Smartphone as a biometric service for web authentication

Abstract

Authentication is a crucial solution to be considered for securing an application or user's personal data. It is a mechanism that plays a role to allow only the rightful user to access an application and the corresponding data, without allowing any kind of impersonation. To avoid this impersonation, biometric mechanisms have been used to read some biological characteristic from the user. However, the extra hardware needed for reading the biometric feature is usually a problem. Besides, in some scenarios, this will definitely avoid its adoption. Nonetheless, nowadays, this problem may be reduced since almost every adult person possesses a smartphone, which contains several sensors that can be used to read biometric information from a user. This work proposes a mechanism to allow a smartphone to act as a biometric reader for different levels of task/data available in a web application. In order to bind a smartphone to a web application, we use QR-Code sent from a web server to a web client, which will have to be read by a smartphone and then be sent back to the web server, so the web server knows that the actual user is close to the web client. This paper also provides a discussion on how to evaluate the usability of the proposed mechanism.