An assistant professor at Louisiana State University is studying two new forms of manual authentication over the phone. Chen Wang is part of the IT department and hopes to achieve commercialization of his two projects within the next three years.
The first of the two is designed to prevent unauthorized users from viewing sensitive information that may be displayed in a notification screen. When someone receives a notification, the phone usually plays a sound. Wang’s system will record this sound and any tonal differences resulting from the person holding it. In this regard, Wang noted that everyone holds their phone differently due to factors such as finger length and grip strength. These factors attenuate or refract sound in unique ways, so the phone’s mic can learn these patterns and use them to verify the identity of the person holding it, much like a voice recognition would record the fingerprint. someone’s unique voice.
In practice, the phone will display the full notification if it is in the hands of its real owner. Otherwise, it will only show the number of notifications, hiding more sensitive details from onlookers, or a friend or family member holding it. Wang is developing the technology alongside third-year doctoral student Long Huang, who published a paper on the subject with Wang at Mobicom 2021.
The other technique is being developed with second-year doctoral student Ruxin Wang and computer science graduate Kailyn Maiden, and is similar to palm-based identification systems. The difference is that Chen Wang’s system scans the back of the hand rather than the palm. The system is specifically intended for use when someone is holding their phone to interact with another device, such as a kiosk or payment terminal. If that device has a camera, it can scan the back of the hand that’s holding the phone and analyze features like grip shape and skin color to match that hand to a registered fingerprint and verify the identity of this person. In doing so, it seamlessly adds a second authentication factor that can bolster QR code or token-based security systems.
Wang, Wang, and Maiden plan to publish a paper on the new modality at the ACM CHI 2022 conference on Human Factors in Computing Systems. Researchers from both projects are also taking steps to improve the accuracy of both systems and to ensure that they are resistant to spoofing attacks performed with fake hands or acoustic replay.
Aerendir, meanwhile, already authenticates users based on how they hold their phone, though the company’s solution relies on proprioceptive biometrics rather than acoustics.
March 14, 2022 – by Eric Weiss