[go: up one dir, main page]

CN101819611B - Real-time comparison and defending method of input data and hardware thereof - Google Patents

Real-time comparison and defending method of input data and hardware thereof Download PDF

Info

Publication number
CN101819611B
CN101819611B CN2009100083569A CN200910008356A CN101819611B CN 101819611 B CN101819611 B CN 101819611B CN 2009100083569 A CN2009100083569 A CN 2009100083569A CN 200910008356 A CN200910008356 A CN 200910008356A CN 101819611 B CN101819611 B CN 101819611B
Authority
CN
China
Prior art keywords
data
hardware
application program
input
tested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009100083569A
Other languages
Chinese (zh)
Other versions
CN101819611A (en
Inventor
周宏建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN2009100083569A priority Critical patent/CN101819611B/en
Publication of CN101819611A publication Critical patent/CN101819611A/en
Application granted granted Critical
Publication of CN101819611B publication Critical patent/CN101819611B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

一种输入数据即时比对防护方法及其硬件,该方法包含以下步骤:首先借由一个与一个硬件连接的输入装置将一笔数据输入于该硬件。再记录该笔数据再将该笔数据传送至一个作业系统的一个应用程序中。接着,该应用程序对该笔数据进行处理并产生一笔结果数据。再通过一个控制应用程序接收该笔结果数据并令为一笔待测数据,再将该笔待测数据回传至该硬件。然后利用该硬件的一个反处理单元对该笔结果数据进行一种反向拆解作业。最后运用该硬件的一个比较单元对该笔数据及该笔待测数据进行比对。以达即时利用硬件判断该结果数据是否遭受破坏的目的。

A real-time comparison and protection method for input data and its hardware, the method includes the following steps: firstly, a piece of data is input to the hardware through an input device connected with the hardware. Then record the data and send the data to an application program of an operating system. Then, the application program processes the data and generates a result data. The result data is received through a control application program and made into a piece of data to be tested, and then the data to be tested is returned to the hardware. Then use an inverse processing unit of the hardware to perform a reverse disassembly operation on the resulting data. Finally, a comparison unit of the hardware is used to compare the data with the data to be tested. In order to achieve the purpose of immediately using the hardware to judge whether the result data is damaged.

Description

输入数据即时比对防护方法及其硬件Input data real-time comparison protection method and its hardware

技术领域 technical field

本发明涉及一种比对防护方法及其硬件,特别是涉及一种针对输入数据的即时比对防护方法及其硬件。The invention relates to a comparison and protection method and its hardware, in particular to an instant comparison and protection method for input data and its hardware.

背景技术 Background technique

由于信息工业技术的蓬勃发展,计算机与互联网对现在的人们来说,已经是生活上不可或缺的一环,不论是个人的数据、或是公司商业数据都可通过计算机及网络的媒介来存取;但也因为现今网络普及化使得网络黑客也因此大量崛起,而进行恶意入侵、破坏计算机系统、窜改计算机内部数据等不法行为,进而对计算机信息安全造成相当大的危害!也因此导致众多个人及企业蒙受越来越高的损失,所以各式各样维护信息安全的技术及所开发出的工具软体便孕育而生。Due to the vigorous development of information industry technology, computers and the Internet have become an indispensable part of people's lives today. Whether it is personal data or company business data, they can be stored through the media of computers and networks. However, due to the popularization of the Internet today, a large number of network hackers have risen, and they have maliciously invaded, destroyed computer systems, tampered with computer internal data and other illegal activities, which have caused considerable harm to computer information security! As a result, many individuals and enterprises have suffered higher and higher losses, so various technologies for maintaining information security and the developed tool software have been born.

为了防止黑客以各种的手法及管道来入侵破坏计算机内的数据,目前常见的方式可分为预先阻挡防范及事后检查重建等二大主流技术手段:In order to prevent hackers from invading and destroying the data in the computer through various methods and channels, the current common methods can be divided into two mainstream technical means: pre-blocking prevention and post-inspection reconstruction:

关于预先阻挡防范,最主要是通过建立防火墙的方式来一劳永逸地防止黑客入侵,而使得计算机内的数据免于被窜改的危机。但毕竟道高一尺、魔高一丈,防火墙技术虽然能够阻挡大部份非法黑客的入侵,但终究有一些了解网络内部架构的黑客,能够找到特殊网络安全漏洞或利用植入恶意程序的方式进入他人计算机,进而窜改内部数据,因此防火墙并无法完全防止数据被窜改。Regarding pre-blocking prevention, the most important thing is to prevent hackers once and for all by establishing a firewall, so that the data in the computer is free from the crisis of being tampered with. But after all, the road is one foot high, and the magic is one foot high. Although the firewall technology can block most illegal hackers from invading, after all, some hackers who understand the internal structure of the network can find special network security loopholes or use the method of implanting malicious programs. Enter other people's computers, and then tamper with internal data, so the firewall cannot completely prevent data from being tampered with.

至于事后检查重建,是属于一种亡羊补牢的方式,且常见的方式计有两类:一种为利用人工方式对所有原输入数据一一进行核对稽查,虽然能有效且极彻底的检验出哪些数据被窜改或破坏,但此法实属非常无效率的做法。因此,另一种方式为利用大容量的存储装置配合具有杂凑函数(Hashfunction)功能的程序,来指定一种非常难以重复的乱数的杂凑值,将每笔所输入的数据经过杂凑函数的运算,给定一个独特的杂凑值,并将该笔数据备份于该存储装置内,因此,当一段时间过后或经过某些运算处理后,就可检查该笔数据的杂凑值与原先所记录的值是否有不一样,若不一样,则由于杂凑函数的非常难重复特性,就可知该数据已被窜改、变动或破坏过,因此,就从该存储装置找出该备份的数据进行重建。As for the after-the-fact inspection and reconstruction, it is a method of repairing the past, and there are two common methods: one is to use manual methods to check and inspect all the original input data one by one, although it can effectively and thoroughly check which data Altered or destroyed, but this method is very inefficient. Therefore, another way is to use a large-capacity storage device with a program with a hash function (Hash function) function to specify a hash value of a random number that is very difficult to repeat, and pass each input data through the operation of the hash function. Given a unique hash value, the data is backed up in the storage device. Therefore, after a period of time or after some calculations, it is possible to check whether the hash value of the data is consistent with the original recorded value. If there is a difference, if not, then due to the very difficult repeatability of the hash function, it can be known that the data has been tampered with, changed or destroyed, so the backup data is found from the storage device for reconstruction.

虽然利用杂凑函数的特性,可以有效且快速地检查出哪些输入数据遭到窜改,然而,运用此方式则并非是完美无暇的,除了需要额外的大量存储装置的存储空间外,由于该具有杂凑函数的程序也可能遭受到病毒感染、破坏或甚至被窜改动手脚,进而使其功能运作失常,检测不出输入数据的异常处,让黑客等不法人士规避侦测而有机可趁地入侵破坏、窜改数据。Although the characteristics of the hash function can be used to effectively and quickly check which input data has been tampered with, however, the use of this method is not perfect. The program may also be infected, damaged or even tampered with by viruses, causing its function to malfunction and fail to detect abnormalities in the input data, allowing hackers and other criminals to avoid detection and take advantage of the opportunity to invade, destroy and tamper data.

因此,如何提出一个不法人士难以破坏且又能快速且有效地输入数据比对检测方法及装置,便成为相关业者所欲努力研究的方向。Therefore, how to propose a detection method and device that is difficult to be destroyed by criminals and can quickly and effectively input data and compare detection has become a research direction that related industries want to work hard on.

发明内容 Contents of the invention

本发明的一个目的是在提供一种输入数据的即时比对防护硬件。本发明输入数据即时比对防护硬件,适用于对一个所相连的输入装置所输入的一笔数据与一个包括一个应用程序及一个控制应用程序的作业系统内的一笔结果数据进行比对,且该笔结果数据是由该应用程序对该笔数据进行处理所产生的,该硬件包含一个反处理单元及一个比较单元。An object of the present invention is to provide a protection hardware for real-time comparison of input data. The input data instant comparison protection hardware of the present invention is suitable for comparing a sum of data input by a connected input device with a sum of result data in an operating system including an application program and a control application program, and The result data is generated by the application program processing the data, and the hardware includes an inverse processing unit and a comparison unit.

该反处理单元接收由该控制应用程序所回传的结果数据,并对该笔结果数据进行一种反向拆解作业,而得出一笔待测数据。The inverse processing unit receives the result data sent back by the control application program, and performs a reverse disassembly operation on the result data to obtain a piece of data to be tested.

该比较单元接收及记录该输入装置所输入的数据,并将该笔数据与自该反处理单元所传送的待测数据进行比对。The comparison unit receives and records the data input by the input device, and compares the data with the data to be tested sent from the reverse processing unit.

然后,本发明的另外一个目的是在提供一种输入数据的即时比对防护方法。Then, another object of the present invention is to provide a method for instant comparison and protection of input data.

本发明输入数据即时比对防护方法,包含以下步骤:The input data instant comparison protection method of the present invention comprises the following steps:

(一)借由一个与一个硬件连接的输入装置将一笔数据输入于该硬件内。(1) Inputting a piece of data into the hardware by means of an input device connected to the hardware.

(二)将该笔数据记录于该硬件内。(2) Record the data in the hardware.

(三)再将该笔数据传送至一个作业系统内的一个应用程序中。(3) Sending the data to an application program in an operating system.

(四)该应用程序对该笔数据进行处理,并产生一笔结果数据。(4) The application program processes the data and generates a result data.

(五)通过一个控制应用程序接收该笔结果数据,并令其为一笔待测数据,再将该笔待测数据回传至该硬件。(5) Receive the result data through a control application program, make it a piece of data to be tested, and then return the piece of data to be tested to the hardware.

(六)利用该硬件的一个反处理单元对该笔结果数据进行一种反向拆解作业,再传至该硬件的比较单元。(6) Using an inverse processing unit of the hardware to perform a reverse disassembly operation on the result data, and then transmit it to the comparison unit of the hardware.

(七)运用该硬件的一个比较单元对该笔数据及该笔待测数据进行比对,判断两者是否相同,若是,则表示该笔结果数据正确无误,若否,则表示该笔结果数据于该作业系统内遭受破坏。(7) Use a comparison unit of the hardware to compare the data and the data to be tested, and judge whether the two are the same, if so, it means that the result data is correct, if not, it means that the result data was corrupted within the operating system.

本发明的有益效果在于:借由该硬件的反处理单元对该应用程序针对该笔数据运作所产生的结果数据,反向拆解成该笔待测数据,及该硬件的比较单元对该笔待测数据与原始的数据进行比对检测,以达成快速且有效地判断该笔结果数据是否遭受窜改或破坏的目的。The beneficial effect of the present invention is that: by means of the inverse processing unit of the hardware, the result data generated by the operation of the application program on the data is reversely disassembled into the data to be tested, and the comparison unit of the hardware compares the result data of the data. The data to be tested is compared with the original data to achieve the purpose of quickly and effectively judging whether the result data has been tampered with or destroyed.

附图说明 Description of drawings

图1是说明本发明输入数据即时比对防护硬件的各元件配置态样的一个优选实施例的一个框图;及Fig. 1 is a block diagram illustrating a preferred embodiment of each element configuration aspect of the present invention's input data real-time comparison protection hardware; and

图2是该优选实施例运作的一个流程图。Figure 2 is a flowchart of the operation of the preferred embodiment.

具体实施方式 Detailed ways

下面结合附图及实施例对本发明进行详细说明:Below in conjunction with accompanying drawing and embodiment the present invention is described in detail:

参阅图1,本发明输入数据即时比对防护硬件3的优选实施例,适用于对一个所相连的输入装置1所输入的一笔数据11与一个包括一个应用程序21及一个控制应用程序22的作业系统2内的一笔结果数据211进行比对,且该笔结果数据211是由该应用程序21对该数据11进行处理所产生的,该硬件3包含一个反处理单元31及一个比较单元32。Referring to Fig. 1, the preferred embodiment of the present invention's input data instant comparison protection hardware 3 is applicable to a piece of data 11 inputted by a connected input device 1 and an application program 21 and a control application program 22 A result data 211 in the operating system 2 is compared, and the result data 211 is generated by the application program 21 processing the data 11, and the hardware 3 includes an inverse processing unit 31 and a comparison unit 32 .

该反处理单元31接收由该控制应用程序22所回传的结果数据211,并对该笔结果数据211进行一种反向拆解作业,而得出一笔待测数据311。The reverse processing unit 31 receives the result data 211 returned by the control application program 22 , and performs a reverse disassembly operation on the result data 211 to obtain a test data 311 .

该比较单元32接收及记录该输入装置1所输入的数据11,并将该笔数据11与自该反处理单元31所传送的待测数据311进行比对。而当该比较单元32对该笔数据11及该笔待测数据311所进行的比对结果为相同时,存储该笔结果数据211,以利日后数据重建的所需。相反地,当比对结果为不同时,输出一则异常信息321,并通知该控制应用程序22丢弃该笔结果数据211。The comparison unit 32 receives and records the data 11 input by the input device 1 , and compares the data 11 with the data to be tested 311 transmitted from the reverse processing unit 31 . And when the comparing unit 32 compares the data 11 and the data to be tested 311 with the same result, the result data 211 is stored for future data reconstruction. On the contrary, when the comparison result is different, an exception message 321 is output, and the control application program 22 is notified to discard the result data 211 .

此外,值得一提的是,在实务应用上,该硬件3可另包含一个分别与该反处理单元31及该比较单元32相连接的控制单元33,以用来统一管控该反处理单元31及比较单元32的作业,如管控该笔数据11、该笔结果数据211、该笔待测数据311及该则异常信息321的流向、何时须将该笔数据11存储或其他作业流程等,由于该控制单元33所能运用的范围非常广泛,所以不应局限于本实施例的说明。In addition, it is worth mentioning that in practical applications, the hardware 3 may further include a control unit 33 connected to the inverse processing unit 31 and the comparison unit 32, so as to control the inverse processing unit 31 and the comparison unit 32 in a unified manner. The operation of the comparison unit 32, such as controlling the flow of the data 11, the result data 211, the data to be tested 311 and the abnormal information 321, when the data 11 must be stored or other operating procedures, etc., is due to The control unit 33 can be used in a very wide range, so it should not be limited to the description of this embodiment.

参阅图1及图2,与上述该硬件3的优选实施例所对应的方法包含以下步骤:Referring to Fig. 1 and Fig. 2, the method corresponding to the preferred embodiment of the above-mentioned hardware 3 comprises the following steps:

首先,如步骤50所示,将该作业系统2内的应用程序21从一个隐藏形式的文件切换为一个无法被该作业系统2覆写的只读形式的文件。First, as shown in step 50 , the application program 21 in the operating system 2 is switched from a hidden file to a read-only file that cannot be overwritten by the operating system 2 .

其次,如步骤51所示,将该作业系统2内的一个监测程序23从一个隐藏形式的文件切换为一个无法被该作业系统2覆写的只读形式的文件。Next, as shown in step 51 , a monitoring program 23 in the operating system 2 is switched from a hidden file to a read-only file that cannot be overwritten by the operating system 2 .

再来,如步骤52所示,借由与该硬件3连接的输入装置1将该数据11输入于该硬件3内。在本优选实施例中,所提及的输入装置1可为键盘、鼠标、触控板及其他可供信息输入的装置。Next, as shown in step 52 , the data 11 is input into the hardware 3 via the input device 1 connected to the hardware 3 . In this preferred embodiment, the mentioned input device 1 may be a keyboard, a mouse, a touch pad and other devices capable of inputting information.

接着,如步骤53所示,将该笔数据11记录于该硬件3内。在本优选实施例中,该笔数据11记录于该硬件3的比较单元32内,但于实际应用上,也可以将该笔数据11另外存储于该硬件3中的其他具有存储功能的存储单元(图未示)中,此为本领域技术人员所易于思及而变化运用,所以不应受该优选实施例的特定范例为限。Next, as shown in step 53 , the data 11 is recorded in the hardware 3 . In this preferred embodiment, the data 11 is recorded in the comparison unit 32 of the hardware 3, but in practical applications, the data 11 can also be stored in other storage units with storage functions in the hardware 3 In (not shown in the figure), this is easily conceivable and varied by those skilled in the art, so it should not be limited to the specific example of the preferred embodiment.

紧接着,如步骤54所示,再将该笔数据11传送至该应用程序21中。Next, as shown in step 54 , the data 11 is sent to the application program 21 .

然后,如步骤55所示,该应用程序21对该笔数据11进行处理,并产生该笔结果数据211。Then, as shown in step 55 , the application program 21 processes the data 11 and generates the result data 211 .

续如步骤56所示,借由该监测程序23对该应用程序21进行监测,当监测到该应用程序21所产生的结果数据211时,将该笔结果数据211传送至该控制应用程序22。As shown in step 56 , the application program 21 is monitored by the monitoring program 23 , and when the result data 211 generated by the application program 21 is detected, the result data 211 is sent to the control application program 22 .

在此须补充说明的是,前述的步骤50与步骤51所提的应用程序21及监测程序23自隐藏形式转换为只读形式的步骤进行次序,于实务应用中,可相互对调其进行次序、或同时进行,或是与该步骤56前的其他步骤分别穿插进行,只需注意遵守须在该应用程序21及该监测程序23运作前完成形式切换的原则就可,此为本领域一般技术人员所易于变化转用,因此并不应以该优选实施例中所披露者为限。What needs to be supplemented here is that the steps of converting the application program 21 and the monitoring program 23 from the hidden form to the read-only form mentioned above in step 50 and step 51 are carried out in sequence. Or carry out at the same time, or intersperse with other steps before the step 56, only need to pay attention to the principle that the mode switching must be completed before the operation of the application program 21 and the monitoring program 23. This is for those skilled in the art It is easy to change and transfer, so it should not be limited to what is disclosed in this preferred embodiment.

而后,如步骤57所示,通过该作业系统2内的控制应用程序22接收该笔结果数据211,并令为该笔待测数据311,再将该笔结果数据211回传至该硬件3。且该控制应用程序22在本优选实施例中,为一个无法被该作业系统2覆写的只读形式的文件。Then, as shown in step 57 , the result data 211 is received by the control application program 22 in the operating system 2 and made into the test data 311 , and then the result data 211 is sent back to the hardware 3 . And the control application 22 in this preferred embodiment is a read-only file that cannot be overwritten by the operating system 2 .

值得一提的是,前述的应用程序21、监测程序23及控制应用程序22被设定为只读形式的文件的用意在于,借由只读所能执行但禁止编辑写入变更的特性,以防止这些程序遭受到不法人士的恶意窜改或破坏。It is worth mentioning that the above-mentioned application program 21, monitoring program 23 and control application program 22 are set as read-only files. Prevent these programs from being maliciously tampered with or destroyed by unscrupulous persons.

接着,如步骤58所示,利用该硬件3的该反处理单元31对该笔待测数据311进行反向拆解作业,并回传至该硬件3的比较单元32。Next, as shown in step 58 , the inverse processing unit 31 of the hardware 3 is used to reversely disassemble the data to be tested 311 and send it back to the comparison unit 32 of the hardware 3 .

最后,如步骤59所示,运用该硬件3的比较单元32对该笔数据11及该笔待测数据311进行比对,判断两者是否相同:Finally, as shown in step 59, use the comparison unit 32 of the hardware 3 to compare the data 11 and the data to be tested 311 to determine whether they are the same:

若是,则如步骤591所示,表示该笔结果数据211正确无误,并将该笔结果数据211存储于一块保护区(图未示)内,以利日后数据重建的需要。而该保护区在本优选实施例中,非存在于该作业系统2下,而只能通过该硬件3对该保护区进行存取。If yes, as shown in step 591, it means that the result data 211 is correct, and the result data 211 is stored in a protected area (not shown), so as to facilitate data reconstruction in the future. However, in this preferred embodiment, the protected area does not exist under the operating system 2 , and the protected area can only be accessed through the hardware 3 .

若否,则如步骤592所示,表示该笔结果数据211于该作业系统2内产生时就已遭受破坏,而将该笔结果数据211丢弃,并显示该则异常信息321于一个显示装置4上。If not, then as shown in step 592, it means that the result data 211 has been damaged when it is generated in the operating system 2, and the result data 211 is discarded, and the abnormal information 321 is displayed on a display device 4 superior.

接下来,仍同样地参阅图1及图2所示,将以一名使用者如何通过以上较佳实施利所述的硬件3及相关方法来对其于一部计算机(图未示)上所输入的数据11进行检验比对为例,来作一个更完整的操作流程说明:Next, still referring to Fig. 1 and Fig. 2 in the same way, how a user will use the hardware 3 and related methods described in the above preferred implementation to perform the operation on a computer (not shown) The input data 11 is checked and compared as an example to make a more complete description of the operation process:

在进行说明前,以下将假设该应用程序21是一个中文拼字输入法应用程序(就是一种利用至少一个原始编码的文字输入法应用程序)、该笔结果数据211为一个中文字码(就是一种由该原始编码组成的字码),而该反处理单元31的反向拆解作业是将具有中文字码形式的结果数据211进行反向拆解为至少一个拼字符号(就是原始编码)。Before explaining, it will be assumed that the application program 21 is a Chinese spelling input method application program (just a kind of text input method application program utilizing at least one original code), and the result data 211 is a Chinese character code (that is, A word code that is made up of the original code), and the reverse disassembly operation of the reverse processing unit 31 is to reversely disassemble the result data 211 with the Chinese character code form into at least one spelling symbol (that is, the original code ).

一开始,假设已完成该应用程序21、监测程序23的设定成只读形式的前置作业后,该使用者利用一个直接连接于该硬件3上的键盘(就是输入装置1)来进行中文打字作业,此时,当该使用者于键盘上依拼字输入法键入中文时,该硬件3于将这些拼字符号(就是数据)传送给作业系统2内的中文拼字输入法应用程序(就是应用程序21)的同时,也将这些拼字存储于该比较单元32内。At the beginning, after the pre-work that assumes that the setting of the application program 21 and the monitoring program 23 has been completed as a read-only form, the user utilizes a keyboard directly connected to the hardware 3 (that is, the input device 1) to perform Chinese Typing operation, at this time, when the user typed Chinese on the keyboard according to the spelling input method, the hardware 3 sent these spelling symbols (that is, data) to the Chinese spelling input method application program in the operating system 2 ( Just when the application program 21), these spellings are also stored in the comparison unit 32.

接着,该中文拼字输入法应用程序便依照所接收的拼字转换成相对应的中文字码(就是结果数据211);再来,当这些中文字码被运用于其他各式如微软Word等文本编辑应用程序24的同时,该监测程序23一侦测到该中文拼字输入法应用程序所产生的中文字码时,就把这些中文字码通过该控制应用程序22的媒介而传送至该硬件内的反处理单元31。Then, the Chinese spelling input method application program is converted into corresponding Chinese character codes (being the result data 211) according to the received spelling characters; While editing the application program 24, when the monitoring program 23 detects the Chinese character codes generated by the Chinese spelling input method application program, these Chinese character codes will be sent to the hardware through the medium of the control application program 22 Inverse processing unit 31.

然后,该反处理单元31利用该反向拆解作业将这些中文字码拆解成待检测的拼字符号(就是待测数据311),再把这些待测数据311交给同样是在该硬件内的比较单元32。Then, the reverse processing unit 31 uses the reverse disassembly operation to disassemble these Chinese character codes into spelling symbols to be detected (that is, the data to be tested 311), and then hand these data to be tested 311 to the same hardware Comparing unit 32 within.

最后,该比较单元32便把先前于该使用者一开始通过键盘所输入的拼字符号(数据11)与这些待测的拼字符号(待测数据311)进行比对,以判断该中文字码(结果数据211)是否被窜改或破坏。Finally, the comparison unit 32 compares the spelling symbols (data 11) input by the user through the keyboard with the spelling symbols to be tested (data to be tested 311) to determine the Chinese character Whether the code (result data 211) has been tampered with or destroyed.

当该比较单元32对这些拼字符号及待测拼字符号所进行的比对结果为相同时,就表示经该中文拼字输入法应用程序所产生的中文字码是未受到窜改或破坏的,而可供后续的作业使用且可将这些中文字码存储起来;然而,当该比较单元32的比对结果为不同时,输出该则异常信息321,并借由如液晶荧幕等显示装置4将此异常信息321呈现出,并通知该控制应用程序22丢弃此中文字码(结果数据211)。When the comparing result of these spelling symbols and the spelling symbols to be tested is the same by the comparison unit 32, it means that the Chinese character code produced by the Chinese spelling input method application program is not tampered with or destroyed. , and can be used for follow-up operations and these Chinese character codes can be stored; yet, when the comparison result of the comparison unit 32 is different, the abnormal information 321 is output, and by means of display devices such as liquid crystal screens 4. Present the abnormal information 321, and notify the control application program 22 to discard the Chinese character code (result data 211).

由以上可知,本发明输入数据即时比对防护方法及其硬件3,主要是借由该硬件3的反处理单元31对该应用程序21针对该数据11运作所产生的结果数据211进行反向拆解成该笔待测数据311,以及该硬件3的比较单元32对该笔待测数据311与原始的数据11进行比对检测,以快速且有效地判断该笔结果数据211是否遭受窜改或破坏。From the above, it can be known that the instant input data comparison protection method and its hardware 3 of the present invention mainly use the reverse processing unit 31 of the hardware 3 to reversely disassemble the result data 211 generated by the application program 21 for the data 11. Decomposing the data to be tested 311, and the comparison unit 32 of the hardware 3 compares and detects the data to be tested 311 with the original data 11, so as to quickly and effectively determine whether the result data 211 has been tampered with or destroyed .

此外,本发明除了提出前述的即时检测输入数据11是否遭破坏、窜改的防护功能外,也由于该应用程序21、监测程序23及控制应用程序22于执行其作业处理时,皆处于只读形式,以防止这些程序遭受到不法人士的恶意窜改或破坏,而达到数据安全的双重防护的提升效果,所以确实能够达到本发明的目的。In addition, the present invention not only proposes the protection function of detecting whether the input data 11 is destroyed or tampered with in real time, but also because the application program 21, the monitoring program 23 and the control application program 22 are all in a read-only form when executing their operations. , to prevent these programs from being maliciously tampered with or destroyed by lawless persons, so as to achieve the effect of improving the double protection of data security, so the purpose of the present invention can indeed be achieved.

Claims (13)

1.一种输入数据即时比对防护方法,其特征在于包含以下步骤:1. An input data instant comparison protection method is characterized in that comprising the following steps: (一)借由一个与一个硬件连接的输入装置将一笔数据输入于该硬件内;(1) Inputting a piece of data into the hardware through an input device connected to the hardware; (二)将该笔数据记录于该硬件内;(2) Record the data in the hardware; (三)再将该笔数据传送至一个作业系统内的一个应用程序中;(3) Sending the data to an application program in an operating system; (四)该应用程序对该笔数据进行处理,并产生一笔结果数据;(4) The application program processes the data and generates a result data; (五)通过一个控制应用程序接收该笔结果数据且令其为一笔待测数据,并将该笔待测数据回传至该硬件;(5) Receive the result data through a control application program and make it a piece of data to be tested, and return the data to be tested to the hardware; (六)利用该硬件的一个反处理单元对该笔待测数据进行一种反向拆解作业;及(6) Using a reverse processing unit of the hardware to perform a reverse disassembly operation on the data to be tested; and (七)运用该硬件的一个比较单元对该笔数据及该笔待测数据进行比对,判断两者是否相同,若是,则表示该笔结果数据正确无误,若否,则表示该笔结果数据于该作业系统内遭受破坏。(7) Use a comparison unit of the hardware to compare the data and the data to be tested, and judge whether the two are the same, if so, it means that the result data is correct, if not, it means that the result data was corrupted within the operating system. 2.如权利要求1所述的输入数据即时比对防护方法,其特征在于:在该步骤(二)中,该笔数据记录于该硬件的比较单元内。2. The input data real-time comparison protection method according to claim 1, characterized in that: in the step (2), the data is recorded in the comparison unit of the hardware. 3.如权利要求2所述的输入数据即时比对防护方法,其特征在于:在该步骤(七)中,当判断出该笔数据及该笔结果数据相同时,将该笔结果数据存储于一块保护区内。3. the input data instant comparison protection method as claimed in claim 2, is characterized in that: in this step (7), when judging that this piece of data and this piece of result data are identical, this piece of result data is stored in within a protected area. 4.如权利要求3所述的输入数据即时比对防护方法,其特征在于:在该步骤(七)中,该保护区非存在于该作业系统下,而只能通过该硬件对该保护区进行存取。4. the input data instant comparison protection method as claimed in claim 3 is characterized in that: in the step (7), the protected area does not exist under the operating system, but only the protected area can be protected by the hardware. to access. 5.如权利要求3所述的输入数据即时比对防护方法,其特征在于:在该步骤(七)中,当判断出该笔数据及该笔结果数据不同时,将该笔结果数据丢弃,并显示一则异常信息于一个显示装置上。5. the input data instant comparison protection method as claimed in claim 3, is characterized in that: in this step (7), when judging that this data and this result data are different, this result data is discarded, And display an abnormal message on a display device. 6.如权利要求5所述的输入数据即时比对防护方法,其特征在于:还包含一个位于该步骤(四)及该步骤(五)间的步骤(八),借由一个监测程序对该应用程序进行监测,当监测到该应用程序所产生的结果数据时,将该笔结果数据传送至该控制应用程序。6. The input data real-time comparison protection method as claimed in claim 5, characterized in that: also comprising a step (eight) between the step (four) and the step (five), by a monitoring program for the The application program monitors, and when the result data generated by the application program is detected, the result data is sent to the control application program. 7.如权利要求6所述的输入数据即时比对防护方法,其特征在于:还包含一个位于该步骤(四)前的步骤(九),该应用程序于对该笔数据进行处理前,从一个隐藏形式的文件切换为一个无法被该作业系统覆写的只读形式的文件,并进行后续处理。7. the input data instant comparison protection method as claimed in claim 6, is characterized in that: also comprise a step (nine) before this step (4), this application program is before this data is processed, from A file in hidden form is switched to a read-only form that cannot be overwritten by the operating system and processed later. 8.如权利要求7所述的输入数据即时比对防护方法,其特征在于:在该步骤(五)中,该控制应用程序为一个无法被该作业系统覆写的只读形式的文件。8. The input data real-time comparison protection method according to claim 7, characterized in that: in the step (5), the control application program is a read-only file that cannot be overwritten by the operating system. 9.如权利要求8所述的输入数据即时比对防护方法,其特征在于:还包含一个位于该步骤(八)前的步骤(十),该监测程序于对该应用程序进行监测前,从一个隐藏形式的文件切换为一个无法被该作业系统覆写的只读形式的文件,并进行后续处理。9. the input data instant comparison protection method as claimed in claim 8, is characterized in that: also comprise a step (ten) before this step (eight), this monitoring program is before this application program is monitored, from A file in hidden form is switched to a read-only form that cannot be overwritten by the operating system and processed later. 10.如权利要求1所述的输入数据即时比对防护方法,其特征在于:在该步骤(三)与该步骤(四)中,该应用程序为一个利用至少一个原始编码的文字输入法应用程序,且该笔结果数据为一个字码,而在该步骤(六)中,该反处理单元的反向拆解作业将具有字码形式的结果数据进行反向拆解为该原始编码。10. The input data instant comparison protection method as claimed in claim 1, characterized in that: in the step (3) and the step (4), the application program is a text input method application utilizing at least one original code program, and the result data is a character code, and in the step (6), the reverse disassembly operation of the reverse processing unit reversely disassembles the result data in the form of character code into the original code. 11.一种输入数据即时比对防护硬件,适用于对一个所相连的输入装置所输入的一笔数据与一个包括一个应用程序及一个控制应用程序的作业系统内的一笔结果数据进行比对,且该笔结果数据是由该应用程序对该笔数据进行处理所产生的,其特征在于:该硬件包含一个比较单元及一个反处理单元,该比较单元接收及记录该输入装置所输入的数据,并接收被令为一笔待测数据的结果数据的回传,再将该笔数据与该笔待测数据进行比对,该反处理单元连接于该控制应用程序与该比较单元间,于该比较单元接收由该控制应用程序所回传的待测数据前,先对该笔待测数据进行一种反向拆解作业,再传至该比较单元。11. An input data real-time comparison protection hardware, suitable for comparing a piece of data input by a connected input device with a piece of result data in an operating system including an application program and a control application program , and the result data is generated by the application program processing the data, characterized in that: the hardware includes a comparison unit and an inverse processing unit, the comparison unit receives and records the data input by the input device , and receive the return of the result data ordered as a piece of data to be tested, and then compare the data with the data to be tested, the reverse processing unit is connected between the control application program and the comparison unit, and then Before the comparison unit receives the data to be tested returned by the control application program, it performs a reverse disassembly operation on the data to be tested, and then transmits it to the comparison unit. 12.如权利要求11所述的输入数据即时比对防护硬件,其特征在于:当该比较单元对该数据及该笔待测数据所进行的比对结果为相同时,存储该笔结果数据,而当该比较单元对该笔数据及该笔待测数据所进行的比对结果为不同时,输出一则异常信息,并通知该控制应用程序丢弃该笔结果数据。12. The input data real-time comparison protection hardware as claimed in claim 11, characterized in that: when the comparison unit performs the same comparison result on the data and the data to be tested, the result data is stored, And when the comparing unit compares the data and the data to be tested with a different result, it outputs an abnormal message, and notifies the control application program to discard the resulting data. 13.如权利要求12所述的输入数据即时比对防护硬件,其特征在于:该反处理单元的反向拆解作业将具有一个字码形式的数据进行反向拆解为至少一个原始编码。13. The input data real-time comparison protection hardware according to claim 12, characterized in that: the reverse disassembly operation of the reverse processing unit reversely disassembles the data in the form of a character code into at least one original code.
CN2009100083569A 2009-02-26 2009-02-26 Real-time comparison and defending method of input data and hardware thereof Expired - Fee Related CN101819611B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100083569A CN101819611B (en) 2009-02-26 2009-02-26 Real-time comparison and defending method of input data and hardware thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100083569A CN101819611B (en) 2009-02-26 2009-02-26 Real-time comparison and defending method of input data and hardware thereof

Publications (2)

Publication Number Publication Date
CN101819611A CN101819611A (en) 2010-09-01
CN101819611B true CN101819611B (en) 2012-08-08

Family

ID=42654709

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100083569A Expired - Fee Related CN101819611B (en) 2009-02-26 2009-02-26 Real-time comparison and defending method of input data and hardware thereof

Country Status (1)

Country Link
CN (1) CN101819611B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107292069B (en) * 2016-03-30 2020-03-24 虹映科技股份有限公司 Operation system and method with instant heart rate prediction function
CN106951746B (en) * 2017-04-25 2020-01-21 厦门芯阳科技股份有限公司 Method and system for preventing reverse cracking of temperature control program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1217507A (en) * 1997-11-06 1999-05-26 后健慈 Method and system for maintaining access-protected storage region in sotrage device
CN1875568A (en) * 2003-09-19 2006-12-06 索尼株式会社 Transmitting apparatus, receiving apparatus, and data transmitting system
CN101071462A (en) * 2007-03-30 2007-11-14 腾讯科技(深圳)有限公司 System and method for indicating risk of information inputted by users
CN101377751A (en) * 2007-08-30 2009-03-04 周宏建 Method for protecting computer working document

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1217507A (en) * 1997-11-06 1999-05-26 后健慈 Method and system for maintaining access-protected storage region in sotrage device
CN1875568A (en) * 2003-09-19 2006-12-06 索尼株式会社 Transmitting apparatus, receiving apparatus, and data transmitting system
CN101071462A (en) * 2007-03-30 2007-11-14 腾讯科技(深圳)有限公司 System and method for indicating risk of information inputted by users
CN101377751A (en) * 2007-08-30 2009-03-04 周宏建 Method for protecting computer working document

Also Published As

Publication number Publication date
CN101819611A (en) 2010-09-01

Similar Documents

Publication Publication Date Title
US11637854B2 (en) Resource-centric network cyber attack warning system
US7272724B2 (en) User alerts in an anti computer virus system
Talha et al. Analysis of research on amazon AWS cloud computing seller data security
CN107046535B (en) A kind of abnormality sensing and method for tracing and system
US12124569B2 (en) Command inspection method and apparatus, computer device, and storage medium
AU2022205946A1 (en) Systems, devices, and methods for observing and/or securing data access to a computer network
CN106603517A (en) Computer network information security monitoring system
CN116545678A (en) Network security protection method, device, computer equipment and storage medium
CN103713968B (en) A kind of RFID tag data based on cloud storage technology recovers and method of calibration
CN101819611B (en) Real-time comparison and defending method of input data and hardware thereof
CN110598397A (en) Deep learning-based Unix system user malicious operation detection method
US20150052613A1 (en) Database antivirus system and method
TW201035795A (en) System and method for detecting web malicious programs and behaviors
JP5441043B2 (en) Program, information processing apparatus, and information processing method
TWI409665B (en) Enter the information air against the protection method and its hardware
US20170286683A1 (en) System and methods thereof for identification of suspicious system processes
CN108390778A (en) A kind of computer network security prior-warning device
CN106845244A (en) A kind of detection method and device
US20080137542A1 (en) Method for detecting abnormal network packets
Jones et al. The 2007 Analysis of Information Remaining on Disks offered for sale on the second hand market
CN110247888A (en) A kind of computer network security Situation Awareness platform architecture
US11811792B1 (en) Systems and methods for preventing social engineering attacks using distributed fact checking
Haggerty et al. Visualization of system log files for post-incident analysis and response
Sarabi et al. The Ransomware Decade: The Creation of a {Fine-Grained} Dataset and a Longitudinal Study
Hakim et al. Predicting Data Exfiltration using Supervised Machine Learning based on Tactics Mapping from Threat Reports and Event Logs

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120808

CF01 Termination of patent right due to non-payment of annual fee