Lockheed Martin announced on Wednesday that it had developed an authentication solution with Fixmo, Inc. to be used in consumer mobile devices.
Users would log into Fixmo SafeZone using Lockheed Martin's Mandrake SG technology. Instead of entering a password, the user would provide a simple gesture. This procedure has been found to be more easy to use and more secure than a password.
Gestures are entered by drawing them with a finger on a touchscreen. They are similar to signatures in that they are based on human motor memory. The gesture could be letters, lines, numbers or a combination. They must meet certain requirements like length and complexity to be used for authentication. It may take several attempts for the user to create a gesture that meets the minimum requirements.
After the gesture is accepted, the user then 'trains' the device by repeating the gesture several times. The device rates the gesture for consistency, and if consistent enough, the gesture is accepted.
Additional security measures are provided at authentication time. The gesture cannot be entered too slowly and as the gesture is entered, it does not remain permanently on the screen as 'ghost trails' follow the path of the gesture but disappear from the screen quickly. These measures are designed to prevent a compromise from 'shoulder surfing'.
Gestures are more secure than passwords, because they contain more of what is called 'information entropy'. The most simple information entropy is one-bit, such as a coin flip would be: on/off, heads/tails etc.
Since gestures have numerous attributes that play a role in their input, they are actually very complex compared to passwords. When presented as a Markov Model, the information entropy of Mandrake SG is about 600 bits.
Once the user successfully authenticates with a gesture, they are logged into a SafeZone environment, which encrypts all browsing, e-mail, documents and apps. Users can easily switch between personal and business contexts.
Lockheed-Martin and Fixmo's latest authentication solution reflects a growing trend of moving away from password-based authentication. Many methods address this by creating a hash or some other key based on a device's unique combination of hardware and software configuration. The simple gesture method developed by Lockheed-Martin and Fixmo is superior, because it allows a secure, non-password authentication that provides defense-grade security without being device dependent.
Edited by Brooke Neuman