New Users
Home
Analysts & Consultants
People
Channel Advantage
Products
Technology
Case Studies
Awards
About This Guide
Authentication Solutions Through Keystroke Dynamics
Current Scenario: Last year, 2.5 million Americans lost identifying credentials from phishing attacks, and the U.S. Federal Trade Commission reported more than 255,000 identity theft complaints. Relying on only userID and password to authenticate users is not effective. The success of costly and visible attacks (including phishing, pharming, keystroke logging, spyware, and simple brute-force password cracks) on corporations continues to gain momentum and garner global attention. With these challenges come substantial security requirements for verifying identities, protecting data, ensuring privacy, proving compliance, and shielding the organization from growing internal and external fraud – all without crippling the business or negatively impacting customers.
Tomorrow's Technology Today: BioPassword is the leader in delivering enterprise security software solutions for multi-factor authentication using the biometric science of keystroke dynamics. BioPassword protects corporate and individual assets with a simple, yet powerful combination of the user’s standard login credentials (userID and password) with the behavioral biometric of keystroke dynamics (the user’s unique typing rhythm). A behavioral biometric is a measurable behavior trait that is acquired over time (versus a physiological characteristic or physical trait) and is used to recognize or verify a person’s identity. Keystroke dynamics is one of several innovative technologies used to automate the process of authenticating or verifying an individual based upon a unique, personal behavior – their typing patterns. Examples of other behavioral based biometrics include handwriting and speech recognition. The behavioral biometric of keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad. Keystroke dynamics measures the series of key down and key up event timings while the user types a string. For example, if a user’s password is ‘password,’ then key down and key up events are captured for each character. These raw measurements can be recorded from almost any keyboard to determine Dwell time (the time between key down and key up) and Flight time (the time from key down to the next key down to the time between one key up and the next key up) as represented in the figure below. Once the keystroke timing data is captured, the recorded keystroke timing data is then processed through a unique neural algorithm, which determines a primary pattern for future comparison. As with any biometric technology applied to an authentication function, the technology is used for two major functions: enroll and verify user credentials. As part of the authentication process, the user types an authentication attempt and this sample is compared against the biometric template created during the enrollment process. Based on keystroke timings (and their fit to the stored template) a ‘biometric score’ is returned as the result of the comparison process. The score may then be used for making monitoring and/or access control decisions. By adding the ability to score a pattern against a template, BioPassword gives the customer the ability to associate business rules (such as requiring a challenge question or monitoring a specific transaction) with each authentication attempt rather than requiring a simple access/no access decision. Over time, this user created biometric template might need to evolve. For example, the user might become more familiar with typing their password and require the solution to adapt to the new pattern. Based on neural network technology, BioPassword incorporates adaptive learning to ensure the users’ biometric templates evolve with their changing typing patterns. BioPassword’s adaptive learning capability captures and refines the user biometric template each time the user successfully verifies their biometric credentials. Therefore, the longer a user has the template, the better it will become. By being readily available using any keyboard, uniquely identifying users through the biometric template and learning over time using the neural network properties, BioPassword has developed the industry leading authentication technology using the science of keystroke dynamics. Keystroke dynamics and the BioPassword solution compare favorably with other biometric security solutions and are far more superior to other non-biometric implementations such as profiling technologies and complex passwords. Using keystroke dynamics in authentication software delivers a solution that is fast, accurate, scalable to millions of users, requires no change in user behavior and is immediately deployable across the organization and the Internet without the need for expensive tokens, cards or other specialized hardware. A users “rhythm” cannot be shared, lost or forgotten. Furthermore, a password with a biometric template can easily be reset. If a fingerprint/handprint template is stolen, it is stolen for life. By using BioPassword to monitor and authenticate users, organizations can quickly and cost effectively implement secure access, comply with regulatory requirements, and substantially reduce the risks of fraud. BioPassword delivered the first product based on keystroke dynamics in the PC and Windows workgroup market in 2002. Currently, BioPassword has matured the technology and delivered the world’s leading keystroke dynamics solution for authenticating users over the Internet (BioPassword Internet Edition) and as part of an enterprise network/application security framework (BioPassword Enterprise Edition). BioPassword products are used in banking, eCommerce, healthcare, government, education and technology. Since 2002, BioPassword has filed numerous additional patents to solidify and extend its technology advantage in keystroke dynamics. Furthermore, BioPassword is driving standards for keystroke dynamics as an authentication technology in the INCITS/M1 standards committee.
Tomorrow's Technology Today: BioPassword is the leader in delivering enterprise security software solutions for multi-factor authentication using the biometric science of keystroke dynamics. BioPassword protects corporate and individual assets with a simple, yet powerful combination of the user’s standard login credentials (userID and password) with the behavioral biometric of keystroke dynamics (the user’s unique typing rhythm). A behavioral biometric is a measurable behavior trait that is acquired over time (versus a physiological characteristic or physical trait) and is used to recognize or verify a person’s identity. Keystroke dynamics is one of several innovative technologies used to automate the process of authenticating or verifying an individual based upon a unique, personal behavior – their typing patterns. Examples of other behavioral based biometrics include handwriting and speech recognition. The behavioral biometric of keystroke dynamics uses the manner and rhythm in which an individual types characters on a keyboard or keypad. Keystroke dynamics measures the series of key down and key up event timings while the user types a string. For example, if a user’s password is ‘password,’ then key down and key up events are captured for each character. These raw measurements can be recorded from almost any keyboard to determine Dwell time (the time between key down and key up) and Flight time (the time from key down to the next key down to the time between one key up and the next key up) as represented in the figure below. Once the keystroke timing data is captured, the recorded keystroke timing data is then processed through a unique neural algorithm, which determines a primary pattern for future comparison. As with any biometric technology applied to an authentication function, the technology is used for two major functions: enroll and verify user credentials. As part of the authentication process, the user types an authentication attempt and this sample is compared against the biometric template created during the enrollment process. Based on keystroke timings (and their fit to the stored template) a ‘biometric score’ is returned as the result of the comparison process. The score may then be used for making monitoring and/or access control decisions. By adding the ability to score a pattern against a template, BioPassword gives the customer the ability to associate business rules (such as requiring a challenge question or monitoring a specific transaction) with each authentication attempt rather than requiring a simple access/no access decision.
Over time, this user created biometric template might need to evolve. For example, the user might become more familiar with typing their password and require the solution to adapt to the new pattern. Based on neural network technology, BioPassword incorporates adaptive learning to ensure the users’ biometric templates evolve with their changing typing patterns. BioPassword’s adaptive learning capability captures and refines the user biometric template each time the user successfully verifies their biometric credentials. Therefore, the longer a user has the template, the better it will become. By being readily available using any keyboard, uniquely identifying users through the biometric template and learning over time using the neural network properties, BioPassword has developed the industry leading authentication technology using the science of keystroke dynamics.
Keystroke dynamics and the BioPassword solution compare favorably with other biometric security solutions and are far more superior to other non-biometric implementations such as profiling technologies and complex passwords. Using keystroke dynamics in authentication software delivers a solution that is fast, accurate, scalable to millions of users, requires no change in user behavior and is immediately deployable across the organization and the Internet without the need for expensive tokens, cards or other specialized hardware. A users “rhythm” cannot be shared, lost or forgotten. Furthermore, a password with a biometric template can easily be reset. If a fingerprint/handprint template is stolen, it is stolen for life. By using BioPassword to monitor and authenticate users, organizations can quickly and cost effectively implement secure access, comply with regulatory requirements, and substantially reduce the risks of fraud. BioPassword delivered the first product based on keystroke dynamics in the PC and Windows workgroup market in 2002. Currently, BioPassword has matured the technology and delivered the world’s leading keystroke dynamics solution for authenticating users over the Internet (BioPassword Internet Edition) and as part of an enterprise network/application security framework (BioPassword Enterprise Edition). BioPassword products are used in banking, eCommerce, healthcare, government, education and technology. Since 2002, BioPassword has filed numerous additional patents to solidify and extend its technology advantage in keystroke dynamics. Furthermore, BioPassword is driving standards for keystroke dynamics as an authentication technology in the INCITS/M1 standards committee.
Conclusion: As many companies have found, security, usability and cost are critical components of any security technology implementation. Unlike other biometric security technologies, keystroke dynamics is the only security technology that offers the opportunity to tailor security and usability to offer a “best fit” solution for each application environment.
BioPassword, Inc. 1605 NW Sammamish Road, Suite 105 Issaquah, WA 98027 USA Tel: 1-425-649-1100
BioPassword proudly recognizes everyone in their development team for this award: Artur Babayan; Brian O'Neill; Bobby Bhasin; Chaz Spahn; Danny DeSousa; Jagadeesan Baskar; Jared Pfost; John Stacy; Jonathan (Hong) Wang; Kulwinder Deol; Lensey Hau; Mark Gamache; Mechthild Kellas-Dicks; Mike Stewart; Seshadri Mani; Steve Comninos.
Download the actual white paper From Info Security Products Guide site: CLICK HERE
Recommend this to others:
HOME |
ADVERTISE WITH US |
TELL US ABOUT YOURSELF |
UPDATED PRIVACY POLICY |
Copyright © 2006 Silicon Valley Communications - All rights reserved.
