• Journal of Convergence for Information Technology
• /
• v.12 no.3
• /
• pp.38-45
• /
• 2022

Due to the development of fintech technology, financial transactions using smart phones are being activated. The password for user authentication during financial transactions is entered through the virtual keypad displayed on the screen of the smart phone. When the password is entered, the attacker can find out the password by capturing it with a high-resolution camera or spying over the shoulder. A virtual keypad with security applied to prevent such an attack is difficult to input on a small touch-screen, and there is still a vulnerability in peeping attacks. In this paper, the entire keypad is divided into several groups and displayed on a small screen, touching the group to which the character to be input belongs, and then touching the corresponding character within the group. The proposed method selects the group to which the character to be input belongs, and displays the keypad in the group on a small screen with no more than 10 keypads, so that the size of the keypad can be enlarged more than twice compared to the existing method, and the location is randomly placed, hence location of the touch attacks can be blocked.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.3
• /
• pp.73-80
• /
• 2018

Due to the popularity of smartphones and the simplification of financial services, the number of mobile financial services is increasing. However, the security keypads developed for existing financial services are susceptible to probability analysis attacks and have security vulnerabilities. In this paper, we propose and implement a security keypad based on dual touch. Prior to the proposal, we examined the existing types of security keypads used in the mobile banking and mobile payment systems of Korean mobile financial businesses and analyzed the vulnerabilities. In addition, we compared the security of the proposed dual touch keypad as well as existing keypads using the authentication framework and the existing keypad attack types (Brute Force Attack, Smudge Attack, Key Logging Attack, and Shoulder Surfing Attack, Joseph Bonneau). Based on the results, we can confirm that the proposed security keypad with dual touch presented in this paper shows a high level of security. The security keypad with dual touch can provide more secure financial services, and it can be applied to other mobile services to enhance their security.

• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.46 no.6
• /
• pp.25-30
• /
• 2009

In this paper, a full-digital capacitive sensor for touch key applications is proposed. The proposed circuit consists of two capacitive loads to measure and a resistor between the capacitive loads. As the method measures the delays of the resistor and two capacitive loads respectively, and obtains difference between the capacitive loads by subtracting the two delays, it can reduce the effects of changing of operating environment variables such as supplying voltage, temperature and humidity. Experimental results show the method has l.02pF resolution and can be applied to touch key applications.

• Journal of Convergence for Information Technology
• /
• v.10 no.8
• /
• pp.144-151
• /
• 2020

User-authentication process is necessary in Fintech Service. Especially, authentication on smartphones are carried out through PIN which is inputted through virtual keypads on touch screen. Attacker can analogize password by watching touched letter and position over the shoulder or using high definition cameras. To prevent password spill, various research of virtual keypad techniques are ongoing. It is hard to design secure keypad which assures safety by fluctuative keypad and enhance convenience at once. Also, to reconfirm user whether password is wrongly pressed, the inputted information is shown on screen. This makes the password easily exposed through high definition cameras or Google Class during recording. This research analyzed QWERTY based secure keypad's merits and demerits. And through these features, creating Tetris shaped keypad and piece them together on Android environment, and showing inputted words as Tetris shape to users through smart-screen is suggested for the ways to prevent password spill by recording.

• Journal of the Korea Convergence Society
• /
• v.8 no.6
• /
• pp.37-44
• /
• 2017

Mobile devices provide various services through payment and authentication by inputting important information such as passwords on the screen with the virtual keypads. In order to infer the password inputted by the user, the attacker captures the user's touch location information. The attacker is able to infer the password by using the location information or to obtain password information by peeping with Google Glass or Shoulder Surfing Attack. As existing secure keypads place the same letters in a set order except for few keys, considering handy input, they are vulnerable to attacks from Google Glass and Shoulder Surfing Attack. Secure keypads are able to improve security by rearranging various shapes and locations. In this paper, we propose secure keypads that generates 13 different shapes and sizes of Tetris and arranges keypads to be attached one another. Since the keypad arranges different shapes and sizes like the game, Tetris, for the virtual keypad to be different, it is difficult to infer the inputted password because of changes in size even though the attacker knows the touch location information.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.10a
• /
• pp.1837-1838
• /
• 2015

일반적인 터치스크린을 이용한 입력방법인 스크린을 보고 대응하는 영역을 터치하여 숫자, 한글, 영문, 기호 등을 입력하는 방식은 시각장애인이 사용하기에는 특수한 가이드가 제공되지 않는 한 사용이 거의 불가능하다고 할 수 있다. 특히 음성과 촉감을 이용하여 해당 버튼을 찾아 이용하던 기존의 입력 방식이 아닌 평평한 터치스크린 입력 방식은 눈으로 보지 않고는 정확한 입력영역을 구분 할 수 없다. 본 논문 에서는 기존의 시각장애인을 위한 제품과 기술들의 단점을 보완할 수 있고 시각장애인들도 쉽고 정확하게 스마트 기기를 사용할 수 있는 가상 터치 키패드 입력 방식을 제안한다. 제안하는 방법은 단순한 기준점과 방향점을 이용한 터치 및 드래그 방식의 가상 키패드 정의 방식으로 터치 스크린 방식의 다양한 스마트 기기에 효과적으로 적용될 수 있다.

• Journal of the Korean Institute of Illuminating and Electrical Installation Engineers
• /
• v.23 no.4
• /
• pp.39-46
• /
• 2009

In this paper, we propose a full digital capacitive sensing touch key reducing the effects due to the variations of resistance and clock frequency. The proposed circuit consists of two capacitive loads to measure and a resistor between the capacitive loads. The method measures the delays of the resistor and two capacitive loads, respectively. The ratio of the two delays is represented as the ratio of the two capacitive loads and is irrelative to the resistance and the clock frequency if quantization error is disregarded. Experimental results show the proposed scheme efficiently reduces the effects due to the variations of clock frequency and resistance. Further more the method has l.04[pF] resolution and can be used as a touch key.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.200-202
• /
• 2008

본 논문은 터치스크린기반의 CE기기에서 한글을 효과적으로 입력하는 새로운 형태의 터치 GUI 기반 인터페이스를 제시한다. 제시된 한글입력방식인 심플키(SimpleKey)는 기존의 한글입력방식인 천지인, EZ한글, 모아키 등과는 다른 터치 제스처 기반 자음 중심의 7~12인치 터치스크린에 최적화된 방식이다. 심플키는 터치제스처와 누르는 세기 구분을 포함하고, 자음 중심 키배열에 모음 빈도 분석을 통한 제스처 매핑을 적용한 것을 특징으로 한다. 제안된 방식은 현재 8.9 인치 크기의 포터블 디바이스에 적용 구현하였으며 실사용자를 대상으로 사용성 평가를 통해 심플키의 효과성을 검증했다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2012.11a
• /
• pp.1764-1766
• /
• 2012

현재 스마트폰의 급격한 대중화가 이루어짐에 따라, 터치스크린에서 한글을 효율적으로 입력하는 방법의 연구가 활발히 진행되고 있다. 하지만, 많은 터치스크린 한글 키패드가 만들어졌음에도 불구하고, 사용자가 습득하는데 시간이 오래 걸리며 오타가 빈번하게 나타나고 있다. 따라서 본 논문에서는 한글 키패드의 표준인 '천지인'의 장점인 사용자 습득율을 최대화하고, 단점인 자음의 멀티탭(반복누름)방식으로 인한 오타발생 빈도율을 스마트폰의 터치 슬라이드방식을 이용하여 최소화한 SC-Keyboard를 제안하고자 한다.

• Journal of Internet Computing and Services
• /
• v.14 no.3
• /
• pp.15-21
• /
• 2013

Due to the widespread propagation of mobile platforms such as smartphones and tablets, financial and e-commercial transactions based on these mobile platforms are growing rapidly. Unlike PCs, almost all mobile platforms do not provide physical keyboards or mice but provide virtual keypads using touchscreens. For this reason, an attacker attempts to obtain the coordinates of touches on the virtual keypad in order to get actual key values. To tackle this vulnerability, financial applications for mobile platforms use secure keypads, which change position of each key displayed on the virtual keypad. However, these secure keypads cannot protect users' private information more securely than the virtual keypads because each key has only 2 or 3 positions and moreover its probability distribution is not uniform. In this paper, we analyze secure keypads used by the most financial mobile applications, point out the limitation of the previous research, and then propose a more general and accurate attack method on the secure keypads.