Security habits

A security system that combines physical identification with predictions of a person’s behaviour will improve the reliability of biometric analysis, its inventors claim.

Both the UK and US governments are pushing the use of biometrics as a means ofincreasing security at airports and cracking down on crime, but many critics claim the technology remains unproven on a large scale, and may not be up to the job.

Biometric systems measuring vein patterns, signatures or handwriting and face, fingerprint, voice, retina and iris geometry can be used to protect data and control building access. But recognition based on just one of these factors may not be sufficiently robust or may not be acceptable to particular user groups if they find the process invasive or unpleasant.

The Intelligent Agents for Multi-modal Biometric Identification and Control (Iambic) system, developed by Southampton-based neural network and algorithm specialists Neusciences in collaboration with the University of Kent, relies on authentication using more than one biometric measurement coupled with a password for initial access.

This generates a confidence, or risk, score depending on the perceived reliability of the sign-on method used. Software built into the network server then takes data on the user’s working habits in the form of algorithms and compares it to warnings and rules placed in the system by its administrator, such as the threat of an imminent attack on data, before adding it to the sign-on score. The computer then decides what level of access to sensitive data the user should be permitted.

If, for instance, a person who always comes into work late appears to have come in early one day and begins to access sensitive areas of data, he or she would be asked to provide further evidence of identity such as the answer to a preset personal question.

Again, if a person does not make any keystrokes for a set period the system’s adaptive logic will assume they have moved away from their desk and will increase security levels on their return.

Iambic is ideal for use in the banking industry to prevent large-scale frauds as well as within the police force and the NHS where sensitive personal data may be involved, said Brian Kett, general manager at Neusciences.

‘Most fraud is internal, with people gaining access to areas they should not through identity theft. We need a better system for the initial identification of people including a password, use of biometrics and the monitoring of behaviour patterns.’Kett said the system is also ideal for use in cash machines.

If, for instance, a person tends to withdraw a regular amount of money from a machine within a certain area but then deviates from this pattern, they could be asked an additional question to verify his or her identity.

The research is part of the £15m Management of Information programme funded by the DTI, the EPSRC and the Economic and Social Research Council (ESRC), which aims to encourage research and improve collaboration on fraud prevention, privacy and security.

Iambic has built a working demonstration model and is now looking for businesses suitable for a pilot project.

On the web