HANDS-FREE SECURITY: So long card keys. Who needs passwords?
Researchers at Germany’s Hasso Platner Institute are finessing a technology that creates user profiles, based on how a person walks or takes their smartphone from a pocket. In the event a phone is stolen, sensors detect the tacit changes in behavior and lower the trust level so the device cannot be used by others to access the owner’s accounts. The more sensors that are used to gather behavioral information, the more reliable the trust values will be.
The technology is being used by the military in uniforms to secure phones and laptops without the use of passports, which are vulnerable to hacking and theft. The institute’s director and the technology’s developer, Christoph Meinel, said, “People in the Army need to have their hands free and need to be recognized automatically.”
He explained, “Behavior identification is better for security purposes than passwords or biometric data. For example, by having sensors in a smartphone, when people move you can analyze this movement data. From that, you can make decisions whether that’s the right person or the wrong person. You can also put sensors in a dress to have the option of identifying you. Doors would automatically open, computers could automatically be used without giving a password.”
Along with Stanford University’s Larry Leifer, Meinel is program director of HPI’s School of Design Thinking. Noting that smartphones typically have 16 sensors, Meinel said the wearer’s sensor data is analyzed and a trust value is added based on behavioral authentication. Gait analysis, which is used by medical professionals, running coaches, sneaker salespeople and, more recently, authorities in China to identify citizens, is only part of the equation. The start-up Nexenio is fine-tuning the concept. For example, when an employee arrives at his or her office, their smartphone uses sensor data to analyze the user’s behavior. Bluetooth beacons provide an indoor positioning system. Instant authentication is provided without the need for any interaction with the user.
Meinel expects luxury fashion companies to take to the technology and embed clothing so that consumers’ devices will recognize them immediately. By embedding sensors in a dress, only the owner of that dress would receive automatic access to designated entrances or possessions. Meinel said, “This would be recognized, because the person moved in a different way. Even if it is only a tiny change, the system can recognize it.”
When a worker gets close to a card-swiping turnstile, the machine recognizes the actions. “When we started this discussion, we thought about using it for the Army. The problem typically with identification is that passwords are very, very insecure. People have trouble remembering them so they choose very simple ones. Passwords are available on the Internet, which are leaked en masse,” Meinel said. “Even the biometric data can be easily stolen. The difference with behavioral identification is that every time it’s newly produced, it’s not stored. When you come the next time, it’s compared to make sure that it’s the right one.”