The Challenge: Smarter Systems Require Smarter FusionConsider typing on a micro-second scale: while, to the human ear, everyone sounds the same when they type, on a micro-second scale there are quite a bit of unique and measurable differences between individuals. These are differences that a computer can be taught to detect, but which are nearly impossible for another human to detect or replicate. Incorporating this kind of distinctive and hard-to-steal identifier into an authentication system would be smart. Right? However, access control systems need to be able to recognize and account for those 3 major factors mentioned in my first post that conventional fusion methods usually fail to address:
- Environmental Factors
Common Points of Failure in “non-Intelligent” Fusion Schemes
- Accuracy – Taken at a high level, numerous factors can impact the accuracy of a single keystroke matcher; language, unique user traits, correlations and environmental factors detailed below, as well as others. A smart fusion system must be able to recognize the accuracy of a keystroke matcher and understand how that accuracy compares to other available identity information (whether other biometric modalities or identity proxies).
- Correlations – A computer user naturally shifts between keyboard and other input control mechanisms, such as a mouse or touchpad. A person using a mouse is unlikely to simultaneously generate a high volume of keyboard data. Therefore, a smart fusion system needs to consider whether and in what ratio keyboard data is generated compared to other input mechanisms. The user’s simultaneous engagement with other behavioral sensors may impact the reliability and utility we can derive from keystroke data during a given period.
- Environmental Factors – It’s obvious that users aren’t always using their system to compose emails or the next great novel; often enough, they’re using the keyboard to fill out forms for a new credit card, complete financial work-ups in Excel, or even play the occasional video game. Keystroke matchers weren’t designed to analyze all these varied types of activities with perfect accuracy, so a smart fusion system needs to know when to take the matcher seriously and when not to take it seriously, based on the parameters of the operational environment – i.e. what program is open when typing occurs.
Paths ForwardMy fourth and final post will detail exactly how Novetta approaches this problem with respect to a behavioral keystroke matcher, providing a discreet example of how fusion can be made smarter and more aware of crucial user and environmental aspects. Multiplying this “intelligent” fusion effort across components of a multi-factor authentication system offers unique opportunities to enhance the overall performance of access control systems.
Blog Series: Improving Multi-Modal Authentication Post 1: Why Your Access Control System Needs “Intelligent” Fusion Post 2: Your Access Control System Needs Behavioral Biometrics