Psylock is a group of developers creating a novel method of computer-based authentication, identification, and intrusion detection. Departing from alphanumeric passwords, which can be easily transmitted, Psylock's software gauges an individual's unique typing behavior. Psylock's application measures keypress events such as typing rhythm, typing speed, the use of Shift buttons, and typing experience.





If you're interested in seeing how it works, try the free demo on their site. It's very accurate, especially when someone else types while their system is optimized for a specific person. I recently interviewed Psylock team member Daria Ganitcheva about the inspiration and goals of her group's project.


1) What precipitated the idea for typing behavior authentification?



The fact that every human is typing differently has been observed already when people were starting to use telegraphy. A telegrapher could then identify the author of a message just by the way he was transmitting it. However, it was a human who could make this distinction, not the telegraph machine itself. The idea behind typing behavior authentication is to teach a computer to train a "musical ear", to hear the subtle differences in typing and to connect them to a distinct person.

2) How long has Psylock been in development?

Psylock has had a long history of development. It was started in 1993, and since then the method has been developed, chiseled and tested in the course of many years. It does not only record the time differences between the keystrokes, as one might think, but it also interprets them after a complex statistic model, trains a neural network with them and counterchecks the results with sets of simulated attacks. What comes out is a very precise and stable system that is becoming even better every time you use it.

3) How accurate is Psylock now? How much more accurate could it be?

The accuracy of Psylock depends on the settings you put to it. It does not have an Absolute value of accuracy, but can always be gauged to the customers needs and it can be made more and more strics, if you wish it. As an example: if you use a login sentence of 40 characters, and you set the level of similarity that you have to reach to be accepted to 50%, the error rate will be 0,5%. If this is not enough, you say how many login tries are allowed, and you make the error rate go below 0,2%. And if this is still to high, you can set the sentence to be longer, the system will get more data and the result will be even more exact.

What's your target market?

The target markets that could make a good use of Psylock are many, depending on what they use it for and what system they have. For example, online banking could be made much more secure, as a user has a unique way of typing and could thus make his transactions using biometrics, without having to buy expensive hardware, and being able to do it from anywhere, a hotel, his home, his company, even an internet cafe, as every computer has a keyboard and this is what we use for a sensor. Another market would be large companies that have to secure their data from password thiefs or simply careless employees. Or companies making polls on the internet which need to be sure about the identity of the person polled. Or families that want their children not to stay so much at the computer. There are so many uses for Psylock that we can hardly concentrate on one target market. At the moment, we want to apply it at several large pilots to put the system to a hardship test, and then we can put it on the market for everyone.

5) Do you foresee uses of this technology beyond user identification for program access?

As I explained above, there are many possible use cases for the technology. I am sure that more application possibilities will come up in time.

6) Has the technology been licensed out for commercial applications?

Psylock is a method that is patented in many countries. We are going to apply for a certification, as well.

7) When can people expect to see Psylock's system implemented in software?

It is implemented in software already. What we do at the moment is defining several use cases and separating the general software into separate applications fit to these cases. Pilot customers can already use them, the others will have to wait until the tests are finished, which will last probably until the middle of the year.

8) What unforeseen difficulties did the development team encounter during Psylock development?
",1]
);

4) What's your target market?

The target markets that could make a good use of Psylock are many, depending on what they use it for and what system they have. For example, online banking could be made much more secure, as a user has a unique way of typing and could thus make his transactions using biometrics, without having to buy expensive hardware, and being able to do it from anywhere, a hotel, his home, his company, even an internet cafe, as every computer has a keyboard and this is what we use for a sensor. Another market would be large companies that have to secure their data from password thiefs or simply careless employees. Or companies making polls on the internet which need to be sure about the identity of the person polled. Or families that want their children not to stay so much at the computer. There are so many uses for Psylock that we can hardly concentrate on one target market. At the moment, we want to apply it at several large pilots to put the system to a hardship test, and then we can put it on the market for everyone.

5) Do you foresee uses of this technology beyond user identification for program access?

As I explained above, there are many possible use cases for the technology. I am sure that more application possibilities will come up in time.



6) Has the technology been licensed out for commercial applications?

Psylock is a method that is patented in many countries. We are going to apply for a certification, as well.

7) When can people expect to see Psylock's system implemented in software?

It is implemented in software already. What we do at the moment is defining several use cases and separating the general software into separate applications fit to these cases. Pilot customers can already use them, the others will have to wait until the tests are finished, which will last probably until the middle of the year.

8) What unforeseen difficulties did the development team encounter during Psylock development?


The problem with all behavioral biometrics is that they are not constant. You naturally type differently when you are under stress, or have just woken up after a white night, or if you are very relaxed, or if you have just quit smoking etc. The way to solve this problem was for us the introduction of another set of parameters, namely stable parameters that hardly ever change. For example, no matter how stressed you are you will not change from a rightie to a lefty, will you?

9) Can the software detect when a user is unable to type normally? What provisions are made to identify the user if typing is impossible, possibly due to an injury?

The software is of course recording every change in your typing behavior. How much the authentication is affected by those changes, depends on the change itself. For example, if you have only cut your hand a little bit, you will probably get a smaller recognition rate, but you will be still perfectly identified. If you break your hand, on the other side, you will not be recognised anymore for sure. Then you have to go to the system administrator and he will activate one of the fallback mechanisms, for example a password. However, some changes are permanent, for example if you lose a finger. Then, you will have to teach the system again. But as a new enrolment only takes you a couple of minutes, the time it takes you to type 12 sentences, it is not much of a hindrance.

10) What new features can users look forward to?

Psylock is right now implemented in JavaScript for a comfortable web application where the user does not need to install anything in any browser. Also, it is now made for Windows OS. What we are working at right now, is to port the system into other operating systems like Linux or Sun Solaris. Also, we are making tests with nonstandard keyboards, like the ones at the cash automate or at a telephone. We are trying to make Psylock available to everyone and as user friendly as possible. As you see, there is still room for expansion for Psylock.


The problem with all behavioral biometrics is that they are not constant. You naturally type differently when you are under stress, or have just woken up after a white night, or if you are very relaxed, or if you have just quit smoking etc. The way to solve this problem was for us the introduction of another set of parameters, namely stable parameters that hardly ever change. For example, no matter how stressed you are you will not change from a rightie to a lefty, will you?

9) Can the software detect when a user is unable to type normally? What provisions are made to identify the user if typing is impossible, possibly due to an injury?

The software is of course recording every change in your typing behavior. How much the authentication is affected by those changes, depends on the change itself. For example, if you have only cut your hand a little bit, you will probably get a smaller recognition rate, but you will be still perfectly identified. If you break your hand, on the other side, you will not be recognised anymore for sure. Then you have to go to the system administrator and he will activate one of the fallback mechanisms, for example a password. However, some changes are permanent, for example if you lose a finger. Then, you will have to teach the system again. But as a new enrolment only takes you a couple of minutes, the time it takes you to type 12 sentences, it is not much of a hindrance.

10) What new features can users look forward to?

Psylock is right now implemented in JavaScript for a comfortable web application where the user does not need to install anything in any browser. Also, it is now made for Windows OS. What we are working at right now, is to port the system into other operating systems like Linux or Sun Solaris. Also, we are making tests with nonstandard keyboards, like the ones at the cash automate or at a telephone. We are trying to make Psylock available to everyone and as user friendly as possible.As you see, there is still room for expansion for Psylock.


I'd like to thank Daria for the interview and wish Psylock success in their future endeavors.