Biometrics: CNIL Approving a Behavioural Biometrics Solution
- The CNIL has just approved the adoption of a keyboard with behavioural biometrics features. It is based on non-physical criteria and enables authentication of its user. For now, only one device has been granted authorization, this is for demonstrations only (the company’s name has not been disclosed).
- Characteristics such as the user’s keystrokes (speed, number of milliseconds he holds down a key, etc.) will allow his authentication. These features are added to the traditional entry of IDs and passwords and strengthens the identification process (access to Web applications, to an IS, etc.).
- For security reasons as well as to avoid data storage and illegitimate use, approval of these kinds of devices implies long, case by case, assessment periods (as is the case with other kinds of biometric solutions). Each authorisation application is the object of an in-depth enquiry.
- The risk of biometric data retrieval remains at the heart of the CNIL’s preoccupations, which is why it checked on the implementation of several security measures: encryption of the data analysis result, hosting of the demonstrator’s database by this same company, absence of malware on the workstation used during the demonstration, etc.
- This device is still being tested; the banking sector might however find it of interest as it needs to set up strong authentication tools (for sensitive transactions contexts). This biometric authentication might be an alternative to other biometric technologies; a less constraining means to identify the customers than using physical criteria. Nevertheless, data storage remains an issue and the CNIL still discourages it.