recommended reading

NSA Tests Out Smartphones that Recognize Handwriting Motion

Gajus/Shutterstock.com

The National Security Agency has tested the use of smartphone-swipe recognition technology, according to the tool’s manufacturer.

The mobile device feature, created by Lockheed Martin, verifies a user's identity based on the swiftness and shape of the individual’s finger strokes on a touch screen. The technology is but one incarnation of handwriting-motion recognition, sometimes called "dynamic signature" biometrics, that has roots in the Air Force. 

"Nobody else has the same strokes," said John Mears, senior fellow for Lockheed IT and Security Solutions. "People can forge your handwriting in two dimensions, but they couldn't forge it in three or four dimensions. Three is the pressure you put in, in addition to the two dimensions on the paper. The fourth dimension is time. The most advanced handwriting-type authentication tracks you in four dimensions."

The biometric factors measured by Lockheed's technology, dubbed "Mandrake," are speed, acceleration and the curve of an individual’s strokes. 

"We've done work with the NSA with that for secure gesture authentication as a technique for using smartphones," Mears said. "They are actually able to use it."

Nextgov has contacted NSA for comment.

Lockheed officials said they do not know how or if the agency has operationally deployed the Mandrake smartphone doodling-recognition tool. The company also is the architect of the FBI's recently completed $1 billion facial, fingerprint, palm print, retina scan and tattoo image biometric ID system. That project, called the Next Generation Identification system, could tie in voice and "gait matching" (how a person walks) in the future, the bureau has said.

Mandrake potentially might be useful for emergency responders who often do not have the time or capability to access an incident command website, Mears said.

"If you are going 100 miles down the road, you are not going to enter a complex 12-character password to authenticate yourself,” he said. “We have some customers who deal with radioactive material and they can't touch things" that small with gloves on -- "How do they authenticate?"

In 1978, the Air Force and contractor MITRE published some early test results on handwriting-motion ID verification. The use case back then involved gaining entry to restricted facilities, not locked-down smartphone apps. 

As part of a project to develop external physical security systems for the Pentagon, the Air Force acquired an "automatic handwriting verification system," according to a research abstract. The technique required two forms of identification.

"An individual desiring access into a controlled area arrives at the entry control point" and types in a 4-digit ID number "through a keyboard," the paper states. Then, the system prompts the user to further prove identity through handwriting. It matches the individual's scribbling in real time against a pre-enrolled “pressure versus time history of a signature,” the study states.  

Experiments were performed in a laboratory and in a weapons storage area at Pease Air Force Base in New Hampshire. Interestingly, the error rate was higher for females than for males. But, in general, it was determined the results should not be affected by "the sex or the handedness" of the person. At that time, the technology was too embryonic to operate under real world conditions, the research said.

Today, in retail, handwriting-gesture recognition is sometimes used to enhance customer service, by allowing sales staff to authorize sensitive transactions wherever convenient. 

For example, in 2012, Asian life insurance company AIA started using a Kofax-brand app on tablet computers that captures the image, speed and acceleration of a person’s strokes with a stylus. 

Broadly speaking, however, gesture recognition has not found its sweet spot in the ID management sector.

A 10-year biometrics market forecast released earlier this month by research firm Tractica found that the technology was not lucrative in any of the 194 countries analyzed.

"Research on signature dynamics . . . has been ongoing for nearly 50 years, but still there is no viable use case, and it was never mentioned during any of the interviews conducted for this report," the study concluded.​

(Image via Gajus/ Shutterstock.com)

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.