1. Technical Field
The present invention relates to a password input algorithm, more particularly to a password input system and method using alphanumeric matrices.
2. Description of the Related Art
Generally, when using an Internet website or Internet banking, etc., an ID and password may be inputted for identification purposes. However, the existing method of inputting a password using a keyboard is highly vulnerable to keylogging attacks, in which the ID, password, etc., are discovered by recording the key information inputted by the user, and shoulder surfing attacks, in which the ID, password, etc., are discovered by looking over the user's shoulder (Shoulder surfing refers to any attack that may occur in a space that is beyond one's control and includes not only simple overlooking but also attacks using video images from CCTV cameras, etc.).
Of the 245 million types of malicious codes detected and blocked by Symantec Corp. each month last year, 90% targeted confidential information, and 76% of these were related to keylogging, for retrieving the keyboard input information of a user to steal authentication information for Internet bank accounts, etc. Numerous techniques have been developed to address this problem, i.e. that of complementing the keyboard-based password input method, and the most current of these techniques can be classified mainly into those using graphics and those requiring a person's computational abilities.
Certain current Internet banking sites have adopted the password input techniques using graphics, where the password (numbers) may be inputted by using a mouse. In most of these cases, the password is not a 6 to 8 digit combination of alphabet letters and numbers, but a 4 to 6 digit combination of numbers. The technique by which the password (numbers) is inputted using a mouse, as adopted by such Internet banking sites, may involve a number grid that is randomly generated on the screen whenever an input is made, rendering a keylogging attack ineffective. However, since this input involves inputting the numbers themselves, this technique can be vulnerable to shoulder surfing attacks. Due to this vulnerability of password input methods, the user is recommended not to use Internet banking services, or other websites, online games, etc., that require logging in, in a public environment, such as in an Internet café and on a public PC. In cases where it is unavoidably necessary to input a password using a keyboard in a public environment, and in cases subject to shoulder surfing, a user may suffer losses or may feel anxious about the possibility of information theft.
As such, there is a need to develop a password input method that is robust against both keylogging attacks and shoulder surfing attacks, so that users may feel at ease even when unavoidably using a password in a public environment.