This application claims the benefit of Taiwan application Serial No. 103118035, filed May 23, 2014, the subject matter of which is incorporated herein by reference.
1. Field of the Invention
The invention relates in general to a method and a system for inputting and uploading data, and more particularly to a method and a system for inputting and uploading data by a dynamic keyboard.
2. Description of the Related Art
With the availability of Internet, many task such as shopping, bill payment, and fund transfer can be easily done via the network. Meanwhile, the user's private or sensitive data such as ID number, date of birth and credit card number need to be uploaded to the network.
However, the user equipment once connected to the Internet is exposed to the risk of being infected with Trojans and controlled by the crackers. The user's private or sensitive data may be stolen, and the user's assets may be jeopardized. For example, the Trojans may key log the data inputted to the user equipment by the user and obtain the user's account password. Or, the Trojans may change or capture the data inputted or received by the user. For example, during the process of fund transfer, the Trojans can change the transferee account to other account, and then restore the changed content to the original content when the back-end device transmits the confirmation information to the user equipment. Thus, it is very hard for the user to detect that the inputted data has been changed during the inputting process or the transmission process.
Therefore, it is necessary to provide a data inputting and uploading method with high security to protect the sensitive or private data inputted by the user.
The invention is directed to a method and a system for inputting and uploading data. The method and the system have high security during the process of inputting data and the process of transmitting data.
According to one embodiment of the present invention, a data inputting and uploading method is disclosed. The method comprises following steps. A figure factor is generated by a user equipment according to a key rule. A dynamic keyboard is generated by the user equipment according to the figure factor, wherein the dynamic keyboard is composed of a plurality of figures. A permutation of the selected figures is recorded by the user equipment. The permutation of the selected figures is transformed into a hash code by the user equipment. The hash code is received and transformed into a plain code by a back-end device.
According to another embodiment of the present invention, a data inputting and uploading system is disclosed. The system comprises a user equipment and a back-end device. The user equipment comprises a safety component, a calculation unit, a graphic unit, a display unit, a storage unit and a user-end transmission unit. The safety component stores a key rule. The calculation unit generates a figure factor according to the key rule. The graphic unit generates a dynamic keyboard according to the figure factor, wherein the dynamic keyboard is composed of a plurality of figures. The display unit displays the dynamic keyboard. The storage unit records a permutation of the sequentially selected figures. The calculation unit transforms the of the sequentially selected figures into a hash code. The user-end transmission unit transmits the hash code to the back-end device. The back-end device comprises a back-end transmission unit and a code transforming unit, wherein the back-end transmission unit receives the hash code, and the code transforming unit transforms the hash code into a plain code.
Based on the key rule in a safety component, a dynamic keyboard through which the user can click and input private or sensitive plain code is generated on a user equipment. The dynamic keyboard is generated according to the figure factor, and the figure factor is generated by the physical safety component (high security). Furthermore, the user equipment only records a permutation of the selected figures when the user inputs a plain code, hence avoiding software tampering, key logging or unauthorized interception of private/sensitive plain code such as transferee account, transfer amount, account password.
Moreover, the permutation of the selected figures, which is generated when the user clicks the dynamic keyboard, is transformed into a hash code which is then transmitted to a back-end device. The back-end device obtains the hash code, and then transforms the hash code into a plain code according to a stored key rule. That is, the sensitive/private plain code is transformed into an encrypted hash code during the transmission process. Even if the encrypted hash code is intercepted during the transmission process, the cracker still cannot decrypt the encrypted hash code to obtain the plain code inputted by the user.
The above and other aspects of the invention will become better understood with regard to the following detailed description of the preferred but non-limiting embodiment (s). The following description is made with reference to the accompanying drawings.
A method and a system for inputting and uploading data according to an embodiment of the invention are elaborated below with accompanying drawings
Firstly, the method begins at step S01, a dynamic data is generated by a calculation unit 11 of a user equipment 10, wherein the dynamic data can be uploaded to a back-end device 20. The content of the dynamic data is not fixed, can be generated according to a random number, a system status data or an input content. The system status data comprises but is not limited to a system time or an identification code of the user equipment. Examples of the input content include a user account, a transferee account, an order number or a membership number commonly inputted by the user. The dynamic data may comprise one or a combination of the data exemplified above. Besides, the dynamic data can be generated at different time points. For example, the dynamic data can be generated when the user equipment 10 is activated or when the user prepares to input the data. The environmental status at the generation time of the dynamic data may vary, and the dynamic data may be different according to the environmental status. Thus, the dynamic date can be referred as one-time password (OTP), which provides higher security. In the present embodiment, the dynamic data can be used in subsequent steps of the data inputting and uploading method to generate a dynamic keyboard 106. It should be noted that in some embodiments, the dynamic data is not indispensable to the generation of the dynamic keyboard 106. That is, step S01 can be omitted.
Next, the method proceeds to step S02, a figure factor D102 of the dynamic keyboard 106 is generated by the calculation unit 11 of the user equipment 10 according to a key rule D101 of a safety component 12 and the dynamic data. The key rule D101 can be a one-time password, a symmetric key, an asymmetric key or a hash function, but not limit thereto. In an embodiment, the key rule D101 can be a function f(x) of dynamic data x, and different dynamic data x correspond to different function values, wherein the figure factor D102 is a function value. If step S01 is omitted, this implies that the figure factor D102 is generated from the key rule D101 directly without using any dynamic data. For example, when x=0, the figure factor D102 is expressed as f(0).
Then, the method proceeds to step S03, a dynamic keyboard 106 of
Then, the method proceeds to step S04, when the user intends to input a plain code D105 and clicks the
Then, the method proceeds to step S05, the permutation D103 of the selected figures is transformed into a hash code D104 by the calculation unit 11 of the user equipment 10, and the hash code D104 is transmitted to a back-end device 20 by a transmission unit 16 of the user equipment 10. The figure factor D102 of the dynamic keyboard 106 generated by the user equipment 10 is different at each time. Even when the user clicks the dynamic keyboard 106 according to the same plain code D105 (for example, “8761” of
Then, the method proceeds to step S06, the hash code D104 transformed by the user equipment 10 in step S05 is received by the transmission unit 22 of the back-end device 20 and transformed into the plain code D105 by the code transforming unit 21 of the back-end device 20. Since the back-end device 20 stores the key rule D101 of the safety component 12 of the user equipment 10 and receives the dynamic data generated by the user equipment 10 in step S01, an identical dynamic keyboard 106 can be duplicated for transforming the hash code D104 into the plain code D105. In an embodiment, given that step S01 is omitted, the back-end device 20 can duplicate the dynamic keyboard 106 according to the key rule D102 of the safety component 12 and further transforms the hash code D104 into the original plain code D105.
Lastly, the method proceeds to step S07, if the back-end device 20 has a correct plain code D105 stored therein, then the back-end device 20 can verify the plain code D105 inputted by the user to check whether the account password and the transferee account are valid or not. Then, the back-end device 20 responds a verification result to inform the user of the result of transaction or login. In an embodiment, step S07 can be omitted, and the plain code D105 is used directly without being verified.
According to the data inputting and uploading system according to an embodiment of the invention indicated in
As indicated in
In an embodiment, when the user equipment 10 is a portable electronic device as indicated in
As indicated in
According to the method and the system for inputting and uploading data disclosed in above embodiments, a dynamic keyboard 106 is generated by a physical safety component 12 of the user equipment 10. The dynamic keyboard 106 is for the user to input a sensitive or private plain code D105. After the dynamic keyboard 106 is clicked by the user, what is stored in the user equipment 10 is a permutation D103 of the selected figures instead of the plain code D105 to assure the security during the inputting process. During the process of uploading data to the back-end device 20, the plain code D105 is represented by an encrypted hash code D104. Therefore, even when the data was intercepted by a cracker, the cracker cannot obtain actual values nor change actual values by way of changing the hash code D104. Therefore, both the process of inputting data and the process of transmitting data have high security.
While the invention has been described by way of example and in terms of the preferred embodiment (s), it is to be understood that the invention is not limited thereto. On the contrary, it is intended to cover various modifications and similar arrangements and procedures, and the scope of the appended claims therefore should be accorded the broadest interpretation so as to encompass all such modifications and similar arrangements and procedures.
Number | Date | Country | Kind |
---|---|---|---|
103118035 | May 2014 | TW | national |