1 Introduction
Verifying the identity of a user before granting access to objects or services is an important step in nearly all applications or environments. Some applications (e.g. pervasive environment) may impose additional requirements for user authentication mechanism, such as to be continuous and unobtrusive. The continuous aspect of authentication refers to the constant or periodic re-verification of the identity. The second aspect (i.e. unobtrusiveness) refers to the fact that the authentication procedure should be convenient, implicit and without requiring user's explicit cooperation. For example, in pervasive environment the electronic devices are carried by the user almost all the time. However, the devices are not always under the attention of their owners, e.g. some people tend to forget, leave unattended or even lose the devices. Current authentication mechanisms in many personal electronic devices (e.g. mobile phones) are static. In other words, a user authenticates once (e.g. by entering a PIN code) and authentication lasts until the device is turned off. Consequently, the single-time (i.e. static) authentication is not sufficient, especially when the devices are used in high security applications. For instance, nowadays mobile phones can be used in application like m-banking or m-commerce [1]. On the other hand, in a pervasive system, the seamless interaction between the user and the device is a very important criteria. The conventional user authentication mechanisms (e.g. password-based or fingerprint-based), cannot be or is difficult to accommodate in such applications to meet continuous and unobtrusiveness requirements. Indeed, the process of frequently entering password or providing fingerprint on a mobile phone is explicit, requires user cooperation and can be very inconvenient and annoying. Therefore, better mechanisms for unobtrusive and continuous user authentication is required.