We introduce new secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users. Our protocols allow a smartphone to privately perform continuous and unobtrusive authentication using touch behaviors. Through our protocols, the smartphone does not need to disclose touch information to the authentication server. Further, neither the server nor the smart- phone have access to the content of the user’s template. We present formal proofs to substantiate security claims on our protocols. We then perform experiments on publicly available touch data, collected from forty-one users. Our experiments on a commodity Android smartphone show that our protocols incur an overhead between 263ms and 2.1s.