AMT-USC P5-ID CCA
Composite & Continuous Authentication
The AMT-USC P5 provides layered PIN/password, fingerprint and optional iris biometric log-in, web cam surveillance of users, and keystroke and phrase recognition for continuous passive authentication.
AMT-USC CCA provides a dynamic, “risk-aware” reauthentication process that keeps working once past the primary log-in reliance on biometrics smart cards, PINs and passwords. P5 CCA uses multiple factor authentications to enforce access rules for communication networks and devices. CCA is configured to determine exceptions to users’ personal baseline metrics, and can react to detected intrusions in a variety of ways. P5 CCA also provides an Internet-based management console for tracking, logging, visualizing, analyzing, and reporting real-time authentication events. The management console will accept filters, rules, and condition-based command presets.
Currently, there is no deployed system that seamlessly and continuously protects military or commercial networks from multiple threats, including credential sharing, credential theft, walk-away attacks, automated attacks using USB/rubber ducky/scripting, and/or credential escalation by insider or external threats. P5-ID provides the capability needed to create a profile of a user’s biometric data or behavior to provide continuous authentication on any computer or handheld device.
Digital Seal Control
The AMT-USC P5 uses a patented, dynamic command and control monitoring interpreter system that is unique to each user and safely located on a remote secure server. The Digital Seal is contacted each time the user accesses the Internet and is performs siminsagh most of the functions described in this briefing, sharing some operations with the P5 applet installed on the user’s computer or smart phone.
Baseline Personal Profiles & Trust Records
P5 creates and then evaluates users against individual baseline personal profiles and has the ability to rapidly terminate detected intrusions including hard (full disconnect) or soft (redirection to allow a suspected intrusion to continue in a “sandbox” area for counterintelligence study. Both options leave no tell-tale signature that allows the unauthorized to circumvent the system. Because a user might log in on different equipment and be subject to all or just a few of these CCA techniques, our system builds a "trust" record for each user and depending on equipment, location and prior history be monitored in multiple appropriate ways. The ability to identify normal behavior from anomalous behavior, and report or adapt policies for bad behavior is basic. All anomalous behavior, once detected, is monitored and reported.
Initial Biometric Log-In
Initial biometric network access (fingerprint and/or iris scans or PIN & name/number keystroke timing) begins a session. This activates the P5 CCA monitoring which is present as an applet on the user’s computer or hand-held device and the remote Digital Seal. Once a user logs into a network system and is initially trusted to gain access to sensitive or classified data, it becomes necessary to monitor that user for continuous authentication, to insure no one else has assumed the user’s identity.
Passive & Active Monitoring
This process of the AMT-USC P5 continuous authentication employs both active and passive measures, and at most times only passive measures are used to as not forewarn a suspected unauthorized user. Active monitoring measures include random pop-up windows for biometric or video reauthentication.
Passive Keystroke Pattern Recognition
The most practical passive monitoring for a network system is by keystroke pattern recognition based on timing between keystrokes, which is based on the fact that different individuals press keys at different rates as they type and in distinct patterns. In our system, this may be is employed overtly, by obtaining a user's patterns in advance via a prepared exemplar, or clandestinely by passive pattern surveillance. We use a simple, strong, timing algorithm based on timing between pairs of selected characters.
Passive monitoring the use of specific programs, to include logging of all URLs, and individual files accessed, created, or passed as attachments builds a forensic record. These logs are transmitted for analysis whenever the user is on a network or Internet connection.
Passive Phrase Pattern Recognition (Typing & Texting)
We also employ a variation of keystroke logging that follows sentence or phrase word use patterns that are unique to an individual. This is a very effective technique. Good interpreters can verbally translate what someone is saying in almost real time because, regardless of language, we all tend to speak in patterns. Only the use of humor breaks this rule.
In the event the only possible monitoring is of email or texting from a smart phone, a predetermined exemplar using that phone keyboard arrangement should be obtained at enrollment, or in the case of a tablet, pattern recognition is obtained from the keyboard as accessory, or touch-sensitive typing screen. Such exemplars are brief, relaying on no more than a short number string or typed name and short number string. Keystroke timing is most evident in an individual’s frequently typed name and phone number.
Active Video Confirmation of the User
A strong active measure is the use of dedicated cameras in laptops and smart phones to confirm a user and the immediate surroundings. If a camera goes offline, the user may be deemed compromised and the AMT-USC P5 breaks the network connection.
AMT-USC LLC officially announces the authorized U.S. sales of Plurilock’s BioTracker “behavioral monitoring” continuous user validation cybersecurity platform software.
Plurilock’s AI-powered behavior-based platform distinguishes between authorized users and intruders by analyzing the unique behavioral patterns of authorized users and blocking access when unrecognized behavior occurs. Unlike traditional multifactor and CAC-based authentication, which provide only a single-point-in-time identity validation.
Plurilock’s proof-of-presence software continuously authenticates users. After being installed, the software takes about 20 minutes to learn users’ keystroke style and speed, mouse use and other behaviors on laptops, desktops, and servers to create a profile. Using this information, Plurilock can then continuously validate that the current user is the authorized user, providing corporations and governments complete visibility into who, when and where users are on the network at all times. Plurilock’s software operates entirely in the background, requires no direct user interaction, and reduces the average breach detection time from more than six months to less than 30 seconds.