U.S. DISA develops prototype multi-biometric smartphone for “Assured Identity”
The U.S. military has developed a prototype smartphone embedded with the capabilities to measure numerous biometrics and contextual traits under the Defense Information Systems Agency’s (DISA’s) “Assured Identity” system.
Assured Identity relies on more than 200 factors to perform continuous identity verification, even in the changing circumstances that may be encountered by active duty troops and prevent them from using a certain factor, as when the use of a gas mask blocks facial recognition, FedScoop reports. The Department of Health and Human Services (HHS) is now working with DISA to extend a similar idea to health care professionals.
HHS CIO Jose Arietta told an audience at Nextgov’s Emerging Tech Summit about his agency’s interest in Assured Identity, and that is in the early stages of setting up a pilot. HHS is hoping to partner with industry to further innovate the system for the health sector.
The military has been motivated to figure out how to leverage the portable convenience of smartphones in battlefield settings that demand both higher security and less friction to unlock, according to NBC News. Apple was once asked by the military to make a version of its first iPhone for troops, but the company passed, citing the small market size, DISA Emerging Technologies Directorate military deputy Major Nikolaus Ziegler told NBC.
The Assured Identity system on the phone captures contextual factors like what Wi-Fi networks it frequently connects with, behavioral factors including typing, gait, the height the device is held at, and which pocket it is kept in, as well as physical biometrics such as facial recognition, to generate a trust score.
DISA Systems Innovation Scientist Stephen Wallace said the smartphone prototype processes all the user’s identity data on-device.
“Our position going into this was that [the data storage] needs to be done local,” Wallace told NBC. “Because we’ve seen time and time again where, you know, there have been infiltrations and people’s privacy data has been taken. So we really want to be mindful of that.”
The Department of Defense hopes that in the future it will be able to sell some of its smartphone technology to device manufacturers, though how much of the technology vendors should use, and how it should be implemented is a potential point of debate.
“Even if the phones are well secured, allowing the vendor to take the data off the device and store it on their servers would be a source of security risk,” says Stanford University Center for Internet and Society Associate Director of Surveillance and Cybersecurity Riana Pfefferkorn.