Key Touch Pass: A Security Solution For Once You’ve Passed The Disk Encryption Prompt?.

Another day, another security solution based on how you type.  NTT has developed an information security system called Key Touch Pass that essentially identifies a computer user’s identity based on how they type.  Unlike disk encryption like AlertBoot, it looks to protect while a computer is being used.

How It Works

According to,

Key Touch Pass, records the speed at which a user is typing, the length of time they typically hold down each key and the errors they normally make.

Every few hundred characters it checks this against a profile of the user that is supposedly logged in to the computer. If the two differ by more than a predetermined threshold, the system concludes the computer’s user isn’t who it should be.

NTT is hoping this can be used for remote learning systems and for banking applications.

I can agree to the former with some reservations, but the latter?  I don’t think it will take: the system requires at least several lines of text to make an accurate determination (within a certain confident confidence interval), and most on-line banks–at least in the US–are anathema to making their customers do extra work.  Typing three or four lines of text each time you’re supposed to enter your account?  I’d do it, but I’m also the kind of guy that had an 8-character password for my ATM PIN back in 1994.

As to on-line learning courses, implementing the system makes sense since there is bound to be a lot of typing anyway.  However, you could also have someone else verbally answer questions for the student while the student types (I guess the use of a camera and mic needs to me considered).  And what of those who prefer to type in an application like Microsoft Word and then copy and paste into a web form?

And what about when you’re sick and your typing tempo changes significantly?  Are you really going to bother the IT guy because you’ve got the flu and can’t stop sneezing?  On the other hand, if you’ve got the flu, you should be at home. (Or perhaps you are at home because you’re telecommuting…and Key Touch Pass is installed for that reason.)

Key Touch Pass Part of the Security Layer

Despite all the problems I’m imagining, I have to say that I’d prefer that a solution like Key Touch Pass be implemented than not.  It’s approach to data security is quite different from what laptop encryption is trying to do, and KTP would be worthless if one is looking to copy sensitive files off of a stolen laptop (no typing required with modern GUIs–just point and click).

On the other hand, it’s a more natural approach to data security.  One of the more powerful ways that we approach security in general is by identifying who should not be in a particular environment and keeping an eye on what that person is doing.  If it’s possible to ID someone at the terminal based on how they type, and allow access to a computer based on that (correct) ID, and do so in real-time, it’s as close as it gets to “looking” at a person.

But, it’s bye-bye to my voice-recognition software.  And, if you happen to use a secretary for all your writing needs, and she calls in sick, there’ll be hell to pay that day.  Meh, I guess you could always turn the thing off.  But that’s one slippery slope if you decide to make it a habit….

Related Articles and Sites:

Comments (0)

Let us know what you think