One’s physical behavior when using an electronic device online may be enough to authenticate an individual, thus alleviating the need for usernames and passwords, new research suggests. And at least one company recently spun off from a British university believes there’s a market for such an authentication method, both from a security standpoint and to improve effectiveness.
Indeed, a user’s e-DNA (electronically Defined Natural Attributes), or the unique behaviors that biochronometric technology uses to determine whether a user is an automated program, or so-called bot, or a human, can recognize an individual on any device anywhere, according to Oxford BioChronometrics, which specializes in the technology. Because people’s e-DNA is unique to them, much like physical DNA, it acts as the new “proof positive” of identification, the company contends.
While not everyone believes consumers will like what eDNA does, the University of Oxford contends it’s a better alternative to existing identifying technology. Its human-recognition technology uses a combination of algorithms that analyze all the different interactions with any device a user could use to access digital content. It then takes those hundreds of variables and boils them down to one unique e-DNA.
“This technology monitors specific interactions between a human being and an electronic device (smart-phone, tablet, computer, etc.), the properties of the device, and conditions at the time an individual is interacting with the device,” Oxford BioChronometrics notes on its website. “All of these factor in to a specific e-DNA for new individual users and to recognize returning users. If the e-DNA of a malicious bot are discovered, it is blocked from engaging with the content you want to protect.”
The university recently spun off the company so it could make its products commercially available. Some 700 firms reportedly already have quietly rolled out its initial product, NoMoreCaptchas, which is designed to stops spam bots from registering and logging on.
Oxford BioChronometrics contends there are no privacy issues with e-DNA because its monitor behavior, not content. “Other security and user-authentication solutions scan your content and save it in cookies to be put to use later by advertisers. That may keep things safe for advertisers, but it certainly doesn’t maintain users’ privacy,” Oxford BioChronometrics says. “We never look at content – we don’t want to know what you’re looking for or what you’re up to.”
Instead, the company’s solutions monitor behavior alone because that is unique enough to identify a specific user. It identifies about 500 different behaviors unique to an individual. And once that user is identified, the website they’re using engages with them as usual. Up to 92 percent of clicks on advertisements and 95 percent of logins are actually from bots, Oxford BioChronometrics research has found.
“We just ensure that the behavior is consistent with the user to make sure everybody – the user, the website, the digital content – is secure,” the company contends. “Plus, the behavioral analysis itself uses enterprise-level encryption when communicating with its secure servers, so it’s extremely well-guarded.”
In a Guardian article, Adrian Neal, who developed the technology while studying at the university and is now chief executive of Oxford BioChronometrics, said electronic DNA allows the company to see vastly more information about individuals online. “Like DNA, it is almost impossible to fake, as it is very hard to go online and not be yourself,” he said. “It is as huge a jump in the amount of information that could be gathered about an individual as the jump from fingerprints to DNA. It is that order of magnitude.”
As Neal views the future, eDNA eventually will be used to allow an individual to log in on any computer or mobile device by confirming their identity. Such uses could include mobile banking and mobile payments, not to mention merchants’ ability to use the technology to customize content messaging.
Also in the article, David Scheckel, Oxford BioChronometrics president, says eDNA would be able to spot whether a click on an advertisement or a site is from a bot, or a real human. “We can hold companies like Google and Facebook to account, and they know this technology is coming,” he said.
Doubts on tech’s future
The ability to use eDNA to identify individuals has developed as computing power has grown with the ability to gather large volumes of information from users. Now, researchers are able to identify much broader and more complex patterns of interaction with computer devices.
As the Guardian article points out, not everyone believes eDNA will become a mainstream product. Chris Mitchell, a professor of information security at Royal Halloway, for example, has his doubts about the technology’s future.
“Using different factors to prove your identity online is always good,” he told the publication, noting his belief that consumers won’t be happy to be continuously assessed based on their behaviors. “It may also add to the cost and inconvenience of business as companies’ own software will likely have to be rejigged.”