Implicit authentication (IA) is a technique that allows the smart device to recognize its owner by being acquainted with his/her behaviors. It is a technique that uses machine learning algorithms to learn user behavior through various sensors on the smart devices and achieve user identification.[1] [2] Most of the current authentication techniques, e.g., password, pattern lock, finger print and iris recognition, are explicit authentication which require user input. Comparing with explicit authentication, IA is transparent to users during the usage, and it significantly increases the usability by reducing time users spending on login, in which users find it more annoying than lack of cellular coverage.[3]
In Implicit authentication (IA), user behaviors (raw) data are captured by various sensors embedded in the smart device, and stored in the database preparing for further processing. After filtering out noise and selecting suitable features, the data will be sent to machine learning tool(s) which will train and return a fine-tuned model back to smart device. The smart device then uses the model as signature to identify the current user. Due to the battery and computation limitation of smart device, the training phase, in which most of the computations are carried out, is usually implemented in the remote server.[4] Some lightweight algorithms, e.g., Kl divergence, are implemented in the local device as parts of real-time authentication units which control lock mechanism of the device.
The developing of IA model largely depends on the operating systems, which usually adopt Android and iOS, and there are two different approaches to establish IA model, which are device-centric and application-centric.[5] Device-centric approaches, as the traditional way to establish IA model, leverage most of the information gathered by operating system from various sensors, and IA model is directly running above the operating system. Application-centric approaches however achieve IA through establishing individual framework in each app, which executes independently in the sandbox, and it preserves the intrinsic structure of operating system, while simplifies IA developing.
In 1977, Helen M. Wood[6] indicated that there were two types of bio-metric authentication approaches - physiological and behavioral bio-metrics. The second approach related to user's gait, location information and keystroke patterns. The utilization of the bio-metrics for user authentication had been developed in the field such as: location-based access control,[7] [8] notably keystroke dynamics and typing pattern.[9] In 2010, Shi et al. had migrated bio-metrics authentication approach to mobile device which contained many sensors, and significantly increased the accuracy of the authentication, and they called the new approach "implicit authentication".[10] Due to the fast growth of smart technology, smart device became more and more sophisticated with computational power grew in each year, and it provided the foundation for IA to achieve high accurate and user-friendly authentication. The current IA approaches mainly focused on touch sensor, GPS and accelerometer, and the corresponding techniques were SVM, kNN, GMM and topic model.