To address security vulnerabilities arising from the lack of caller identity authentication during smartphone voice calls—leading to potential leakage of sensitive information—this paper proposes an implicit receiver authentication method leveraging pinna-based echolocation. The approach emits ultrasonic signals via the earpiece and captures user-specific, live biometric echoes reflected by the external ear using the top-mounted microphone, enabling hardware-free, seamless authentication. Innovatively treating the dynamic anatomical structure of the pinna as a live biometric key, the method integrates active ultrasonic sensing, echo signal modeling, time-frequency domain feature extraction, and a lightweight classifier. Evaluated across diverse scenarios, it achieves a mean balanced accuracy of 96.95%, demonstrating robust resistance against replay and spoofing attacks while maintaining high security and usability.

Receiving calls is one of the most universal functions of smartphones, involving sensitive information and critical operations. Unfortunately, to prioritize convenience, the current call receiving process bypasses smartphone authentication mechanisms (e.g., passwords, fingerprint recognition, and face recognition), leaving a significant security gap. To address this issue, we propose SCR-Auth, a secure call receiver authentication scheme for smartphones that leverages outer ear echoes. It sends inaudible acoustic signals through the earpiece speaker to actively sense the call receiver's outer ear structure and records the resulting echoes using the top microphone. These echoes are then analyzed to extract unique outer ear biometric information for authentication. It operates implicitly, without requiring extra hardware or imposing additional burden. Comprehensive experiments conducted under diverse conditions demonstrate SCR-Auth's effectiveness and security, showing an average balanced accuracy of 96.95% and resilience against potential attacks.