Current security systems authenticate users with something the user knows (e.g. username and password), something the user has (e.g. id and token), or something the user is (e.g. fingerprint or retinal scans). These authentication systems are vulnerable because they only authenticate the user once. Also, in the case of passwords or tokens, they can be lost, cracked, stolen, given away, or otherwise social engineered. Furthermore, fingerprint and retinal scans require extra hardware and are considered obtrusive. A solution to this would be to authenticate the user continuously based on his or her unique typing patterns. This is called keystroke biometrics. Keystroke biometrics cannot be mimicked, lost, or stolen. This method does not require extra hardware, and it does not require the user to present a body part for scanning purposes. LockoutII is a keystroke biometric system that will improve upon existing systems in that it will be an open-source, client-side, continuous (i.e. free-text) authentication system that will evolve with the user‘s typing behavior. LockoutII will operate ”behind the scenes“ authenticating the user as he or she accomplishes other tasks.

Alex King Marshall University