Today, if a user wants to access a device such as kiosks, public computers, and other shared devices, e.g., smart speakers, etc. for transient or periodic user, the user still has to sign into the device, often entering their username and password. The login process can be cumbersome and poses a security risk to the user’s account. This disclosure describes user authentication of host devices based on a combination of user biometrics and user proximity. Upon detection of the presence of a host device by a user’s mobile device, an unauthenticated connection, over channels such as Bluetooth or Wi-Fi, is first established between the mobile device and the host device to exchange metadata. The mobile device provides an encrypted ephemeral identifier (EID) to the host device. A biometric identifier, such as a facial photograph or a fingerprint, is provided by the user to the host device. The biometric is then sent from the host device to the mobile device via the unauthenticated connection to be verified. Upon verification of the biometric identifier, an appropriately scoped authorization token is provided to the host device, tailored to the specific functionality of the host device for a limited duration.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.