The best security measures are the ones you don’t see, Deepak Dutt believes.
Mr. Dutt is the co-founder and CEO of Zighra, a provider of AI-powered continuous authentication and fraud detection services which incorporate several different security layers to protect devices.
Zighra’s story began in 2009 when Mr. Dutt and his partners approached academics at the University of Waterloo with the idea to bring together techniques including artificial intelligence, behavioural biometrics and sensory analytics to ensure the appropriate person is behind every transaction or using every device.
Six years and 14 pending patents later Zighra, which is Sanskrit for fast, emerged from academia to authenticate users based on habits and patterns on their devices such as how they hold the device, the angle they hold it at, and how much pressure they put on touchscreens.
But that is only one of several layers, Mr. Dutt explained.
“We deliver a highly personalized user model that lives on the device and brings in several layers of intelligence from device to network to location to biometric to social and behavioural to create a highly personalized user model on the device.”
One of Zighra’s challenges was to essentially accelerate the normal AI pattern that can take thousands of iterations to identify clear patterns, Mr. Dutt said. They knew that each one of us has unique trait combinations and the design team wanted to find a way to identify those patterns as soon as they could.
The solution was in blending the best of several different methods, a tactic needed in order to stay ahead of criminals who are developing their own methods to remain profitable.
Those methods include mobile farms where armies of actual humans are sitting at desks to mount essentially what are human bot attacks. Then there are AI-augmented bots that are becoming more human-like every day.
Zighra’s recipe includes identifying each user’s idiosyncrasies. They determine common locations and social links and combine it all together.
“The more layers you have the stronger that model is,” Mr. Dutt explained.
Biometrics have their place, but not as the sole line of defence, Mr. Dutt believes, saying anything static can be compromised. Apple eschewed static methods in favour of a blend including AI and deep learning to produce a much stronger tool, he added.
While the amount of data humans generate is indeed an opportunity, plenty of work has to be done to properly capitalize on it, Mr. Dutt said. Limit exposure to personally identifiable information (PII). Take non PII and look for correlations that can help everyone.
In the future our personal devices will have more AI capability, which can both help and hurt, Mr. Dutt said. On the negative side, AI will produce bots that are more and more human.
This has implications for the internet of things and device authentication. Mr. Dutt said Zighra is aligning itself with sensor-based devices including wearables and connected cars, which should be able to determine it s driving it our wearing it by how we walk and breathe, what we do, how fast we do it and where we go while doing it.
As seamless and unintrusive as possible if you want mass adoption.
“At the end of the day users don’t want to have all of this friction involved in authenticating devices,” Mr. Dutt said.
Zighra recently launched SensifyID as a behavioural biometric solution. Whether it be knowing it’s you driving the car, unlocking the door of your home or even approaching your ATM, SensifyID will address authentication without you having to.
“It’s all subconscious so if we can create a model based on that on a specific device that has no static information, that’s the best way,” Mr. Dutt said.
“The user only needs to get involved when behaviours are different or when anomalies are spotted so they can take appropriate action.”