DARPA: A really crazy US Military Technology Service is developing a form of biometric measurements based on how one handles his computer mouse.
The company is preparing to add biometric behavioral data, such as how a computer user operates a mouse or writes an email, to existing software technical authentication. Existing authentication techniques include something you know (like your password or PIN), something you have (like a number from your RSA token key-fob), and conventional biometrics (like your fingerprints).
Researchers at the US Army academy West Point have received multi-million dollar grants when the green light from the DARPA (Advanced Defense Research ServiceOr Defense Advanced Research Projects Agency). Grants are part of it active authentication program of DARPA.
The program describes a behavior-based recognition technology also known as "cognitive fingerprint" that will replace outdated passwords.
The current standardized method for validating a user's identity in an IT system requires something that is inherently unnatural: creating, remembering, and managing large and complex passwords.
The biometrics program is geared towards creation next generation biometrics that can help them users with technology coming straight from the US Department of Defense. (ss This is not necessarily a good thing….)
The combined approach of using multiple ways to continuously verify a user's identity is expected to bring very secure, valid and transparent systems. The authentication platform will be developed with open application programming interfaces (APIs) to enable the integration of other software or biometric material made available in the future from other sources.
Mark Stockley, an independent consultant, welcomed the new behavioral recognition technique and says it is far superior to other forms of identity authentication. How a user handles a mouse could be distinctive and very difficult to imitate, creating a biometric that has the advantage over fingerprint sensors.
"If effective, cognitive fingerprinting could offer significant advantages over other existing forms of authentication," Stockley told Naked Security blog of Sophos.
“Unlike today's biometrics that are used that does not require an expert latest technology equipment and unlike password authentication they don't rely on users' memory, or whether a password is strong or not.”
"Technology should also enable continuous authentication in computer systems, so that users stay connected when they are online and log off immediately when they leave."