Product Demonstration – BankVault Keyboard

Live Demo

Invisible Keyboard for Web Apps
Fortifying Security Seamlessly without 2FA

BankVault’s Invisible Keyboard fortifies security for web applications by ensuring passwords entered on devices can never be intercepted by hackers. This sophisticated technology is seamless to end users and can be integrated with only a few lines of code.  It blocks the 5 major attack vectors: Keyloggers, Screenscraping, Man-in-the-Middle, Bots and Phishing.

Mobile 

The mobiles local keyboard switches to an invisible keyboard on specified fields, such as passwords or PINs.  No character is created in the local device’s operating system and only asterisks appear onscreen.  The application host can randomize the QWERTY keyboard slightly as a security measure.   The demo simply shows the secret password and would normally log the user straight into their system. 
 
Step 1:  Enter anything into either field, then press Login.   
 
The keyboard is a technical illusion, where the user’s actions on screen can only be interpreted by the remote web server.
  • No characters are created in the device and so there is nothing to intercept. 
  • Screen locations are randomized to thwart any malware learning the users pattern. 

The characters entered only exist inside the web server.   The user continues to work as normal once authenticated. 

 

Workstation 
A unique QR code on your laptop screen launches an invisible keyboard on your mobile which synchronises with the remote web server.  You can enter anything into either field and press Login. The demo simply shows the secret password but normally would log the user straight into their system. 
 
Step 1:   Scan the QR code to download the BankVault app.   
Step 2:   Open the app to scan the QR code.
 
The keyboard is a technical illusion, where a users actions on screen can only be interpreted by the remote web server.
  • No characters are created on the laptop. 
  • No characters are created on the smartphone.

The illusion is that the smartphone is connected to the PC.  However there is no connection.  Both devices intercept the web server. The characters entered only ever exist inside the web server.  Once a user is authenticated they continue to work as normal.