Biometric touchstroke authentication by fuzzy proximity of touch locations

Advancing touchscreen technologies lead to deployment of biometric passwords that could provide an additional security layer, therefore the presence of a secondary and hidden ghost password could restrain incoming fraud attacks even if the main password is stolen. Apart from the traditional keystroke methods dealing with the inter-key times, on-screen keyboards potentially have new features to extract. Provided that the touchscreen devices capture the touch locations, the users could intentionally create and save a ghost password by touching the predefined regions of the keys in enrollment session. However, while logging in, it is not easy to touch exactly the same points compared to the coordinates saved in enrollment; touching closer coordinates in each attempt is still possible though. From this viewpoint, we introduce a fuzzy classifier with the mathematical foundations of fuzzy proximity and inference for a novel location-based authentication system running on an emulated on-screen keyboard. We mainly focused on extracting the global coordinates that the user is touching in the two-step enrollment, which is so common in conventional registration interfaces. As the main classifier, a fuzzy inference system is implemented with proximity control of the touches for registration and login sessions. The results of the classification procedure are greatly encouraging that only one of sixty four fraud attacks was inadvertently granted; while the false reject rate is 0% and the false accept rate is 1.56% with the equal error rate is 1.61% which indeed represents one of the lowest among the classifiers introduced before (C) 2018 Elsevier B.V. All rights reserved.