近年來隨著手機的普遍性與手機科技的進步，越來越多的人使用智慧型手機，並利用智慧型手機上有關個人隱私亦或是身分認證等功能，若手機遭盜用後損失難以估計。上述許多功能需要使用者對智慧型手機進行較長時間的操作以存取資料，而目前市面上此類的應用程式僅透過密碼驗證方式進行識別，若使用過程中需要一直登入驗證使用者，則使用者很有可能為了方便而關閉此種驗證方式，或是直接將密碼記憶於手機中，導致登入驗證形同虛設。故本論文主要以利用智慧型手機上內建之方位感測器(orientation sensor)與觸控螢幕(touch screen)達到非侵入式(Non-intrusive)識別使用者行為習慣，以提高智慧型手機的安全等級。根據實驗結果顯示識別機制的相等錯誤率(Equal Error Rate)達到7%，證實此機制確實能夠區分不同使用者。

In recent years, with the widely used of the smartphone and advances in smartphone technology, more and more people use smartphones, and use the services on the smartphones, such as personal privacy information services and ID identification services. If the smartphone has been stolen or someone illegally uses your smartphone, it will make you suffer heavy losses. Most of the above mentioned functionalities are needed user to operate for a long time on smartphone so as to access data. However, currently, most of the applications are just only using the password authentication. If during using the smartphone, will often needing to authenticate user, will make user turn off the authentication mechanism, or save the password in the smartphone, makes the authentication mechanism useless. So the purpose of this paper use the smartphone’s embedded sensor, orientation sensor and touch screen, to achieve the non-intrusive user authentication, and enhance smartphone security level. The experiment results show that the proposed approach has an Equal-Error-Rate (EER) about 7%. Therefore, the multimodal authentication mechanism can distinguish users’ differences.

[1]Gartner Inc. (2012). Mobility Trends that Will Define the Next Decade. Available: http://www.businessinsider.com/android-9-charts-that-show-its-amazing-growth-2012-3#first-a-general-comparison-of-growth-rates-the-worlds-population-has-grown-6-in-the-last-five-years-the-number-of-mobile-internet-users-has-gone-up-more-than-4x-1
[2] Androidauthority. Global smartphone unit sales forecast. Available: http://www.androidauthority.com/smartphone-sales-statistics-vs-pc-58687/worldwide-smartphone-unit-sales-forecast/
[3] Gartner Inc. (2011). Gartner Identifies 10 Consumer Mobile Applications to Watch in 2012. Available: http://www.gartner.com/it/page.jsp?id=1544815
[4] Nakedsecurity. (2011). Survey says 70% don't password-protect mobiles. Available: http://nakedsecurity.sophos.com/2011/08/09/free-sophos-mobile-security-toolkit/
[5] J. Yan, et al., "Password memorability and security: Empirical results," Security & Privacy, IEEE, vol. 2, pp. 25-31, 2004.
[6] D. Weinshall and S. Kirkpatrick, "Passwords you'll never forget, but can't recall," presented at the CHI '04 extended abstracts on Human factors in computing systems, Vienna, Austria, 2004.
[7] N. Clarke, et al., "Flexible and transparent user authentication for mobile devices," Emerging Challenges for Security, Privacy and Trust, pp. 1-12, 2009.
[8] Google-Android. TouchScreen. Available: http://developer.android.com/guide/topics/ui/ui-events.html.
[9] Google-Android. Orientation sensor. Available: http://developer.android.com/guide/topics/sensors/sensors_position.html.
[10] S. Weidong, et al., "SenGuard: Passive user identification on smartphones using multiple sensors," in Wireless and Mobile Computing, Networking and Communications (WiMob), 2011 IEEE 7th International Conference on, 2011, pp. 141-148.
[11] M. Conti, et al., "Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call," presented at the Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 2011.