Patent Application
20110208974
This invention relates generally to the field of information security and more particularly, to a protective measure against keystroke logger devices.
A keystroke logger is a device that is able to capture (or log) keystrokes executed on a keyboard (e.g., a computer keyboard), typically in a covert manner such that the person entering the keystrokes is unaware that the keystrokes are being monitored. Keystroke loggers can be used for legitimate purposes (such as parental monitoring or law enforcement applications), however they can also be used maliciously by cyber criminals to obtain personal and/or confidential information for illicit purposes. For example, keystroke loggers can be utilized to obtain passwords, user names, personal identification numbers, and personal and/or employer/employee communications entered by unsuspecting users, placing the users and/or their employers at risk of identity theft and financial loss. There is a need to protect unsuspecting users against the malicious use of keystroke logger devices to preclude, or at least reduce the risk of these consequences.
This need is addressed and a technical advance is achieved in the art by an anti-key logging protocol executable by a computer platform and a corresponding keystroke input device (e.g., keyboard or keypad), that effectively renders keystrokes entered on the keystroke input device undecipherable to a key logger device. Following an authentication procedure, the computer platform sends encryption parameters to the keystroke input device, and the keystroke input device uses the encryption parameters to scramble keystrokes entered on the keystroke input device before sending them to the computer platform. In such manner, keystrokes and/or keystroke representations sent from the keystroke input device to the computer platform are unrecognizable to a key logger device yet can be decoded by the computer platform.
In one embodiment, there is provided an anti-key logging method executed by a keystroke input device of a computer system, wherein the keystroke input device nominally communicates user keystroke information to a computer platform, and wherein the user keystroke information is susceptible to interception by a key logger device. The keystroke input device obtains user keystroke information and one or more encryption parameters for use in encrypting the user keystroke information; encrypts at least a portion of the user keystroke information according to the encryption parameters, yielding encrypted keystroke information; and communicates the encrypted keystroke information to the computer platform.
In another embodiment, there is provided an anti-key logging method executed by a computer platform of a computer system, wherein the computer platform nominally receives user keystroke information communicated from a keystroke input device, and wherein the user keystroke information is susceptible to interception by a key logger device. Following an authentication procedure, the computer platform sends one or more encryption parameters to the keystroke input device for use in encrypting the user keystroke information. Thereafter, the computer platform receives encrypted keystroke information from the keystroke input device, the encrypted keystroke information having been encrypted by the keystroke input device according to one or more encryption parameters sent from the computer platform; and the computer platform decrypts at least a portion of the encrypted keystroke information, yielding unencrypted keystroke information.
In still another embodiment, there is provided an apparatus for performing an anti-key logging protocol, in accordance with a computer system including a keystroke input device operably connected to a computer platform, wherein the keystroke input device nominally communicates user keystroke information to the computer platform, and wherein the user keystroke information is susceptible to interception by a key logger device. The apparatus at the keystroke input device comprises a memory and a processor configured to obtain user keystroke information and one or more encryption parameters for use in encrypting the user keystroke information; encrypt at least a portion of the user keystroke information according to the encryption parameters, yielding encrypted keystroke information; and communicate the encrypted keystroke information to the computer platform.
In yet another embodiment, there is provided an apparatus for performing an anti-key logging protocol, in accordance with a computer system including a keystroke input device operably connected to a computer platform, wherein the computer platform nominally receives user keystroke information communicated from the keystroke input device, and wherein the user keystroke information is susceptible to interception by a key logger device. The apparatus at the computer platform comprises a memory and a processor configured to send one or more encryption parameters to the keystroke input device for use in encrypting the user keystroke information; receive encrypted keystroke information from the keystroke input device, the encrypted keystroke information having been encrypted by the keystroke input device according to one or more encryption parameters sent from the computer platform; and decrypt at least a portion of the encrypted keystroke information, yielding unencrypted keystroke information.
The foregoing and other advantages of the invention will become apparent upon reading the following detailed description and upon reference to the drawings in which:
The computer platform 102 includes a processor 106 and memory 108, wherein the processor 106 is operable to execute computer program code (e.g., including but not limited to operating system firmware/software and application software) stored in memory 108; which execution may depend at least in part on user input communicated from the keyboard 104. In particular, the processor 106 is operable to execute computer program code responsive at least in part to user keystrokes, keystroke combinations or keystroke representations communicated from the keyboard 104.
As shown, however, the computer system 100 includes a keystroke logger (a.k.a., “keylogger”) 110 operably connected between the keyboard 104 and computer platform 102, that is operable to intercept and record the keystrokes, keystroke combinations or keystroke representations communicated from the keyboard 104 to the computer platform 102. The keystroke logger 110 can be implemented in multiple ways including, without limitation, hardware, software and firmware modalities.
In one example the keystroke logger 110 can be software/firmware-based (e.g., exists at the BIOS-level interface between the processor 106 and other components of the computer platform 102). That is, the BIOS (basic input/output system) can be modified to record keyboard events as they are processed. Implementation requires physical and/or root-level access to the computer platform, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on.
In another example the keystroke logger 110 can be hardware-based (e.g., a hardware circuit connected somewhere in between the keyboard 104 and computer platform 102), typically in line with the keyboard's cable connector (not shown). For example, a keystroke logger may be integrated onto a PS2 or USB cable connector connecting the keyboard 104 to the computer platform 102. More stealthy implementations can be installed or built into standard keyboards, so that there's no device visible on the external cable. Both types log all keyboard activity to an internal memory which can subsequently be accessed, for example, by subsequently removing and retrieving the external device or by typing in a secret key sequence to retrieve the information captured by the internal application.
Now referring to
The computer platform 202 includes a processor 206 and memory 208, similar to the computer platform 102 of the prior art, wherein the processor 206 is operable to execute computer program code (e.g., including but not limited to operating system firmware/software and application software) stored in memory 208; which execution may depend at least in part on user input communicated from the keystroke input device 204. In particular, the processor 206 is operable to execute computer program code responsive at least in part to user keystrokes, keystroke combinations or keystroke representations communicated from the keystroke input device 204. In a preferred embodiment, the processor 206 executes computer program code defining an anti-key logging protocol (“AKL protocol”) 210 in cooperation with the keystroke input device 204 as a countermeasure to a keystroke logger device. For example and without limitation, the AKL protocol 210 may comprise application software stored in memory 208.
The keystroke input device (a.k.a., “smart keyboard”) 204 includes a processor 212 and memory 214, wherein the processor 212 is operable to execute certain aspects of the AKL protocol 210 in cooperation with the computer platform 202 (i.e., the processor 206 of the computer platform) as a countermeasure to a keystroke logger device. Similarly to a standard keyboard, the smart keyboard 204 may also include alphabetic characters, numbers, symbols, punctuation symbols and various function or navigation keys; and may communicate keystroke information to the computer platform 202 comprising indicia of user keystrokes, keystroke combinations, or keystroke representations (e.g., encoded characters, such as ASCII representations of the user keystrokes or keystroke combinations). Alternatively or additionally, the keystroke input device 204 may characterize a keypad, such as a numeric or alphanumeric keypad.
As shown, the computer system 200 may include a keystroke logger 216 operably connected between the keystroke input device 204 and computer platform 202, that is deployed in an attempt to intercept and record the keystrokes, keystroke combinations or keystroke representations communicated from the keystroke input device 204 to the computer platform 202. The keystroke logger 216 may comprise, as described in relation to
As will be appreciated, the components of
At step 302, the keystroke input device obtains user keystroke information. The term “keystroke information” will be understood to include, without limitation, indicia of user keystrokes, keystroke combinations, or keystroke representations. For example, responsive to user keystroke activity, the keystroke input device identifies one or more instances of user keystrokes and/or keystroke combinations; and optionally, formulates one or more instances of keystroke representations (e.g., encoded characters, such as ASCII representations) corresponding to the user keystrokes and/or keystroke combinations.
At step 304, the keystroke input device obtains one or more encryption parameters for use in encrypting the user keystroke information. And at step 306, the keystroke input device encrypts at least a portion of the user keystroke information according to the encryption parameters, yielding encrypted keystroke information.
The encryption parameters may define generally, any encoding, scrambling or masking scheme that transforms the keystroke information, or renders the keystroke information substantially unintelligible to an unauthorized party or device, such as a keystroke logger device. The terms “encryption” or “encrypted” as used herein, are therefore broadly defined as encompassing any of several encoding, scrambling or masking algorithms presently known or devised in the future. As will be appreciated, the encryption parameters can be imposed upon one or more instances of keystroke information and can vary greatly in sophistication and complexity depending on implementation of the AKL protocol. As one example and without limitation, it is contemplated that the encryption parameters might comprise a very simple scrambling scheme whereby an original character is shifted n positions in a known sequence (for example, shifting forward 3 characters in an alphabetic sequence, the character “a” would be represented by the character “d”). Alternatively or additionally, of course, the encryption parameters may also comprise any number of more complex encoding, scrambling or masking schemes.
In one embodiment, the keystroke input device 204 obtains encryption parameters at step 304 from the computer platform 202, initially following an authentication sequence whereby the computer platform 202 confirms the identity of the keystroke input device, and then periodically thereafter for so long as the authentication is valid. For example and without limitation, the computer platform may update encryption parameters after designated time intervals, upon occurrence of designated events, or upon request from the keystroke input device. In such manner the computer platform knows which encryption parameters will be used by the keystroke input device to encrypt the user keystroke information. Alternatively or additionally, the keystroke input device may receive encryption parameters from an external platform (i.e., other than the computer platform 202) or it may retrieve encryption parameters from its own memory 214, for so long as the computer platform 202 will know or can determine which encryption parameters will be used by the keystroke input device to encrypt the user keystroke information.
Finally at step 308, the keystroke input device communicates the encrypted keystroke information to the computer platform. Thereafter, as will be described in greater detail in relation to
At step 402, the computer platform sends one or more encryption parameters to the keystroke input device 204. As noted with respect to
Thereafter, at step 404, the computer platform receives encrypted keystroke information from the keystroke input device 204, the encrypted keystroke information having been encrypted according to the encryption parameters provided by the computer platform. At step 406, the computer platform decodes the encrypted keystroke information to yield unencrypted keystroke information; and the computer platform executes computer program code, performs certain functions or the like responsive at least in part to the unencrypted keystroke information.
Now turning to
At step 1, an anti-key logging (AKL) software application is loaded into the computer platform, for example and without limitation, by the computer owner or someone with sufficient administrative privileges. The AKL software application may be loaded in generally any manner presently known or devised in the future. In one embodiment, upon installation of the AKL software application, the computer platform will send a message to an administrator informing the administrator that it has been installed.
At step 2, the computer platform will execute an authentication procedure in cooperation with the keystroke input device, i.e., to confirm the identity of the keystroke input device. In one embodiment, the authentication procedure is initiated by the computer platform querying the keystroke input device for a unique “keyboard ID” or other suitable indicia of identity. The request may be initiated, for example and without limitation, after initial installation and upon receiving a first instance of keystroke information from the keystroke input device. Responsive to the query, the keystroke input device retrieves the keyboard ID from memory 214 and sends indicia of the keyboard ID to the computer platform; and the computer platform confirms the validity of the keyboard ID by checking a database or the like.
At step 3, if the keyboard ID is determined to be valid, the computer platform sends one or more encryption parameters to the keystroke input device. In one embodiment, the computer platform periodically updates the encryption parameters (e.g., sends new encryption parameters) at startup or other events, at certain time intervals, or as initiated by the operator or administrator. Optionally, the computer platform may reconfirm the identity of the keystroke input device before updating the encryption parameters.
At step 4, the keystroke input device encrypts at least a portion of the user keystroke information according to the encryption parameters, yielding encrypted keystrokes and/or keystroke representations. And at step 5, the keystroke input device sends the encrypted keystrokes and/or keystroke representations to the computer platform. At step 6, the computer platform decodes the encrypted keystroke information to yield unencrypted keystroke information; and the computer platform executes computer program code, performs certain functions or the like responsive at least in part to the unencrypted keystroke information.
For example, the term “computer platform” as used herein is generally defined as a computer resource having a processor and memory, wherein the processor is operable to execute computer program code (e.g., including but not limited to operating system firmware/software and application software) stored in memory; and which nominally receives user keystroke information communicated from a keystroke input device (e.g., keyboard or keypad). The processor may comprise one or more processing devices, including a central processing unit (CPU) or other processing circuitry, including but not limited to one or more signal processors, integrated circuits or the like. The memory may comprise memory associated with the processor or CPU, such as random-access memory (RAM) or read-only memory (ROM), a fixed memory device (e.g., hard drive), or a removable memory device (e.g., diskette or CD ROM).
The term “keystroke input device” as used herein is generally defined as a user input device that is operably connected to the computer platform, which receives user keystrokes and communicates user keystroke information to the computer platform.
For example and without limitation, the keystroke input device may comprise a keyboard, such as a personal computer keyboard, including alphabetic characters, numbers, symbols, punctuation symbols and various function or navigation keys; and the keystroke information may comprise indicia of user keystrokes, keystroke combinations, or keystroke representations (e.g., ASCII representations of user keystrokes or combinations). [ASCII refers to the American Standard Code for Information Interchange]. Alternatively, the keystroke input device may comprise a keypad, such as a numerical keypad. In one embodiment, the keystroke input device comprises a “smart” keyboard having a processor and memory operable to execute an anti-key logging protocol.
