Fingerprint and location based multifactor authentication for mobile applications


  • Norah Abdullah Aldumiji Umm Al-Qura University
  • Esam Ali Khan Umm Al-Qura University





Authentication, Biometrics, location, Multifactor, Smartphone.


Authentication, which involves the verification of identity, is one of the most important security features. It usually depends on three factors: something you know (knowledge), something you have (token) and something you are (biometrics). In this paper, we propose the use of biometrics (fingerprints) with a fourth factor, namely location (i.e., where you are), in order to develop a privacy- friendly multi-factor authentication scheme suitable for smartphone applications.




[1] M. Looi, Enhanced authentication services for internet systems using mobile networks, in Global Telecommunications Conference, 2001, 2001.

[2] D. E. Denning and P. F. MacDoran, Location-based authentication: Grounding cyberspace for better security, Internet besieged, October 1997, 167-174.

[3] C. Wullems, M. Looi and A. Clark, nhancing the security of internet applications using location: A new model for tamper-resistant GSM location, in Computers and Communication, 2003., July 2003.

[4] D. Dasgupta, A. Roy and A. Nag, Multi-Factor Authentication, Advances in User Authentication, 2017, 185-233.

[5] N. Ratha, J. Connell, R. M. Bolle and S. Chikkerur, Cancelable Biometrics: A Case Study in Fingerprints, in 18th International Conference on Pattern Recognition (ICPR'06), 2006.

[6] N. K. Ratha, S. Chikkerur, J. H. Connell and R. M. Bolle, Generating cancelable fingerprint templates, IEEE Transactions on pattern analysis and machine intelligence, 2007, 561-572.

[7] S. Tulyakov, F. Farooq, P. Mansukhani and V. Govindaraju, Symmetric hash functions for secure fingerprint biometric systems, Pattern Recognition Letters, vol. 28, no. 16, 2007, 2427-2436

[8] G. Kumar, S. Tulyakov and V. Govindaraju, Combination of symmetric hash functions for secure fingerprint matching. In Pattern Recognition (ICPR), in 20th International Conference, 2010.

[9] M. Barni, T. Bianchi, D. Catalano, D. R. M., R. Donida Labati, P. Failla and A. Piva, Privacy-preserving fingercode authentication, in In Proceedings of the 12th ACM workshop on Multimedia and security, 2010.

[10] Y. Zhang and F. Koushanfar, Robust privacy-preserving fingerprint authentication, in In Hardware Oriented Security and Trust (HOST), 2016 IEEE International Symposium, 2016.

[11] D. Denning and P. Macdoran, Location-based authentication: Grounding cyberspace for better security, Computer Fraud & Security, 1996.

[12] Y. B. L. Cho and M. T. Goodrich, in In Mobile and Ubiquitous Systems: Networking & Services, 2006 Third Annual International Conference, 2006.

[13] H. Takamizawa and K. Kaijiri, A web authentication system using location information from mobile telephones, in n Proceedings of the IASTED International Conference Web-based Education, 2009.

[14] F. Zhang, A. Kondoro and S. Muftic, Location-based authentication and authorization using smart phones, in n Trust, Security and Privacy in Computing and Communications (TrustCom), 2012.

[15] A. Hammad and P. Faith, LOCATION BASED AUTHENTICATION, U.S. Patent No. 20,170,286,953. Washington, DC: U.S. Patent and Trademark Office.â€, 2017.

[16] S. H. Khan, M. A. Akbar, F. Shahzad, M. Farooq and Z. Khan, Secure biometric template generation for multi-factor authentication, Pattern Recognition, vol. 48, no. 2, 2015, 458-472,

[17] I. A. Lami, T. Kuseler, H. Al-Assam and S. Jassim, LocBiometrics: Mobile phone based multifactor biometric authentication with time and location assurance., in In Proc. 18th Telecommunications Forum., 2010.

[18] keytool - Key and Certificate Management Tool, Oracle, http:// [Accessed 11 MAR 2018].

[19] J. Bonneau, C. Herley, P. C. Van Oorschot and F. Stajano, the quest to replace passwords: A framework for comparative evaluation of web authentication schemes, in Security and Privacy (SP), 2012 IEEE Symposium, 2012.

[20] M. MANNAN and P. C. VAN OORSCHOT, Passwords for Both Mobile and Desktop Computers.

[21] Ho, Y. L., Bendrissou, B., Azman, A., & Lau, S. H., BlindLogin: A Graphical Authentication System with Support for Blind and Visually Impaired Users on Smartphones., American Journal of Applied Sciences, 2017.

[22] H Fujii and Y Tsuruoka, SV-2FA: Two-factor user authentication with SMS and voiceprint challenge response., in In Internet Technology and Secured Transactions (ICITST), 2013 8th International Conference, 2013.

[23] S. Mare, A. Molina-Markham, C. Cornelius, R. Peterson and D. Kotz, ZEBRA: Zero-Effort Bilateral Recurring Authentication., Companion report, 2014.

[24] X. Zhu, S. Yu and Q. Pei, QuickAuth: Two-Factor Quick Authentication Based on Ambient Sound., in In Global Communications Conference (GLOBECOM), 2016.

[25] A. S. Arif, A. Mazalek and W. Stuerzlinger, The use of pseudo pressure in authenticating smartphone users., in Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, 2014.

[26] K. I. Shin, J. S. Park, J. Y. Lee and J. H. Park, Design and implementation of improved authentication system for android smartphone users., in Advanced Information Networking and Applications Workshops (WAINA), 2012 26th International Conference, 2012.

[27] I. Jermyn, A. Mayer, F. Monrose, M. K. Reoter and A. D. Rubin, The Design and Analysis of Graphical Passwords, in Proceedings of the 8th USENIX Security Symposium, Washington, DC., 2000.

[28] A. F. Syukri, E. Okamoto and M. Mambo, A user identification system using signature written with mouse, in Australasian Conference on Information Security and Privacy, Berlin, Heidelberg., 1998, July.

[29] C. Varenhorst, M. V. Kleek and L. Rudolph, Passdoodles: A lightweight authentication method., in Research Science Institute., 2004.

[30] S. Wiedenbeck, J. Waters, J. C. Birget, A. Brodskiy and N. Memon, Authentication using graphical passwords: Effects of tolerance and image choice., in Proceedings of the 2005 symposium on Usable privacy and security, 2005, July.

[31] A. Bhand, V. Desale, S. Shirke and S. P. Shirke, Enhancement of password authentication system using graphical images, in Information Processing (ICIP), 2015 International Conference, 2015, December.

[32] V. Moraskar, S. Jaikalyani, M. Saiyyed, J. Gurnani and K. Pendke, Cued Click Point Technique for Graphical Password Authentication, International Journal of Computer Science and Mobile Computing 3 (1)., 2014, 166-172.

[33] P. Corporation, The science behind Passfaces, http:// [Accessed 11 8 2018].

[34] R. Dhamija and A. Perrig, "Deja Vu: A User Study. Using Images for Authentication, in Proceedings of the 9th USENIX Security Symposium, August 2000.

[35] L. Sobrado and J. C. Birget, Graphical passwords., The Rutgers Scholar, an electronic Bulletin for undergraduate research., vol. 4, no. 2002, 12-18.

[36] S. Venugopalan and M. Savvides, How to generate spoofed irises from an iris code template., IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, 2011, 385-395.

[37] A. Swaminathan, N. Kumar and M. R. Kumar, Review of Numerous Facial Recognition Techniques in Image Processing., 2014.

[38] C. Brown, Palm vein authentication system launched for mobile devices, http://, [Accessed 15 August 2017].

[39] Y. Renard, F. Lotte, G. Gibert, et al, Open VibE: An Open Source Software Platform to design, Test and Use Brain-Computer Interfaces in Real and Virtual Environments, teleoperators and virtual environments, vol. 19, no. 1, 2010, 35-53.

[40] N. Sae-Bae, K. Ahmed, K. Isbister and N. Memon, Biometric-rich gestures: a novel approach to authentication on multi-touch devices., in n Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, May 2012.

[41] U. Garg and Y. K. Meena, User authentication using keystroke recognition., in In Proceedings of international conference on advances in computing, New Delhi, 2013.

[42] J. C. D. Lima, C. C. Rocha and I. Augustin, A Context-Aware Recommendation System to Behavioral Based Authentication in Mobile and Pervasive Environments., in in 2011 IFIP Ninth International Conference on Embedded and Ubiquitous Computing, October 2011.

[43] M. Jakobsson, E. G. Shi, P. and R. Chow, Implicit authentication for mobile devices,"in In Proceedings of the 4th USENIX conference on Hot topics in security., 2009.

[44] N. Haller, C. Metz, P. Nesser and M. Straw, A one-time password system (No. RFC 2289), 1998.

[45] google 2-step Verification, google, http://

View Full Article:

Additional Files