Your phone could soon recognize you based on how you move or walk |

Your phone could soon recognize you based on how you move or walk

The Washington Post
Within 18 months, your phone may be able to identify you based on the gait of your walk, the tension in your hand or the way your thumb moves across the touch screen.

Within 18 months, your phone may be able to identify you based on the gait of your walk, the tension in your hand or the way your thumb moves across the touch screen.

That’s the Pentagon’s plan: It’s in the final phase of testing technology that will reduce smartphone users’ reliance on difficult-to-remember passwords or an endless stream of text message verification codes, an official there told me.

It’s working with computer chipmakers and smartphone developers to make the technology commercially available as early as 2020, said Steven Wallace, a systems innovation scientist at the Pentagon’s Defense Information Systems Agency, or DISA. It’s currently testing the system on 50 phones at the Defense Department.

“Our goal from the very start was not to have something that was focused solely on the DoD,” Wallace said. “Our focus from the start was something usable at the commercial level.”

The tech companies haven’t made any firm commitments to adopt the identification system but appear eager to integrate the technology into smartphones within the next year or two, Wallace said.

He declined to name the companies DISA is working with but said if all goes well, the technology “will be available in the majority of handsets” in the United States.

The technology would offer an extra layer of security for smartphone users by ensuring that a thief — or someone who, say, picks up a phone left on a subway seat or park bench — doesn’t get access to all the personal and professional information stored inside the device, Wallace said. If stolen phones are inoperable, there’s less of a market for them. And more broadly, if consumer devices are better protected, national security improves: It gets tougher for hackers to steal information and intellectual property.

But the Pentagon’s motivation is not just about securing consumers: If the tool is commercially available, the Pentagon can get the extra protection without paying an arm and a leg for specialized devices that only highly secured industries are using. In the past, Wallace said, the Pentagon has built super-secure smartphones but they’ve been too costly to deploy to anyone but a handful of top officials — costing more than $4,500 per unit.

Once the technology is fully vetted, DoD plans to use the technology for general purpose smartphones but not ones that access classified information, he said.

Wallace hopes the cutting-edge identity verification system will be like the Global Positioning System and the Internet itself – in that they are all tools that were initially developed for military use but ended up benefiting society at large.

“I’m not going to say that we’re going to create something that’s as broad and as grand as GPS or the Internet, but there’s a history of the department working on things and those things ending up in consumer devices,” Wallace told me.

Similar technology is being used to verify the identities of some employees in highly regulated industries, such as financial services and health care, but it isn’t deployed commercially, Dawud Gordon, CEO of the company TwoSense, which is working on a separate but related DISA project, told me. Those industry tools build the sensing technology into software rather than into the smartphone’s hardware, Gordon told me.

The DISA project relies on sensors that already exist inside smartphone computer chips and are used by gaming apps but not generally for security, Wallace told me.

DISA is working with a contractor to use those sensors to create a unique profile for how each smartphone user does various things, he said – including walking with the phone, typing on it and pulling it out of her pocket or purse. DISA then creates a “risk score” for the user that includes a weighted combination of all those factors, he said. If this score drops too low the person will be locked out of the phone.

If a person is locked out in error, she could regain access using a more standard log in, such as a password, Wallace told me.

Just because the capability exists in the phone’s hardware doesn’t mean people would have to use it to verify their identities, Wallace said. The smartphone provider could offer it as an option or organizations could use it to ensure employees don’t leave unsecured devices in cabs or restaurants.

Because the sensors are on the phone’s hardware, the information they collect won’t be available to phone apps or other third parties, Wallace said, reducing privacy concerns. The only information that should leave the hardware side is when the phone user’s risk score drops too low and she’s locked out, he said.

Testing on DOD devices is expected to be finished within two months.

Categories: Business | Wire stories
TribLIVE commenting policy

You are solely responsible for your comments and by using you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.