API Security & Identity

Motion-Based Behavioral Biometrics


Are humans destined to be the “Weak Link” in cybersecurity? 

Security professionals often lament the “human element.” They usually cite human fallibility as one of the reasons our systems are not secure. As humans, we are not good at coming up with or keeping track of passwords. We don’t follow security guidelines. We are easily fooled by phishing or social engineering. We often act in ways that leave systems vulnerable.

It is time to flip this attitude around. Yes, humans are not machines. We are wonderfully flawed, and unique: a combination of nature and nurture, a product of our experience and circumstance, all woven together with the human spirit to form the tapestry of who we are. All of these little imperfections are not “bugs” to be fixed, but form the core of our humanity.

Enter motion-based behavioral biometrics:
One Small Step for Man, One Giant Leap for Authentication

In August, UnifyID released a new API called GaitAuth™ which can authenticate a person based on the motion associated with their gait – the way they walk – completely passively and at a high level of accuracy. It is able to return an authentication result after only a few steps of carrying your phone. This allows you to authenticate a user using one of the most natural human actions: walking.

You may wonder how unique someone’s gait truly is. Your gait is a product of your unique physiology and years of muscle memory. And unlike static biometrics like fingerprint or facial recognition, it is dynamic and constantly changing, and it is hard for others to spoof and steal. We’ve tested our models using anonymized data from millions of mobile phones and found the accuracy of gait-based authentication can rival other biometrics like fingerprint, iris, or face. Gait also has the benefit that it continues to work even if the user is wearing a face mask or gloves.

GaitAuth is the culmination of almost four years of research and development into motion-based behavioral biometrics from the UnifyID team to bring a solution that is highly accurate, efficient, robust, and secure.

How does it work?

UnifyID GaitAuth SDK leverages the readings of the motion sensors in the smartphone to identify a user’s movements. Since each individual moves in a unique way, these sensor readings can help us uniquely identify a person based on the way they move and walk.

Motion-based behavioral biometrics use cases

Because GaitAuth can run passively in the background, it is useful in a wide variety of situations:

  • Continuous Authentication: You can detect if a device changes possession within a handful of steps and deauthenticate the user. The user also does not need to be walking to authenticate. Because GaitAuth runs passively in the background, you can also use historical information about the last time they were walking and whether the phone has left their possession since that time.


  • Cross-Device Authentication: Automatically unlock your computer when you approach your desk or touchless access to ATMs, kiosks, or point terminals. You can leverage the passive GaitAuth biometric signal from the phone to authenticate to other devices, without having to take out your phone.


  • Restricted Access: motion-based behavioral biometrics are a great fit for situations where workers have access to sensitive data, but are on the move and need to authenticate often, such as medical workers, airport personnel, or flight attendants. This is especially true if workers may be wearing masks or gloves, as face or fingerprint recognition may be impractical.


  • Opening Doors: By using GaitAuth, a user can walk up to a door with their phone and have the door unlock automatically. If someone steals their phone, their gait signature will not match and they cannot unlock the door. 
John Whaley

John Whaley

Founder and CEO of UnifyID
John Whaley is Founder and CEO of UnifyID. He was previously Founder and CTO of Moka5, and was a Visiting Lecturer in Computer Science at Stanford. He is an expert in computer security and has spoken at numerous conferences and industry events, including RSA Conference four times. He holds a doctorate in computer science from Stanford University, where he made key contributions to the fields of program analysis, compilers, and virtual machines. He is the winner of numerous awards including the Arthur L. Samuel Thesis Award for Best Thesis at Stanford, and has worked at IBM’s T.J. Watson Research Center and Tokyo Research Lab. John was named one of the top 15 programmers in the USA Computing Olympiad. He also holds bachelor’s and master’s degrees in computer science from MIT.

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture