The key logger is a program which is generally installed in a computer system of users and which draws out one of the data typed on keyboard by users. The key logger works in the same manner as the Trojan horse does in that a piece of the stolen information about users is transmitted to another computer system wherein a corresponding key logger is installed. The piece of information stolen in this way is used for various crimes, for example withdrawing someone else's money through internet banking and selling others the user IDs and passwords used in online games.
Anti key logger is a program for stopping key logger's activities. The anti key logger protects the information typed on keyboard by users by intercepting from the beginning a key logger which takes away the information typed on keyboard. The anti key logger in this kind uses various methods, for example (1) a method of inputting data through not a conventional keyboard but a mouse with a false image of keyboard on screen, (2) a method comprising the following steps of creating a device driver related with keyboard, encrypting keyboard data coming from a hardware, and letting the device driver communicate with applied programs directly, and (3) a physical method of producing a keyboard with a built-in security system.
The second method is the most widely used one among those methods. According to the method, the device driver created and thereafter inserted into the device driver layer, stops a key logger from taking away the data typed on keyboard by letting not another device driver at an upper layer but an application program control when a device driver is given a control. On the other hand, a device driver may be located at lower layer than the pre-installed device drivers; if anti key logger is located at lower layer than key logger device driver, the anti key logger cannot carry out the task for protecting the data typed on keyboard.
Accordingly, the method of having data in control for protection at anti key logger's ISR (Interrupt Description Table) is most widely used through a method of hooking IDT (Interrupt Description Table) which eventually locates an anti key logger lower than a key logger. Nevertheless, the method has a problems in that a hook chain may form in a similar way to a case in which hooking technology is applied and that a computer system does not function normally when the chain is broken.
FIG. 1 illustrates a case when an anti key logger is located lower than a key logger. If an interrupt by keyboard 10 is created when the key logger is located lower than the anti key logger; a control is taken at a key logger ISR (Interrupt Service Routine) 30 installed by not the original ISR but a key logger 20, and thereafter the key logger 20 sends a hooked keyboard data 60 to a server 70.
Accordingly, the conventional method has a fatal limitation in that no protection is accomplished in anti key logger due to the fact that key logger 20 is controlled earlier than anti key logger located at keyboard device driver layer 40.
The present inventors in efforts to overcome the conventional shortcomings in their research have developed a method for preventing a key logger from hacking the data typed on keyboard through authorization of keyboard data, which may provide answers to the above-mentioned problems with not the method of stopping a key logger from intercepting keys but a method of letting a key logger take the meaningless keys away.