Information Security/Privacy via a Decoupled Security Accessory to an Always Listening Device
US-2024048970-A1 · Feb 8, 2024 · US
Detecting synthetic keystrokes
US9342687B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9342687-B2 |
| Application number | US-201414453946-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 7, 2014 |
| Priority date | Aug 7, 2014 |
| Publication date | May 17, 2016 |
| Grant date | May 17, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Detecting synthetic keystrokes by maintaining a record of one or more keystrokes of physical keyboard input detected by an operating system of a computer, detecting a keystroke received at a computer application process that is executed by the computer, determining that the keystroke received at the computer application process is absent from the record of keystrokes of physical keyboard input, and identifying the keystroke received by the computer application process as being a synthetic keystroke.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for detecting synthetic keystrokes, the method comprising: maintaining a record of one or more physical keystrokes of physical keyboard input detected by an operating system of a computer from a program routine in a kernel space of a computer memory of the computer that directly contacts keyboard input/output ports of the computer; detecting, by a synthetic keystroke detector in a user space of the computer memory, a keystroke received at a computer application process that is executed by the computer; comparing the record of one or more physical keystrokes of the physical keyboard input to the keystroke received at the computer application process; based on the comparison, determining that the keystroke received at the computer application process is absent from the record of physical keystrokes of the physical keyboard input; identifying the keystroke received by the computer application process as being a synthetic keystroke; and performing a predefined security-related action, wherein the predefined security-related action includes at (i) notifying a user of the synthetic keystroke and (ii) withholding the synthetic keystroke from the computer application process. 2. The method of claim 1 , further comprising detecting the physical keyboard input substantially when the physical keyboard input is detected by the operating system of the computer. 3. The method of claim 1 , further comprising detecting the physical keyboard input using a kernel filter driver. 4. The method of claim 1 , further comprising detecting the physical keyboard input using an interrupt service routine in the kernel space of the computer memory that is managed by the operating system. 5. The method of claim 1 , wherein detecting the keystroke received at the computer application process comprises detecting the keystroke received at the computer application process using a keystroke interception library in the user space of the computer memory that is managed by the operating system. 6. The method of claim 1 , wherein detecting the keystroke received at the computer application process comprises detecting the keystroke received at the computer application process using a patch on a message loop of the computer application process. 7. The method of claim 1 , wherein detecting the keystroke received at the computer application process comprises detecting the keystroke received at the computer application process by subclassing a keystroke-receiving class of the computer application process. 8. The method of claim 1 , wherein detecting the keystroke received at the computer application process comprises intercepting the keystroke received at the computer application process; and further comprising withholding the intercepted keystroke from the computer application process. 9. A system for detecting synthetic keystrokes, the system comprising: one or more computer processors operatively coupled with one or more memory devices including non-transitory computer readable storage media; program instructions stored on the one or more non-transitory computer readable storage media being executed by at least one of the one or more processors, the program instructions comprising: a physical keystroke recorder configured to maintain a record of one or more keystrokes of physical keyboard input detected by an operating system of a computer from a program routine in a kernel space of a computer memory of the computer that directly contacts keyboard input/output ports of the computer; and a synthetic keystroke detector configured to: detect, by the synthetic keystroke detector in a user space of the computer memory, a keystroke received at a computer application process that is executed by the computer, compare the record of one or more physical keystrokes of the physical keyboard input to the keystroke received at the computer application process, based on the comparison, determine that the keystroke received at the computer application process is absent from the record of physical keystrokes of the physical keyboard input, identify the keystroke received by the computer application process as being a synthetic keystroke, and perform a predefined security-related action, wherein the predefined security-related action includes (i) notifying a user of the synthetic keystroke and (ii) withholding the synthetic keystroke from the computer application process. 10. The system of claim 9 , wherein the physical keystroke recorder is configured to detect the physical keyboard input substantially when the physical keyboard input is detected by the operating system of the computer. 11. The system of claim 9 , wherein the physical keystroke recorder is configured to detect the physical keyboard input using a kernel filter driver. 12. The system of claim 9 , wherein the physical keystroke recorder is configured to detect the physical keyboard input using an interrupt service routine in the kernel space of the computer memory that is managed by the operating system. 13. The system of claim 9 , wherein the synthetic keystroke detector is configured to detect the keystroke received at the computer application process using a keystroke interception library in the user space of the computer memory that is managed by the operating system. 14. The system of claim 9 , wherein the synthetic keystroke detector is configured to detect the keystroke received at the computer application process using a patch on a message loop of the computer application process. 15. The system of claim 9 , wherein the synthetic keystroke detector is configured to detect the keystroke received at the computer application process by subclassing a keystroke-receiving class of the computer application process. 16. The system of claim 9 , wherein the synthetic keystroke detector is configured to intercept the keystroke received at the computer application process, and withhold the intercepted keystroke from the computer application process. 17. The system of claim 9 , wherein the physical keystroke recorder and the synthetic keystroke detector are implemented in any of a) computer hardware, and b) computer software embodied in the non-transitory computer readable storage media. 18. A computer program product for detecting synthetic keystrokes, the computer program product comprising: one or more non-transitory computer readable storage media; and program instructions, stored on the one or more non-transitory computer readable storage media, when executed by a hardware processor, causing the program instructions to: maintain a record of one or more physical keystrokes of physical keyboard input detected by an operating system of a computer from a program routine in a kernel space of a computer memory of the computer that directly contacts keyboard input/output ports of the computer, detect, by a synthetic keystroke detector in a user space of the computer memory, a keystroke received at a computer application process that is executed by the computer, compare the record of one or more physical keystrokes of the physical keyboard input to the keystroke received at the computer application process, based on the comparison, determine that the keystroke received at the computer application process is absent from the record of physical keystrokes of the physical keyboard input; to identify the keystroke received by the computer application process as being a synthetic keystroke, and to perform a predefined security-related action, wherein the predefined security-related action includes (i) notifying
Assignees
Inventors
Classifications
- G06F21/50Primary
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems · CPC title
- G06F21/83Primary
input devices, e.g. keyboards, mice or controllers thereof · CPC title
Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
User authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9342687B2 cover?
- Detecting synthetic keystrokes by maintaining a record of one or more keystrokes of physical keyboard input detected by an operating system of a computer, detecting a keystroke received at a computer application process that is executed by the computer, determining that the keystroke received at the computer application process is absent from the record of keystrokes of physical keyboard input,…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/50. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).