New York AI startup TWOSENSE.AI was awarded a $2.42M contract by the U.S. Department of Defense (DoD) under which it will have to implement an uninterrupted multifactor authentication using deep neural networks which will eventually replace DoD’s physical ID chip cards (CAC), with its continuous behavioral biometric authentication.
TWOSENSE.AI will have to solve one of the most time-consuming everyday tasks for government employees who work with sensitive data: having to re-authenticate over-and-over again after leaving the desk to perform other tasks.
To be more exact, TWOSENSE.AI's deep learning-based artificial intelligence tech is designed to recognize the behavior of authorized users and to replace conventional authentication methods with behavioral biometrics-based ones.
The company's behavioral biometrics tech will also be able to solve another possible issue DoD employees might face: having someone step in in front of their computer while they are away and the system is not logged out.
Behavioral biometric authentication with no extra hardware requirements
If that would happen, TWOSENSE.AI's product would detect the intruder based on a number of tracked behavioral elements and force an authentication challenge.
“Both DISA and TWOSENSE.AI believe that continuous authentication is the cornerstone of securing identity. Behavior-based authentication is invisible to the user, therefore it can be used continuously without creating any extra work,” said Dr. Dawud Gordon, the firm's CEO.
When asked by Bleeping Computer if the TWOSENSE.AI behavioral monitoring software requires additional hardware to run on a system, Dr. Dawud Gordon stated that "Our product is software only and relies only on hardware and sensors that are ubiquitously available in every mobile phone, laptop, desktop, and workstation computer."
When it comes to the type of behavioral patterns the company's product tracks, he mentioned "Right/left handedness, typing impact, pressure, fingertip size, muscular tremors, app usage profiles, commute patterns, daily routines, in some cases ballistocardiography, etc. To name a few."
As detailed in the press release:
TWOSENSE.AI’s machine learning technology models the unique behavior of each user, such as the way they walk, interact with their phone, commute to work, and how and where they spend their time. Through the power of deep learning, algorithms are highly personalized, learning the personal characteristics that make each user unique on an individual level.
Continuous learning solution which adapts to new behavior
This continuous authentication system will also allow the DoD to drastically decrease the overall security breach risk for the departments where it will be implemented, while also unnecessary authentication challenges and having as a direct result a friendlier and more secure employee authentication platform.
While TWOSENSE.AI’s behavioral biometric authentication system could lead to false positives which would trigger superfluous authentication challenges, Dr. Dawud Gordon argued that an override is not necessary seeing that "this is not a situation that has occurred. Currently, worst-case scenario is that the user is challenges as frequently as they are today."
Also, if a user would suddenly change his behavior, the system "would trigger a challenge, but the resulting authentication triggers a new period of learning that adapts to the user. It's a continuous learning solution."
To conclude, while TWOSENSE.AI’s behavioral authentication product was not part of any research project investigating its effect on employees' morale seeing that it continuously monitors their every move, the company's CEO says that it "performs authentication only, and contains no user name, email, phone number, address, SSN, or any PII whatsoever."
The US Army loves new ways of tracking people. I always told people that smartphones were portable RADARs that just lack the software. Now it's here.
You can identify people through walls using just a smartphone and some code, based on how they move and their body shape, since human bodies reflect radio frequency.
Similar to "RF capture" but requires only code on a smartphone. It's likely that a government agency is already using this and "acoustic microwave vibrometry" algorithms to monitor people with code on wifi routers and smartphones. What the public is allowed to know is usually many years behind what the military already has.
If it were a hardware update I'd be impressed. It's only code.
EDIT2: Not sure how much this would slow down a smartphone or other device, but imagine it was installed secretly on millions of devices throughout the world. If it wasn't very noticeable, and remotely activated when needed, anyone could be tracked anywhere. Stalkers dream come true.