Devices are increasingly used to conduct interactions, such as e-commerce interactions, in which a front-end device communicates with a back-end system. For example, a legitimate user can communicate with a trusted back-end system using a device, e.g., a smartphone, a tablet computing device. In some instances, a device can become compromised, such that the device can be controlled by and/or sensitive information can be exposed to a malicious user, e.g., an attacker. Such instances can often occur in the bring-your-own-device and mobile cloud infrastructures. In such infrastructures, the user authenticates to the back-end system using something that the user knows, e.g. credentials a password or personal identification number (PIN). Once the user is authenticated, the user can control an application on the back-end system, and can provide user input to the back-end system using the device.
Authentication of a user that provides input and authentication of the provided input is hard to achieve, if the user (unknowingly) relies on a compromised device. For example, using a compromised device can result in authentication factors, e.g., credentials, and/or input being easily stolen. An attacker controlling a compromised device can use the stolen authentication factors to act as an authenticated party and submit false input to a back-end.