Abstract

Due to the increasing popularity of mobile technologies, sensitive user information is often stored on mobile devices. However, the essential task of mobile user authentication is rendered more challenging by the conflicting requirements of security and usability: usable solutions are often insecure, while secure solutions hinder device accessibility. In this paper we propose TAP (Typing Authentication and Protection), a virtual key typing based authentication system for mobile devices that takes steps toward addressing this tradeoff. TAP transparently enhance the security of the mobile device in two stage, the login stage and the post-login stage. In the login stage, TAP leverages the biometric information embedded in the typing habit and hand morphology to accomplish secure user identity management with a simple password. While in the post-login stage, TAP transparently monitors the user's virtual key dynamics behavior to continuously authenticate the user. We evaluated three user studies which compare authentication performance under different virtual key typing settings, without pressure and haptics feedback, with pressure information, and with both pressure and haptics feedback. The experiments demonstrated our TAP can maintain both security and usability for the mobile system.