What if you sat down at your computer to work and it recognized you merely by the way you moved the mouse?
This kind of authentication may not be so far off in the future. The Department of Defense says its Defense Advanced Research Projects Agency is working to create a system that identifies people through a "cognitive fingerprint," rather than using biometric sensors to read fingerprints and other physically identifiable traits.
The Active Authentication program aims to develop new ways of ensuring the person using a computer console is authorized to do so. It is leveraging software to identify unique aspects of a person based on behavioral traits.
The computer user authentication systems being used today require an extra step, such as entering a password or scanning a fingerprint or iris. Passwords inherently have drawbacks, because they can be cracked. The current biometric tools are safer but still take time and interrupt natural workflow.
"What I would like to do is I'd like to move us to a world where you sit down at a console, identify yourself, and you just start working," Richard Guidorizzi, manager of the Beyond Passwords program (part of the Active Authentication effort) said in an article on a Defense Department Website. "The authentication happens in the background -- invisible to you -- while you continue doing your work without interruptions."
The Active Authentication program will have several phases. In the first phase, researchers will look into biometric methods that don't require additional sensors to capture a person's identifying information. The software will be designed to track behavioral patterns and traits to develop a cognitive identity that can be used to authenticate the user. These traits will include how a person moves the mouse or even a person's writing style (as identified by the use of language in emails or documents), DARPA said. It will seek technology that is viable for both small-scale and large-scale deployments during this program phase.
Later phases will focus on integrating new technologies into a software system that can be deployed across the Defense Department to protect desktop and laptop computers. DARPA plans to use open APIs to create a modular system that can leverage other third-party biometrics software and hardware as it is developed in the future.
The cognitive fingerprint would not work when I was tired or not feeling well, and if microsoft had anything to do with it, it would not work at all. The problem of this concept, as with all similar concepts, is that the key record must reside someplace, and that place is not secure, and can't be secure. Likewise the fingerprint and eye exam systems. Each is a fair deterent but none is invinceable. A password with pauses in the cadence could be quite secure until hackers figured out how to record keyboard entry cadence.
A far better system is to only have "trustworthy" people in the area, and to mandate that sensitive material never leave the secure area. Yes, that would indeed be quite inconvenient. But staying secure is almost always inconvenient. Oh Well!
Say someone gets your p/w and accesses your computer...but doesn't use it like you usually do- too hesitant, maybe typing much faster or slower, something. The operating system recognizes that there's an issue. It challenges you to further identify yourself, and if "you" can't it locks down again. Maybe to a tighter level. A system like that might actually be, as they say, a good thing.
This is a very interesting concept and one that would throw hackers a curve as the technology develops.
I think this will start out like voice recognition technology... llimted and a little rough around the edges. However, as time progresses and more sophisticated algorithms are employed, I think this will become a valuable security option.
This DARPA technology reminds me of the Context Awarness research being conducted by MIT's Media Lab where the computer can recognize the user's emotional behavior patterns and adjust automatically their work environment. Hackers will definitely find this method of security intriguing to crack.
That's a pretty interesting development, although I would think from a security standpoint, there are tradeoffs. Isn't it easier to mimic someone's gestures and writing style than to somehow clone their biometrics identity? In any regard, pretty cool stuff and if nothing else, the science behind the cognitive fingerprint could have great application in a host of areas.