research-article

My phone is my keypad: privacy-enhanced PIN-entry on public terminals

Authors:

Alexander De Luca,

Bernhard Frauendienst,

Sebastian Boring,

Heinrich HussmannAuthors Info & Claims

OZCHI '09: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7

Pages 401 - 404

https://doi.org/10.1145/1738826.1738909

Published: 23 November 2009 Publication History

Get Access

Abstract

More and more services are available on public terminals. Due to their public location and permanent availability, they can easily fall victim to manipulation. These manipulations mostly aim at stealing the customers' authentication information (e.g. bank card PIN) to gain access to the victims' possessions. By relocating the input from the terminal to the users' mobile device, the system presented in this paper makes the authentication process resistant against such manipulations. In principle, this relocation makes PIN entry more complex, with a tendency to worse usability. In this paper, we present the concept as well as an evaluation that has been conducted to study the trade off between usability and security. The results show that users apparently are willing to accept a certain increase of interaction time in exchange for improved security.

References

[1]

Claycomb, W., Shin, D. Secure real world interaction using mobile devices. In Permid 2006.

Google Scholar

[2]

Coventry, L., De Angeli, A., Johnson, G. Usability and biometric verification at the ATM interface. In Proc. Chi 2003.

Digital Library

Google Scholar

[3]

Deyle, T., Roth, V. Accessible authentication via tactile pin entry. CG Topics, Issue 3, Mar. 2006.

Google Scholar

[4]

Kumar, M., Garfinkel, T., Boneh, D., Winograd, T. Reducing shoulder-surfing by using gaze-based password entry. In Proc. SOUPS 2007.

Digital Library

Google Scholar

[5]

Rogers, J. Please enter your 4-digit PIN. Financial Services Technology, U.S. Edition, Issue 4, Mar. 2007.

Google Scholar

[6]

Roth, V., Richter, K., Freidinger, R. A pin-entry method resilient against shoulder surfing. In Proc. CCS 2004.

Digital Library

Google Scholar

[7]

Sasamoto, H., Christin, N., Hayashi, E. Undercover: authentication usable in front of prying eyes. In Proc. CHI 2008.

Digital Library

Google Scholar

[8]

Tan, D., Keyani, P., Czerwinski, M. Spy-resistant keyboard: more secure password entry on public touch screen displays. In Proc. OZCHI 2005.

Digital Library

Google Scholar

Cited By

View all

Rajarajan SKalita RGayatri TPriyadarsini P(2018)SpinPad: A Secured PIN Number Based User authentication Scheme2018 International Conference on Recent Trends in Advance Computing (ICRTAC)10.1109/ICRTAC.2018.8679257(53-59)Online publication date: Sep-2018
https://doi.org/10.1109/ICRTAC.2018.8679257
Regal GBusch MDeutsch SHochleitner CLugmayr MTscheligi MRohs MSchmidt AAshbrook DRukzio E(2013)Money on the move workload, usability and technology acceptance of second-screen atm-interactionsProceedings of the 15th international conference on Human-computer interaction with mobile devices and services10.1145/2493190.2493211(281-284)Online publication date: 27-Aug-2013
https://dl.acm.org/doi/10.1145/2493190.2493211
Roalter LDiewald SMöller AStockinger TKranz M(2013)User-Friendly Authentication and Authorization Using a Smartphone ProxyComputer Aided Systems Theory - EUROCAST 201310.1007/978-3-642-53862-9_50(390-399)Online publication date: 2013
https://doi.org/10.1007/978-3-642-53862-9_50
Show More Cited By

Index Terms

My phone is my keypad: privacy-enhanced PIN-entry on public terminals
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

CipherCard: A Token-Based Approach Against Camera-Based Shoulder Surfing Attacks on Common Touchscreen Devices
Human-Computer Interaction – INTERACT 2015
Abstract
We present CipherCard, a physical token that defends against shoulder-surfing attacks on user authentication on capacitive touchscreen devices. When CipherCard is placed over a touchscreen’s pin-pad, it remaps a user’s touch point on the physical ...
The secure haptic keypad: a tactile password system
CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Authentication in public spaces poses significant security risks. Most significantly, passwords can be stolen, potentially leading to fraud. A common method to steal a PIN is through an observation attack, either using a camera or through direct ...
Secure and usable authentication on mobile devices
MoMM '12: Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia

Mobile devices contain a multitude of sensitive data and provide access to even more data as well as services somewhere on the Internet. Even if only temporarily in the hands of non-entitled persons, privacy is at stake. Authentication protects against ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

OZCHI '09: Proceedings of the 21st Annual Conference of the Australian Computer-Human Interaction Special Interest Group: Design: Open 24/7

November 2009

445 pages

ISBN:9781605588544

DOI:10.1145/1738826

Conference Chair:
Marcus Foth
Queensland University of Technology
,
Program Chairs:
Jesper Kjeldskov
Aalborg University
,
Jeni Paay
CSIRO

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

OZCHI '09

OZCHI '09: Proceedings of the 21st conference of the computer-human interaction special interest group of Australia on Computer-human interaction: design

November 23 - 27, 2009

Melbourne, Australia

Acceptance Rates

OZCHI '09 Paper Acceptance Rate 32 of 60 submissions, 53%;

Overall Acceptance Rate 362 of 729 submissions, 50%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
226
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rajarajan SKalita RGayatri TPriyadarsini P(2018)SpinPad: A Secured PIN Number Based User authentication Scheme2018 International Conference on Recent Trends in Advance Computing (ICRTAC)10.1109/ICRTAC.2018.8679257(53-59)Online publication date: Sep-2018
https://doi.org/10.1109/ICRTAC.2018.8679257
Regal GBusch MDeutsch SHochleitner CLugmayr MTscheligi MRohs MSchmidt AAshbrook DRukzio E(2013)Money on the move workload, usability and technology acceptance of second-screen atm-interactionsProceedings of the 15th international conference on Human-computer interaction with mobile devices and services10.1145/2493190.2493211(281-284)Online publication date: 27-Aug-2013
https://dl.acm.org/doi/10.1145/2493190.2493211
Roalter LDiewald SMöller AStockinger TKranz M(2013)User-Friendly Authentication and Authorization Using a Smartphone ProxyComputer Aided Systems Theory - EUROCAST 201310.1007/978-3-642-53862-9_50(390-399)Online publication date: 2013
https://doi.org/10.1007/978-3-642-53862-9_50
De Luca ALangheinrich MHussmann HCranor L(2010)Towards understanding ATM securityProceedings of the Sixth Symposium on Usable Privacy and Security10.1145/1837110.1837131(1-10)Online publication date: 14-Jul-2010
https://dl.acm.org/doi/10.1145/1837110.1837131

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

CipherCard: A Token-Based Approach Against Camera-Based Shoulder Surfing Attacks on Common Touchscreen Devices

The secure haptic keypad: a tactile password system

Secure and usable authentication on mobile devices