Issues on information security have been drawing more and more attention with the rapid development of information technology. It is essential to guaranteeing the security of critical data especially in such situations as electronic payment, stock exchange, user identity recognition and the like. The critical data herein includes card number, account number, password, information on transaction, SIN (subscriber identification number), fingerprint, etc.
Referring to FIG. 1 and taking as an example of electronic payment on a PC (Personal computer), the PC terminal transfers critical data acquired via a keyboard to a remote server over a network and requests for verification. The critical data is generally encrypted with a key recognizable to the server before being transferred to the remote server.
During the process of forwarding the critical data via the keyboard, however, the critical data presents in plaintext, and thus there is a risk of lacking security. As a counteract, a secured input device which refers to a device capable of encrypting information entered by a user, such as a keyboard, a card reader or any other device, each having an encryption function is needed. With such a secured input device, the critical data would be ensured to be encrypted before being forwarded.
Below, some known solutions of guaranteeing the security of critical data using a secured input device will be introduced by example of personal electronic payment.
(1) The secured input device holds the key of a remote server directly and encrypts critical data immediately after obtaining them, without any other processing conducted before the arrival of the critical data at the server.
Unfortunately, this solution entails that the secured input device has a powerful data processing capability, with which such functions as user certificate (key) writing and the like can be fulfilled. This is very difficult to implement for a secured input device since considerable modification on the input device is required. Moreover, a user usually has a secured input device first and then applies for a user certificate. The resulting problem is that such device has a lower producibility because there is a great difficulty in rewriting or overwriting the secured input device.
(2) Management and application software for the secured input device is installed on the PC platform, and information obtained from the secured input device is subject to cryptograph conversion by the software, that is, the information is first decrypted and then encrypted with a user certificate issued by the remote server.
This solution is implemented particularly in the following procedure: 1) the secured input device acquires and encrypts critical data to generate cryptograph A, and then transfers the cryptograph A to the PC terminal; 2) the PC terminal carries out cryptograph conversion using the management and application software for the secured input device, to be more specific, the PC terminal decrypts the cryptograph A to generate a plaintext, and then encrypts the plaintext with the user certificate provided by the remote server to generate cryptograph B; 3) finally, the PC terminal transfers the cryptograph B and the like over a network to the remote server for processing request.
The above cryptograph conversion is performed on an open OS (operating system), and the critical data may exist in plaintext. Therefore, such secured input will not make any difference if the management and application software has suffered attacks from any vicious software.
As can be concluded from the above introduction, the first solution is weak in terms of implementation, and the second solution, though being feasible, cannot sufficiently ensure the security of critical data.