WatchAuth: User Authentication and Intent Recognition in Mobile Payments using a Smartwatch
This addresses security and convenience issues for mobile payment users by enabling implicit authentication without terminal updates, though it is incremental as it builds on existing gesture-based biometrics.
The paper tackled user authentication and intent recognition in mobile payments by using the tap gesture from a smartwatch as a biometric, achieving equal error rates of 0.08 for authentication and 0.04 for intent recognition.
In this paper, we show that the tap gesture, performed when a user 'taps' a smartwatch onto an NFC-enabled terminal to make a payment, is a biometric capable of implicitly authenticating the user and simultaneously recognising intent-to-pay. The proposed system can be deployed purely in software on the watch without requiring updates to payment terminals. It is agnostic to terminal type and position and the intent recognition portion does not require any training data from the user. To validate the system, we conduct a user study (n=16) to collect wrist motion data from users as they interact with payment terminals and to collect long-term data from a subset of them (n=9) as they perform daily activities. Based on this data, we identify optimum gesture parameters and develop authentication and intent recognition models, for which we achieve EERs of 0.08 and 0.04, respectively.