Creative Options for Better Authentication of Mobile Phone Users

Mobile phone authentication can move beyond awkward passwords and PINs by leveraging built-in sensors for fingerprints, walking patterns, facial geometry, voice, thermal imaging, and grip characteristics. Combining multiple methods and contextual bio-patterns from activity trackers could achieve the right balance between false positives and false negatives.

If you think your mobile phone is already deeply embedded in your life, consider the critical role it will have in just a few years. As the importance and sensitivity of the data handled by mobile phones increase, so do the repercussions of the devices falling into unauthorized hands. Manufacturers and app developers will need to implement creative ways of authenticating legitimate phone users without relying on awkward passwords and PINs. Here are a few creative options for determining whether an authorized person is using the phone:

• Scan the user’s fingerprint while the person is holding the phone. Apple’s purchase of AuthenTec fueled speculations that Apple will include a 2D fingerprint reader in an upcoming iPhone.
• Identify the unique walking pattern of the phone’s user using an accelerometer already built into many smartphones. This authentication approach is described in a paper titled Pace Independent Human Identification Using Cell Phone Accelerometer Dynamics.
• Examine the user’s appearance using the phone’s built-in camera, potentially looking at eye patterns, facial geometry or ear shape. One such approach is described in the paper Face and Eye Detection for Person Authentication in Mobile Phones. For another example, consider EyeVerify’s authentication software based on eye vein biometrics.
• Analyze the phone user’s thermal imaging patterns as means of authentication. This approach is described in the paper Thermal Imaging As A Biometrics Approach To Facial Signature Authentication. For an example of thermal imaging phone technology, see the IR-Blue accessory for iPhone and Android devices.
• Tune into the user’s voice patterns to authenticate the person using approaches outlined in the paper Shedding Some Light on Voice Authentication and implemented by researchers in the context of mobile phones.
• Sense the manner in which the user holds the phone, paying attention to the strength of the grip or finger placement. This approach is being discussed in the context of firearms—see papers Hangrip Recognition and Algorithm Design for Grip-Pattern Verification in Smart Gun. It could be applied to mobile phones, too.

Authentication factors above might not work on their own, but they could be combined with each other to reach the right balance between false positives and false negatives.

For additional context, the authentication decision could account for the expected bio-pattern of the legitimate user, such as the heart rate range that could be obtained using activity trackers that integrate with phones, such as FuelBand, Fitbit or UP. The phone could also pay attention to the user’s breathing patterns, in the style of the Breathing Zone iPhone App. The decision could also incorporate the person’s expected physical location and activities (i.e. jogging); for an example of the phone can “predict” the user’s activities see the Google Now app.

Innovative authentication options are gradually becoming available for mobile phones. More will come to light over the next few years. In the next decade, we’ll see authentication mechanisms that effortlessly tie the bio-measured identity and context with the phone’s hardware and software functions. In some ways, it will be hard to distinguish between the mobile device and its user.

For a follow up to this post, take a look at Beyond Logins: Continuous and Seamless User Authentication.