Common access cards may be a thing of the past at the Pentagon, with new software and a smartphone that can identify the owner by certain characteristics.
New York-based company TWOSENSE.AI along with the Defense Department have designed an algorithm that would be used for identity verification when defense employees log in to DoD networks, Nextgov reported.
The software could identify users based on patterns in their speech, typing, or gait.
TWOSENSE.AI is based in Brooklyn, N.Y. and has a technology called ballistocardiography that “creates an image based on user’s muscle movements related to the circulatory system,” Biometric Update reported.
The algorithm would consistently monitor the behaviors of the users, creating a complete profile, even including what they do when they aren’t working.
— Nextgov (@Nextgov) February 10, 2019
Verification of the user would be continually updated by using a metrics tracking system that generates a score to ensure the right person is using the device. This method makes it much more difficult to breach than a fingerprint.
Jeremy Corey, chief of the Defense Information Systems Agency’s Cyber Innovation Division said, “This threshold is predetermined by the organization we are piloting our prototype with. This could be configured by the application owner, so long as it is within the authorizing official’s accepted level of risk.”
In October, the Defense Information Systems Agency (DISA) granted the $2.4 million contract through the Rapid Innovation Fund.
— Biometric Update (@BiometricUpdate) February 7, 2019
Dr. Dawud Gordon, CEO of TWOSENSE.AI said, “Both DISA and TWOSENSE.AI believe that continuous authentication is the cornerstone of securing identity. Behavior-based authentication is invisible to the user; therefore, it can be used continuously without creating any extra work.”
Steve Wallace, a technical director at DISA said in 2018 that 75 different prototypes would be delivered to the vendor and once testing is finalized the algorithms would be embedded into the smartphones prior to the Defense Department receiving them.
At that time, Wallace would not mention which smartphones would be used, or who the vendor would be.
A statement released by TWOSENSE.AI confirmed that DISA, Qualcomm, and Samsung are part of the “existing partnerships,” Nextgov said.
Gemalto disclosed that this new initiative will “affect 826,000 National Guardsmen and Reservists, 742,000 civilian personnel and more than 1.3 million men and women on active duty as of 2016.”
At any one time, the universal Common Access Card is being used by 4.5 million personnel, Gemalto added.