(1) Field of the Invention
The present invention relates to a technology to prevent leakage of input information input by a user and identify an unauthorized user who has attempted to leak input information.
(2) Description of the Related Art
Currently, there are a number of software programs which maliciously break into computer systems in some way and cause harm to users of the computer systems.
Keyloggers are one type of the above-mentioned software programs, which collect and leak information on key input by the users.
If the leaked information is information to be kept secret such as a mail address, address, telephone number, credit card number, log-in password or the like, the users of the computer systems suffer a serious damage.
A typical example of measures against keyloggers is a logical domain separation of the resources used by the software which operate on the CPU.
Non-Patent Document 1 and Non-Patent Document 2 disclose techniques employing the domain separation.
According to Non-Patent Documents 1 and 2, software are separated into those executed in the protected domain and those executed in the unprotected domain. Generally, the software operating in the protected domain are allowed to be developed only by authorized developers. The malicious software developed by those attempting to eavesdrop are executed in the unprotected domain.
Regarding hardware, resources used by the software executed in the protected domain are isolated from the software executed in the unprotected domain. The resources include a main memory, a DMA, a debugger, I/O devices, and resources inside the CPU such as a general-purpose register, a cache, and an MMU.
The software executed in the protected domain encrypt contents of communication conducted with the hardware resources which process input from the keyboard.
Here, the key for the encrypted communication and the key input value after decryption are only placed in the hardware resources (the general-purpose register, main memory, etc.) which are logically isolated from the software in the unprotected domain.
Accordingly, while being able to eavesdrop on the encrypted text of the key input, the software in the unprotected domain are not able to decrypt the encrypted text, thus being unable to acquire the key input value.
In addition, another measure against keyloggers, which employs the domain separation, is disclosed in Patent Document 1.
According to Patent Document 1, each bus access from the CPU includes an attribute attached thereto which indicates whether or not the access has been generated by the software in the protected domain.
The hardware resources which process the input from the keyboard detect the attribute and allow accesses from the protected domain while prohibiting accesses from the unprotected domain. Consequently, the software in the unprotected domain are not able to acquire the key input value.
According to the above-mentioned conventional techniques, while improper acquisitions by the keyloggers operating in the unprotected domain can be detected and prevented, unauthorized acquirers cannot be identified.
In addition, the software programs which break into computers and operate therein such as the keyloggers generally do not have information that can be used to identify the unauthorized acquirers. Accordingly, tracking of the unauthorized acquirers require a highly-specialized expertise. If the unauthorized acquirers are not tracked, they will repeat similar attempts on different apparatuses despite failures, and as a result, improper acquisitions remain unrestrained.
Non-Patent Document 1: David Grawrock, The Intel Safer Computing Initiative, 2006, Intel Press, Chapter 9, “Protected IO”.
Non-Patent Document 2: www.intel.com/technology/security/downloads/scms18-LT_arch.pdf, pp. 23-24.    Patent Document 1: Japanese Patent Application Publication No. 2004-171563.