Victoria startup Plurilock, whose cyber-security software digitally profiles individuals using biometrics, has attracted attention from financial institutions and governments around the world. The company recently appointed John McConnell, former United States director of national intelligence, to its board of directors.
“Plurilock’s digital profiling technologies are clearly among the most powerful cyber tools in the world today,” says McConnell.
The software’s capabilities allow profiling through physical and behavioural use of smartphones, tablets, laptops and desktops. It identifies the person behind the screen by generating biometric profiles of individuals by their taps and swipes on touch screens, their scrolls and movement of the mouse and the rhythm and cadence of their keystrokes on the keyboard. According to Plurilock’s executive vice-president Ian Paterson the idea behind the technology has been around since World War II, when Morse code operators could identify the operator based on particular habits or patterns.
“While the idea is not new, the implementation is exceptionally difficult,” Paterson says. “Plurilock grew out of years of research, 120 research publications and three patents.”
The company was founded in 2008 by University of Victoria professors Dr. Issa Traore and Dr. Ahmed Awad. Information-technology-industry veterans Barry Carlson and Larry Cole joined the company over the last year to develop commercial markets for the technology.
It currently has two sets of capabilities: static authentication and continuous authentication. With static, the software knows what the user is going to type in, such as a login and password, and can match the behavioural input with the user’s profile. Plurilock’s largest application at the moment is for one of the world’s top-two credit-card firms where they’re evaluating between 40,000 and 60,000 static authentications per second.
While with static authentication Plurilock is monitoring for “outsiders” trying to break in, with continuous authentication the technology is constantly evaluating “insiders” to make sure the person logged in is actually the authorized user. Classic applications include financial or health institutions, which could have 10,000 employees with access to very sensitive data. The risks could be costly or catastrophic if the wrong person had access — even the wrong person within the same organization.
“I see this technology serving a role in fraud prevention both in the consumer marketplace and for governments and corporations,” says Larry Cole. “We can stop a lot of malicious users and that’s an important part of our value proposition right now. We have 65 companies in our technology evaluation process, eight in full proof of concept, and there’s more coming all the time.”