The degree of interest in applications involving “cognitive fingerprints” has taken off in recent years, spearheaded in large part by government-sponsored research initiatives such as the Defense Advanced Research Projects Agency (DARPA) Active Authentication program, which has facilitated the exploration of numerous novel, multimodal behavioral and cognitive biometric authentication systems by both academic and private industry development teams. The practical interest in using these types of new biometrics is also fueled by the boom in wearable and mobile sensor technologies, which offer a growing number of mechanisms and platforms for continuously detecting, collecting and analyzing a rich array of user data. The confluence of these advancements raises a number of promising opportunities, both in the authentication space and well-beyond (think healthcare, public safety, and insider threat detection, just for starters), along with inherent concerns regarding privacy, and the potential misuse of user data.
“Cognitive fingerprint” is a questionable term at best – it gets the point across, but upon further consideration, behavioral and cognitive biometric data has less in common with traditional, image-based biometric modalities (such as fingerprint, face and iris) than is often assumed. In order to understand the full-scale implications of “cognitive fingerprints” – both present and future – it’s first necessary to form an adequate baseline understanding of what these modalities actually offer. To summarize a few primary distinctions:
- Data composition: Behavioral and cognitive biometrics are most often signal-based, rather than image-based. Inherent features may vary considerably across collected biometric instances, and may also fluctuate or evolve over time, in keeping with our natural shifts in behaviors and cognition patterns.
- Nature of Acquisition: The minimum amount of behavioral or cognitive data required for use in authentication can rarely be captured in a one-off, split-second transaction; rather, extended or continuous collection is required, meaning that an individual, whether actively or passively, must maintain some type of extended contact with/proximity to biometrics sensors. Current initiatives have focused on the use of common sensors, such as those found in a computer or smart phone – keyboard, mouse, touchscreen, and any number of programs.
- Availability: Specific behavioral and cognitive signals targeted for use in authentication and are not continuously generated – rather, these modalities are heavily task-dependent and relate to an individual’s specific activities such as typing, web browsing, or program usage.
- Feature Space: Although availability may be limited, the feature space for behavioral and cognitive modalities is richer and, in some cases, potentially limitless – unlike traditional modalities such as fingerprint which are anatomically limited. The possible biometric points of interest vary and grow depending on an individual’s activities and available sensors.
- Distinctiveness: Behavioral and cognitive modalities are, at present, generally characterized as less accurate than traditional biometrics, and are therefore expected to perform more effectively when deployed in multimodal systems.
- Privacy: Behavioral and cognitive modalities reflect invisible, internal traits. This is a positive from a security perspective – it’s difficult to spoof or steal features that cannot be easily observed or studied. However, these traits can also be construed as highly personal, perhaps more so than a static image of one’s face or iris.
Keeping these distinctions in mind is critical when considering the potential utility, relevance, and feasibility of using novel behavioral and cognitive modalities in authentication systems (or other applications), as these qualities may substantially impact performance. Considering these distinctions also helps highlight potentially significant elements of system functionality – what operational parameters should be set with respect to the collection, analysis, and use of novel biometric data?
Stay tuned for additions to this series that will track Novetta’s most recent experiences and accomplishments in this space, and share some considerations regarding the current limitations and hurdles associated with the research and development of novel behavioral and cognitive-based biometric authentication systems.
Learn more about Novetta’s work with DARPA. Read Improving Authentication Mechanisms for Enterprise Information Systems.