种输入信息保护方法、装置和系统。The present invention relates to the technical field of information security, in particular to an input information protection method, device and system.

背景技术 Background technique

如今,网络在人们的日常生活中扮演着重要的角色,各种各样的网络服务正在逐步渗透到人们的学习、生活、工作之中。然而,网络安全问题的日益严重给人们的日常生活带来了诸多不便,尤其是通过木马病毒窃取用户从键盘输入的信息,如账号、密码等。Nowadays, the network plays an important role in people's daily life, and various network services are gradually penetrating into people's study, life and work. However, the increasing seriousness of network security issues has brought a lot of inconvenience to people's daily life, especially the information entered by users through keyboards, such as account numbers and passwords, is stolen by Trojan horse viruses.

现有技术中,主要通过加密的方法来防止用户输入的信息被盗。具体地,可以将用户输入的信息,采用专用的输入信息加密装置加密后再发往主机,然后再发往网络服务器。In the prior art, encryption is mainly used to prevent the information input by the user from being stolen. Specifically, the information input by the user may be encrypted by a dedicated input information encryption device and then sent to the host, and then sent to the network server.

发明人在实现本发明的过程中,发现现有技术至少存在以下问题:In the process of realizing the present invention, the inventor found that the prior art has at least the following problems:

现有的输入信息加密装置都是采用预定的专用的加密算法,对用户输入的信息进行加密,这些设备都是专用的,所以其使用范围受到很大限制,很难同时满足各种网络服务的需要,通用性差。The existing input information encryption devices all use predetermined special encryption algorithms to encrypt the information input by users. These devices are all dedicated, so their scope of use is greatly limited, and it is difficult to meet the requirements of various network services at the same time. Need, poor versatility.

发明内容 Contents of the invention

为了克服现有技术中输入信息加密装置使用范围受限、通用性差的缺陷,本发明提供了一种输入信息保护方法、装置和系统。所述技术方案如下:In order to overcome the disadvantages of limited use range and poor versatility of the input information encryption device in the prior art, the present invention provides an input information protection method, device and system. Described technical scheme is as follows:

一方面,本发明实施例提供了一种输入信息保护方法,所述方法包括:On the one hand, an embodiment of the present invention provides a method for protecting input information, the method comprising:

输入信息安全保护装置接收主机发送的协议数据单元,所述协议数据单元中包括加密算法参数;The input information security protection device receives the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters;

根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的所述加密算法参数相对应的加密算法;Selecting an encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm;

获取用户输入的数据;Get the data entered by the user;

采用选择的所述加密算法,加密所述用户输入的数据;using the selected encryption algorithm to encrypt the data input by the user;

将加密后的数据发送给所述主机。Send the encrypted data to the host.

优选地,所述协议数据单元中还包括数据单元类型参数,则在所述根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法之前,所述方法还包括:Preferably, the protocol data unit also includes a data unit type parameter, and before the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit is selected according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm , the method also includes:

根据所述数据单元类型参数判断所述协议数据单元是否为加密输入类型,若是,则获取所述协议数据单元中的加密算法参数。According to the data unit type parameter, it is judged whether the protocol data unit is an encrypted input type, and if so, the encryption algorithm parameter in the protocol data unit is acquired.

优选地,在所述根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法之前,所述方法还包括:Preferably, before the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit is selected according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm, the method further includes:

对服务器进行认证。Authenticate the server.

优选地,所述方法还包括:获取中断指令,并执行所述中断指令。Preferably, the method further includes: acquiring an interrupt instruction, and executing the interrupt instruction.

优选地,所述方法还包括:在所述输入信息安全保护装置上显示所述输入信息安全保护装置当前的工作状态和运行数据。Preferably, the method further includes: displaying the current working status and operating data of the input information security protection device on the input information security protection device.

又一方面,本发明实施例提供了一种输入信息保护装置,所述装置包括:In yet another aspect, an embodiment of the present invention provides an input information protection device, the device comprising:

接收模块,用于接收主机发送的协议数据单元,该协议数据单元中包括加密算法参数;The receiving module is used to receive the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters;

选择模块,用于根据预设的加密算法参数与加密算法的对应关系,选择与所述接收模块接收的协议数据单元中的所述加密算法参数相对应的加密算法;A selection module, configured to select an encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit received by the receiving module according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm;

获取模块,用于获取用户输入的数据;The acquisition module is used to acquire the data input by the user;

加密模块,用于根据所述选择模块选择的加密算法,加密所述获取模块获取的数据;An encryption module, configured to encrypt the data acquired by the acquisition module according to the encryption algorithm selected by the selection module;

发送模块,用于所述将加密模块加密后的数据发送给所述主机。A sending module, configured to send the data encrypted by the encryption module to the host.

优选地,所述协议数据单元中还包括数据单元类型参数,则所述装置还包括:Preferably, the protocol data unit also includes a data unit type parameter, then the device further includes:

判断模块,用于根据所述数据单元类型参数,判断所述协议数据单元是否为加密输入类型,若是,则获取所述协议数据单元中的加密算法参数。A judging module, configured to judge whether the protocol data unit is an encrypted input type according to the data unit type parameter, and if so, obtain the encryption algorithm parameter in the protocol data unit.

优选地,所述装置还包括:认证模块,用于对服务器进行认证。Preferably, the device further includes: an authentication module, configured to authenticate the server.

优选地,所述装置还包括:中断指令执行模块,用于获取中断指令,并执行所述中断指令。Preferably, the device further includes: an interrupt command execution module, configured to acquire the interrupt command and execute the interrupt command.

优选地,所述装置还包括:显示模块,用于显示所述输入信息安全保护装置当前的工作状态和运行数据。Preferably, the device further includes: a display module, configured to display the current working status and operating data of the input information security protection device.

又一方面,本发明实施例还提供了一种输入信息保护系统,所述系统包括。In yet another aspect, an embodiment of the present invention also provides an input information protection system, the system comprising:

主机,用于发送协议数据单元,所述协议数据单元中包括加密算法参数;The host is configured to send a protocol data unit, where the protocol data unit includes encryption algorithm parameters;

输入信息保护装置,用于接收所述主机发送的协议数据单元;根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的所述加密算法参数相对应的加密算法;获取用户输入的数据;采用选择的所述加密算法,加密所述用户输入的数据;将加密后的数据发送给所述主机。The input information protection device is used to receive the protocol data unit sent by the host; select the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit according to the corresponding relationship between the preset encryption algorithm parameters and the encryption algorithm; obtain data input by the user; using the selected encryption algorithm to encrypt the data input by the user; and sending the encrypted data to the host.

进一步地,所述系统还包括:Further, the system also includes:

服务器,用于向所述主机发送加密输入请求信息;The server is configured to send encrypted input request information to the host;

相应地,所述主机发送的所述协议数据单元中还包括所述加密输入请求信息,且所述主机还用于将所述输入信息保护装置发送的加密后的数据发送给所述服务器。Correspondingly, the protocol data unit sent by the host further includes the encrypted input request information, and the host is further configured to send the encrypted data sent by the input information protection device to the server.

本发明实施例提供的技术方案的有益效果是:通过在输入信息安全保护装置中预先设置多种加密算法与加密算法参数的对应关系,并在发送给输入信息安全保护装置的协议数据单元中指定加密算法并给出所需的加密参数,进而输入信息安全保护装置可根据主机或服务器的要求选择特定的加密算法在输入信息安全保护装置上对用户输入的数据进行加密。这样,同一台输入信息安全保护装置便可为运行不同应用的主机和服务器提供各自所需的加密输入服务,克服了专用输入信息安全保护装置算法单一、应用范围狭小的不足,也克服了通用输入装置不能为主机和服务器提供各自所需的加密输入服务的缺陷,兼顾了安全性、通用性、灵活性。The beneficial effect of the technical solution provided by the embodiment of the present invention is: by presetting the corresponding relationship between various encryption algorithms and encryption algorithm parameters in the input information security protection device, and specifying in the protocol data unit sent to the input information security protection device The encryption algorithm and the required encryption parameters are given, and then the input information security protection device can select a specific encryption algorithm according to the requirements of the host or server to encrypt the data input by the user on the input information security protection device. In this way, the same input information security protection device can provide the encrypted input services required by the hosts and servers running different applications, which overcomes the shortcomings of the dedicated input information security protection device with a single algorithm and narrow application range, and also overcomes the problems of general input information security. The defect that the device cannot provide the required encrypted input service for the host and the server takes into account safety, versatility and flexibility.

附图说明 Description of drawings

图1是本发明实施例1提供的输入信息保护方法的流程图;FIG. 1 is a flow chart of the input information protection method provided by Embodiment 1 of the present invention;

图2是本发明实施例2提供的输入信息保护方法的流程图;Fig. 2 is a flow chart of the input information protection method provided by Embodiment 2 of the present invention;

图3是本发明实施例3提供的输入信息保护装置的结构框图;FIG. 3 is a structural block diagram of an input information protection device provided by Embodiment 3 of the present invention;

图4是本发明实施例4提供的输入信息保护装置的结构框图;FIG. 4 is a structural block diagram of an input information protection device provided by Embodiment 4 of the present invention;

图5是本发明实施例5提供的输入信息保护系统的结构框图。Fig. 5 is a structural block diagram of an input information protection system provided by Embodiment 5 of the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明实施方式作进一步地详细描述。In order to make the object, technical solution and advantages of the present invention clearer, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

实施例1Example 1

如图1所示,本实施例提供了一种输入信息保护方法,该方法包括:As shown in Figure 1, this embodiment provides a method for protecting input information, the method comprising:

步骤101:输入信息保护装置接收主机发送的协议数据单元,该协议数据单元中包括加密算法参数。Step 101: The input information protection device receives the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters.

具体地,例如,当用户需要访问某一服务器时,通过主机与服务器进行交互,主机获取服务器的加密输入请求信息,如帐号信息请求后(该帐号信息请求通常是要求提供帐号、口令的协议数据单元),将其作为“DATA”字段封装后发送给输入信息安全保护装置。在本申请中,“主机”是指计算机除去输入输出设备以外的主要机体部分。Specifically, for example, when a user needs to access a certain server, the host computer interacts with the server, and the host computer obtains encrypted input request information of the server, such as after the account information request (the account information request is usually a protocol data that requires an account number and a password) Unit), encapsulate it as a "DATA" field and send it to the input information security protection device. In this application, "host" refers to the main body part of a computer except for input and output devices.

再例如,当用户需要登陆本地应用程序时,主机获取应用程序要求提供帐号、口令的请求后,将其作为“DATA”字段封装后发送给输入信息安全保护装置。For another example, when a user needs to log in to a local application, the host obtains the application's request to provide an account number and password, encapsulates it as a "DATA" field, and sends it to the input information security protection device.

也就是说,协议数据单元中的加密算法参数是与服务器或主机上的应用程序相对应的。That is to say, the encryption algorithm parameters in the protocol data unit correspond to the application program on the server or host.

步骤102:根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法。Step 102: Select an encryption algorithm corresponding to the encryption algorithm parameters in the protocol data unit according to the preset correspondence between encryption algorithm parameters and encryption algorithms.

该预设的加密算法参数与加密算法的对应关系预先设置在输入信息安全保护装置中。The correspondence between the preset encryption algorithm parameters and the encryption algorithm is preset in the input information security protection device.

步骤103:获取用户输入的数据。Step 103: Obtain the data input by the user.

步骤104:采用选择的加密算法,加密用户输入的数据。Step 104: Use the selected encryption algorithm to encrypt the data input by the user.

步骤105:将加密后的数据发送给主机。Step 105: Send the encrypted data to the host.

本发明实施例通过在输入信息安全保护装置中预先设置多种加密算法与加密算法参数的对应关系,并在发送给输入信息安全保护装置的协议数据单元中指定加密算法并给出所需的加密参数,进而输入信息安全保护装置可根据主机或服务器的要求选择特定的加密算法在输入信息安全保护装置上对用户输入的数据进行加密。这样,同一台输入信息安全保护装置便可为不同目的的主机和服务器提供各自所需的加密输入服务,克服了专用输入信息安全保护装置算法单一、应用范围狭小的不足,也克服了通用输入装置不能为主机和服务器提供各自所需的加密输入服务的缺陷,兼顾了安全性、通用性、灵活性。In the embodiment of the present invention, the corresponding relationship between various encryption algorithms and encryption algorithm parameters is preset in the input information security protection device, and the encryption algorithm is specified in the protocol data unit sent to the input information security protection device and the required encryption is given. Parameters, and then the input information security protection device can select a specific encryption algorithm to encrypt the data input by the user on the input information security protection device according to the requirements of the host or server. In this way, the same input information security protection device can provide the required encrypted input services for hosts and servers with different purposes, which overcomes the shortcomings of the dedicated input information security protection device with a single algorithm and narrow application range, and also overcomes the shortcomings of the general input device. The defect of not being able to provide the required encrypted input services for the host and the server takes into account security, versatility, and flexibility.

实施例2Example 2

如图2所示,本实施例提供了一种输入信息保护方法,该方法包括:As shown in Figure 2, this embodiment provides a method for protecting input information, which includes:

步骤201:输入信息保护装置接收主机发送的协议数据单元,该协议数据单元中包括加密算法参数。Step 201: The input information protection device receives the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters.

具体地,该协议数据单元中还可以包括协议数据单元类型参数。该协议数据单元的类型可以是但不限于传输控制、软件升级、输入装置证书请求、服务器证书请求和加密输入。其中,传输控制用于满足确认ACK(Acknowledgement,确认)、重传请求NAK(NegativeAcknowledge,否定响应)、大块数据(例如升级软件)的分组传输等需求。当服务器需要获取输入信息保护装置的数字证书或公钥时,主机可通过输入装置证书请求类型的协议数据单元向输入信息保护装置索取数字证书。当然,也可以在主机上保存该数字证书,直接传给服务器。需要指出的是,这里所要求的数字证书合法的出处包括本输入信息保护装置中的存储器、主机、网络服务器等等,其数字签名必须是可靠的。为确保可靠性并避免可能出现的法律认定上的困难,可以采用输入信息保护装置的处理器的制造商为根的认证链。另外,对于某些安全性高的服务,需要强制性地对服务器(实际上为提供安全参数的实体)进行认证,这时,输入信息保护装置可以发出证书请求要求提供服务器的数字证书。Specifically, the protocol data unit may also include a protocol data unit type parameter. The type of protocol data unit may be, but not limited to, transmission control, software upgrade, input device certificate request, server certificate request, and encrypted input. Among them, the transmission control is used to meet requirements such as confirmation ACK (Acknowledgement, acknowledgment), retransmission request NAK (NegativeAcknowledge, negative response), and packet transmission of bulk data (eg, software upgrade). When the server needs to obtain the digital certificate or public key of the input information protection device, the host can request the digital certificate from the input information protection device through the protocol data unit of the input device certificate request type. Of course, the digital certificate can also be saved on the host and directly sent to the server. It should be pointed out that the legal source of the digital certificate required here includes the memory, host, network server, etc. in the input information protection device, and its digital signature must be reliable. To ensure reliability and avoid possible legal difficulties, a certification chain rooted at the manufacturer of the processor of the input information protection device can be used. In addition, for some high-security services, it is necessary to compulsorily authenticate the server (actually the entity that provides security parameters). At this time, the input information protection device can send a certificate request to request the digital certificate of the server.

具体地,该协议数据单元可以为以下格式:Specifically, the protocol data unit can be in the following format:

Figure BDA0000155004310000051
Figure BDA0000155004310000051

其中,同步码用于标识一个数据单元的开始,其长度与通信链路相关。例如,当通信链路为PS2接口时,同步码为一个起始字符;当通信链路是同步链路时,同步码应当是一个起始标志块。校验码与同步码一样,与通信链路相关。Wherein, the synchronization code is used to identify the beginning of a data unit, and its length is related to the communication link. For example, when the communication link is a PS2 interface, the synchronization code is a start character; when the communication link is a synchronization link, the synchronization code should be a start marker block. The check code, like the synchronization code, is related to the communication link.

总长度指从类型|协议字段开始的所有字段的长度,不包括同步码、版本字段和总长度字段本身。The total length refers to the length of all fields starting from the type|protocol field, excluding the synchronization code, version field and the total length field itself.

类型|协议用于表示上文中的加密算法参数和数据单元类型参数,在本实施例中,优选采用统一的数字编号。在其它实现方式中,也可以分开表示。Type|protocol is used to represent the above encryption algorithm parameters and data unit type parameters. In this embodiment, it is preferred to use a unified number. In other implementation manners, it can also be expressed separately.

DATA是各类型、协议数据单元对应的数据,一般即该协议的数据包,如服务器的X509数字证书。DATA is the data corresponding to various types and protocol data units, generally the data packets of the protocol, such as the X509 digital certificate of the server.

更加优选地,为了方便协议数据单元类型的识别,可以采用类型分段法,例如,采用高3位(二进制)标示数据单元类型如下:More preferably, in order to facilitate the identification of the protocol data unit type, the type segmentation method can be used, for example, the upper 3 bits (binary) are used to indicate the data unit type as follows:

000传输控制000 Transmission Control

001软件升级001 software upgrade

010装置认证010 Device Certification

011服务器认证011 server authentication

10x加密10x encryption

11x保留11x reserved

其中,x代表0或1,按照该方案,可以用来标识加密协议的位数总共有6个二进制位,可标志的协议数达64种。加上保留部分,加密协议最多可达128种,可以适用于多种网络服务程序。Wherein, x represents 0 or 1. According to this scheme, the number of bits that can be used to identify the encryption protocol is 6 binary bits in total, and the number of protocols that can be marked reaches 64. Adding the reserved part, there are up to 128 encryption protocols, which can be applied to various network service programs.

优选地,所有的协议数据单元的传输均采用停止等待协议。考虑到用户输入数据相对慢,因此当输入信息保护装置接收到一个协议数据单元时,在完成校验后会立即回复一个ACK或者NAK的应答帧,以便主机及时做出正确判断以采取下一步行动。Preferably, the transmission of all protocol data units adopts a stop-and-wait protocol. Considering that the user input data is relatively slow, when the input information protection device receives a protocol data unit, it will immediately reply an ACK or NAK response frame after completing the verification, so that the host can make a correct judgment in time to take the next step .

具体地,例如,当用户需要访问某一服务器时,通过主机与服务器进行交互,主机获取服务器的加密输入请求信息,如帐号信息请求后,(该帐号信息请求通常是要求提供帐号、口令的协议数据单元),将其作为“DATA”字段封装后发送给输入信息安全保护装置。Specifically, for example, when a user needs to access a certain server, the host computer interacts with the server, and the host computer obtains the encrypted input request information of the server, such as after the account information request, (the account information request is usually a protocol requiring an account number and password Data unit), which is encapsulated as a "DATA" field and sent to the input information security protection device.

再例如,当用户需要登陆本地应用程序时,主机获取应用程序要求提供帐号、口令的请求后,将其作为“DATA”字段封装后发送给输入信息安全保护装置。For another example, when a user needs to log in to a local application, the host obtains the application's request to provide an account number and password, encapsulates it as a "DATA" field, and sends it to the input information security protection device.

也就是说,协议数据单元中的加密算法参数是与服务器或主机上的应用程序相对应的。That is to say, the encryption algorithm parameters in the protocol data unit correspond to the application program on the server or host.

步骤202:判断接收到的协议数据单元的版本是否可兼容,若是,则执行步骤203;若否,则给主机回复可用版本信息。Step 202: Determine whether the version of the received PDU is compatible, if yes, execute step 203; if not, reply available version information to the host.

步骤203:根据数据单元类型参数判断协议数据单元是否为加密输入类型,若是,则执行步骤204,若否,则执行非加密输入类型的处理,如传输控制、软件升级、装置认证、服务器认证等。Step 203: Determine whether the protocol data unit is an encrypted input type according to the data unit type parameter, if yes, execute step 204, if not, execute non-encrypted input type processing, such as transmission control, software upgrade, device authentication, server authentication, etc. .

步骤204:判断加密算法参数是否可处理,若可处理,则执行步骤205;若不可处理,则可以回复非支持协议信息。Step 204: Determine whether the encryption algorithm parameter can be processed, if it can be processed, execute step 205; if it cannot be processed, it can reply the non-support protocol information.

具体地,可以在输入信息保护装置中预设的加密算法参数中,查找是否存在与该协议数据单元中的加密算法参数相同的加密算法参数,若存在,则表示加密算法参数可处理,反之则表示该加密算法参数不可处理。Specifically, among the encryption algorithm parameters preset in the input information protection device, it is possible to search whether there is an encryption algorithm parameter identical to the encryption algorithm parameter in the protocol data unit. If it exists, it means that the encryption algorithm parameter can be processed, and vice versa. Indicates that the encryption algorithm parameters cannot be processed.

步骤205:判断是否需要对服务器进行认证,若需要,则执行步骤206;若不需要,则执行步骤208。Step 205: Judging whether the server needs to be authenticated, if yes, go to step 206; if not, go to step 208.

具体地,可以根据用户的预先设置来判断是否需要对服务器进行认证。Specifically, it may be determined according to the user's preset whether to authenticate the server.

步骤206:检测协议数据单元中是否含有服务器发送的数字证书;若是,则执行步骤207;若否,则向主机发送服务器证书请求。Step 206: Detect whether the protocol data unit contains the digital certificate sent by the server; if yes, execute step 207; if not, send a server certificate request to the host.

步骤207:验证该协议数据单元中的数字证书是否合法,若是,则执行步骤208;若否,向主机回复认证失败信息。Step 207: verify whether the digital certificate in the protocol data unit is legal, if yes, execute step 208; if not, reply authentication failure information to the host.

通过上述步骤205-207,即可实现对服务器进行认证。Through the above steps 205-207, the server can be authenticated.

步骤208:根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法。Step 208: Select an encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit according to the preset correspondence between the encryption algorithm parameters and the encryption algorithm.

该预设的加密算法参数与加密算法的对应关系预先设置在输入信息安全保护装置中。The correspondence between the preset encryption algorithm parameters and the encryption algorithm is preset in the input information security protection device.

具体地,选择与接收到的协议数据单元中的加密算法参数相对应的加密算法的步骤包括:Specifically, the step of selecting the encryption algorithm corresponding to the encryption algorithm parameter in the received protocol data unit includes:

将加密算法参数对应的处理函数指针赋予指向处理函数的指针变量func并进行该处理函数的初始化,以便在用户输入时通过调用func所指的处理函数进行对应的加密处理。可以将加密算法参数与对应的处理函数指针做成一张表存储在输入信息保护装置中,以便升级处理程序更新。The processing function pointer corresponding to the encryption algorithm parameter is assigned to the pointer variable func pointing to the processing function, and the processing function is initialized, so that the corresponding encryption processing is performed by calling the processing function pointed to by func when the user inputs. Encryption algorithm parameters and corresponding processing function pointers can be made into a table and stored in the input information protection device, so as to update the processing program.

步骤209:获取用户输入的数据。Step 209: Obtain the data input by the user.

具体地,此时,输入信息保护装置进入加密键盘状态,可以设置一个NKS(normal keyboardstatus,普通键盘状态标志)变量,当NKS=N时,表示加密键盘状态;当NKS=Y时,表示非加密键盘状态,即普通键盘状态。系统启动时的状态是普通键盘状态。Specifically, at this moment, the input information protection device enters the encrypted keyboard state, and a NKS (normal keyboard status, common keyboard status flag) variable can be set, and when NKS=N, it represents the encrypted keyboard state; when NKS=Y, it represents non-encrypted Keyboard state, that is, the normal keyboard state. The state when the system starts is the normal keyboard state.

步骤211:采用选择的加密算法对步骤210中用户输入的数据进行加密。Step 211: Encrypt the data input by the user in step 210 using the selected encryption algorithm.

在实际应用中,可以在用户输入完毕后,设置NKS=Y,恢复到普通键盘状态。In practical applications, after the user finishes inputting, set NKS=Y to return to the normal keyboard state.

步骤212:将加密后的数据发送给主机。Step 212: Send the encrypted data to the host.

具体地,可以将加密后的数据作为“DATA”字段封装成协议数据单元发送给主机。主机收到后,或者由主机上的应用程序解密并使用“DATA”字段的数据,或者将“DATA”字段的数据转发给服务器。Specifically, the encrypted data may be encapsulated as a "DATA" field into a protocol data unit and sent to the host. After the host receives it, the application program on the host will either decrypt and use the data in the "DATA" field, or forward the data in the "DATA" field to the server.

需要说明的是,输入信息保护装置与主机的数据交互可以通过PS2接口、USB接口或无线接口。It should be noted that, the data exchange between the input information protection device and the host can be through a PS2 interface, a USB interface or a wireless interface.

在上述步骤201-212的执行过程中,该方法还包括:During the execution of the above steps 201-212, the method further includes:

接收用户的中断指令,并执行与该中断指令对应的中断服务程序,以进行相应的处理。Receive the user's interrupt command, and execute the interrupt service program corresponding to the interrupt command to perform corresponding processing.

具体地,这些中断指令可以包括:设置指令、强制认证指令、强制终止指令以及所有数据键。Specifically, these interruption instructions may include: a setting instruction, a mandatory authentication instruction, a mandatory termination instruction and all data keys.

其中,设置指令用于设置一些可选项,例如是否隐蔽显示以及用什么符号隐蔽显示用户输入的口令,是否显示服务器标识,是否总是进行服务器强制认证,系统升级时是否要经过用户确认等。可以用交互问答的方式进行所有可能的设置。Among them, the setting command is used to set some optional items, such as whether to hide and display the password entered by the user with what symbol, whether to display the server logo, whether to always perform mandatory server authentication, whether to require user confirmation when the system is upgraded, etc. All possible settings can be made in an interactive question-and-answer manner.

本实施例的方法还包括:在该输入信息保护装置上显示输入信息安全保护装置当前的工作状态和运行数据。该工作状态和运行数据包括但不限于加密输入状态、认证结果、用户输入的数据等。The method in this embodiment further includes: displaying the current working status and operating data of the input information security protection device on the input information protection device. The working status and running data include but not limited to encrypted input status, authentication results, data input by users, etc.

本发明实施例通过在输入信息安全保护装置中预先设置多种加密算法与加密算法参数的对应关系,并在发送给输入信息安全保护装置的协议数据单元中指定加密算法并给出所需的加密参数,进而输入信息安全保护装置可根据主机或服务器的要求选择特定的加密算法在输入信息安全保护装置上对用户输入的数据进行加密。这样,同一台输入信息安全保护装置便可为不同目的的主机和服务器提供各自所需的加密输入服务,克服了专用输入信息安全保护装置算法单一、应用范围狭小的不足,也克服了通用输入装置不能为主机和服务器提供各自所需的加密输入服务的缺陷,兼顾了安全性、通用性、灵活性。此外,本发明实施例还可以实现输入信息安全保护装置和服务器之间的双向认证,进一步提高了输入信息的安全性。In the embodiment of the present invention, the corresponding relationship between various encryption algorithms and encryption algorithm parameters is preset in the input information security protection device, and the encryption algorithm is specified in the protocol data unit sent to the input information security protection device and the required encryption is given. Parameters, and then the input information security protection device can select a specific encryption algorithm to encrypt the data input by the user on the input information security protection device according to the requirements of the host or server. In this way, the same input information security protection device can provide the required encrypted input services for hosts and servers with different purposes, which overcomes the shortcomings of the dedicated input information security protection device with a single algorithm and narrow application range, and also overcomes the shortcomings of the universal input device. The defect of not being able to provide the required encrypted input services for the host and the server takes into account security, versatility, and flexibility. In addition, the embodiment of the present invention can also realize two-way authentication between the input information security protection device and the server, further improving the security of the input information.

实施例3Example 3

如图3所示,本发明实施例提供了一种输入信息安全保护装置,该装置包括:As shown in Figure 3, an embodiment of the present invention provides an input information security protection device, which includes:

接收模块301,用于接收主机发送的协议数据单元,该协议包中包括加密算法参数;The receiving module 301 is configured to receive the protocol data unit sent by the host, and the protocol packet includes encryption algorithm parameters;

选择模块302,用于根据预设的加密算法参数与加密算法的对应关系,选择与接收模块301接收的协议数据单元中的加密算法参数相对应的加密算法;The selection module 302 is used to select the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit received by the receiving module 301 according to the preset corresponding relationship between the encryption algorithm parameter and the encryption algorithm;

获取模块303,用于获取用户输入的数据;An acquisition module 303, configured to acquire data input by the user;

加密模块304,用于根据选择模块302选择的加密算法,加密获取模块303获取的数据;An encryption module 304, configured to encrypt the data obtained by the acquisition module 303 according to the encryption algorithm selected by the selection module 302;

发送模块305,用于将加密模块304加密后的数据发送给主机。The sending module 305 is configured to send the data encrypted by the encryption module 304 to the host.

具体地,本实施例的输入信息安全保护装置可以作为单独的装置与普通键盘兼容,也可以直接集成在键盘上,作为键盘的一部分。Specifically, the input information security protection device of this embodiment can be used as a separate device compatible with a common keyboard, or can be directly integrated on the keyboard as a part of the keyboard.

本发明实施例提供的技术方案的有益效果是:通过在输入信息安全保护装置中预先设置多种加密算法与加密算法参数的对应关系,并在发送给输入信息安全保护装置的协议数据单元中指定加密算法并给出所需的加密参数,进而输入信息安全保护装置可根据主机或服务器的要求选择特定的加密算法在输入信息安全保护装置上对用户输入的数据进行加密。这样,同一台输入信息安全保护装置便可为不同目的的主机和服务器提供各自所需的加密输入服务,克服了专用输入信息安全保护装置算法单一、应用范围狭小的不足,也克服了通用输入装置不能为主机和服务器提供各自所需的加密输入服务的缺陷,兼顾了安全性、通用性、灵活性。The beneficial effect of the technical solution provided by the embodiment of the present invention is: by presetting the corresponding relationship between various encryption algorithms and encryption algorithm parameters in the input information security protection device, and specifying in the protocol data unit sent to the input information security protection device The encryption algorithm and the required encryption parameters are provided, and then the input information security protection device can select a specific encryption algorithm according to the requirements of the host or server to encrypt the data input by the user on the input information security protection device. In this way, the same input information security protection device can provide the required encrypted input services for hosts and servers with different purposes, which overcomes the shortcomings of the dedicated input information security protection device with a single algorithm and narrow application range, and also overcomes the shortcomings of the general input device. The defect of not being able to provide the required encrypted input services for the host and the server takes into account security, versatility, and flexibility.

实施例4Example 4

如图4所示,本发明实施例提供了一种输入信息安全保护装置,该装置包括:As shown in Figure 4, an embodiment of the present invention provides an input information security protection device, which includes:

接收模块301,用于接收主机发送的协议数据单元,该协议数据单元中包括加密算法参数;The receiving module 301 is configured to receive the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters;

选择模块302,用于根据预设的加密算法参数与加密算法的对应关系,选择与接收模块301接收的协议数据单元中的加密算法参数相对应的加密算法;The selection module 302 is used to select the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit received by the receiving module 301 according to the preset corresponding relationship between the encryption algorithm parameter and the encryption algorithm;

获取模块303,用于获取用户输入的数据;An acquisition module 303, configured to acquire data input by the user;

加密模块304,用于根据选择模块302选择的加密算法,加密获取模块303获取的数据;An encryption module 304, configured to encrypt the data obtained by the acquisition module 303 according to the encryption algorithm selected by the selection module 302;

发送模块305,用于将加密模块304加密后的数据发送给主机。The sending module 305 is configured to send the data encrypted by the encryption module 304 to the host.

优选地,该协议数据单元中还包括数据单元类型参数,则该装置还包括:Preferably, the protocol data unit also includes a data unit type parameter, then the device also includes:

判断模块406,用于根据数据单元类型参数,判断接收模块301接收到的协议数据单元是否为加密输入类型,若是,则获取协议数据单元中的加密算法参数;Judging module 406, for judging whether the protocol data unit received by the receiving module 301 is an encrypted input type according to the data unit type parameter, and if so, obtaining the encryption algorithm parameter in the protocol data unit;

相应地,选择模块302当所述判断模块406的判断结果为是时,根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法。Correspondingly, when the judgment result of the judging module 406 is yes, the selection module 302 selects the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm.

优选地,该装置还包括:认证模块407,用于对服务器进行认证。Preferably, the device further includes: an authentication module 407, configured to authenticate the server.

优选地,该装置还包括:中断指令执行模块408,用于获取中断指令,并执行与该中断指令对应的中断服务程序。Preferably, the device further includes: an interrupt command execution module 408, configured to acquire the interrupt command and execute an interrupt service program corresponding to the interrupt command.

具体地,该中断指令可以包括设置指令、强制认证指令、强制终止指令以及所有数据键。Specifically, the interruption instruction may include a setting instruction, a mandatory authentication instruction, a mandatory termination instruction and all data keys.

优选地,该装置还包括显示模块409,用于显示输入信息安全保护装置当前的的工作状态和运行数据。该工作状态和运行数据包括但不限于加密输入状态、认证结果、用户输入的数据等。Preferably, the device further includes a display module 409 for displaying the current working status and operating data of the input information security protection device. The working status and running data include but not limited to encrypted input status, authentication results, data input by users, etc.

优选地,该装置还包括:软件升级模块,用于升级所述输入信息安全保护装置中的软件,包括加密算法。Preferably, the device further includes: a software upgrade module, configured to upgrade the software in the input information security protection device, including the encryption algorithm.

在本实施例的一个具体实现中,该中断指令执行模块408可以包括但不限于显示方式切换按钮、强制服务器认证按钮、终止并取消输入按钮、数据键等等,该显示模块409可以包括指示灯和显示屏等等。In a specific implementation of this embodiment, the interrupt command execution module 408 may include but not limited to a display mode switching button, a mandatory server authentication button, a termination and cancel input button, a data key, etc., and the display module 409 may include an indicator light and display etc.

通过在输入信息安全保护装置中预先设置多种加密算法与加密算法参数的对应关系,并在发送给输入信息安全保护装置的协议数据单元中指定加密算法并给出所需的加密参数,进而输入信息安全保护装置可根据主机或服务器的要求选择特定的加密算法在输入信息安全保护装置上对用户输入的数据进行加密。这样,同一台输入信息安全保护装置便可为不同目的的主机和服务器提供各自所需的加密输入服务,克服了专用输入信息安全保护装置算法单一、应用范围狭小的不足,也克服了通用输入装置不能为主机和服务器提供各自所需的加密输入服务的缺陷,兼顾了安全性、通用性、灵活性。此外,本发明实施例还可以实现输入信息安全保护装置和服务器之间的双向认证,进一步提高了输入信息的安全性。By pre-setting the corresponding relationship between various encryption algorithms and encryption algorithm parameters in the input information security protection device, specifying the encryption algorithm and giving the required encryption parameters in the protocol data unit sent to the input information security protection device, and then input The information security protection device can select a specific encryption algorithm to encrypt the data input by the user on the input information security protection device according to the requirements of the host or server. In this way, the same input information security protection device can provide the required encrypted input services for hosts and servers with different purposes, which overcomes the shortcomings of the dedicated input information security protection device with a single algorithm and narrow application range, and also overcomes the shortcomings of the general input device. The defect of not being able to provide the required encrypted input services for the host and the server takes into account security, versatility, and flexibility. In addition, the embodiment of the present invention can also realize two-way authentication between the input information security protection device and the server, further improving the security of the input information.

实施例5Example 5

本实施例提供了一种输入信息保护系统,该系统包括:主机52和输入信息保护装置51,其中,输入信息保护装置51可以为实施例3或4提供的输入信息保护装置;主机52,用于向输入信息保护装置51发送协议数据单元,该协议数据单元中包括加密算法参数。This embodiment provides an input information protection system, which includes: a host 52 and an input information protection device 51, wherein the input information protection device 51 can be the input information protection device provided in Embodiment 3 or 4; the host 52 uses To send the protocol data unit to the input information protection device 51, the protocol data unit includes encryption algorithm parameters.

进一步地,该系统还可以包括:服务器53,用于向主机52发送加密输入请求信息;Further, the system may also include: a server 53, configured to send encrypted input request information to the host 52;

相应地,主机52发送的协议数据单元中还包括该加密输入信息请求,且主机还用于将输入信息保护装置发送的加密后的数据发送给服务器。Correspondingly, the protocol data unit sent by the host 52 also includes the encrypted input information request, and the host is also used to send the encrypted data sent by the input information protection device to the server.

本发明实施例通过在输入信息安全保护装置中预先设置多种加密算法与加密算法参数的对应关系,并在发送给输入信息安全保护装置的协议数据单元中指定加密算法并给出所需的加密参数,进而输入信息安全保护装置可根据主机或服务器的要求选择特定的加密算法在输入信息安全保护装置上对用户输入的数据进行加密。这样,同一台输入信息安全保护装置便可为不同目的的主机和服务器提供各自所需的加密输入服务,克服了专用输入信息安全保护装置算法单一、应用范围狭小的不足,也克服了通用输入装置不能为主机和服务器提供各自所需的加密输入服务的缺陷,兼顾了安全性、通用性、灵活性。In the embodiment of the present invention, the corresponding relationship between various encryption algorithms and encryption algorithm parameters is preset in the input information security protection device, and the encryption algorithm is specified in the protocol data unit sent to the input information security protection device and the required encryption is given. Parameters, and then the input information security protection device can select a specific encryption algorithm to encrypt the data input by the user on the input information security protection device according to the requirements of the host or server. In this way, the same input information security protection device can provide the required encrypted input services for hosts and servers with different purposes, which overcomes the shortcomings of the dedicated input information security protection device with a single algorithm and narrow application range, and also overcomes the shortcomings of the general input device. The defect of not being able to provide the required encrypted input services for the host and the server takes into account security, versatility, and flexibility.

需要说明的是:上述实施例提供的输入信息保护装置和系统在保护输入信息时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的输入信息保护装置和系统与输入信息保护方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that: when the input information protection device and system provided in the above embodiments protect input information, the division of the above-mentioned functional modules is used as an example for illustration. In practical applications, the above-mentioned functions can be assigned to different functional Module completion means that the internal structure of the device is divided into different functional modules to complete all or part of the functions described above. In addition, the input information protection device and system provided by the above-mentioned embodiments belong to the same idea as the input information protection method embodiments, and the specific implementation process thereof is detailed in the method embodiments, and will not be repeated here.

本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps for implementing the above embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, and the like.

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (12)

1.一种输入信息保护方法,其特征在于,所述方法包括:1. A method for protecting input information, characterized in that the method comprises: 输入信息安全保护装置接收主机发送的协议数据单元,所述协议数据单元中包括加密算法参数;The input information security protection device receives the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters; 根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的所述加密算法参数相对应的加密算法;Selecting an encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm; 获取用户输入的数据;Get the data entered by the user; 采用选择的所述加密算法,加密所述用户输入的数据;using the selected encryption algorithm to encrypt the data input by the user; 将加密后的数据发送给所述主机。Send the encrypted data to the host. 2.根据权利要求1所述的方法,其特征在于,所述协议数据单元中还包括数据单元类型参数,则在所述根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法之前,所述方法还包括:2. The method according to claim 1, wherein the protocol data unit also includes a data unit type parameter, and then selects the protocol data according to the corresponding relationship between the preset encryption algorithm parameters and the encryption algorithm. Before the encryption algorithm corresponding to the encryption algorithm parameter in the unit, the method also includes: 根据所述数据单元类型参数判断所述协议数据单元是否为加密输入类型,若是,则获取所述协议数据单元中的加密算法参数。According to the data unit type parameter, it is judged whether the protocol data unit is an encrypted input type, and if so, the encryption algorithm parameter in the protocol data unit is obtained. 3.根据权利要求1所述的方法,其特征在于,在所述根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的加密算法参数相对应的加密算法之前,所述方法还包括:3. The method according to claim 1, characterized in that, before the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit is selected according to the corresponding relationship between the preset encryption algorithm parameters and the encryption algorithm, the The method also includes: 对服务器进行认证。Authenticate the server. 4.根据权利要求1所述的方法,其特征在于,所述方法还包括:获取中断指令,并执行与所述中断指令相对应的中断服务程序。4. The method according to claim 1, further comprising: obtaining an interrupt instruction, and executing an interrupt service program corresponding to the interrupt instruction. 5.根据权利要求1所述的方法,其特征在于,所述方法还包括:在所述输入信息安全保护装置上显示所述输入信息安全保护装置当前的工作状态和运行数据。5. The method according to claim 1, further comprising: displaying the current working status and operating data of the input information security protection device on the input information security protection device. 6.一种输入信息安全装置,其特征在于,所述装置包括:6. An input information security device, characterized in that the device comprises: 接收模块,用于接收主机发送的协议数据单元,该协议数据单元中包括加密算法参数;The receiving module is used to receive the protocol data unit sent by the host, and the protocol data unit includes encryption algorithm parameters; 选择模块,用于根据预设的加密算法参数与加密算法的对应关系,选择与所述接收模块接收的协议数据单元中的所述加密算法参数相对应的加密算法;A selection module, configured to select an encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit received by the receiving module according to the preset correspondence between the encryption algorithm parameter and the encryption algorithm; 获取模块,用于获取用户输入的数据;The acquisition module is used to acquire the data input by the user; 加密模块,用于根据所述选择模块选择的加密算法,加密所述获取模块获取的数据;An encryption module, configured to encrypt the data acquired by the acquisition module according to the encryption algorithm selected by the selection module; 发送模块,用于所述将加密模块加密后的数据发送给所述主机。A sending module, configured to send the data encrypted by the encryption module to the host. 7.根据权利要求6所述的装置,其特征在于,所述协议数据单元中还包括数据单元类型参数,则所述装置还包括:7. The device according to claim 6, wherein the protocol data unit further comprises a data unit type parameter, and the device further comprises: 判断模块,用于根据所述数据单元类型参数判断所述协议数据单元是否为加密输入类型,若是,则获取所述协议数据单元中的加密算法参数。A judging module, configured to judge whether the protocol data unit is an encrypted input type according to the data unit type parameter, and if so, obtain the encryption algorithm parameter in the protocol data unit. 8.如权利要求6所述的装置,其特征在于,所述装置还包括:8. The device of claim 6, further comprising: 认证模块,用于对服务器进行认证。The authentication module is used to authenticate the server. 9.如权利要求6所述的装置,其特征在于,所述装置还包括:中断指令执行模块,用于获取中断指令,并执行所述中断指令。9 . The device according to claim 6 , further comprising: an interrupt command execution module, configured to acquire the interrupt command and execute the interrupt command. 10.如权利要求6所述的装置,其特征在于,所述装置还包括:显示模块,用于显示所述输入信息安全保护装置当前的工作状态和运行数据。10. The device according to claim 6, further comprising: a display module, configured to display the current working status and operating data of the input information security protection device. 11.一种输入信息保护系统,其特征在于,所述系统包括:11. An input information protection system, characterized in that the system comprises: 主机,用于发送协议数据单元,所述协议数据单元中包括加密算法参数;The host is configured to send a protocol data unit, where the protocol data unit includes encryption algorithm parameters; 输入信息保护装置,用于接收所述主机发送的协议数据单元;根据预设的加密算法参数与加密算法的对应关系,选择与协议数据单元中的所述加密算法参数相对应的加密算法;获取用户输入的数据;采用选择的所述加密算法,加密所述用户输入的数据;将加密后的数据发送给所述主机。The input information protection device is used to receive the protocol data unit sent by the host; select the encryption algorithm corresponding to the encryption algorithm parameter in the protocol data unit according to the corresponding relationship between the preset encryption algorithm parameters and the encryption algorithm; obtain data input by the user; using the selected encryption algorithm to encrypt the data input by the user; and sending the encrypted data to the host. 12.如权利要求11所述的系统,其特征在于,所述系统还包括:12. The system of claim 11, further comprising: 服务器,用于向所述主机发送加密输入请求信息;The server is configured to send encrypted input request information to the host; 相应地,所述主机发送的所述协议数据单元中还包括所述加密输入请求信息,且所述主机还用于将所述输入信息保护装置发送的加密后的数据发送给所述服务器。Correspondingly, the protocol data unit sent by the host further includes the encrypted input request information, and the host is further configured to send the encrypted data sent by the input information protection device to the server.
CN201210115703XA 2012-04-19 2012-04-19 Input information protecting method, device and system Pending CN102664887A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210115703XA CN102664887A (en) 2012-04-19 2012-04-19 Input information protecting method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210115703XA CN102664887A (en) 2012-04-19 2012-04-19 Input information protecting method, device and system

Publications (1)

Publication Number Publication Date
CN102664887A true CN102664887A (en) 2012-09-12

Family

ID=46774297

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210115703XA Pending CN102664887A (en) 2012-04-19 2012-04-19 Input information protecting method, device and system

Country Status (1)

Country Link
CN (1) CN102664887A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107209763A (en) * 2014-10-20 2017-09-26 起元科技有限公司 Specify the rule with application data
CN109117678A (en) * 2018-08-10 2019-01-01 天地融科技股份有限公司 A kind of information transferring method and system
CN109344608A (en) * 2018-08-10 2019-02-15 天地融科技股份有限公司 A kind of information transferring method and system
CN110532787A (en) * 2019-07-26 2019-12-03 苏州浪潮智能科技有限公司 It is a kind of for strengthening the method and apparatus of the safety of the confidential resources in cluster
CN115776373A (en) * 2022-11-23 2023-03-10 北京天融信网络安全技术有限公司 Encrypted communication method, system, electronic device, and computer-readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1638327A (en) * 2004-01-09 2005-07-13 索尼株式会社 Encryption device and program and method used along with the same
CN1929478A (en) * 2005-09-09 2007-03-14 华为技术有限公司 Method and system for reducing transmission band occupation
CN101043326A (en) * 2006-03-22 2007-09-26 赵兴 Dynamic information encrypting system and method
CN101064719A (en) * 2006-04-27 2007-10-31 华为技术有限公司 Cryptographic algorithm negotiating method in PON system
CN101169815A (en) * 2007-11-27 2008-04-30 华为技术有限公司 Computer system and data input method
CN101286837A (en) * 2008-05-13 2008-10-15 江苏大学 A storage area network-oriented message encryption device and method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1638327A (en) * 2004-01-09 2005-07-13 索尼株式会社 Encryption device and program and method used along with the same
CN1929478A (en) * 2005-09-09 2007-03-14 华为技术有限公司 Method and system for reducing transmission band occupation
CN101043326A (en) * 2006-03-22 2007-09-26 赵兴 Dynamic information encrypting system and method
CN101064719A (en) * 2006-04-27 2007-10-31 华为技术有限公司 Cryptographic algorithm negotiating method in PON system
CN101169815A (en) * 2007-11-27 2008-04-30 华为技术有限公司 Computer system and data input method
CN101286837A (en) * 2008-05-13 2008-10-15 江苏大学 A storage area network-oriented message encryption device and method

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107209763A (en) * 2014-10-20 2017-09-26 起元科技有限公司 Specify the rule with application data
CN107209763B (en) * 2014-10-20 2021-04-09 起元科技有限公司 Rules for specifying and applying data
CN109117678A (en) * 2018-08-10 2019-01-01 天地融科技股份有限公司 A kind of information transferring method and system
CN109344608A (en) * 2018-08-10 2019-02-15 天地融科技股份有限公司 A kind of information transferring method and system
CN109344608B (en) * 2018-08-10 2021-09-21 天地融科技股份有限公司 Information transmission method and system
CN110532787A (en) * 2019-07-26 2019-12-03 苏州浪潮智能科技有限公司 It is a kind of for strengthening the method and apparatus of the safety of the confidential resources in cluster
CN115776373A (en) * 2022-11-23 2023-03-10 北京天融信网络安全技术有限公司 Encrypted communication method, system, electronic device, and computer-readable storage medium

Similar Documents

Publication Publication Date Title
US20220191016A1 (en) Methods, apparatuses, and computer program products for frictionless electronic signature management
US10666642B2 (en) System and method for service assisted mobile pairing of password-less computer login
US10897455B2 (en) System and method for identity authentication
TWI475860B (en) Portable device association
RU2512118C2 (en) Protocol for device to station association
CN105376216B (en) A remote access method, proxy server and client
CN114218592A (en) Encryption and decryption method, device, computer equipment and storage medium for sensitive data
CN104038486B (en) System and method for realizing user login identification based on identification type codes
CN103647648B (en) Safety communication method
CN103237305B (en) Password protection method for smart card on facing moving terminal
EP2378414A2 (en) Remote update method for firmware
CN104539701A (en) Working method of equipment and system for online activating mobile terminal token
WO2013167043A2 (en) Data security verification method and device
KR20070106426A (en) System and method for managing multiple smart card sessions
US9672367B2 (en) Method and apparatus for inputting data
US8391495B2 (en) Secure shell used to open a user's encrypted file system keystore
CN115529591B (en) Authentication method, device, equipment and storage medium based on token
CN102664887A (en) Input information protecting method, device and system
CN111901303A (en) Device authentication method and apparatus, storage medium, and electronic apparatus
CN106656457A (en) Method, device and system for safe access of data based on VPN
CN101807237B (en) Signature method and device
CN101420299B (en) Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment
CN112150151B (en) Secure payment method, apparatus, electronic device and storage medium
EP2506485A1 (en) Method and device for enhancing security of user security model
JP2013222338A (en) Information terminal device, information processing device, information processing system, method of generating password information, and method of processing information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120912

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载