Print
Email
Print Edition Stories
MHT's Galen Moore: Military snipers aid accuracy with iPhone
MHT's Doug Banks: Advertising tech traces viewer response
Innerscope Research sensor vest tests biometric response to visual aids
What if a hacker steals the password to your online bank account?
No worries, say the founders of a Boston tech startup: their software can call out the impostor because he doesn’t type your password the same way you do.
Delfigo Corp. launched last year on an algorithmic machine-learning process born at MIT using $500,000 in seed money from Waltham-based Stage 1 Ventures LLC. Later this month, the company plans to release its first product — an IT security software package that learns subtle patterns in a user’s typing and raises a red flag whenever it spots a discrepancy.
“It’s amazing how consistent people are when they’re accessing online software or any type of software,” said Russ Klein, vice president of software development. “They tend to do the same things, and, more importantly, they tend not to do certain things.”
Based on that behavior, Delfigo’s software, called DSGateway, assigns a confidence score every time you log on. If typing rhythms are abnormal, DSGateway assigns a low confidence score, Klein said. An authentic user can confirm his identity via a unique access code sent to the user’s cellular phone.
“We measure the biometric and we also measure the reflective thinking, which is the time it takes for a person to respond,” said Bharat Nair, vice president of business development. “If you were born in Cincinnati and I know you were born in Cincinnati but I am a fraudster trying to hack into your account, when the question pops, ‘Where were you born?’ I have to look it up and perhaps type it. That difference makes a huge (confidence score) impact.”
Delfigo’s idea is new, but it’s no silver bullet, said security researcher Dan Kaminsky, director of penetration testing at Seattle-based IOActive Inc. In the IT security arms race, hackers will learn to mimic typing patterns, he said. Nonetheless, a strategy is worthwhile if it repels even a portion of attacks, Kaminsky said. “The banks are all about incrementally reducing their risk,” he said. “If you say, ‘Hey, we’ll do this and it’ll stop some percentage of the fraud,’ ROI is pretty quick.”
Co-founders Klein, Nair and CEO Ralph Rodriguez are alumni of Aberdeen Group Inc. and Brooks Automation Inc. (Nasdaq: BRKS). Rodriguez worked with Marvin Minsky at MIT Media Lab to develop the concept.
For now, the three are the company’s only full-time U.S. employees. A team of 10 engineers based in Bangalore is working full-time on developing the company’s product, Klein said.
Delfigo is seeking Series B funding in the amount of roughly $3 million, Klein said. With that level of funding, the company hopes to hire additional U.S. staff and reach financial breakeven and profitability by mid-2011.
RSS Feeds
Comments
Please Login/Register to post comments.
No comments have been added or approved.