NSA Trying to Track Your Smartphone Finger Strokes
Smartphone technology built by Lockheed Martin promises to verify a user's identity based on the swiftness and shape of the individual’s finger strokes on a touch screen.
The National Security Agency has tested the use of smartphone-swipe recognition technology, according to the tool’s manufacturer.
The mobile device feature, created by Lockheed Martin, verifies a user's identity based on the swiftness and shape of the individual’s finger strokes on a touch screen. The technology is but one incarnation of handwriting-motion recognition, sometimes called "dynamic signature" biometrics, which has roots in the Air Force.
"Nobody else has the same strokes," said John Mears, senior fellow for Lockheed IT and Security Solutions. "People can forge your handwriting in two dimensions, but they couldn't forge it in three or four dimensions. Three is the pressure you put in, in addition to the two dimensions on the paper. The fourth dimension is time. The most advanced handwriting-type authentication tracks you in four dimensions."
The biometric factors measured by Lockheed's technology, dubbed "Mandrake," are speed, acceleration and the curve of an individual’s strokes.
"We've done work with the NSA with that for secure gesture authentication as a technique for using smartphones," Mears said. "They are actually able to use it."
Nextgov has contacted NSA for comment.
Lockheed officials said they do not know how or if the agency has operationally deployed the Mandrake smartphone doodling-recognition tool. The company also is the architect of the FBI's recently completed $1 billion facial, fingerprint, palm print, retina scan and tattoo image biometric ID system. That project, called the Next Generation Identification system, could tie in voice and "gait matching" (how a person walks) in the future, the bureau has said.
Mandrake potentially might be useful for emergency responders who often do not have the time or capability to access an incident command website, Mears said.
"If you are going 100 miles down the road, you are not going to enter a complex 12-character password to authenticate yourself,” he said. “We have some customers who deal with radioactive material and they can't touch things" that small with gloves on -- "How do they authenticate?"
In 1978, the Air Force and contractor MITRE published some early test results on handwriting-motion ID verification. The use case back then involved gaining entry to restricted facilities, not locked-down smartphone apps.
As part of a project to develop external physical security systems for the Pentagon, the Air Force acquired an "automatic handwriting verification system," according to a research abstract. The technique required two forms of identification.
"An individual desiring access into a controlled area arrives at the entry control point" and types in a four-digit ID number "through a keyboard," the paper states. Then, the system prompts the user to further prove identity through handwriting. It matches the individual's scribbling in real time against a pre-enrolled “pressure versus time history of a signature,” the study states.
Experiments were performed in a laboratory and in a weapons storage area at Pease Air Force Base in New Hampshire. Interestingly, the error rate was higher for females than for males. But in general, it was determined the results should not be affected by "the sex or the handedness" of the person. At that time, the technology was too embryonic to operate under real world conditions, the research said.
Today, in retail, handwriting-gesture recognition is sometimes used to enhance customer service, by allowing sales staff to authorize sensitive transactions wherever convenient.
For example, in 2012, Asian life insurance company AIA started using a Kofax-brand app on tablet computers that captures the image, speed and acceleration of a person’s strokes with a stylus.
Broadly speaking, however, gesture recognition has not found its sweet spot in the ID management sector.
A 10-year biometrics market forecast released earlier this month by research firm Tractica found that the technology was not lucrative in any of the 194 countries analyzed.
"Research on signature dynamics . . . has been ongoing for nearly 50 years, but still there is no viable use case, and it was never mentioned during any of the interviews conducted for this report," the study concluded.