In a modern society, a password needs to be entered for an electronic settlement based on a smartphone. Unlike cell phones, smartphones are vulnerable to hacking like general-purpose personal computers (PCs) because applications for smartphones can be developed by anyone.
In particular, when a password is entered through a fixed keypad, password touch coordinates of a user may be revealed. In this case, the password itself may be leaked, so the user needs to pay special attention.
In order to solve such a problem, an authentication method using a variable keypad was developed. In the variable keypad method, positions of input buttons of a keypad are changed every time a user performs a connection. Accordingly, the possibility that a password will be leaked is small, even when positions of input buttons of a keypad of a smartphone are stolen by a third party.
A user cannot perform authentication when the user does not know the password itself.
However, in a variable-keypad-based authentication method, the password itself is transmitted from a terminal to a server when authentication is requested. Accordingly, when a hacker hacks a password while the password is being transmitted, the hacker can find out the password itself, and this causes leakage of personal information and vulnerability in security.
Also, when a third party that knows the password of a user itself pretends to be the user and performs user authentication, the authentication cannot be prevented from being successful.