Ryan Peden is a full-stack developer from Toronto, Canada. He has been writing web apps since ES3 was state of the art.

Security for your digital life is more important today than ever, but it can be a real pain. Mobile authentication typically means getting out your phone, unlocking it, opening an app, remembering a password, authenticating in the app. Authentication via biometrics like fingerprints or facial recognition are a step in the right direction, but assume you have an ungloved finger or unmasked face available, among other potential shortcomings. 

UnifyID offers a novel new method of uniquely authenticating using the way you walk. With GaitAuth, an app can provide authenticated user functionality as long as the user is carrying their phone as they walk around. 

In this article, we’ll show how easy it is to integrate GaitAuth into a mobile app and use GaitAuth to authenticate the device’s user before triggering an IFTTT Webhook that could be used for sensitive tasks like home automation and security.

What is GaitAuth?

GaitAuth aims to remove the friction from mobile authentication. 

Anyone who has used a modern mobile device knows that passwords and personally identifiable information are not convenient nor, in practice, all that secure. Multi-factor authentication can help, but many popular authentication factors have drawbacks. For example, codes sent via SMS are susceptible to attacks like SMS spoofing and SIM hijacking.

GaitAuth uses motion-based behavioral biometrics and environmental factors to create a unique digital fingerprint of a mobile device’s user. GaitAuth uses this fingerprint to ensure the user is who they claim to be. This kind of passive authentication means no user disruption and real-time protection.

Even better, the GaitAuth SDK lets you easily incorporate GaitAuth into your mobile apps to provide machine learning-powered authentication. 

How does IFTTT fit in?

IFTTT is a popular automation platform that enables even non-technical users to create automations. Using IFTTT, it’s easy to set up workflows that perform actions in one or more services based on events triggered by a device or service. 

For example, a user with a Ring doorbell could use IFTTT to turn on their house’s interior smart lights if the doorbell detects motion in front of the house. But when manipulating user data and working with home automation devices like smart locks, it’s important to verify the user’s identity. 

For example, what if you could unlock a smart lock for your child just by having them walk up to the door? You want to be certain it’s your child walking up to the door before unlocking it. GaitAuth can provide that certainty. 

Getting started with GaitAuth and iOS

Let’s take a look at how you might use GaitAuth to authenticate IFTTT automations in an iOS app. Before you start, make sure you have CocoaPods installed. It’s the preferred installation method for both the GaitAuth and IFTTT iOS SDKs. 

You’ll also need to sign up for a UnifyID developer account so you can obtain an SDK key.

Start by opening Xcode and creating a new iOS app. To keep things straightforward, create a single-view iOS app using Storyboards.

Next, set up a Podfile in your app’s Xcode project directory, and follow the instructions for installing the GaitAuth and IFTTT dependencies. You’ll end up with a Podfile like this:

target 'GaitAuthIFTTT' do
    pod 'UnifyID/GaitAuth'
    pod 'IFTTTConnectSDK'
end

# Enable library evolution support on all dependent projects.
post_install do |pi|
    pi.pods_project.targets.each do |t|
        t.build_configurations.each do |config|
          config.build_settings['BUILD_LIBRARY_FOR_DISTRIBUTION'] = 'YES'
        end
    end
end

Run pod install from the terminal to install both SDKs. Now add the code needed to set up and use GaitAuth. Start by adding this line to the top of AppDelegate.swift:

import UnifyID

Then, initialize UnifyID just inside the AppDelegate class:

let unifyid : UnifyID = { try! UnifyID(
    sdkKey: "https://xxx@config.unify.id",
    user: "unique-immutable-user-identifier"
)}()

You can generate a real SDK key in the UnifyID developer portal. The user attribute can be set to anything you’d like, as long as no two users of your app have the same identifier. Once you’ve chosen an identifier for a user, use the same value every time that person uses your app.

Using GaitAuth in your iOS apps

The first step in using GaitAuth is creating and training a model. When training is complete, GaitAuth uses this model to identify and authenticate the user of the device. 

To train a GaitAuth model, we’ll use the following steps:

  1. Create a model on an iOS device.
  2. Add features to the model. Features represent data about the way the iOS device’s user walks. We’ll need to gather this data to train a GaitAuth model.
  3. Enqueue the model for server-side training.
  4. Check the status of the model on the server until it is ready.
  5. Download the trained model from the server to the device where your app is running.
  6. Use the trained model in your app to score newly collected features — which GaitAuth does automatically as the user walks around while carrying the device. This lets you authenticate quickly and easily.

Let’s examine how this process looks in Swift. To start using GaitAuth in your app, obtain an instance of it by calling:

let gaitAuth = unifyid.gaitAuth

Before we can effectively use GaitAuth in an iOS app, we’ll have to train a GaitAuth model to learn about your app user’s gait. Next, we create a model:

gaitAuth.createModel { result in
    switch result {
    case .success(let gaitModel):
        // Save gaitModel.id
    case .failure(let error):
        // Handle the error
    }
}

It’s important to save the model ID so we’ll be able to re-load this model from the server if necessary. With the model created, we can start gathering data about the device user’s gait:

gaitAuth.startFeatureUpdates(to: DispatchQueue.main) { result in
    switch result {
    case .success(let features):
        // Called when feature collection is complete
    case .failure(let error):
        // Handle the error
    }
}

Seven days’ training time is optimal. When the app has gathered enough feature data, call:

gaitAuth.stopFeatureUpdates()

This will call the .success result handler, and the features will be ready to use. Note that you need to use an iOS background mode to ensure model training continues even when the app isn’t currently on-screen. If this isn’t possible, use the feature serialization functionality described in the GaitAuth documentation to save the feature data that’s been gathered. This lets the app add to the existing feature collection when execution resumes. 

Next, we add features to the model:

gaitModel.add(features) { error in
    if let error = error {
        // Handle the error
        return
    }
    // Successfully added gait features to model
}

…and start the training process:

gaitModel.train() { error in
    if let error = error {
        // Handle the error
        return
    }
    // Training is in progress. Notify the user if necessary.
}

Training occurs on the GaitAuth server, and can take a few hours. When training is complete, the model’s .status property will be ‘ready‘, so the app should periodically check the status to determine when the model is ready to use for authentication.

Setting up an IFTTT Webhook

Now we’ll set up an IFTTT Webhook. Before proceeding, create a free IFTTT account. 

Start by opening the IFTTT dashboard at https://ifttt.com/home. Then, click ‘Create‘ to add a new Applet:

A picture containing text

Description automatically generated

Then, add an ‘If This’:

A picture containing text, clipart

Description automatically generated

Search for Webhooks and select it:

Graphical user interface, application, Teams

Description automatically generated

And choose ‘Receive a web request’:

Graphical user interface, text, application

Description automatically generated

Enter an event name like ‘gaitauth_trigger‘, and click ‘Create Trigger‘. Finally, add a ‘Then That’ to determine what happens when the webhook is called:

A picture containing icon

Description automatically generated

The task chosen here depends on what action we want the GaitAuth-enabled app to trigger. For example, if the device user has a smart lock and wants to unlock their door once they’ve been authenticated by GaitAuth, they can set up a ‘Then That’ to do exactly that. 

This would be particularly useful in a scenario where a parent would like to automatically unlock a house door when their child is coming home from school and approaches the house. There would be no need to remember to bring a key, and there would be no chance of getting locked out. The app, running in the background, can determine when the child is near home, use GaitAuth to verify that the device is being carried by the right person, and call the IFTTT Webhook to unlock the door.

The included sample app triggers an IFTTT Webhook when the device enters a geofenced area surrounding a user-provided address, but it only does so if GaitAuth authentication is successful. It can be used to perform any action that IFTTT is able to trigger – including unlocking a door when a child is nearly home as described above.

Next Steps

Congratulations, you’ve completed our high-level look at how to use GaitAuth and IFTTT together in an iOS app, with a few deeper dives into code at key points. To see what you’ve learned in action, we’ve created a complete sample app that you can find at https://github.com/UnifyID/blog-ios-ifttt

This is just the beginning! While GaitAuth and IFTTT make a great team, just imagine all the places where your iOS apps could benefit from extremely accurate real time authentication based on behavioral biometrics. 

Sign up for a UnifyID developer account at https://developer.unify.id/ and start building ML-powered gait authentication into your apps today.

This article was originally published on UnifyID’s blog.

How to work with us

  • Contact us to set up a call.
  • We will analyze your needs and recommend a content contract solution.
  • Sign on with ContentLab.
  • We deliver topic-curated, deeply technical content to you.

To get started, complete the form to the right to schedule a call with us.

Send this to a friend