The Defense Information Systems Agency has an idea for how to remember your password: You are the password. And now, it’s catching on at the Department of Health and Human Services.
The system, dubbed Assured Identity, is embedded into a device and uses more than 200 biological and contextual traits to build a unique credential that is continuously checked. Jose Arrieta, HHS’s CIO, said Wednesday at the Nextgov Emerging Tech Summit he is working with DISA and brainstorming the idea — one that he said will be “empowering and streamlining” for health care professionals.
The first steps developing the behavioral-based login system were taken over a year ago when DISA approached a commercial phone chip manufacturer to build tech to authenticate a user by gait, Maj. Nikolaus Ziegler, military director of DISA’s Innovation Office, told FedScoop in an interview. DISA started with phone chip manufacturers in part because all of the personally identifying data will stay on the device. Eventually, these devices could be a watch, necklace or other wearables, Ziegler added.
Gait, or the way a person walks, is just one of many biometric traits that can be used — others being facial recognition, voice and eye-scan identifiers. Even more advanced contextual factors the intelligent system will check could be things from what Wi-Fi network the device regularly connects, who the user regularly texts and even how hard they strike their phone screen when typing.
For HHS, this type of technology is most attractive for health care workers and first responders — people who can’t pause to type out a password. First responders often need to access information from multiple networks. With one device that could log them into all of those networks, time spent taking care of patients will increase, Arrieta said.
However, in a battlefield environment, or even an emergency situation first responders might find themselves in, what qualifies as a normal gait or how they communicate, can suddenly change. That’s where artificial intelligence comes in.
In October, DISA signed an other transaction agreement with a New York-based AI startup to deliver the intelligent code to adapt to a change in behavior that the device would recognize as normal. If someone twists an ankle and changes their gait but all other factors remain the same — keeping the trust score high — the machine will learn to adapt. All of this remains embedded in the device to ensure privacy protections, Ziegler said.
AI is one of the system’s “founding requirements,” he said. It drives continuous authentication, “constantly validating through contextual and biological identification.”
Arrieta said HHS is doing a pilot, which still is in the brainstorming phase and hopes industry partner will help it innovate. For Ziegler, he said his office is actively looking to partner with “anyone and everyone” to get the technology tested and usable.