Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Sensitive/Personal Information loss on touchscreen devices

IP.com Disclosure Number: IPCOM000240703D
Publication Date: 2015-Feb-19
Document File: 2 page(s) / 54K

Publishing Venue

The IP.com Prior Art Database

Abstract

Abstract: This article describes identifying when secure data is being entered into a touch screen device or interface and switching input modes to utilise a non-contact mechanism to prevent against smudge attacks whilst limiting power drain from having such a mechanism constantly enabled.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Sensitive/Personal Information loss on touchscreen devices

Disclosed is a system for identifying when secure data is being entered into a touch screen device or interface and switching input modes to utilise a non-contact mechanism to prevent against smudge attacks whilst limiting power drain from having such a mechanism constantly enabled.

Background:

    When inputting passcodes, phrases or patterns to unlock mobile devices with a touch screen it can often leave behind visual traces of the finger pattern or swipe used. This could then be used to gain unauthorised access to the device, know as a 'smudge attack' (method was investigated by a team of University of Pennsylvania researchers and reported at the 4th USENIX Workshop on Offensive Technologies Smudge Attacks on Smartphone Touch Screens").

Known solutions / Alternatives: · Wipe the screen clean after each use so that no visible traces are left behind.

· Use spray-on solutions to prevent smears and fingerprints.

· Install a password / unlock app that rearranges the keypad or incorporates
extra swipes to unlock which obscure previous pattern.


· Install Fingerprint software.

· Fingerprint identity sensor on smartphones.
The proposed system uses the device camera to track expected user interaction with a touch screen to prevent smears on a mobile device that others could use to hack
into the device.

Device would: · Only activate when requesting password/log-in information;

· Track user finger using device camera and display a pointer on screen for expected press;

· May need to incorporate a gesture to indicate a user "click" (not necessary for swipe/drag password entry).

Advantages: · Minimal or no visual traces left behind on screen which could be used to gain access. · Camera would only activate during password entry so would not be a constant drain on power.

· Using technology already available on most mobile touch screen devices.

· No need to keep cleaning the device screen or applying special spray-on solutions. Extensions: · This system would also extend to the input of other forms of personal and sensitive information onto shared public touchscreen devices. Examples of which are in-store order points where the customer inputs payment details and delivery information.

Hover detection on touchscreen devices is an existing technology as detailed in the following patents:

EP2609489A2, CN201429831Y, and US20080012835.

    The proposed embodiment would utilise this technology to determine when a user is hovering their finger over a particular section of the screen but the required components and s...