PaymentsJournal
SUBSCRIBE
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
  • Analysts Coverage
  • Truth In Data
  • Podcasts
  • Videos
  • Industry Opinions
  • News
  • Resources
No Result
View All Result
PaymentsJournal
No Result
View All Result

US Defense Information Systems Agency Urges Adoption of Behavioral Biometrics

Tim Sloane by Tim Sloane
August 2, 2017
in Analysts Coverage
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

The US Defense Information Systems Agency intends to pilot a persistent behavioral biometric solution in the next year, providing at least one solid piece of evidence that Mercator’s forecast (Biometrics: A Market Forecast for Consumer Adoption) is coming to fruition:

“A U.S. Defense Department pilot project intends to develop a prototype system within the next year to authenticate the identity of mobile users through their so-called patterns of life, such as how fast they walk to work or locations they routinely visit. The project is designed to benefit warfighters who may not have time for fingerprints, facial recognition scans or other forms of traditional biometrics.

Defense Information Systems Agency (DISA) officials remain mum on many of the details because they expect to award a contract soon, but they allow that a prototype could be developed in as little as six months. “We’re looking to prototype a specific type of technology as we go forward here, and … we’re trying to do it in a fairly rapid fashion. So in the next 12 months, I think you’re going see that technology really evolve,” reports Jeremy Corey, DISA’s assured identity program manager and leader of the agency’s Cyber Development Innovation Cell.

The system is expected to authenticate mobile user identities while developing a trust score, which helps determine the user’s level of access.

“From an authentication and authorization standpoint, it provides a means of developing a trust score with a very high probability that you are who you say you are. From an authentication standpoint, it greatly aids us in our ability to identify users on the network,” explains Capt. Jeffrey Buss, USN, chief technology officer for DISA’s Cyber Development Directorate.

Analyzing patterns of life also will aid DISA’s cyber hunters in tracking threats, says Roger Greenwell, DISA’s chief of cybersecurity and authorizing official, Office of the Risk Management Executive. “It moves even beyond the concept of biometrics in many ways, when you think about how a person writes out something—how they hold a device, how they type, the speed at which an individual enters information. All of these things are essentially patterns of life that can then be used as indicators of who is actually using that device,” Greenwell offers.

Patterns-of-life authentication simply will make life a little easier because users will no longer have to enter a six- to eight-digit personal identification number up to 50 times per day, Corey says. Because the Defense Department will use apps already on a device, authentication will happen largely “in the background,” he notes. “Our industry partners have managed to pack in loads of sensors into mobile devices, from gyroscopes to accelerometers to proximity sensors and ambient light sensors,” Corey points out. “By coupling each of those sensors—or a group of those sensors—together, that could potentially establish a pattern of that particular user.”

Capt. Buss cites the Waze app as an example. “Waze now knows your average speed, and a lot of different things about you are being collected on that phone. Gait is another one we’ve talked a lot about—your stride, if you will—and how you walk,” he adds.


Officials have not yet determined the trust score process. “We’re still working through the details of what that trust is going to allow you to do, but we know with a high degree of certainty we can identify somebody using patterns of life and biometrics as well as location and some other means,” Corey says, indicating that biometrics still can complement patterns-of-life analysis.

DISA officials also emphasize the need for strong encryption to complement patterns-of-life authentication. “We’re talking about other elements or other authentication factors that may potentially supplement that [public key infrastructure] credential as that first initial step to where we may evolve in the future for authenticating users,” Capt. Buss states.”


The article goes on to identify some of the difficulties that the solution must address, some of which are unique to the military while others are much a much more general requirement, such as the need for a secure handset:

“The officials note that warfighters are intended to be the primary beneficiaries. “What we’re really trying to achieve here is to help the warfighter. He or she may wear gloves in the field. You can’t expect that they’re going to be able to authenticate and use a fingerprint on a device,” Corey elaborates. “Maybe they wear goggles. Are you going to expect the warfighter to remove their goggles to do facial recognition?”Tracking a person’s gait will be especially helpful in alleviating the need for fingerprints and facial recognition, Corey indicates. “This is where gait could be very exciting, to help determine whether or not it truly is the right person behind a device,” he says.

While they are not yet able to disclose details, the DISA officials confirm that they are interested in tracking a variety of patterns of life with just one system. “There is work out there that has researched whether or not keyboard cadence can generate a particular and unique pattern that we could tie to a single user,” Corey states. “That is an ongoing pilot that we are in now, and it’s measuring keyboard cadence as well as mouse track movements.”

Although many of the capabilities of interest already are easily available, integrating them all into one prototype still is challenging. “It’s not that the capability is not there, it’s integrating it and implementing it so that the Defense Department can use it. A lot is there—it’s just trying to transform it into something we can use,” he offers.

Officials must begin to integrate capabilities by examining the entire mobile device operating system—a system more complex than many desktops today, Corey says. “We have to … understand how the hardware bits of a mobile device are assembled so that we can establish some trustworthiness in the guts of that mobile device,” he states.”

The Mercator forecast may be a tad aggressive, as I can’t wait for passwords to die a rapid death. That said, this announcement of an impending pilot is a solid contribution that suggests the forecast may be too conservative. We will update the forecast annually so time will tell!

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

Read the full story here 

Tags: Biometrics
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn

    Analyst Coverage, Payments Data, and News Delivered Daily

    Sign up for the PaymentsJournal Newsletter to get exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    Google Wallet Expands Features

    Google Wallet Continues to Bet on Digital with Expanded Features

    June 2, 2023
    digital value

    How Embracing Digital Value Can Help Solve the B2C Payments Conundrum

    June 1, 2023
    instant payments, real-time payments, RTP

    Banks Developing Instant Payments Products in the U.S. Should Focus on Billers to Generate New Revenue Streams  

    May 31, 2023
    Digital Wallet Use Delivers on Convenience and Security

    Digital Wallet Use Delivers on Convenience and Security

    May 30, 2023
    5 Ways to Protect Your Financial Institution from a Cyberattack

    5 Ways to Protect Your Financial Institution from a Cyberattack

    May 26, 2023
    traditional banks

    How Traditional Banks Can Modernize Without Risk

    May 25, 2023
    identity fraud

    Javelin’s Identity Fraud Study Highlights the Changing Nature of Fraud

    May 24, 2023
    SASE, security-as-a-service

    Security-as-a-Service Secures
    Distributed IT Models

    May 23, 2023

    Linkedin-in Twitter

    Advertise With Us | About Us | Terms of Use | Privacy Policy | Subscribe
    ©2023 PaymentsJournal.com

    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    Menu
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Videos
    • Industry Opinions
    • Recent News
    • Resources
    Menu
    • Industry Opinions
    • Recent News
    • Resources
    • Analysts Coverage
    • Truth In Data
    • Podcasts
    • Industry Opinions
    • Faster Payments
    • News
    • Jobs
    • Events
    No Result
    View All Result

      Register to download this complimentary report from CSG Forte: