Abstract

Single-stage password security mechanisms that act as the front door to user accounts in enterprise networks are susceptible to imposters who successfully steal legitimate user ID and password data.

To strengthen user account security, Biometric Signature ID (BioSig-ID) developed the BioSig-ID solution for Windows client workstations. The solution records a signature profile of a user’s mouse gestures while writing a code through an enrollment process, using that to validate the user during account logon. BioSig-ID uses a form of dynamic biometrics known as “signature/ gesture dynamics.”

This tokenless approach creates a second layer of account logon verification and guards against the possible use of stolen password and account data to gain entry to the network.

Tolly engineers measured the effectiveness and accuracy of the BioSig-ID solution as tested with 93 test subjects accessing their own accounts and also attempting to access 20 “victim” (other user’s accounts) after being supplied with the victims’ credentials. Over 15,000 logon attempts were monitored during the evaluation.