Protector OATH SDK provides a built-in secure keypad to manage and manipulate the PIN input process against malicious keyloggers, overshoulder attacks, memory dumping, and screen capturing attacks.
This secure keypad provides a single visual view for the secure input of data.
The purpose of the secure keypad is to ensure that the management and manipulation of sensitive data are done in a controlled and secure way, where:
- “Controlled” means that the input data in the memory is protected and copies are managed to ensure that when it is no longer needed or when the reference is out of scope, it is wiped from the memory.
- “Secure” means that the protection mechanisms are in place to defeat or mitigate keylogger, overshoulder attacks, memory dump and screen capture. Secure keypad makes it more difficult to carry out targeted attacks to the user.
You can invoke the secure keypad when a PIN is required from the user. You can customize the top screen and implement the customized OK button behavior.
By default, this feature is not enabled in Protector OATH SDK. Hence, the application has to provide an activation code when configuring the SDK in order to use it. Refer to your Thales representative to obtain the activation codes.