Search Results (179)

The widespread adoption of mobile devices has made secure and user-friendly biometric authentication critical. However, widely used modalities such as fingerprint and facial recognition show limited robustness under uncontrolled illumination and on heterogeneous devices. In contrast, palmprint recognition offers strong potential because of its rich textural patterns and high discriminative power. This study addresses the limitations of laboratory-based datasets that fail to capture real-world challenges. We introduce MPW-180, a novel dataset comprising videos of 180 participants recorded on their own smartphones in everyday environments. By systematically incorporating diverse illumination conditions (with and without flash) and natural free-hand movements, MPW-180 is the first dataset to adopt a bring-your-own-device paradigm, providing a realistic benchmark for evaluating generalization in mobile biometric models. In addition, we propose PalmWildNet, an SE-block-enhanced deep learning architecture trained with Triplet Loss and a cross-illumination sampling strategy. The experimental results show that conventional methods suffer over 50% performance degradation under cross-illumination conditions. In contrast, our method reduces the Equal Error Rate to 1–2% while maintaining an accuracy above 97%. These findings demonstrate that the proposed framework not only tolerates illumination variability but also learns robust illumination-invariant representations, making it well-suited for mobile biometric authentication. Full article

A smart device unlocking scheme based on ultrasonic gesture recognition is proposed, allowing users to unlock their devices by customizing the unlock code through gesture movements. This method utilizes ultrasound to detect multiple consecutive gestures, identifying micro-features within these gestures for authentication. To enhance recognition accuracy, an unsupervised segmentation algorithm is employed to accurately segment the gesture feature region and extract the time-frequency domain data of the gestures. Additionally, two-stage data enhancement techniques are applied to generate user-specific data based on a small sample size. Finally, the user-specific model is deployed to mobile devices via transfer learning for on-device, real-time inference. Experimental validation on a commercial smartphone (Redmi K50) demonstrates that the entire authentication pipeline, from signal acquisition to decision, processes 8 types of gestures in a sequence in sequence in approximately 1.2 s, with the core model inference taking less than 50 milliseconds. This ensures that the raw biometric data (ultrasonic echoes) and the recognition results never leave the user’s device during authentication, thereby safeguarding privacy. It is important to note that while model training is performed offline on a server to leverage greater computational resources for personalization, the deployed system operates fully in real time on the edge device. Experimental results demonstrate that our system achieves accurate and robust identity verification, with an average five-fold cross-validation accuracy rate of up to $93.56\%$, and it shows robustness across different environments. Full article

Biometric authentication, such as facial recognition and fingerprint scanning, is now standard on mobile devices, offering secure and convenient access. However, the processing of biometric data is tightly regulated under the European Union’s General Data Protection Regulation (GDPR), where such data qualifies as “special category” personal data when used for uniquely identifying individuals. Compliance requires meeting strict conditions, including explicit consent and data protection by design. Passkeys, the modern name for FIDO2-based authentication credentials developed by the FIDO Alliance, enable passwordless login using public key cryptography. Its “match-on-device” architecture stores biometric data locally in secure hardware (e.g., Android’s Trusted Execution Environment, Apple’s Secure Enclave), potentially reducing the regulatory obligations associated with cloud-based biometric processing. This paper examines how Passkeys are implemented on Android and iOS platforms and their differences in architecture, API access, and hardware design, and how those differences affect compliance with the GDPR. Through a comparative analysis, we evaluate the extent to which each platform supports local processing, data minimization, and user control—key principles under GDPR. We find that while both platforms implement strong local protections, differences in developer access, trust models, and biometric isolation can influence the effectiveness and regulatory exposure of Passkeys deployment. These differences have direct implications for privacy risk, legal compliance, and implementation choices by app developers and service providers. Our findings highlight the need for platform-aware design and regulatory interpretation in the deployment of biometric authentication technologies. This work can help inform stakeholders, policymakers, and legal experts in drafting robust privacy and ethical policies—not only in the realm of biometrics but across AI technologies more broadly. By understanding platform-level implications, future frameworks can better align technical design with regulatory compliance and ethical standards. Full article

The Zero Trust Architecture (ZTA) model has emerged as a foundational cybersecurity paradigm that eliminates implicit trust and enforces continuous verification across users, devices, and networks. This study presents a systematic literature review of 74 peer-reviewed articles published between 2016 and 2025, spanning domains such as cloud computing (24 studies), Internet of Things (11), healthcare (7), enterprise and remote work systems (6), industrial and supply chain networks (5), mobile networks (5), artificial intelligence and machine learning (5), blockchain (4), big data and edge computing (3), and other emerging contexts (4). The analysis shows that authentication, authorization, and access control are the most consistently implemented ZTA components, whereas auditing, orchestration, and environmental perception remain underexplored. Across domains, the main challenges include scalability limitations, insufficient lightweight cryptographic solutions for resource-constrained systems, weak orchestration mechanisms, and limited alignment with regulatory frameworks such as GDPR and HIPAA. Cross-domain comparisons reveal that cloud and enterprise systems demonstrate relatively mature implementations, while IoT, blockchain, and big data deployments face persistent performance and compliance barriers. Overall, the findings highlight both the progress and the gaps in ZTA adoption, underscoring the need for lightweight cryptography, context-aware trust engines, automated orchestration, and regulatory integration. This review provides a roadmap for advancing ZTA research and practice, offering implications for researchers, industry practitioners, and policymakers seeking to enhance cybersecurity resilience. Full article

Fingerprint authentication systems encounter growing threats from presentation attacks, making strong liveness detection crucial. This work presents a deep learning-based framework integrating EfficientNetB0 with a Squeeze-and-Excitation (SE) attention approach, using transfer learning to enhance feature extraction. The LivDet 2015 dataset, composed of both real and fake fingerprints taken using four optical sensors and spoofs made using PlayDoh, Ecoflex, and Gelatine, is used to train and test the model architecture. Stratified splitting is performed once the images being input have been scaled and normalized to conform to EfficientNetB0’s format. The SE module adaptively improves appropriate features to competently differentiate live from fake inputs. The classification head comprises fully connected layers, dropout, batch normalization, and a sigmoid output. Empirical results exhibit accuracy between 98.50% and 99.50%, with an AUC varying from 0.978 to 0.9995, providing high precision and recall for genuine users, and robust generalization across unseen spoof types. Compared to existing methods like Slim-ResCNN and HyiPAD, the novelty of our model lies in the Squeeze-and-Excitation mechanism, which enhances feature discrimination by adaptively recalibrating the channels of the feature maps, thereby improving the model’s ability to differentiate between live and spoofed fingerprints. This model has practical implications for deployment in real-time biometric systems, including mobile authentication and secure access control, presenting an efficient solution for protecting against sophisticated spoofing methods. Future research will focus on sensor-invariant learning and adaptive thresholds to further enhance resilience against varying spoofing attacks. Full article

Background/Objectives: As global aging accelerates, there is a pressing and empirically substantiated demand for integrated and sustainable strategies, as evidenced by the rising prevalence rates of chronic conditions, social isolation, and digital exclusion among older adults worldwide. These factors underscore the urgent need for multidimensional interventions that simultaneously target physical, psychological, and social well-being. The HOPE-FIT (Hybrid Outreach Program for Exercise and Follow-up Integrated Training) model and the SAGE (Senior Active Guided Exercise) program were designed to address this need through a hybrid framework. These programs foster inclusive aging by explicitly bridging digitally underserved groups and mobility-restricted populations into mainstream health promotion systems through tailored exercise, psychosocial support, and smart-home technologies, thereby functioning as a scalable meta-model across healthcare, community, and policy domains. Methods: HOPE-FIT was developed through a formative, multi-phase process grounded in the RE-AIM framework and a Hybrid Type II effectiveness–implementation design. The program combines professional health coaching, home-based and digital exercise routines, Acceptance and Commitment Performance Training (ACPT)-based psychological strategies, and smart-home monitoring technologies. Empirical data from pilot studies, large-scale surveys (N = 1000), and in-depth user evaluations were incorporated to strengthen validity and contextual adaptation. Culturally tailored content and participatory feedback from older adults further informed ecological validity and program refinement. Implementation Strategy/Framework: The theoretical foundation integrates implementation science with behavioral and digital health. The RE-AIM framework guided reach, fidelity, and maintenance planning, while the Hybrid E–I design enabled the concurrent evaluation of effectiveness outcomes and contextual implementation strategies. Institutional partnerships with community centers, public health organizations, and welfare agencies further facilitated the translation of the model into real-world aging contexts. Dissemination Plan: The multi-pronged dissemination strategy includes international symposia, interdisciplinary academic networks, policy briefs, localized community deployment, and secure, authenticated data sharing for reproducibility. This design facilitates evidence-informed policy, empowers practitioners, and advances digital health equity. Ultimately, HOPE-FIT constitutes a scalable and inclusive model that concretely addresses health disparities and promotes active, dignified aging across systems and disciplines. Full article

As network infrastructure and Internet of Things (IoT) technologies continue to evolve, immersive systems such as virtual reality (VR) are becoming increasingly integrated into interconnected environments. These advancements allow real-time processing of multi-modal data, improving user experiences with rich visual and three-dimensional interactions. However, ensuring continuous user authentication in VR environments remains a significant challenge. To address this issue, an effective user monitoring system is required to track VR users in real time and trigger re-authentication when necessary. Based on this premise, we propose a multi-modal authentication framework that uses eye-tracking data for authentication, named MobileNetV3pro. The framework applies a transfer learning approach by adapting the MobileNetV3Large architecture (pretrained on ImageNet) as a feature extractor. Its pre-trained convolutional layers are used to obtain high-level image representations, while a custom fully connected classification is added to perform binary classification. Authentication performance is evaluated using Equal Error Rate (EER), accuracy, F1-score, model size, and inference time. Experimental results show that eye-based authentication with MobileNetV3pro achieves a lower EER (3.00%) than baseline models, demonstrating its effectiveness in VR environments. Full article

As a new generation of mobile communication networks, 6G security faces many new security challenges. Vehicle to Everything (V2X) will be an important part of 6G. In V2X, connected and automated vehicles (CAVs) need to frequently share data with other vehicles and infrastructures. Therefore, identity revocation technology in the authentication is an important way to secure CAVs and other 6G scenario applications. This paper proposes an efficient credential revocation scheme with a four-layer architecture. First, a rapid pre-filtration layer is constructed based on the cuckoo filter, responsible for the initial screening of credentials. Secondly, a directed routing layer and the precision judgement layer are designed based on the consistency hash and the dynamic RSA accumulator. By proposing the dynamic expansion of the RSA accumulator and load-balancing algorithm, a smaller and more stable revocation delay can be achieved when many users and terminal devices access 6G. Finally, a trusted storage layer is built based on the blockchain, and the key revocation parameters are uploaded to the blockchain to achieve a tamper-proof revocation mechanism and trusted data traceability. Based on this architecture, this paper also proposes a detailed identity credential revocation and verification process. Compared to existing solutions, this paper’s solution has a combined average improvement of 59.14% in the performance of the latency of the cancellation of the inspection, and the system has excellent load balancing, with a standard deviation of only 11.62, and the maximum deviation is controlled within the range of ±4%. Full article

Data over sound (DoS) is an established technique that has experienced a resurgence in recent years, finding applications in areas such as contactless payments, device pairing, authentication, presence detection, toys, and offline data transfer. This study introduces CardiaWhisper, a system that extends the DoS concept to the medical domain by using a medical data-over-sound (MDoS) framework. CardiaWhisper integrates wearable biomedical sensors with home care systems, edge or IoT gateways, and telemedical networks or cloud platforms. Using a transmitter device, vital signs such as ECG (electrocardiogram) signals, PPG (photoplethysmogram) signals, RR (respiratory rate), and ACC (acceleration/movement) are sensed, conditioned, encoded, and acoustically transmitted to a nearby receiver—typically a smartphone, tablet, or other gadget—and can be further relayed to edge and cloud infrastructures. As a case study, this paper presents the real-time transmission and processing of ECG signals. The transmitter integrates an ECG sensing module, an encoder (either a PLL-based FM modulator chip or a microcontroller), and a sound emitter in the form of a standard piezoelectric speaker. The receiver, in the form of a mobile phone, tablet, or desktop computer, captures the acoustic signal via its built-in microphone and executes software routines to decode the data. It then enables a range of control and visualization functions for both local and remote users. Emphasis is placed on describing the system architecture and its key components, as well as the software methodologies used for signal decoding on the receiver side, where several algorithms are implemented using open-source, platform-independent technologies, such as JavaScript, HTML, and CSS. While the main focus is on the transmission of analog data, digital data transmission is also illustrated. The CardiaWhisper system is evaluated across several performance parameters, including functionality, complexity, speed, noise immunity, power consumption, range, and cost-efficiency. Quantitative measurements of the signal-to-noise ratio (SNR) were performed in various realistic indoor scenarios, including different distances, obstacles, and noise environments. Preliminary results are presented, along with a discussion of design challenges, limitations, and feasible applications. Our experience demonstrates that CardiaWhisper provides a low-power, eco-friendly alternative to traditional RF or Bluetooth-based medical wearables in various applications. Full article

This study addresses a critical gap in understanding how mobile banking applications contribute to sustainable development by introducing a novel text mining framework to analyze sustainability dimensions through user-generated content. We analyzed 120,000 reviews from six major Turkish mobile banking applications using an ownership-sensitive analytical approach that integrates structural topic modeling with four sustainability dimensions (environmental, social, governance, and economic). Our analysis reveals significant institutional differences in sustainability approaches: government-owned banks demonstrate substantially stronger overall sustainability orientation (23.43% vs. 11.83% coverage) with pronounced emphasis on social sustainability (+181.7% growth) and economic development (+104.2% growth), while private banks prioritize innovation-focused sustainability. The temporal analysis (2022–2025) shows accelerating sustainability emphasis across all institutions, with distinct evolution patterns by ownership type. Institution-specific sustainability profiles emerge clearly, with each government bank demonstrating distinctive focus areas aligned with historical missions: cultural heritage preservation, agricultural sector support, and small business development. Mapping to Sustainable Development Goals reveals that government banks prioritize development-focused goals (SDGs 1, 8, and 10), while private banks emphasize innovation-focused goals (SDGs 9 and 17). This research makes three key contributions: demonstrating user-generated content as an effective lens for authentic sustainability assessment, establishing ownership-sensitive evaluation frameworks for digital banking sustainability, and providing empirical evidence for contextualized rather than universal sustainability strategies. The findings offer strategic implications for financial institutions, policymakers, and app developers seeking to enhance sustainable digital banking transformation. Full article

As climate change concerns, urban congestion, and environmental degradation intensify, cities prioritise cycling as a sustainable transport option to reduce CO₂ emissions and improve quality of life. However, rampant bicycle theft and poor security infrastructure often deter daily commuters and tourists from cycling. This study explores how advanced security measures can bolster sustainable urban mobility and tourism by addressing these challenges. A mixed-methods approach is utilised, incorporating primary survey data from Slovenia and secondary data on bicycle sales, imports and thefts from 2015 to 2024. Findings indicate that access to secure parking substantially enhances users’ sense of safety when commuting by bike. Regression analysis shows that for every 1000 additional bicycles sold, approximately 280 more thefts occur—equivalent to a 0.28 rise in reported thefts—highlighting a systemic vulnerability associated with sustainability-oriented behaviour. To bridge this gap, the study advocates for an innovative security framework that combines blockchain technology and Non-Fungible Tokens (NFTs) with encrypted Quick Response (QR) codes. Each bicycle would receive a tamper-proof QR code connected to a blockchain-verified NFT documenting ownership and usage data. This system facilitates real-time authentication, enhances traceability, deters theft, and builds trust in cycling as a dependable transport alternative. The proposed solution merges sustainable transport, digital identity, and urban security, presenting a scalable model for individual users and shared mobility systems. Full article

Facial authentication has gained widespread adoption as a biometric authentication method, offering a convenient alternative to traditional password-based systems, particularly on mobile devices equipped with front-facing cameras. While this technology enhances usability and security by eliminating password management, it remains highly susceptible to spoofing attacks. Adversaries can exploit facial recognition systems using pre-recorded photos, videos, or even sophisticated 3D models of victims’ faces to bypass authentication mechanisms. The increasing availability of personal images on social media further amplifies this risk, making robust anti-spoofing mechanisms essential for secure facial authentication. To address these challenges, we introduce FaceCloseup, a novel liveness detection technique that strengthens facial authentication by leveraging perspective distortion inherent in close-up shots of real, 3D faces. Instead of relying on additional sensors or user-interactive gestures, FaceCloseup passively analyzes facial distortions in video frames captured by a mobile device’s camera, improving security without compromising user experience. FaceCloseup effectively distinguishes live faces from spoofed attacks by identifying perspective-based distortions across different facial regions. The system achieves a 99.48% accuracy in detecting common spoofing methods—including photo, video, and 3D model-based attacks—and demonstrates 98.44% accuracy in differentiating between individual users. By operating entirely on-device, FaceCloseup eliminates the need for cloud-based processing, reducing privacy concerns and potential latency in authentication. Its reliance on natural device movement ensures a seamless authentication experience while maintaining robust security. Full article

With the increasing demand for drones in diverse tasks, the Internet of Drones (IoD) has recently emerged as a significant technology in academia and industry. The IoD environment enables various services, such as traffic and environmental monitoring, disaster situation management, and military operations. However, IoD communication is vulnerable to security threats due to the exchange of sensitive information over insecure public channels. Moreover, public key-based cryptographic schemes are impractical for communication with resource-constrained drones due to their limited computational capability and resource capacity. Therefore, a secure and lightweight key agreement scheme must be developed while considering the characteristics of the IoD environment. In 2024, Alzahrani proposed a secure key agreement protocol for securing the IoD environment. However, Alzahrani’s protocol suffers from high computational overhead due to its reliance on elliptic curve cryptography and is vulnerable to drone and mobile user impersonation attacks and session key disclosure attacks by eavesdropping on public-channel messages. Therefore, this work proposes a lightweight and security-enhanced key agreement scheme for the IoD environment to address the limitations of Alzahrani’s protocol. The proposed protocol employs a physical unclonable function and simple cryptographic operations (XOR and hash functions) to achieve high security and efficiency. This work demonstrates the security of the proposed protocol using informal security analysis. This work also conducted formal security analysis using the Real-or-Random (RoR) model, Burrows–Abadi–Needham (BAN) logic, and Automated Verification of Internet Security Protocols and Applications (AVISPA) simulation to verify the proposed protocol’s session key security, mutual authentication ability, and resistance to replay and MITM attacks, respectively. Furthermore, this work demonstrates that the proposed protocol offers better performance and security by comparing the computational and communication costs and security features with those of relevant protocols. Full article

This study investigates the factors that affect the adoption of mobile payment systems in Oman, focusing specifically on small and medium-sized enterprises (SMEs) within the expanding FinTech landscape. By utilizing secondary sources of data from the Central Bank of Oman and global FinTech reports, this research identifies essential enablers, such as security features and ease of use, which are propelled by developments in FinTech solutions. It also addresses the obstacles, such as high transaction fees and issues with authentication, that impede SMEs from embracing these technologies. Through an examination of worldwide FinTech adoption patterns, this research offers perspectives on Oman’s progress toward becoming a cashless society. This study employs sophisticated statistical techniques, including histograms and correlation analysis, to reveal significant trends in the rates of mobile payment adoption. The results emphasize the necessity for cooperative efforts among regulators, financial entities, and FinTech developers to minimize costs, strengthen digital infrastructure, and enhance user experiences. These findings are consistent with Oman’s Vision 2040, which aims to foster financial inclusion and propel the country’s shift toward a robust, digitally oriented economy powered by FinTech innovation. Full article

With the advancement of communication technology, smart cities can provide remote services to users using mobile devices and Internet of Things (IoT) sensors in real time. However, the collected data in smart cities include sensitive personal information and data transmitted over public wireless channels, leaving the network vulnerable to security attacks. Thus, robust and secure authentication is critical to verify legitimate users and prevent malicious attacks. This paper reviews a recent authentication scheme for smart cities and identifies its susceptibilities to attacks, including insider attacks, sensor node capture, user impersonation, and random number leakage. We propose a secure and privacy-preserving authentication scheme for smart cities to resolve these security weaknesses. The scheme enables mutual authentication by incorporating biometric features to verify identity and using the physical unclonable function to prevent physical attacks. We evaluate the security of the proposed scheme via informal and formal analyses, including Burrows–Abadi–Needham logic, the real-or-random model, and the Automated Validation of Internet Security Protocols and Applications simulation tool. Finally, we compare the performance, demonstrating that the proposed scheme has better efficiency and security than existing schemes. Consequently, the proposed scheme is suitable for resource-constrained IoT-enabled smart cities. Full article