Pioneered by BehavioSec, Behavioral Biometrics uses characteristics of human behavior to authenticate individuals based on how they perform digital inputs, such as mouse movements, typing rhythm, touch and swipe gestures, or the particular way an individual holds their device. Behavioral Biometrics provides continuous authentication to verify an individual by monitoring known biometric behavior in the background without negatively impacting their experience.
BehavioSec introduced this technology in 2007. Today, BehavioSec serves a wide range of Global 2000 enterprises while continuing to work on advanced Research and Development projects, including projects for the U.S. Department of Defense’s Defense Advanced Research Projects Agency (DARPA).
BehavioSec’s patented approach enables enterprises to seamlessly integrate our Behavioral Biometrics software platform into their existing and future mobile and web apps. Using a rich suite of APIs and lightweight SDKs, BehavioSec’s software provides enterprises with realtime actionable intelligence scores and continuous authentication of users, preventing account takeovers, new account fraud and machine automated attacks.
We monitor digital inputs including mouse movements, typing rhythm, touch and swipe gestures, or the particular way an individual holds a device. This raw data is turned into statistical variances. The software does not store personally identifiable information.
BehavioSec complies with the elements of Article 40 of the GDPR that are applicable wherever data is stored and during the course of carrying out contractual obligations for the Data Controller.
The processing of any personal data always complies with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to BehavioSec.
All data is handled and stored according to the requirements of the legal jurisdiction where it is collected. Individual data transfers should be dealt with on a case-by-case basis since governing regulations are frequently updated.
No, Personally Identifiable Information (PII) used in information security is also categorized as Personal Data under European law and is covered by the GDPR. While BehavioSec’s Behavioral Biometrics are unique to each user profile, it is not possible to Behavioral Biometrics to identify things like, age, race, gender, or other personally identifiable information.
Because we have already laid all the groundwork for compliance with the General Data Protection Regulation (GDPR), there should be no legal or compliance hassles. While our Behavioral Biometrics are unique to each user profile, it is not possible to use Behavioral Biometrics to identify things like, age, race, gender, or other personally identifiable information.
There is no risk from using Behavioral Biometrics as an added security layer to protect your customers and your company. Because the behavioral score is based on statistical variances, it isn’t possible to replay, reuse, mimic, or even identify an individual; the profile is a description of variances. We don’t store personally identifiable information.
BehavioSense implements the following security controls to protect the database and its data:
Even if the above security controls were circumvented, the data would be useless to a thief due to its very nature as described in the answer to “What type of data is collected from my customers?”.
First, all data is transmitted over TLS v1.2, providing for strong encryption in transit. Second, the client-side SDK can anonymize static private data so that only behavioral timings are sent and not actual keystrokes.
The BehavioSense solution supports both on-premises and cloud hosted environments. We have successfully deployed within Amazon Web Services (AWS), Azure, and IBM Softlayer cloud infrastructures. We will consider deployment in another provider’s facilities, as long as they meet the necessary technical and compliance requirements.