The US Department of Defense (DOD) is slowly adopting a biometrics-based system as a possible replacement for its classic card-based access and authentication solution.
Last week, a second DOD department — the U.S. Army Network Enterprise Technology Command (NETCOM) — agreed to adopt the solution after in June the Defense Innovation Unit – Experimental (DIU-X) also took the same step.
Both systems were contracted from the same company, Vancouver-based Plurilock Security Solutions.
The new system, called BioTracker, works by logging per-user keyboard typing speed, keystroke style, and mouse use. It then creates a unique fingerprint for each user and uses it to continuously authenticate the DOD employee while using a computer.
Plurilock says BioTracker — a behavioral biometrics solution — works best at detecting employees or intruders using stolen credentials. Even if the intruder gets hold of a DOD staffer's password, he won't be able to duplicate his typing style and speed.
Until now, the DOD has used classic access cards to let employees into facilities and access secure computer systems. These cards are known as CACs (Common Access Cards) and have caused some discomfort over the years as they were hard to replace in a timely fashion.
Plurilock says BioTracker needs only 20 minutes to create an employee profile, and the system adapts across time, as the user changes his typing.
The new system is advertised as a "proof-of-presence" authentication solution and is currently under testing. CACs, two-factor and multi-factor authentication systems will remain in place for the time being, but Plurilock and the DOD hope that one day BioTracker will help replace the CACs altogether.
The DOD is taking the most cautious approach to this issue and is following industry advice of not deploying biometrics as the sole authentication solution, but using it in conjunction with other systems.