Graboxy Sentinel Online gathers cursor data from websites through browsers. It is meant to authenticate online accounts and transactions, like bank transfers.
More and more businesses, websites, and applications now use additional verification processes, but many are still vulnerable. Old-fashioned authentication methods, such as SMS one-time passwords, are outdated. A hacker who gains access to an email account or clones a mobile phone number may be able to bypass multi-factor authentication using email or SMS.
Biometric authentication is PSD2-compliant and truly tied to an individual and not to a vulnerable device. Unlike SMS codes, emails, phones, and passwords, mouse movement characteristics cannot be stolen, shared, or successfully replicated.
We use our machine learning models and movement analysis expertise accumulated over a decade to analyse the unique gross motor coordination of people appearing on videos. We developed a movement description meta language that is used to extract hundreds of thousands of movement features from human motion.
We are capable of identifying users based solely on their cursor movement dynamics which is a biometric feature that cannot be stolen or successfully replicated. At the same time, mouse dynamics can be continuously monitored invisibly in the background and as it requires no interaction or extra hardware from the users, the user experience becomes frictionless.
Our adaptive algorithms are even capable of adjusting the user’s biometric profile following the subtle changes in an individual’s cursor movement dynamics as they get older or change equipment. Last but not least, we are experts in dealing with data inconsistencies and inaccuracies that are inherent to capturing biometric data, which is necessary for applying complex machine learning algorithms in such a difficult field. We also benefit from our experience of having created and verified over 4 million movement-based biometric profiles for our clients over the past few years.
Our movement analysis approach distinguishes itself from other technologies, including but not limited to:
- Data Preprocessing
We employ a reverse engineering approach, thoroughly examining each device, understanding the background, and figuring out how to carry out device-specific data preprocessing in order to recreate the original movement as accurately as possible. - Extracted Features
Our analytical stack employs a proprietary universal feature space to represent multidimensional time series datasets. This feature space was initially created using the technical meta-language of handwriting analysis but has since been adapted over the past 15 years to suit other domains as well. - Feature Screening
By working with a carefully selected, small subset of features, we can construct accurate prediction models even when only a limited amount of data is available.
When determining the efficiency of an authentication solution, avoiding false positives (i.e., successful impersonations) is usually the top priority, but minimising false negatives (i.e., false alerts) is important as well. Our significant improvement in authentication is proven by the 99%+ accuracy that we reached in identifying impostors based solely on cursor movement analysis. Our real-time user identification solution may be integrated into enterprise systems, web services, and mobile apps, thus covering a wide range of use cases for account and transaction authentication.
The target market of Graboxy Sentinel Online are banks and payment providers that could benefit from a convenient, invisible, NIST and PSD2-compliant biometric authentication tool to improve their transaction verification process.
Graboxy Sentinel Online’s pilot has already launched with a leading bank in Central Europe. We are able to analyse the cursor movement data of over 1,200,000 users of our client’s online banking service. After the successful pilot, our partner decided to implement our solution to use it both as a fraud detection tool and as an invisible second factor authentication solution.
Gaboxy Sentinel Online’s operation consists of three phases.
The first is the training phase.
Upon integrating Graboxy Sentinel, the software starts to monitor the user’s cursor movement data and other metadata in order to build a biometric profile. The gathered, anonymized data is sent to and stored on our secure servers for the sole purpose of analysing the dynamic characteristics of cursor movements.
We believe that mouse dynamics are the most convenient, reliable, and accurate method of continuous behavioural biometric authentication of computer users.
In the second phase, Graboxy Sentinel creates the user’s biometric profile.
When we have collected enough data, our deep-tech adaptive algorithms build unique biometric movement profiles. We usually use a few hours’ worth of mouse data for training purposes.
We developed a movement description meta-language that is used to extract hundreds of thousands of movement features from human motion. Our adaptive algorithms are even capable of adjusting the user’s biometric profile following the subtle changes in an individual’s cursor movement dynamics as they get older or change equipment.
Fine motor movements are unique, rooted deeply in the neural networks of our brains, and this makes it possible for our technology to authenticate people efficiently.
When you move your hands and fingers on a mouse or touchpad, you are performing fine motor movements, usually with your dominant hand. This is quite similar to the movements you make when you are writing on paper, and it is well-known that handwriting styles can be very distinct. We are using similar principles when creating individual biometric profiles.
The third phase is the authentication phase which follows the training and biometric profile creation.
The system compares the user’s real-time cursor movements with his biometric profile and determines an authentication score. The authentication score is updated periodically.
When a user’s authentication score drops below the threshold, Graboxy sentinel flags the user as suspicious, and an unauthorised user alert is sent out. Flagged users can be locked out or re-verified using different multi-factor authentication methods based on the client’s specifications.
In the admin dashboard, clients can investigate incidents, group their users, create different rules for individuals or groups, and set thresholds and response actions for each user group.
