When a key of a keyboard is pressed in keyboard hardware (a key press event), an electric signal is generated and then transferred to an 8042 chipset disposed in a motherboard. Here, the keys of the keyboard are all disposed on a matrix in the form of an electric circuit. When a key is pressed, it can be found which key has been pressed by searching for row and column lines on which a change in electric current has occurred (refer to FIG. 1).
An 8042 keyboard controller for controlling the 8042 chipset records keyboard input information in the form of keyboard scan code in bi-directional keyboard input/output (I/O) ports 60h and 64h which are used to transfer the keyboard input information to a CPU or to receive hardware control commands from the CPU, and generates an interrupt which is directed to the CPU (refer to FIG. 2).
The bi-directional keyboard I/O ports include the ports 60h and 64h. The port 60h processes actual keyboard input information and hardware control commands, and the port 64h is used to issue status and commands with respect to the port 64h. 
Table 1 shows the classification of the functions of the keyboard I/O ports.
TABLE 1IN BufferOUT Buffer60htransmission of hardwaretransmission of keyboard inputcontrol command from ‘CPU ->information from ‘keyboard I/Okeyboard I/O ports’ports -> CPU’64hdisplay of status of port 60h
The keyboard scan code includes Make Code that is generated at the moment a key is pressed and Break Code that is generated at the moment a key is released. If a key is pressed and held down, characters are consecutively output on a screen. That is, while a certain key is held down, Make Codes are consecutively output. At the moment the key is released, one Break Code is output, thereby terminating a key repeat process.
An interrupt refers to a method of, during a certain process, temporarily stopping the process and then calling the attention of the CPU in order to prompt the CPU to perform its task. The 8042 keyboard controller having received an electric signal that has been generated by the physical keyboard input requests the generation of an interrupt from an 8259 interrupt controller for controlling the 8259 chipset. The 8259 interrupt controller informs the CPU that the corresponding interrupt has been generated (an interrupt request), and the CPU, in order to call a corresponding interrupt handling function (an interrupt handler), reads an interrupt vector table that is loaded in memory and then obtains an address value (a memory address) corresponding to the generated interrupt. This address value indicates the value of an address at which a function (a so-called ‘interrupt handling function’ or ‘interrupt handler’) that is called when an interrupt is generated is stored. When a hardware device requests the CPU to process a specific operation or task, movement to the location of the address is made and then the interrupt handling function is executed.
As described above, the keyboard input information is transferred from a kernel area to the CPU and an application (a user area) that are controlled by an Operating System (OS), and are then output and processed as desired by a user.
Meanwhile, the input information may include information requiring security such as personal information. Such input information is targeted for hacking for the purpose of being used criminally. In reality, input information has in fact been targeted for hacking and has been exposed to third parties without users' authorization. Therefore, there have been situations where a security system for protecting input information during the process of inputting that information through a keyboard has been urgently requested.
In response to this request, various types of security systems have been provided so far.
A conventional keyboard security system performs different operations in the user area and the kernel area, respectively. In the kernel area, the conventional keyboard security system first fetches keyboard input information and performs security processing thereon. In contrast, in the user area, the conventional keyboard security system performs security processing on the keyboard input information fetched from the kernel area and finally outputs the resulting information.
Conventional security methods that are performed in the kernel area include a method of changing the Interrupt Descriptor Table (IDT) address of an interrupt function, or a method of enabling input information to be processed using a jump code, prior to being processed by an intrusion system.
However, since the conventional security method that operates in the kernel area is an OS-based method, the method of application must vary with the OS. Furthermore, in the case where the same security methods are used, there arises a problem in that the priorities for the processing of keyboard input information conflict with each other. Moreover, since an intrusion system that directly attacks a keyboard controller (hardware) cannot be deterred, there is a problem in that complete security for keyboard input information cannot be guaranteed.