The US's mad-tech military boffin unit is developing a form of biometric measurement based on how user handles a mouse.

Behaviour-based biometrics, for example how a computer user handles their mouse or crafts an email, would add to the existing repertoire of authentication techniques. Existing authentication techniques include something you know (such as a password or PIN), something you have (such as a number from an RSA token key-fob) and conventional biometrics (such as your fingerprints).

Researchers at the US military's West Point academy have been given a multi-million dollar grant, after getting the green light from DARPA (the Defence Advanced Research Projects Agency). The award is part of DARPA's active authentication programme.

The program describes behaviour-based recognition technology as a "cognitive fingerprint" that would replace outdated passwords.

The current standard method for validating a user’s identity for authentication on an information system requires humans to do something that is inherently unnatural: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console.

The biometrics program is ultimately geared towards creating next-generation biometrics that can be baked into standard US Department of Defence computer hardware.

The combinatorial approach of using multiple modalities for continuous user identification and authentication is expected to deliver a system that is accurate, robust, and transparent to the user’s normal computing experience. The authentication platform will be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from other sources.

Novetta Solutions is partnering with DARPA to take the technology out of the lab, Sky News (via Yahoo!) adds.

Mark Stockley, an independent web consultant, welcomed behaviour-based recognition as in some ways superior to other forms of authentication. How a user handles the mouse could be distinctive and difficult to mimic, creating a biometric that has the advantage over fingerprint sensors and the like of not needing additional hardware.

"If they're effective, cognitive fingerprints could offer significant advantages over existing forms of authentication," Stockley commented in a post on Sophos's Naked Security blog. "Unlike biometrics they don't require specialist hardware and unlike password authentication they don't rely on users being good at something they're naturally bad at.

"The technology should also give systems the ability to authenticate users continuously, keeping people logged in so long as they're present and then logging them out as soon as they leave," he added. ®