The present invention generally relates to the information processing field, and more particularly, to protecting sensitive information.
With the continual development of web applications, individuals' lives are becoming increasingly dependent on web applications. One example of a widely used web application is the use of online payments in online shopping. People also possess various accounts in web applications including, for example, game accounts or online banking accounts. These web applications, while enriching people's lives, bring with them certain risks; therefore, protecting user accounts becomes a problem to be solved.
One widely used solution for protecting user accounts solution is the use of a username and password. However, if a user is using an untrusted device, it can be very dangerous to input the user's username and password on the untrusted device. For example, username and password input by a user on a public computer may be very likely to be captured by malicious code installed on that public computer. The leakage of that username and password will bring high security risk to the user's account.
One known solution for preventing leakage of a user's username and password on an untrusted device is to use a USB authentication device. Currently, many banks use USB keys for online payments, thereby preventing a malicious user from making an online payment operation even if the username and password have been disclosed. However, one USB key is required for each web application, which can inconvenience the user and provide for a lot of unnecessary hardware.
Thus, there is a need for a technical solution which protects sensitive information of a user (such as username and password) from being captured by malicious codes in an untrusted device while the user is using web applications through the untrusted device, and preferably this technical solution needs to be applicable to a variety of web applications without adopting a different technical solution for each web application.