1044 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, … · smart phones for unlocking smart phones. However, due to the relatively small screen and frequent unlocking request, it

Unlocking Smart Phone throughHandwaving Biometrics

Lei Yang,Member, IEEE, Yi Guo, Student Member, IEEE, Xuan Ding,Member, IEEE,

Jinsong Han,Member, IEEE, Yunhao Liu, Senior Member, IEEE,

Cheng Wang,Member, IEEE, and Changwei Hu

Abstract—Screen locking/unlocking is important for modern smart phones to avoid the unintentional operations and secure the

personal stuff. Once the phone is locked, the user should take a specific action or provide some secret information to unlock the phone.

The existing unlocking approaches can be categorized into four groups: motion, password, pattern, and fingerprint. Existing

approaches do not support smart phones well due to the deficiency of security, high cost, and poor usability. We collect 200 users’

handwaving actions with their smart phones and discover an appealing observation: the waving pattern of a person is kind of unique,

stable and distinguishable. In this paper, we propose OpenSesame, which employs the users’ waving patterns for locking/unlocking.

The key feature of our system lies in using four fine-grained and statistic features of handwaving to verify users. Moreover, we utilize

support vector machine (SVM) for accurate and fast classification. Our technique is robust compatible across different brands of smart

phones, without the need of any specialized hardware. Results from comprehensive experiments show that the mean false positive

rate of OpenSesame is around 15 percent, while the false negative rate is lower than 8 percent.

Index Terms—Smart phone, security, privacy, authentication, accelerometer

Ç

1 INTRODUCTION

NOWADAYS, smart phones are no longer the devices thatare only used to call or text others. They become prev-

alent with much more powerful functions. Acting as pocketPCs, smart phones can be used to deal with complicatedtasks such as sending/receiving e-mails, shopping, mobilepayment, etc. Screen locker is a fundamental utility forsmart phones to prevent the device from unauthorized use.For example, the Apple iPhones and Android phones canlock themselves automatically after being idle for a shorttime. It can protect the privacy of users as well as preventunintentional operations.

Classical screen lockers have been proposed long timeback. (1) The most widely used one is Slide-to-Unlock. Theuser can unlock his/her phone through sliding his fingeracross a defined trajectory. This method is too simple to

protect user’s privacy. (2) PIN, the most common methodused by traditional digital device, is always adopted onsmart phones for unlocking smart phones. However, due tothe relatively small screen and frequent unlocking request,it is inconvenient to set long and complex PIN on phones.For example, there are only four numbers allowed to be setas unlocking PIN in iPhone’s default setting. Such a shortand simple PIN can often be easily guessed [1], [2]. (3) Theuser can pre-define a graphical password, like connecting atleast four circles shown in the screen. Being similar to thePIN, simple graphic passwords are easy to be peeked andguessed, while the complex pattern may confuse the userand make inconvenience.

To enhance the security as well as the flexibility, manybiometric authentication methods [3], [4] are introduced forscreen lockers. The secrets of these methods cannot be easilyspied and reproduced since they identify the user based onher natural features. The biometric measures are groupedinto two main categories [5]: physiological biometrics andbehavior biometrics.

Physiological biometrics leverage the physiological fea-tures of human beings to identify the user, including recog-nitions of face [6], voice [7], fingerprint [8], ear [6], and soon. However, we find that (i) performances of these solu-tions are heavily influenced by external factors. For exam-ple, the face acquirement by the camera is severely affectedby the illumination, resulting in the failure to identifyuser at night. Similarly, it is hard to distinguish the voicefrom the ambient interference in an extremely noisy envi-ronments, like subway or restaurant. Any authenticationmethod must be adapted to all kinds of conditions. (ii)Unlocking operation is a very frequent operation, of whichenergy consumption should be carefully considered. It iswell known that the camera is one of notorious energy

� L. Yang, X. Ding, and Y. Liu are with the School of Software, TsinghuaUniversity, Beijing, China. E-mail: [email protected],[email protected], [email protected].

� Y. Guo is with Department of Computer Science and Engineering, HongKong University of Science and Technology, Hong Kong, China.E-mail: [email protected].

� J. Han is with the Department of Computer Science and Technology, Xi’anJiaotong University, 28 Xian-Ning West Road, Xian, Shaanxi Province710049, China. E-mail: [email protected].

� C. Wang is with the Department of Computer Science and Technology,Tongji University, and also with the Key Laboratory of Embedded Systemand Service Computing, Ministry of Education, Shanghai, China.E-mail: [email protected].

� C. Hu is with the Shaanxi Broadcast and TV Network Intermediary(Group) Co., LTD, Xian, Shaanxi, China.E-mail: [email protected].

Manuscript received 11 Sept. 2013; revised 19 Apr. 2014; accepted 12 July2014. Date of publication 21 July 2014; date of current version 30 Mar. 2015.For information on obtaining reprints of this article, please send e-mail to:[email protected], and reference the Digital Object Identifier below.Digital Object Identifier no. 10.1109/TMC.2014.2341633

1044 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, NO. 5, MAY 2015

1536-1233� 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

killers [9] in smart phones. (iii) lack of required hardware oncurrent mainstream smartphones, like fingerprint scanner.

The behavior biometrics is the other classification of bio-metric measure, which identify the user based on theirbehavior features, such as gesture [10], [11], typing behavior[6], [12], mouse movement [13], tapping behavior [14], orgait [15], However, these methods cannot either be adoptedin smart phones or be suitable for unlocking smartphones.For example, in order to recognize the gait pattern, the userhas to walk first or the smart phone to figure out whetherhe/she is valid [15]. It appears odd and inconvenient forusers to perform the behavior as answering a phone call forthe purpose of checking his/her emails [11]. (More discus-sions comparedwith these works are presented in Section 5).

In this paper, we observe that different users wave theirsmart phones produce distinct features. For example, somepersons used to wave their smart phones drastically whilesome others like to wave in a gentle way. This makes thewaving speed and frequency totally different among users.Also, the waving range and the way of wrist twisting arealso different from user to user. These patterns derive fromuser’s physical features and habits. For example, the userswith longer arms wave faster and wider than those withshorter arms. Some persons are accustomed to end theirwaving action with a wrist twisting while some others liketo begin with a wrist twisting. Moreover, the gender, age,and occupation also greatly affect the feature of wavingactions. On the other hand, we also observe that when a userwaves his smart phone, he always shakes in a similar way.This is because, without intentional changes, a specific per-son tends to follow his habits once the habits are developed.

Based on above observations, we propose a handwavingbiometric-based approach, called OpenSesame, to unlock thesmart phone. Comparing with the existing methods, thereare two major advantages of our approach. (i) It is difficultto forge. Using our approach, the authentication process isbased on the features of the user’s habits and motions,which is much harder for unauthorized users to obtain.Even if the unauthorized user occasionally peeks at theuser’s waving action, it is still difficult to simulate sincethere are still many distinct but invisible differences of wav-ing actions. For example, users have different strength whenwaving or twisting. (ii) It is the simple and convenient. Ourapproach can free users from remembering a large numberof passwords or complicated patterns for unlocking theirphones, preserved the security and All the user needs to dois just naturally wave the phone for 1 or 2 seconds.

However, it is challenging to mine the unique patternsfrom the user’s handwaving action. First, we shouldchoose appropriate sensors to monitor the user’s wavingaction. The sensor should be in low cost, easy for widedeployment, and energy-efficient. After careful compari-son, we use the three-axis accelerometer. Second, the maindifficulty is to extract stable but unique features from theuser’s waving action. We project the collected waving datainto A-Space and then utilize four waving functions forfeature extraction. Furthermore, we employ the supportvector machine (SVM) for accurate and fast classification.We develop a prototype of handwaving unlocking system,termed as OpenSesame, and implement into three main-streaming smart phones. We collect the handwaving traces

from 200 volunteers using our app. After comprehensiveexperiments and tests, the result demonstrates that Open-Sesame can accurately verify users via their handwavingwith low latency.

The remainder of the paper is structured as follows. Wecharacterize the handwaving with a large number of realusers’ trace in Section 2. The system design is presented inSection 3 and the experiment results are evaluated in Sec-tion 4. We introduce the related work in Section 5. Finally,Section 6 concludes the paper.

2 WAVING CHARACTERIZATION

In this section, we introduce the sensor used for wavingsensing, real trace collection, and analysis on the data.

2.1 Waving Sensing

For precisely characterizing user’s waving actions, select-ing appropriate sensors is necessary. As the tremendousgrowth of MEMS technology, there are many powerfulsensors equipped in our smart phone today, such as cam-era, microphone, proximity sensor, accelerometer, gyro-scope, and magnetic sensor etc. In our system, the selectedsensor should be able to depict the handwaving. In addi-tion, it should be energy-efficient, stable, cheap, and com-patible for wide deployment in most kinds of smartphones. Obviously, the first three sensors cannot capturethe phone’s motion. The gyroscope sensor is attractivebecause it is designed for measuring or maintaining pur-pose, based on the principles of angular momentum.Unfortunately, this kind of sensor is not a standard equip-ment in most smart phones due to its high price. The mag-netic sensor is usually used for compass, but it tends to beinterfered by the mental objects under special environ-ment, like inside the car or subway.

In our approach, we finally select the three-axis acceler-ometer as our feature detecting sensor. The accelerometerallows smart phones to detect the motion performed onthem. The accelerometer in smart phones measures theacceleration of the phone relative to freefall. A value of 1indicates that the phone is experiencing 1 g of accelerationexerting on it. ONE g of acceleration is the gravity, whichthe phone experiences when it is stationary. The accelerom-eter measures the acceleration of the phone in three differ-ent axes: X, Y, and Z. Examples of the collected data areshown in Fig. 1.

2.2 Data Collection

For investigating the uniqueness of handwaving, we collectthe waving action data from 200 distinct smart phone users.For each specific user, he is asked to shake the smart phonefor more than 10 seconds and repeat for three times. Notethat there is no special restriction on user’s waving actions.He can shake the smart phone arbitrarily in each trail.Indeed, we aim at taking insight into the handwaving actionbut not the motion pattern.

The data is collected in two sampling modes: fast andnormal modes. In the fast mode, the accelerometer samplesevery 10 to 20 milliseconds, corresponding to the accelera-tion value change rate. There are 100 users’ traces collectedusing this mode. In the normal mode, the sampling interval

YANG ET AL.: UNLOCKING SMART PHONE THROUGH HANDWAVING BIOMETRICS 1045

is 200 milliseconds and 100 users’ traces are sampled.Clearly, using normal sampling mode of accelerometerloses some data, but saves energy. We will compare thesetwo modes in the evaluation section.

All the raw waving action are recorded as a sequence oftuples represented as ðxt, yt, ztÞ, where x, y, z donate theacceleration along the x-axis, y-axis and z-axis respectively,and t donates the time. As a result, we totally collect 600files containing 389; 373 raw tuples.

2.3 Waving Measurement

To show the uniqueness of handwaving in intuition, we dis-play four users’ traces in Fig. 1. The traces are illustrated in a3D acceleration space, short for A-Space, where the rawtuple ðxt; yt; ztÞ are connected in time order. Both theFigs. 1a and 1b are generated from two trails of a volunteer.We can see that the two shapes are very similar. The lastthree figures come from three distinct persons. Fig. 1c isplot as a circle, Fig. 1d resembles a river, while the shape inFig. 1e is in the shape of crescent. From these figures, wecan observe that the handwaving biometrics are unique fora certain user. A given user presents very simple shaperesults on different trails. Moreover, different users haveclearly different results.

The challenge here is how to measure the handwavingrepresented in A-Space. We should transform the A-Spacerepresentation into a parameterized and comparable featurevector. For this purpose, we define the waving function tomeasure the global geometric properties of the wavingshapes, which is formally given by:

f ¼ SðAÞ; (1)

where A ¼ fðxt0 ; yt0 ; zt0Þ; ðxt1 ; yt1 ; zt1Þ . . . ; ðxtn ; ytn ; ztnÞg. A isa set of raw waving tuples collected during t0 and tn. Thewaving function considers A as input and outputs a featurevector f . A good waving function should have the followingproperties:

� Efficiency. Since shape function will be performed inthe smart phone, it should be simple enough to befast and efficiently function.

� Invariance. In most time, the smart phone is workingin mobile environments. The waving functionshould be insensitive to the position or directionchange of smart phones.

� Robustness. Although the waving data generated byone person is similar, there always exist many noisesand the sampling time is variable. Hence, the wavingfunction should be robust to noise, blur, cracks, anddust in the waving.

For meeting above four requirements, we propose fourwaving functions, S1; S2; S3; S4, as follows:

� S1. The centroid C is computed first and then tworandom points A and B in the A-Space are chosen.The angle ffACB among these three points are mea-sured. The selection of random points is repeated forN times. At a result, N angles output and the corre-sponding PDF of these angles is reported as the fea-ture vector.

� S2. This waving function is similar to the S1. The dif-ference is that all of these three points are randomlyselected. One angle among the three angles formedby these three points is recorded. As the result, thecorresponding PDF of these angles is given for thefeature vector.

� S3. While both S1 and S2 concentrate on the angleparameter, the other two waving functions, S3 andS4, focus on the distances among the points. S3 ran-domly selects N points and calculates the euclideandistance between the centroid and these N selectedpoints. Finally, the corresponding PDF of distancesis calculated as the feature vector.

� S4. Randomly selects N pair of points and calculatestheir euclidean distance. The PDF of these distancesis the feature vector.

The results of above four waving functions are demon-strated in Fig. 2, with the input of four users’ wavingdata shown in Fig. 1. From the figures, we can see thatall four waving functions behave well. These four wavingfunctions are chosen mostly for their simplicity andinvariance. In particular, they are fast to compute, easy tounderstand, and simple to produce distributions. Despitetheir simplicity, we find these general purpose wavingfunctions tare fairly distinguishable. They are robustbecause the probability that noises are selected is verylow and hence their performance will not be affected.Third, these four functions are invariant to rotation andscaling because both the angle and distance is irrelevantto directions and positions of waving.

2.4 Waving Matching

Keeping in mind that our goal is to determine whetherthe screen should be unlocked according to a given wav-ing action and the pre-defined one. We formalize thesimilarity of two waving actions by means of the dis-tance between their feature vectors. Since the featurevectors are PDF of distributions, we divide the wholerange of PDF into discrete bins and the average value iscalculated regarding to each bin. As a result, the discre-tized PDF, f ¼ ½p1; p2; . . . ; pn�, is considered the feature

Fig. 1. 3D acceleration space.


vector where pi denotes the probability of falling into theith bin.

Definition 1 (Similarity). Given two arbitrary feature vectors,f1 ¼ ½p1; p2; . . . ; pn�, and f2 ¼ ½q1; q2; . . . ; qn�, their similarityis defined as

Dðf1; f2Þ ¼Xn

i¼1

jpi � qij;

where Dðf1; f2Þ 2 ½0; 2�. The smaller similarity means two fea-tures are very close and vice versa.We select six users randomly and each user conducts

three trails. The waving function S4 is employed here tomeasure the handwaving. As a result, there are 3� 6 ¼ 18features after using by S4. Their similarity are plotted as avisualized similarity matrix in Fig. 3. In the matrix, the dark-ness of each elements ði; jÞ is proportional to the magnitudeof the computed similarity between the ith and jth features.Darker elements represent better matches, while lighter ele-ments indicate worse matches. The matrix is symmetric.

Definition 2 (Self-similarity). The self-similarity is the dis-tance of two feature vectors extracted from two hand wavinggenerated by a same user. Especially, if the two features comefrom a same waving instance, they are equal and their similar-ity equal zero.

Obviously, the elements lying in the diagonal line are thedarkest because their distances equal 0. For each user, thereare 3� 3 ¼ 9 elements for self-similarity measurement.From the figure, we can see that the self-similarity alwaysmaintains an acceptable darkness and is fully distinguish-able from other users’ features.

3 OPENSESAME

In this section, we present our unlocking method for smartphone called OpenSesame.

3.1 Overview

OpenSesame consists of four components: sensing, filter,fetcher, classifier, and matcher.

� Sensing. This component is straightforward used torecord the user’s handwaving action data.

� Filter. In practice, we find that there always existsome silent periods when no waving or very lowlevel sensing data is detected. For better featureextraction, we use filter component to wipe out thesilent periods.

� Fetcher. The filtered raw tuples is feeded into fetchercomponent in which four waving functions areapplied to fetch the waving features.

� Classifier. To discriminate the authorized users andunauthorized users, the support vector machine isemployed in our system for classification.

� Matcher. In the last component, the extracted featureis used to determine whether it matches the pre-defined one.

3.2 Filter

Fig. 4a shows 12 seconds of data acquisition. We find threespecial periods in which the waving values are too low tobe detected. We can regard such periods as the silent periods.The silent periods may exist at the initial stage before theuser shakes his smart phone, or in the final stage after theuser stops his waving. The period may also be observed inthe intermediate stage when an unexpected user’s pauseoccurs. Since the silent periods will seriously affect the accu-racy of OpenSesame, we must filter those data capturedduring this periods. The ith raw tuple with composed accel-eration value Ai is wiped out if it satisfies the equation:

Xiþb

x¼i�b

�Ax �

Xiþb

y¼i�b

Ay

2bþ 1

�2

< a; (2)

where b is called the tolerant static period, representing theamount of acceleration points used to determine the stabil-ity of an acceleration point. The a is the threshold to filterthe silent points. Based on our algorithm, the filtered data isillustrated in Fig. 4b.

3.3 Fetcher

After the filter component, we need to generate the featurevector of the user’s handwaving action. According to

Fig. 2. Probability density functions with variant waving functions.

Fig. 3. Similarity matrix for six distinct users with three trails.


Section 2.3, the field set of the acceleration points can betreated as one single input of waving function, and the wav-ing function can be applied to this input to generate the fea-ture vector. However, using the field set as an input has twoshortcomings. First, the amount of acceleration points in afield set is large, usually more than 1,000. In order to gener-ate a representative feature vector for the waving actiondata, an extremely large number of feature vectors arerequired. In this way, the system overhead is high andaffects the normal operation of the smart phone. Second, tounlock the smart phone, the user is required to shake hissmart phone for a period to generate same amount of wav-ing data. However, it is inconvenient to ask the user toshake the smart phone for such a long time period to gener-ate more than 1,000 acceleration points for each time hewants to unlock his phone. Therefore, the amount of accel-eration points selected as an input needs to be reduced.

According to our observation, the waving action of useralways shows the property of repeating. In fact, the inputwaving action can be regarded as a series of small repeatingwaving actions which are very similar. Therefore, we canselect a continuous sequence of acceleration points with areasonable amount as an input to the waving function. Fea-ture vectors can be generated from these small inputs withlow data loss.

We generate the feature vectors as follows: we firstselect a window with size w, where w is much smallerthan the size of the field set of data. From the field set ofdata, we select an acceleration point Pk and form the inputwith the subsequence of w continuous acceleration pointsfPk; Pkþ1; Pkþ2; . . . ; Pkþw�1g. Then we apply the waving

function on this input and deliver the PDF of the featurevectors to describe the feature of the waving action.

3.4 Classifier

The feature classifier is designed to generate a standard todiscriminate authorizeds user and unauthorized users withthe feature vectors of the input waving action data. InOpenSesame, the support vector machine, SVM for short, isselected as the classifier. The SVM classifier is used to clas-sify a group of linear-inseparable training tuples into twoclasses. Training tuples for SVM input is donated as fv; yg,where v is the attribute vector used to describe the attributesof the training tuple, and y is the label of the training tuple,which represents the actual class it belongs to. The basicidea of SVM is to transform these attribute vectors of train-ing tuples into a higher dimensional space to make thetraining tuples linear-separable. Then the training tuplescan be separated into two classes by a hyperplane. The SVMclassifier classifies the training tuples based on this hyper-plane, attempting to classify training tuples with same labelinto same class. Then a classification model is generated todescribe the classification standard of a given tuple. Input-ting an unclassified tuple into the SVM classifier using thegenerated classification model, the tuple can be predictedwhich class it most probably belongs to.

In OpenSesame, the label of the training tuple is eitherþ1 or �1. When y ¼ þ1, the tuple is generated from theclass of unauthorized users. On the contrary, y ¼ �1 meansthe tuple belongs to the authorized user’s class. The attri-bute vector v is generated from the feature vector we gainfrom Section 3.3. The attribute vector can be represented as

½a1; a2; . . . ; an�T . Here, ai is ith property of the training tuple,which represents the ith value in the feature vector. Byinjecting enough amount of training tuples into the SVMclassifier, a classification model can be achieve to verify theauthentication data of user.

3.5 Matcher

The matcher component is performed when the user acti-vates the authentication interface of OpenSesame and wantsto unlock the smart phone. The user shakes the smart phoneto input his waving action as the authentication data. Fea-ture vectors of the input waving action is generated andused to verify whether the user is the authorized user. If so,the access query is accepted and the smart phone isunlocked. If not, the access query is denied and the smartphone keeps locked.

The most important requirement is that the featurematching phase has to be processed within a short timeperiod, say 1 or 2 seconds. The reason is that users alwaysexpect the unlocking process to be fast and convenient. Ifthe feature matching time is long, the inconvenience over-weighs the security of our approach and the users maydecide to give up our system. To reduce the response time,two aspects need to be considered. The first issue is toreduce the amount of repetition when doing authentication.This can be achieved by reducing the false negative rate(FNR) of authentication, which is going to be discussed inthe experiment section. The second issue is to reduce thewaving time in the matcher component. As we designed in

Fig. 4. Comparing the features before and after filtering.


the fetcher component, by using a small waving functioninput with window size w, the waving time can be reducedto the time period for collecting w acceleration points. Sincew is much smaller than the size of the field set of accelera-tion points. Therefore, the waving time can be reduced to atolerant range.

Normally, since the waving time is short, we assume thatthere is no pause in the middle of the waving action toreduce the complexity of filter. To detect the initial recordfeature point, we calculate the real-time stability of the

ith point asPi

x¼i�bðAx �Pi

y¼i�bAy

bþ1Þ2. Once the real-time

stability value is greater than the threshold, accelerationpoint Pi is set to be the initial point, and the waving actiondetection terminates when acceleration point sequencefPi; Piþ1; . . . ; Piþwg is recorded. Applying the same wavingfunction to this sequence, we can generating the predict

tuple with attribute vector ½a1; a2; . . . ; an�T . By inputting thispredict tuple into the SVM classifier with the classificationmodel we delivered in classifier component, the SVM classi-fier decides which class the input tuple most likely belongsto. When the input tuple is classified into the authorizeduser set, the authentication is successfully done and thesmart phone is unlocked. Otherwise, the smart phonerequires another authentication try.

4 IMPLEMENTATION AND EVALUATION

In this section, we present the implementation of Open-Sesame and evaluate its performance.

4.1 Implementation App

We implement OpenSesame in Android-based smartphones. The version of Android system is 2.3.3. the appis developed with Android-SDK using Java SE. Fig. 5shows the GUI of our app. With this app, the user’shandwaving data is collected and analyzed by the smartphone. Specifically, the interfaces shown in Figs. 5b and5c are used to notice whether the unlocking access is suc-cess or not. We use the open source library tool, LIBSVM[16], to perform the classification of SVM. LIBSVM is anintegrated software for support vector classification. Theversion we used is LIBSVM-3.12. During our experi-ments, we use the default kernel function (GaussianRadial Basis Function) and find the best setting of param-eters Cost and g for the kernel function via the cross-vali-dation when generating the training model.

4.2 Metrics

We evaluate OpenSesame in terms of the authentication accu-racy. The authentication accuracy is measured via the fol-lowing metrics:

� False negative rate. The probability that an authorizeduser is treated as an unauthorized user. This rate isindeed the ratio of the number of incorrect authenti-cations conducted by an authorized user to the num-ber of his authentication attempts.

� True positive rate (TPR). The probability that anauthorized user is successfully verified. This ratederived from the ratio of correct authentication timesof an authorized user to the number of his authenti-cation attempts.

� False positive rate (FPR). The probability that an unau-thorized user is treated as an authorized user. Thisrate is obtained from the ratio of the incorrectauthentication times of an unauthorized user to thenumber of his authentication attempts.

Note that FNR and TPR are related to the convenience ofusers when they use our system, where the authorized usercan successfully unlock the smart phone by a single try. TheFPR reflects the security of theOpenSesame, where the unau-thorized user should be denied to unlock the smart phone.

4.3 Experiment Setup

For investigating the uniqueness of handwaving, we collectthe waving action data from 200 distinct smart phone users.The subjects producing these datasets are randomlyselected in different public places, including railway station,university library, and stadtpark. When collecting the wav-ing action data, three smart phones from different brandsare used. For collecting each specific users handwavingdata, he is asked to act with the following instruction: Theuser first randomly selects one of the three smart phones weprovided, and holds this smart phone, which is running ourdata collection app, in his accustomed way. Then he pushesthe button of ‘start’ on the screen and begins to wave thesmart phone until the hint sound is played by the smartphone. This waving process lasts for more than 10 seconds.The user repeats the above action for three times to termi-nate the data collection. Note that there is no special restric-tion on users waving actions. He can wave the smart phonearbitrarily in each trail. Indeed, we aim at taking insightinto the handshaking action but not the motion pattern.

Overall, 389,373 raw tuples are captured from 200 dis-tinct users, with an average 1,947 raw tuples per user. Eachuser performs the handwaving for three trails while eachtrail persists 10 � 20 seconds. For each user, the trainingdata will be extracted from the first two trails, while the test-ing data will be retrieved from the last one. Therefore, thereis no overlap between the training data and testing data.The classification is based on self and non-self discrimina-tion. For a given user, the training data is composed of nega-tive samples belonging to this user, and an equal number ofpositive ones from others.

4.4 Impact of Waving Functions

There are four waving functions to parameterize the A-Space representation of handwaving. In this experiment, we

Fig. 5. The UI of OpenSesame.


select 30 users’ handwaving and maintains the window sizeas 50 tuples. Fig. 6 plots the FNR and FPR for the fourwaving functions. From the Fig. 6a, we observe that theaverage FNR using S1 and S2 are around 20 percent whilethe values are below 10 percent using S3 and S4. The similarobservation is obtained on FPR, as shown in Fig. 6b. Thisshows that the distance-based waving functions performbetter than the angle-based ones. We further focus on thedistance-based waving functions. S3 and S4 have closeFNRs and FPRs. However, the variance of S4 is smaller thanthat of S3, which means S4 is more stable than S3.

4.5 Impact of SVM

Window size is an important factor. For capturing enoughwindows, we require the users to shake their phones in anacceptable time period. A large window size will prolongthe waving time period for unlocking and seriously affectuser experiences. But a small window size will influence theidentification accuracy. We change the windows size from 5to 50 with the increment of 5 and employ S4 for testing. Theresult is shown in Fig. 7. The average FNR decreases from20 to 8 percent and the average FPR reduces from 42 to18 percent as the window size increases. This shows thatthe larger window helps improve the accuracy. This isbecause that more raw tuples are extracted in a larger win-dow and the user’s handwaving is better characterized.

The number of training tuples also affect the accuracy.As illustrated in Fig. 7, FNR is approximately reduced by50 percent, i.e. from 15 to 8 percent, when window sizeis 50. This reduction is even obvious with small window

size. On the other hand, the average FPR only reducesfrom 20 to 15 percent taking 5 percent off when windowsize is 50. This shows that FPR is less sensitive to thenumber of training tuples.

4.6 Impact of Sampling Rate

Accelerometer in smart phones has variant modes of sam-pling. With different sampling modes, the collection ofdata can be much different. In this experiment, we test theOpenSesame both in fast sampling mode and normal sam-pling mode. It can reach a very high 90 percent averageaccuracy in the fast sampling mode while the number is55 percent with normal sampling mode, as shown inFig. 8. Losing part of waving data with low sampling rateis the major reason for the poor performance.

Fig. 6. Impact of waving functions. Fig. 7. Impact of windows size.

Fig. 8. Sampling mode.


4.7 Impact of User Motion

As mentioned before, our approach should be insensitive tothe user’s motions because the smart phone is mainly usedin mobile environment. Clearly, the user motion will intro-duce many noises. In this experiment, we test the relation-ship between the speed of user’s motions and the accuracy.Five user’s motions are considered: stationary, walkingslow, walking fast, running, and taking a vehicle. The resultis shown in Fig. 9. From the figure, we can see that as thespeed growing from 0 to 5 m/s, the FNR is steady around11 percent, with a standard deviation of 2:0 percent. Thisindicates that the motion of users makes a very limitedeffect on our approach. Besides, the FPR is also invariantwhen the speed of user’s motion increases. The false posi-tive rate is around 15 percent with a standard deviation of2:5 percent. It can be further obtained from Fig. 9 that, theFNR has an slightly increase, about 7 percent, when thespeed of user increases from 0 to 5 m/s. This can be under-stood because the faster motion will increase vibration inhis smart phone leading to more noisy. However, thesemotion has very limited effect on the accuracy.

4.8 Impact of Phone Diversity

Nowadays, there are plenty of smart phone brands, such asiPhone, MOTO, SAMSUNG, HTC, etc. To promote theOpenSesame to smart phone users, one crucial issue iswhether the OpenSesame can be well adapted to differentbrands of phones. The most effective factor on differentsmart phones is the type of accelerometer equipped. For dif-ferent types of accelerometers, the level of sensitivity is dif-ferent. Hence, the waving data collected is inequivalent.

In this experiment, three different brands of phonesare tested. For these three brands, the order from low tohigh based on the accelerometer is Phone A, Phone B,and Phone C. Forty sets of trials are tested on each smartphone and the FNR is reported in Fig. 10. From thefigure, we can see that the Phone C achieves the lowestFNR and Phone A has the worst value. That is becausemore sensitive accelerometer can collect more fine-grained data, which reflects more complete feature fromwaving actions. The average FNRs of three smart phoneare below 10 percent, which is all acceptable in practice.Therefore, The OpenSesame can be well adapted to dif-ferent brands of smart phones.

4.9 Impact of Smart Phone’s Orientation

Although the waving habit may be similar for an identicaluser, the postures of users when waving the smart phonecan change the orientation of the phone. In this section, weevaluate OpenSesame with variant phone’s postures. In thisexperiment, three user’s postures are tested:

� Standing. Waving phone when standing on theground. We consider the standing as a normalposture.

� Lying. Waving phone when lying on the bed. Thewaving orientation is rotated 90 degrees upward.

� On-the-side. Waving phone when sleeping on theuser’s left side. The waving orientation is rotated90 degrees to the left.

The results are shown in Fig. 11. In the figures, we illus-trate the A-Space representations of waving data by thethree postures in Fig. 11a. Intuitively, these tree trails aresimilar, all like a shape of crescent, but having different ori-entation. Our approach should be insensitive to the rotation.We transform the waving from A-Space to feature PDF,shown in Fig. 11b, by means of waving function S4. As weexpected, the difference of these three PDFs is very slight.In details, the distance between standing posture (the nor-mal posture) and the lying posture/on-the-side posture are0.172 and 0.173, respectively. We believe these distances aresmall enough for the trails to be treated as coming from anidentical user.

Fig. 9. User’s motion.

Fig. 10. Phone brand.

Fig. 11. Impact of phone’s orientation.


Furthermore, We conduct one trail in standing pos-ture and store the corresponding result feature vector inour smart phone. Then we attempt to unlock the smartphone in the three postures. Each posture is repeated 30trails. Finally, the CDF of accuracy is displayed inFig. 11c. For the standing posture, 20 percent trails havean accurate rate lower than 90 percent, while 20 percentof lying posture and on-the-side posture have accuraterate lower than 86 and 76 percent, respectively. Mean-while, 20 percent lying postures and 45 percent on-the-side postures have their accurate rates higher than90 percent. This experiment fully demonstrates that ourapproach is phone-orientation-insensitive.

4.10 Discrimination

We consider the OpenSesame’s capability of discrimina-tion among different users. One user’s trace is selectedand his similarity compared to other uses is calculated.The result is shown in Fig. 12. From the figure, we cansee that self-similarity is approximately bounded under0.3, and 90 percent of the distances are lower than 0.25.Being different with the self-similarity, the distancebetween the given user and others is obvious. Only 8 per-cent of the distances are lower than 0.2, and about20 percent of the distances are larger than 1.0. Hence,the discrimination of distinct users and recognition ofidentical users can be achieved.

Although the percentage of small distances betweendistinct users’ features is low, it may still affect the accu-racy of the OpenSesame. It is necessary to find out thereason of the failure in discriminating the distinct users’features. In Fig. 13, three users’ A-Space representationare randomly selected. For each row, the top four similarusers’ A-Space representations are listed. From thesefigures, we can find that the similar A-Space represen-tations cause small distance of users’ features. Forextremely close A-Space representations, such as the sec-ond figure in the first row, the distance is very small,e.g. 0.074. With higher dissimilarity of A-Space represen-tations, for instance the last figure, the distance is larger,e.g. 0.147. Since the A-Space representation can reflectthe waving action on the smart phone, we can draw theconclusion that for the users with similar habit of wav-ing action, the probability of failure for the OpenSesameincreases. Fortunately, referring to Fig. 12, such kind ofprobability is low and OpenSesame therefore performswell as expected.

4.11 Comparison with Dynamic Time Wrapping

The dynamic time wrapping is a well-established techniquefrom speech processing, which is used to measure the simi-larity between two temporal sequences which may vary intime or speed. The advantage of DTW is that it can welldeal with the misalign of points in the temporal sequences.DTW is only suitable for the case in which the user mustwave his/her smart phone along a fixed, secrete and pre-defined movement. However, we pursue that the users areable to shake their phones in wider free movements in termsof their daily habits. In this situation, the DTW has follow-ing two major technical limitations compared with ourshaking functions. First, the data acquired from the acceler-ator highly depends on the smart phone’s orientation. Tomaintain the similar shaking sequence for DTW identifica-tion, the users have to keep the same orientation as trained.Second, DTW cannot deal with the existence of noise, blur,cracks, and dust in the shaking data. Four kinds of wavingfunctions we proposed are based on the statistics, beingable to well address above issues.

To further compare the performance of DTW and Open-Sesame, we let the user perform the following four trails:

� Case 1 (C1). The user waves his/her smart phones astrained.

� Case 2 (C2). The user waves the smart phone as themode he/she gets used to but not required as sameas trained.

� Case 3 (C3). The user waves his/her smart phone astrained but the orientation of smart phone isreversed.

� Case 4 (C4). A second user attempts to wave the samesmart phones as his habit.

The normalized similarities using DTW and wavingfunctions are shown in Fig. 14. We observe that (1) Thenormalized similarities from Case 1 to Case 3 are almostbelow 0.5, showing that whatever the user how to wavehis/her phone, the self-similarities always maintainunder an acceptable level. When changing user inCase 4, the similarity exceeds the threshold of 0.5, result-ing a unlocking rejects. (2) When the user waves his/hersmart phone not as trained, even just reversing the orien-tation, the normalized similarities are much higher thanthat of Case 1. In summary, the system can well distin-guish different users whatever using OpenSesame orDTW. However, the DTW requires the user must wavehis/her smart phones as trained.

4.12 Usability

We also conducted some filed trails using our prototypeto evaluate the usability of our system. We invited about10 college students who install our system and unlocktheir phones through OpenSesame. We measure theoverall time they take to unlock the screen and ask fortheir feedback on our prototype. Different phone modelsare used in experiments, including HTC One, Xiaomi 2,Nexus 5, Huawei C8815 and Sony Xperia.

First, we collect the average and standard deviation ofthe time consumption for unlocking their smartphones.From Fig. 15, we see that it takes lower than 3 seconds by6/10 users to unlock their smart phones. Compared with

Fig. 12. Distances.


the slide-to-lock or PIN (taking about one second), theOpenSesame does not improve the unlocking. However, thesavings come from (1) the simplified user interface as usersdo not need to take off the gloves for touch screen, orremember some complex passwords. (2) the security is alsopromoted in some extent.

Second, we ask the volunteers to fill the questionnaires interms of learning curve, user-friendly, security and accessi-bility. The volunteer gives a score ranging from 1 to 5 foreach item. The results are shown in Table 1. We can see thatall the users indicate that our solution is very easy to useand intuitive, with almost no learning curve. This is the keyvalue of OpenSesame, which we think is even more impor-tant than speed improvement. However, the user have alittle concerns about the security. It is reasonable becauseeach new technology has a process to be accepted.We believe that these concerns will gradually disappear asthe OpenSesame is more widely accepted.

5 RELATED WORK

This section reviews the related work.Accelerator based authentication. A work parallel to ours is

that Conti et al. propose to adopt the movement the user per-forms when answering a phone call to authenticate the userof a smartphone, which utilizes two kinds of components,accelerometer and orientation sensors, in smart phones [11].

Fig. 13. Top 4 similar A-Space points and the distances to the reference A-Space points.

Fig. 14. The normalized similarities under four cases using DTW andOpenSesame.

TABLE 1Trial Experience

Learning curve User-friendly Security Accessibility

mean 1.2 4.8 3.6 4.8stdev 0.5 1.5 1.1 1.3


Their work has following three major technical limitationscompared to our work. First, their method in fact highlydepends the phone’s trajectory, related to the phone’s move-ment parameters, such as the start position, end position,orientation and velocity. As long as the system learns the tra-jectory when the user picks up the phone from the pocketand moves to his/her ear, other trajectories, like the move-ment from the desktop to ear, will be rejected. On the con-trary, our method concentrates on the human’s inherentcharacteristics, like the length arm andwrist size, among dif-ferent users that leads to the waving differences. Thus, wedon’t need the user to perform specific movements. Second,our four kinds of waving functions are designed to be invari-ant to the position or direction changes of smart phone. Theuser canwave the phones starting or ending at arbitrate posi-tions. Importantly, our approach allows the existence ofnoise, blur, cracks, and dust in the shaking. Therefore, ourapproach provides much more freedom to user comparedwith theirs. Third, their method needs the orientation sen-sors, which are not fully supported by all smartphones, espe-cially among low-grademobile phones.

The second work parallel to ours is to identify usersbased on a secrete movement pattern measured by theaccelerator sensor [17] and [18]. Liu et al. aims at identifyingusers based on a secrete movement pattern [17]. E.g. movingthe phones as if to draw an ‘8’ in the air where ‘8’ is asecrete. Similarly, Okumura et al. asks the tester to graspthe device in the same way and shake it simple up anddown in direction of y-axis five times continuously [18].Being similar to the traditional methods like PIN or pass-word, an adversary might spy the movement, replay it, andget access to the phone and its data.

Importantly, above methods have not been evaluatedtheir scheme in real word scenarios while ours are verifiedamong 200 distinct users.

Touch based authentication. These work [10], [19], [20]utilizes the unique interaction between user and thetouch screen to identify the users. Sae-Bae et al. proposeto use the timing of performing five-finger gestures onmulti-touch capable of devices for authentication [10].Luca et al. propose the timing of drawing the passwordon Andriod based touch screen phones for authentica-tion [20]. Shahzed et al. propose to utilize the correla-tions among predefined ‘gestures’ i.e. touch trajectoriesfor authentication. Their work requires users to use fin-gers to perform the gestures with the following twomajor limitations compared to our work [19]. First, their

methods require users to use more than two fingers of ahand to perform the predefined gestures, which is veryinconvenient on small touch screens of smart phones.Second, most of smart phones employ capacitive touchscreens that only recognize the human’s finger withoutgloves. It is a wore experience to take off the gloves foranswering a phone outside in winter. Our method, shak-ing the smart phone, behaves much more user friendly.

Keystrokes based authentication. These work proposes toidentify users based on their typing behavior [12], [14], [21].These methods mainly proposed for devices with physicalkeyboards and are inapplicable for smart phones. In addi-tion, they have low accuracy because it is difficult to modeltyping behavior on touch screens because most people usethe same finger for typing all keys on the keyboard dis-played on the screen of smart phone.

Gait based authentication. There are several methods [15],[22], [23] proposed to utilize the accelerator in smart phonesto authenticate users based upon their gaits. Their accura-cies are vulnerable to the types of surfaces such as grass,road, snow, wet surface, and slippery surface. They are alsoinapplicable for unlocking smart phone, in that it is infeasi-ble to let user walk first to figure out whether she/he is thecorrect user or not, in order to recognize the user from his/her walking pattern.

6 CONCLUSION

In this paper, we propose a novel behavioral biometric-basedauthentication approach called OpenSesame for smartphone. We design four waving functions to fetch the uniquepattern of user’s handwaving actions. By applying the SVMclassifier, the smart phone can accurately verify the autho-rized user with the pattern of handwaving action. Experi-ment results based on 200 distinct users’ handwaving actionsshow that the Open Sesame reaches high level of securityand robustness, and achieves good user’s experience.

ACKNOWLEDGMENTS

This work was supported in part by the NSFC programunder Grant No. 61190110 and No. 61125202. The researchof Jinsong Han was supported from the NSFC programunder Grant No.61373175, specialized Research Fundfor the Doctoral Program of Higher Education under GrantNo. 20130201120016, and the Fundamental Research Fundsfor the Central Universities of China under ProjectNo. 2012jdgz02 (Xian Jiaotong University).

REFERENCES

[1] D. Florencio and C. Herley, “A large-scale study of web pass-word habits,” in Proc. 16th Int. Conf. World Wide Web, 2007,pp. 657–666.

[2] J. Bonneau, “The science of guessing: Analyzing an anonymizedcorpus of 70 million passwords,” in Proc. IEEE Symp. Security Pri-vacy, 2012, pp. 538–552.

[3] H.-A. Park, J. W. Hong, J. H. Park, J. Zhan, and D. H. Lee,“Combined authentication-based multilevel access control inmobile application for daily life service,” IEEE Trans. Mobile Com-put., vol. 9, no. 6, pp. 824–837, Jun. 2010.

[4] N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved,and S. M€oller, “On the need for different security methods onmobile phones,” in Proc. 13th Int. Conf. Human Comput. Interact.Mobile Devices Serv., 2011, pp. 465–473.

Fig. 15. Time consumption.


[5] R. V. Yampolskiy and V. Govindaraju, “Behavioural biometrics: Asurvey and classification,” Int. J. Biometrics, vol. 1, pp. 81–113,2008.

[6] A. H. Akkermans, T. A. Kevenaar, and D. W. Schobben, “Acousticear recognition for person identification,” in Proc. IEEE 4th Work-shop Automat. Identification Adv. Technol., 2005, pp. 219–223.

[7] A. Jain, L. Hong, and Y. Kulkarni, “A multimodal biometricsystem using fingerprint, face and speech,” in Proc. 2nd Int.Conf. Audio Video-Based Biometric Person Authentication, 1999,pp. 182–187.

[8] P. J. Phillips, A. Martin, C. L. Wilson, and M. Przybocki, “Anintroduction evaluating biometric systems,” Computer, vol. 33,no. 2, pp. 56–63, Feb. 2000.

[9] R. LiKamWa, B. Priyantha, M. Philipose, L. Zhong, and P. Bahl,“Energy characterization and optimization of image sensingtoward continuous mobile vision,” in Proc. 11th Annu. Int. Conf.Mobile Syst., Appl., Serv., 2013, pp. 69–82.

[10] N. Sae-Bae, K. Ahmed, K. Isbister, and N. Memon, “Biometric-richgestures: A novel approach to authentication on multi-touchdevices,” in Proc. SIGCHI Conf. Human Factors Comput. Syst., 2012,pp. 977–986.

[11] M. Conti, I. Zachia-Zlatea, and B. Crispo, “Mind how you answerme!: Transparently authenticating the user of a smartphone whenanswering or placing a call,” in Proc. 6th ACM Symp. Inf., Comput.Commun Security, 2011, pp. 249–259.

[12] F. Monrose, M. K. Reiter, and S. Wetzel, “Password hardeningbased on keystroke dynamics,” Int. J. Inf. Security, vol. 1, pp. 69–83, 2002.

[13] N. Zheng, A. Paloski, and H. Wang, “An efficient user verificationsystem via mouse movements,” in Proc. 18th ACM Conf. Comput.Commun. Security, 2011, pp. 139–150.

[14] E. Miluzzo, A. Varshavsky, S. Balakrishnan, and R. R. Choudhury,“Tapprints: Your finger taps have fingerprints,” in Proc. 10th Int.Conf. Mobile Syst., Appl., Serv., 2012, pp. 323–336.

[15] D. Gafurov, K. Helkala, and T. Søndrol, “Biometric gait authenti-cation using accelerometer sensor,” J. Comput., vol. 1, no. 7,pp. 51–59, 2006.

[16] C.-C. Chang and C.-J. Lin, “Libsvm: A library for support vectormachines,” ACM Trans. Intell. Syst. Technol., vol. 2, no. 3, p. 27,2011.

[17] J. Liu, L. Zhong, J. Wickramasuriya, and V. Vasudevan, “Userevaluation of lightweight user authentication with a single tri-axisaccelerometer,” in Proc. 11th Int. Conf. Human Comput. Interact.Mobile Devices Serv., 2009, p. 15.

[18] F. Okumura, A. Kubota, Y. Hatori, K. Matsuo, M. Hashimoto, andA. Koike, “A study on biometric authentication based on armsweep action with acceleration sensor,” in Proc. IEEE Int. Symp.Intell. Signal Process. Commun., 2006, pp. 219–222.

[19] M. Shahzad, A. X. Liu, and A. Samuel, “Secure unlocking ofmobile touch screen devices by simple gestures: You can see it butyou can not do it,” in Proc. 19th Annu. Int. Conf. Mobile Comput.Netw., 2013, pp. 39–50.

[20] A. De Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann,“Touch me once and i know it’s you!: Implicit authenticationbased on touch screen patterns,” in Proc. SIGCHI Conf. Human Fac-tors Comput. Syst., 2012, pp. 987–996.

[21] S. Zahid, M. Shahzad, S. A. Khayam, and M. Farooq, “Keystroke-based user identification on smart phones, ” in Proc. 12th Int.Symp. Recent Adv. Intrusion Detection, 2009, pp. 224–243.

[22] J. R. Kwapisz, G. M. Weiss, and S. A. Moore, “Cell phone-basedbiometric identification,” in Proc. IEEE 4th Int. Conf. Biometrics:Theory Appl. Syst., 2010, pp. 1–7.

[23] J. Mantyjarvi, M. Lindholm, E. Vildjiounaite, S.-M. Makela, and H.Ailisto, “Identifying users of portable devices from gait patternwith accelerometers,” in Proc. IEEE Int. Conf. Acoust., Speech, SignalProcess., 2005, pp. 973–976.

Lei Yang received the BS degree from theSchool of Software and the PhD degree fromthe Department of Computer Science andEngineering, Xi’an Jiaotong, Shaanxi, China. Heis currently a postdoc fellow at the School ofSoftware at Tsinghua University, Beijing, China.His research interests include RFID, pervasivecomputing, network security, and smart home.He is a member of the IEEE Computer Society,IEEE, and the ACM.

Yi Guo received the BS degree in electrical andcomputer engineering from Shanghai Jiao TongUniversity, Shanghai, China, in 2011. He is cur-rently working toward the PhD degree at theDepartment of Computer Science and Engineer-ing, Hong Kong University of Science and Tech-nology. His research interests include radiofrequency identification (RFID) and pervasivecomputing. He is a student member of the IEEEand the ACM.

Xuan Ding received the BS degree from theSchool of Software and the PhD degree from theDepartment of Computer Science and Technol-ogy, Tsinghua University, Beijing, China. He iscurrently a postdoc fellow at the School of Soft-ware at Tsinghua University. His research inter-ests include RFID, social network, and security &privacy. He is amember of the IEEE and the ACM.

Jinsong Han received the PhD degree from theHong Kong University of Science and Technol-ogy. He is currently an associate professor atXi’an Jiaotong University. He has published anumber of research papers in highly recognizedjournals and conference, including IEEE TPDS,IEEE TKDE, IEEE INFOCOM, IEEE ICNP, etc.His research interests include pervasive comput-ing, distributed system, and wireless network. Heis a member of the IEEE and the ACM.

Yunhao Liu received the BS degree in automa-tion from Tsinghua University, Beijing, China, in1995, and the MS and PhD degrees in computerscience and engineering from Michigan StateUniversity, in 2003 and 2004, respectively.Yunhao is now Changjiang Professor in Schoolof Software and Tsinghua National Lab forInformation Science and Technology, TsinghuaUniversity, China.

Cheng Wang received the PhD degree in theDepartment of Computer Science at Tongji Uni-versity in 2011. He is currently a research profes-sor of computer science at Tongji University. Hisresearch interests include wireless networking,mobile social networks, and cloud computing. Heis a member of the IEEE.

Changwei Hu received the BS degree in theDepartment of Electronic Engineering from Xi’anUniversity of Posts & Telecommunications,Shaanxi, China. He is currently an engineer inthe Shaanxi Broadcast & TV Network Intermedi-ary (Group) Co., LTD. His research interestsinclude smart home and end-use products.

" For more information on this or any other computing topic,please visit our Digital Library at www.computer.org/publications/dlib.


Documents

1044 IEEE TRANSACTIONS ON MOBILE COMPUTING, VOL. 14, … · smart phones for unlocking smart phones. However, due to the relatively small screen and frequent unlocking request, it