1. Field of the Invention
The present invention relates to a method of securing a Universal Serial Bus (USB) keyboard, and more particularly, to a USB keyboard security method whereby a keyboard security operation is performed at a host controller driver level, which is one level lower than a USB hub driver level, to rapidly and effectively prevent a malicious program from leaking information input from a keyboard that is in communication with a main frame and transfers data via a USB.
2. Discussion of Related Art
Continuing development of the Internet has recently led to increasing unlawful leakage of confidential information from Personal Computers (PCs). Although there are existing security software such as anti-spyware programs, anti-virus software, firewalls, etc., they are reactive and not responsive to fast-evolving malware threats, because a process of collecting and analyzing those hacking tools and patching an anti-spyware program, anti-virus software, a firewall, etc., are required. Furthermore, until the new remedy or patch is applied to the user, his or her PC is still vulnerable to the new hacking tool.
Therefore, there is need of technology for preventing unlawful leakage of personal information from the time it is input by a user through a keyboard. Many keyboards have been developed using the Personal System (PS)/2 standard, but USB keyboards are more common nowadays because they offer the convenience of easy installation and they do not require a system reboot.
Such a USB keyboard is connected to a body of personal computer to exchange messages with an operating system while communication is performed between the body of personal computer and peripheral devices of the computer system through the exchange of packets containing data rather than the exchange of electrical signals.
However, the Internet has become widely used in homes as well as offices, and personal information leakage through exploited Internet security vulnerabilities is on the rise. For example, personal information input for connecting to a website, a password used for Internet banking, etc., are frequently exposed.
To solve this problem, a method applied to a USB hub driver level in a kernel region to secure data input from a USB keyboard has been disclosed in Korean Patent Application No. 2006-100366 “Apparatus and Method for Preservation of USB keyboard” filed by the present applicant on Oct. 16, 2006.
However, programs have been developed to monitor all information exchanged between USB devices and a main frame at a host controller driver level, which is one level lower than a USB hub driver level. One particular program called “USBmonitor” monitors USB packets. Consequently, keyboard information is frequently leaked for malicious purposes.