I’ve been pretty outspoken about my love for biometrics in healthcare. In particular I couldn’t imagine my computer without facial recognition, but I’ve also enjoyed playing around with biometric fingerprint readers and proximity readers too. Sorry, no retina scans yet. Anyone willing to send me one?
Today I came across a new biometric authentication method that recognizes a person’s typing behavior. Techcrunch described it as folows:
It’s a Flash-based interface that compares your typing style against a list of known styles and logs you in based on your individual typing fingerprint. To enroll you simply type a sentence nine times and then the system senses the pauses, mistakes, and speed of your hunting and pecking. Obviously, this doesn’t work if you have a broken hand or, presumably, you’re under duress so it’s fairly hard to crack a system using physical coercion. A cool way to add biometrics to web-based forms.
They have a test on their site, but the registration process seemed a bit onerous. Haven’t they realized the first key to a website is to let me test the product with no registration. Then, let me register when I like it? Maybe if I have some free time later I’ll register and try it out.
I wonder if something like this could merge with the OpenID movement and make this one other method of authenticating yourself to an open id enabled site. Could be pretty interesting I think.
Greetings:
There is a wonderful solution for HiPAA-compliant authentication, SecureAuth from MultiFactor. It’s 2-way authenticaiton – thus assuring both client and server identification. (Handwriting authentication – as detailed, is unilateral authentication – only authenticating the user – the server can be “phished” – with a MITM, “man-in-the-middle-attack”. )
SecureAuth also can become the authentication mechanism for an OpenID identity provider.
http://www.multifa.com/OpenID.aspx
Very interesting in any follow-up articles on what the new government health care mandates will impose on health care providers. (E.G., like FFIEC for financials and PCI for credit processors) Please keep writing!
I still prefer facial recognition as my favorite biometric authentication.
I’m not sure about your solution since I’ve never used it, but I can tell at first look that most small or group practices aren’t going to have the IT support or desire to implement a solution as complex as yours. Might be worth a look if you’re a hospital.
Sure. We have deployments with under 100 users. Of course, for the hosted sites where the hosting service deploys a SecureAuth server – we have user groups with as littler as 2 and 3 users. (Enterprise utilizing Google Apps have been attracted to SecureAuth’s simple integration – very interested to see the adoption of Google Health.)
THe real question, at least for me is, what level (2-factor?) of authentication will be mandatated by those involved in HITECH auditing?
Garret,
I’m guessing that the HITECH act won’t mandate 2 factor authentication at all. I think the purpose of the $18 billion is to implement EHR and get clinical data from the EHR. So, I’m guessing you’ll see no impact there other than increased EHR adoption which means more potential customers I guess.
What is something for you to consider is that I’ve read about some parts of the HITECH act which were written to help enforce HIPAA more than it has in the past. If this becomes true, then many groups may fear enforcement of HIPAA and 2 factor authentication. Time will tell on this one.
Many thanks for your knowledge on this subject matter.
Anytime. Always happy to share what I know. I’ll send you my bill;-)