Behavioral Biometrics

Behavior Silent Authentication

Pedro LARA
Digital Banking & Payment Business Development & Marketing
May 2017
 Login as We Know (Old Fashion Way)

2 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 Login as We Know (Old Fashion Way)

1. Create strong passwords

2. Use a different password for each account
3. Get a password manager
4. Turn on multi-factor authentication

3 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 fingerprint recognition
device identification
future proof
assurance level mobile authentication
data privacy
easy integration
behavioral biometrics disaster recovery
cyber attacks
user convenience agility
risk management
multi-channel experience security
social reputation IP intelligence regulations
user preferences
geo-location face recognition
easy step-up
4 10 Frum Internacional de TI Banrisul - Gemalto Confidential
 User convenience is Key!
Omni-Channel is still a Must!

5 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 The Challenge To Find a Balance
1FA 2FA 3FA
Device Binding
Device Binding
+
Device Binding
+ Bio Factor

OR
+
Bio Factor PIN Code PIN Code

Login / Check Balance / Register New Payee / Domestic Money Change Contact Details /
Use cases
Transfer to Own Account Transfer / Card Threshold Management International Transfer

Security

Convenience

6 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 Behavioral Biometrics

The What you do! & How you do it!

7 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 Behavior is linked to interaction The more the better!

PRESS FLIGHT SEQUENCE MOUSE

SURFACE GYROSCOPE ACCELEROMETER

PRESS FLIGHT SEQUENCE

PRESSURE MOTION HIT ZONE

8 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 The Concept

User 1 User 2 User 3

9 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 we all scroll differently,

10 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 we all hold our phones differently,

John Doe
****
LOGIN

GYROSCOPE WHEN TYPING A 4-DIGIT PIN

11 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 we all type differently,

12 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 and we are not robots!

John Doe
****
LOGIN

PRESS FLIGHT

13 10 Frum Internacional de TI Banrisul - Gemalto Confidential

Easy enrollment of users
User profile lifecycle

Creation
Training
Training
Maturity
Resetting Maturity
Force Training
Whitelisting
Reset Targets
Whitelisting
Force Training
Reset User
 Performance increases with keystroke numbers and
used sensors Mobile keyboard

Desktop keyboard

PRESS FLIGHT SEQUENCE

Equal Error Rate vs Number of keystrokes

Mobile keyboard #1
Equal Error Rate (ERR)

+
GYROSCOPE ACCEL. HIT ZONE

Mobile keyboard #2

+
GYROSCOPE ACCEL. HIT ZONE

0 1 2 3 4 5 6 7 8 9 10 11 12
+
Number of characters in target SURFACE PRESSURE

15 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 Sessions, end user behavior

Pre analyze 1 password.

22 dimensions.
Behavioral
16 10 Frum Internacional de TI Banrisul - Gemalto Confidential
15 end user profiles.
Analysis
User continuously assessed

17 10 Frum Internacional de TI Banrisul - Gemalto Confidential

 Conclusions

> No matter what, you will always have to authenticate

> Users prefer friendly interfaces and interactions
> Behavior Analysis is a powerful tool to verify authenticity
> Behavioral Biometrics makes you unique

18 10 Frum Internacional de TI Banrisul - Gemalto Confidential

Thank you.