Bypassing the Password

by RANDALL STROSS,  NYT Business Day

The U.S. Defense Advanced Research Projects Agency (DARPA) wants to confirm a user’s identity by the way they type on a keyboard instead of using passwords. That’s a vision that the Defense Advanced Research Projects Agency, part of the Defense Department, wants to turn into a reality. It will distribute research funds to develop software that determines, just by the way you type, that you are indeed the person you say you are.

“What I’d like to do is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions,” says DARPA’s Richard Guidorizzi.

Various research efforts are underway to authenticate users by the way they operate a computer. For example, Carnegie Mellon University professor Roy Maxion is researching keystroke dynamics, including the length of time a user holds down a given key and moves from one particular key to another. Pace University professor Charles Tappert has developed software that analyzes the distinctive patterns of keyboard pressure and can accurately confirm the identity of a test taker in 99.5 percent of cases.

Columbia University professor Salvatore J. Stolfo has developed software that uses a decoy document designed to lure and catch intruders. When a decoy file is opened, the system software checks to see whether the user has conducted file searches on the computer that fit the expected search pattern. If there is no close match, the system sets off an alarm and asks the user for an identity confirmation. ….. Report

DCL: Seems to amount to some research into developing sophisticated complex event processing technology.