clock menu more-arrow no yes

Filed under:

DARPA proposes 'Active Authorization' method to keep users logged in based on usage traits

New, 13 comments

DARPA is researching a biometric authentication system that tracks the unique characteristics of individual users, such as key stroke length. If the system detects a change in the user, it would lock them out.

active authorization darpa
active authorization darpa

DARPA wants you to forget about passwords when you sit down in front of a computer. Instead, just be yourself. At least that's what the defense agency is hoping to achieve through its Active Authorization program. Instead of memorizing lengthy, complex passwords, DARPA is trying to create an authentication system that uses a unique usage "fingerprint" and constantly monitors how you interact with a device. The system would track characteristics such as the length of key presses, patterns in mouse usage, and the style and language used in emails. By constantly monitoring these data points, a user would stay logged in simply by using the computer. If they got up to leave and someone else tried to use the it, the software would identify them as a different person and lock them out or modify their access.

If this sounds impossible, there's already some promising research to show it can be done. Dr. Charles Tappert at Pace University has collected the data patterns of keystrokes from hundreds of test subjects, and claims his system can correctly identify users an average of 99.3 percent of the time. However, his system currently requires a large sample from each user to work, but DARPA wants a system that would immediately authenticate, as well as detect a change in user. So while the research shows it can be done, the tech isn't yet up to snuff. A company called Scout had also previously looked into using the typing cadence of passwords as a unique identifier for users. It had estimated that 2 out of every 40,000 people shared the same typing patterns. However, DARPA wants to use multiple metrics that will hopefully result in a unique profile that is accurate enough to act like a fingerprint.

DARPA is currently researching how many different metrics it can collect for a user without using an special hardware, and there's no timeframe for when a working system will be up and running. While we can see how "active authentication" would work for someone already working at a terminal, we're not sure how this method would apply to an initial log in, when a user hasn't yet started using the computer. Perhaps the answer is related to the next stage of research, when it plans to integrate the various biometric data points into a new authentication platform that would work on a typical computer within DARPA. You can watch DARPA's Program Manager Richard Guidorizzi give an overview of Active Authorization below.