Among all disclosed secure input technologies, many solutions utilize independent secure input environments. Some solutions, however, need to modify hardware, and this leads to an increase in cost. On the other hand, some solutions create separately a new operating system or so-called OS system environment, which itself is confronted with many issues regarding hidden security troubles.
Currently, security problems are some of the most severe problems limiting transactions over networks. The intention of virus (e.g., Trojan horse) or vicious software has been switched from destroying users' computation devices to stealing users' credential data, such as account passwords for online transactions, network games or network services and the like. The stealing of such credential data will cause terrible disaster to users, and thus the most pressing issue on network security is how to guarantee security for users' cryptograms and passwords. Some methods have been proposed to address this issue in the relevant industry. These methods each have their own advantages and drawbacks.
First type: software protection methods, such as account number anti-theft means.
Above Windows operating system, a keyboard event, from its entry via a physical keyboard until display on an interface, will undergo many processes, such as hardware interruption, kernel response, bus drive, keyboard drive, Windows message flow and so on. A hacker program can install a hook program on the path of each process, so that every keyboard event above the operating system will be recorded. This results in leakage of users' credential data.
Many existing software-based methods can handle part of such vicious software, such as well-known QQ cryptogram protector, Jiangmin cryptogram protector, etc.
Unfortunately, such a cryptogram protector above the OS system has serious defects. This type of cryptogram protector has a protection capability closely associated with the programming level of software. This type of cryptogram protector often becomes invalid when a new hacker program finds a new point for intercepting credential data. The reason is that, theoretically, such a cryptogram protector cannot justify that the used environment is trusted, and thus it cannot solve the above problem fundamentally.
For example, a current CPU from Intel provides virtual technology (VT) characteristics as hardware platform function is enhanced. The latest vicious software can, based on VT characteristics of the CPU, execute the entire OS system as one GUEST OS. Thus, this virtual machine is transparent to the entire OS system. And any keyboard event can be recorded by the vicious software, disabling any cryptogram anti-theft software running above the OS system. This may cheat a user and make he or she less sensitive, that is, the user may believe that the system is secured, while loopholes are actually present in the system.
Second type: software protection method in the form of logon with certificate file+cryptogram.
The user applies for and downloads a digital certificate which can be saved as a disk file under the OS. The user encrypts a logon system with the provided certificate and cryptogram. During transaction with an online bank, for example, any data submitted to a bank server by the user will be encrypted with the certificate. Such a digital certificate file can guarantee tighter security than the logon with “account number+cryptogram”.
From the perspective of security, the method of the second type has disadvantages in that, since the digital certificate is saved as a disk file under the OS system, a virus (e.g., Trojan horse) still has an opportunity to duplicate the certificate and record the user's account number and cryptogram. Thus, the user's information is still at risk of being stolen.
Third type: protection method of using a combination of software and hardware in the form of cryptogram+USB KEY.
This type of method is an improved version of the software protection method and saves critical user information, such as a digital certificate, into a USB KEY. Every time the user wants to conduct an online transaction, he or she must first insert a USB KEY and then enter his or her cryptogram. This method provides further tightened security. So, the user can conduct online activities through this method, such as USB KEY of network version from Commercial Bank, almost without any fear. On the other hand, this method has its own drawback, that is, it requires specific hardware support and thus is inconvenient to use. Moreover, certain hardware like USB KEY has to be always taken along, and losing it will incur severe aftermath of insecurity.
Fourth type: method of providing a dedicated authentication device, such as a cryptogrammic keyboard.
This method is to provide a dedicated and independent cryptogram entry device or to modify an input/output component of a computer in such manner that the new type of input device is independent of the operating system. When the user requests authentication, the authentication can be performed through a separate channel, and thus attacks from any hacker software can be effectively avoided. This method is of high security. As an example, one of the patents from US patent pool, titled Secure Board, provides a secure system with a “secure keyboard”. With such a system, the user's personal information is encrypted while being read or input from the keyboard. Further, dialing is from a modem, which belongs to the keyboard, directly to a secure host, instead of passing through any public network. Thus, the information can be prevented from being stolen. Such a secure keyboard, however, usually has a sophisticated structure and needs professional design. In addition, the secure keyboard does not overcome the problem of “keyboard listening”, since such a problem cannot be prevented if a hacker installs “window keyboard recorder” on the user's computer. Although other anti-listening software can be used in protection of information security, such a scheme has the disadvantage in that it is very costly, limited to a private network, and thus is difficult to apply widely.
Now, the issue of secure input is also addressed by modifying a normal keyboard and adding an independent secure input module to the keyboard. Such a scheme requires replacement of the standard hardware device, which is hard to implement in the case that computation devices have been widely applied to all kinds of activities.
Fifth type: method of using a special secure input device.
Primarily, this method is to refine an I/O architecture of a computer system so that the environment for use input is running in a unique context to ensure security for user 25 input. For example, the patent of a TPM (Trusted Platform Module)-based secure chip can fulfill input and encryption for the overall system under a secure input unit. This method is also highly secure.
The predominant problem of this method includes modification of system architecture of the computer, addition of a new hardware unit and difficulty in generalization.
Sixth type: method of using VT technology.
The aim of this method is to provide a virtual machine and execute a different operating system on the virtual machine. Between different operating systems, the systems are insulated from each other. When the user wants to conduct online business, he or she switches the system to a dedicated operating system and then performs an online transaction. This method is also highly secure and can prevent the user's input from being stolen by any hacker or Trojan horse program.
The problem of this method is that, since the virtual machine is realized in software, the security and reliability of the virtual machine must be first guaranteed if the dedicated operating system needs to be secured. Further, above a dedicated GUEST OS, some potential problems may exist as to how to block any unknown loophole of the operating system and how to update the operating system.
Seventh type: method concerning computer system architecture.
This method engages the overall computer, from hardware to OS system, as well as an overall trusted computation environment for application programs. Examples include NGSCB from Microsoft® and LT technology from INTEL®.
This type of method relies on future technology. It aims not only to solve the minor secure input issue but also to address various issues on trusted computer. This is a huge systematic project and has not been fully implemented. So, in the near future, this method cannot serve to solve urgent security issues on network transactions.
Therefore, a solution is desirable that can solve problems mentioned above or existing in the prior art. Nowadays, BIOS and OS are disjointed in terms of security. By taking advantage of this point, the present invention provides a convenient, efficient, secure and economical solution in view of the present situation in the relevant field.