Review: New Software Technology Eases Biometric Process
Seattle based BioPassword is looking to help solution providers overcome those hardware hurdles with their software only solution, BioPassword. The product, which was announced Monday puts a new spin on the Biometric angle, user validation is determined by the behavioral biometrics of keyboard input. In other words, the software learns the frequency and arrangements of keystrokes (their unique typing rhythm) a user selects when inputting an account name and password.
While many may think that would be a simple validation method to crack, the truth is – a user’s keyboarding skills are just as unique as their signature. That makes keystroke capture and tracking a viable biometric process.
Other advantages to the technology include; portability, users do not need access to unique hardware, any connected PC will do. Ease of deployment, as a software only solution, administrators need only install and setup the product on their web servers and then enroll the users. Scalability, the product allows the validation of multiple users across multiple systems, without any additional hardware. The product also eliminates the need for hardware tokens, dongles, keys and other security devices that have been used in place of biometric solutions.
Major features of the product include:
- Authentication Enforcement: enables a second-factor authentication over the Internet without the need for user software or hardware installation.
- Fraud Monitoring: Administrators can use ‘template scoring’ alone or in conjunction with other profiling characteristics to monitor the authentication patterns of groups or individuals and apply internal business rules that challenge suspicious users or limit data or access.
- Multiple Enrollment Options: users can be enrolled immediately, gradually or silently. What’s more, the product offers user transparency; a flash plug-in enables integrated Internet authentication solution using standard browsers.
For solution providers looking to conjure up custom solutions for vertical markets, the company offers a Software Development Kit, which uses .NET Web Service to easily implement BioPassword Internet Edition with any Web application.
The product also employs adaptive learning, where each user's unique typing rhythm is examined and over time refines authentication accuracy.
Furthermore, the product enhances privacy protection, because only keystroke ‘timings’ are stored, which helps to thwart phishing, pharming or keystroke loggers.
Some solution providers may still find the capabilities of this technology unbelievable, but “typing rhythms” have been approved by the FFIEC as an authentication technique that complies with its two-factor authentication requirements.
For end users, the product couldn’t be simpler. The same goes for Solution providers, where installation is quite straight forward and requires a common Windows 2003 server, with .NET and SQL Server installed.
All of the applications management consoles follow a logical course and offer ample help for integrating accounts with active directory and applications. Reporting tools round out the offering, allowing administrators to quickly judge the effectiveness of the product. The “typing rhythm” is tune-able on a user by user basis, in other words, administrators can program in some leeway and deploy fuzzy logic to authenticate the user. That feature is based upon a 0 to 100 scale, where a 0 means that the rhythm must be exact, and 100 allows a great deal of leeway.
BioPassword Internet Edition is available immediately. Standard pricing is a one-time software fee of $30,000, an ongoing maintenance fee of 15 percent, and a subscription fee starting at $1 per user. To support banks, credit unions and other financial institutions responding to customer demands for additional security and guidance from the FFIEC on implementing two-factor authentication by the close of 2006, BioPassword is offering a Compliance Package which includes BioPassword Internet Edition and 10,000 online user licenses (included for the first year) for $30,000 plus maintenance. The Compliance Package will be offered through October 31, 2006.