Time Scheme Method Goal Mobile device Performance (+) and limitation (-) Complexity 2007 Clarke and Furnell [99 ] (i) Keystroke analysis (i) Introducing the concept of advanced user authentication (i) Sony Ericsson T68; (ii) HP IPAQ H5550 + Keystroke latency - Process of continuous and nonintrusive authentication Low 2007 Clarke and Furnell [100 ] (i) Keystroke analysis (i) Enable continuous and transparent identity verification (i) Nokia 5110 + GRNN has the largest spread of performances - The threat model is not defined High 2008 Khan et al. [79 ] (i) Fingerprint (i) Introducing the chaotic hash-based fingerprint (i) N/A + Can prevent server spoofing attack - The proposed scheme is not tested on mobile devices Low 2010 Li and Hwang [85 ] (i) Smart card (i) Providing the nonrepudiation (i) N/A + Can prevent parallel session attacks - Storage costs are not considered 2011 Xi et al. [80 ] (i) Fingerprint (i) Providing the authentication using biocryptographic methods (i) Mobile device with Java Platform + Secure the genuine biometric feature - Server-side attack is not considered at FAR=0.1%, GAR=78.69% 2012 Chen et al. [81 ] (i) Fingerprint (i) Using only hashing functions (i) N/A + Solve asynchronous problem - Privacy-preserving is not considered 2013 Frank et al. [24 ] (i) Touchscreen (i) Providing a behavioral biometric for continuous authentication (i) Google Nexus One + Sufficient to authenticate a user - Not applicable for long-term authentication 11 to 12 strokes, EER=2%–3% 2014 Khan et al. [82 ] (i) Fingerprint (i) Improve Chen et al.’s scheme (i) N/A + Quick wrong password detection - Location privacy is not considered 2015 Hoang et al. [74 ] (i) Gait recognition (i) Employing a fuzzy commitment scheme (i) Google Nexus One + Efficient against brute force attacks - Privacy model is not defined Low 2016 Arteaga-Falconi et al. [70 ] (i) Electrocardiogram (i) Introducing the concept of electrocardiogram-based authentication (i) AliveCor + Concealing the biometric features during authentication - Privacy model is not considered TAR=81.82% and FAR=1.41% 2017 Abate et al. [44 ] (i) Ear shape (i) Implicitly authenticate the person authentication (i) Samsung Galaxy S4 smartphone + Implicit authentication - Process of continuous and nonintrusive authentication EER=1%–1.13% 2017 Khamis et al. [69 ] (i) Gaze and touch (i) Protect multimodality and authorization on mobile IoT devices (i) N/A + Secure against the side attack model and the iterative attack model - Vulnerable to video attacks 2017 Feng et al. [87 ] (i) Fingerprints or iris scans (i) Introducing a biometrics-based authentication with key distribution (i) Google Nexus One + Anonymity and unlinkability - Interest privacy in not considered 2017 Ghosh et al. [83 ] (i) Fingerprint (i) Proposing a near-field communication with biometric authentication (i) N/A + Authentication and authorization for P2P payment - Threat model is not defined High 2017 Mishra et al. [101 ] (i) Biometric identifier (i) Removing the drawback of Li et al.’s scheme [102 ] (i) N/A + Efficient password change + Offline password guessing - Location privacy is not considered 2018 Li et al. [84 ] (i) Fingerprint (i) Introducing three-factor authentication using fingerprint identification (i) N/A + Quick detection of wrong password + Traceability of mobile user - Backward privacy is not considered 2018 Yeh et al. [97 ] (i) Plantar biometrics (i) Introducing critical characteristics of new biometrics (i) Raspberry PI platform + High verification accuracy - Threat model is not defined 2018 Bazrafkan and Corcoran [41 ] (i) Iris (i) Use deep learning for enhancing Iris authentication (i) N/A + The iris segmentation task on mobile IoT devices - Privacy-preserving is not considered