FYI.

This story is over 5 years old.

Tech

In the Future Your Phone Will Have to Trust You

The days of PINs and fingerprint identification are over. Canadian based Zighra is developing phone software that reads how you swipe to figure out who you are.
Image: John Karakatsanis

The PIN or fingerprint you use to access your smartphone will soon become a relic of a less secure era. While voice and retina scanning identification are tossed around a lot as possible future smartphone features, developers at the Canadian tech startup Zighra are working on a next-generation kinetic ID that will recognize users by their swipe—a development that radically changes how we engage with the security systems that guard our phones. Zighra is working towards a prototype to be ready by late summer.

“One way people look at [kinetic ID] is as a biometric,” said Anil Somayaji, a computer scientist and professor at Carleton University in Ottawa, who’s working on the project. “They want a fingerprint or they want to take a picture of you, but that’s just one characteristic and it can only be checked occasionally. It’s also potentially easier to fake because it just requires this static image.”

Advertisement

Unlike punching in a password for entry, new kinetic ID recognizes your real-time swipe, using active input from the touchscreen engaging with the user. The gyroscope and the accelerometer within the phone measures the motion, automatically recognizing and then activating settings and profiles for trusted users and locking out hostiles. The Zighra software also implicitly recognizes users based on their habits and interaction patterns, actively evaluating unique kinetic interaction signatures with their mobile device, such as the way the user holds their phone.

Somayaji has been working in the field of artificial life for close to 20 years, implementing lifelike properties in computer systems as a way to enhance security. “As I see it, that’s the only way for them to maintain a level of integrity that would allow them to be trustworthy,” he said. Currently, basic authentication schemes like your PIN or fingerprint are too vulnerable to corruption since they begin and end with a positive quantitative ID, whereas kinetic ID puts the onus on the technology to trust you rather than vice versa.

Somayaji has also been “breeding” software to create a Darwinian playing field for his code and other projects. “What you do is you take fit solutions to problems” as evaluated by a "fitness function” and you “combine them together in some way,” Somayaji said.

He worked with bit strings in ordinary commodity programs—specifically a "simple web browser and well-known video game"—which were crossed and recombined much the same way a chromosome would be during reproduction. In theory, the relevant resulting offspring applications would not only be slightly different than either of their parents, they’d also be better.

From a security standpoint, this makes it harder for hackers to compromise multiple programs or systems with a single attack, much the same way diversity within a species means we won’t all be wiped out by a single virus. Varying genetics provides living things with various immunities. Same goes for software in phones and laptops

Though Somayaji isn’t breeding the kinetic ID software, the authentication scheme is lifelike in another way. Instead of you telling your phone you’re allowed in with some random digits you think are secure, it will be constantly judging the finer details of your swiping pattern to pick up on anything weird, figuring out if you’re really you all on its own. In other words, in the near future your phone will be working and engaging with you constantly.