1. Technical Field
This disclosure relates generally to information security and, in particular, to access control schemes that are implemented using mobile devices.
2. Background of the Related Art
The recent past has seen an enormous growth in the usage and capabilities of mobile devices, such as smartphones, tablets, and the like. Such devices comprise fast processors, large amounts of memory, gesture-based multi-touch screens, and integrated multi-media and GPS hardware chips. Many of these devices use open mobile operating systems, such as Android. The ubiquity, performance and low cost of mobile devices have opened the door for creation of a large variety of mobile applications.
There are numerous places where users are required to enter on a keypad passwords or personal identification numbers (PINs) to obtain products or physical access. A typical example is a keypad associated with an automated teller machine (ATM), or a keypad associated with a secure facility. As keypad access proliferates, so too have attack strategies aimed at acquiring those passwords and PINs. Typical attacks involve scanners, hidden cameras, looking over a person's shoulder, and the like. Many solutions have been proposed to tackle this security issue, and they usually involve physical or operational changes to the keypad itself.
Mobile device-based interactions with ATMs are also known in which a mobile phone is used to facilitate an ATM transaction. These systems, however, require a tight coupling between, on the one hand, a mobile banking app executing on the device and, on the other hand, the bank's back-end server handling the transaction. These known solutions require trust-based integration between the mobile app and the ATM and back-end systems, making them costly and difficult to implement.