BehavioSec’s authentication based on Keystroke Dynamics has been found to be fully compliant with German Data Protection regulations with respect to financial services organizations and their clients. Germany has some of the most stringent privacy regulations in Europe, and it is necessary for organizations to ensure that personal data that may be collected, does not breach the privacy regulations. Many of you may remember the case of Facebook who ran into problems in Germany with their facial recognition technology some time back.
The technology has been approved for use both in on-prem and cloud environments as it meets the strict requirements for the protection of personal data.
The categorisation of “biometrical data” is a subset of personal data and is defined as “biological properties, behavioural aspects, physiological characteristics, living traits or repeatable actions where those features and/or actions are both unique to that individual and measurable, even if the patterns used in practice to technically measure them involve a certain degree of probability”. So behavioural elements of an individual person, such as a Bank Customer, enrolled via keystroke analysis qualify as Biometric Data derived from behavioural-based techniques.
Does Your PC Trust You?
Since you can never really be sure that someone isn't using your credentials, Behaviosec decided that you needed some help. Welcome to BehavioAion! By continuously monitoring the user’s keystroke & mouse movements, you can ensure that the right person is using the computer at any given time.
How does it work?
Without affecting the normal workflow, BehavioAion monitors the user’s unique behavior and continuously authenticates the active user with a stored behaviometric profile. When BehavioAion detects an unfamiliar behavior, it alarms or shuts down the intruder. In fact this new layer of intrusion detection is providing Continuous Authentication and it provides real-time user behavior analysis at the operating system level. It monitors unique patterns and instantly
This new approach to IT security is currently focused on government desktop & laptops, and you can learn more about it by visiting our website and downloading the DARPA Active Authentication paper.
Does Your Mobile Device Trust You?
Well after the success of the Phase 1 of the DARPA project, BehavioSec has been awarded phase 2 research of the Active Authentication program, which is now moving into the mobile world. So pretty soon even if you leave your mobile device in a taxi, it won’t be much use to anyone unless they are able to copy your exact behavior – which they won’t.
How Do We Know Who You Are?
The goal of Behaviosec is to provide users with a "frictionless experience" and yet at the same time create an extra layer of security for each individual account to protect both the user and the service provider.
However the first time a user accesses an application such as an e-commerce site, or their internet bank. Behaviosec has no profile to be able to verify the users. So the system has to learn your behaviour so that it can create a profile. When the profile has been trained BehavioSec’s technology will start to produce scoring of the behavior which can be used as an extra layer of security.
The training of the biometric profile happens during the initial sessions. The amount of sessions required depends on the set-up of the application. In a web based business application, it is just a simple JavaScript that is generated for each session, and if it is a native mobile application it is part of the mobile application. Because Behaviosec is never visible to the user, it means that no change to existing behaviour is needed to create a profile. We feel it is always better to monitor the end-user’s ‘normal’ behavior and use that as a basis for the biometric profile.
All of the profiling is performed through biometric identifiers, and since a person’s behavior is different on PCs, tablets and smart-phones, BehavioSec has recognized this and compares each user against the right device-family profile. Each end-user ends up with behavioral profiles for laptop/desktops, tablets, and smartphones.