WatchAuth: user authentication and intent recognition in mobile payments using a smartwatch

Conference item

In this paper, we show that the tap gesture, performed when a user ‘taps’ a smartwatch onto an NFC-enabled terminal to make a payment, is a biometric capable of implicitly authenticating the user and simultaneously recognising intent-to-pay. The proposed system can be deployed purely in software on the watch without requiring updates to payment terminals. It is agnostic to terminal type and position and the intent recognition portion does not require any training data from the user. To validate the system, we conduct a user study (n=16) to collect wrist motion data from users as they interact with payment terminals and to collect long-term data from a subset of them (n=9) as they perform daily activities. Based on this data, we identify optimum gesture parameters and develop authentication and intent recognition models, for which we achieve EERs of 0.08 and 0.04, respectively.

Authors: Sturgess, JM; Eberz, S; Sluganovic, I; Martinovic, I

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: IEEE
• Host title: Proceedings of the 7th IEEE European Symposium on Security and Privacy (IEEE 2022)
• Pages: 377-391
• Publication date: 2022-06-23
• Acceptance date: 2022-03-01
• Event title: 7th IEEE European Symposium on Security and Privacy (IEEE 2022)
• Event location: Genoa
• Event website: https://www.ieee-security.org/TC/EuroSP2022/
• Event start date: 2022-06-06
• Event end date: 2022-06-10
• DOI: 10.1109/EuroSP53844.2022.00031
• EISBN: 978-1-6654-1614-6
• ISBN: 978-1-6654-1615-3
• Language: English
• Keywords: FFR