The UnifyID product consists of an app that runs on your devices as well as a cloud service. The local apps periodically collect sensor data from the local device, process it, and communicate with the cloud service. We use a variety of data sources all of which are implicit in nature, requiring no conscious action by the user. On mobile devices, we make use of a variety of sensors including GPS, accelerometer, gyroscope, magnetometer, barometer, ambient light, and wifi and Bluetooth signal telemetries. All sensor data is processed locally and we send a small stream of extracted features to our cloud-based machine learning system, which automatically finds correlations between factors and discovers what makes you unique. The data is kept on the local device, is encrypted and anonymized using best practices in differential privacy. We only periodically sample sensor data when it’s necessary, so the impact on battery life and data usage is minimal.
On the PC and laptop side, we look at factors such as keystroke timing (not what you type, but how you type), mouse/touchpad movements (finger length affects swipe/scroll arc), as well as looking at wifi and Bluetooth telemetry data from not only your devices, but also from other signals that are found around you. We tap into the constant signals emitted by Bluetooth LE to keep track of where you are relative to known and unknown devices.
Many of these factors are extremely noisy and possess a high false-positive rate when examined individually. On the backend, we combine these noisy factors to extract a highly accurate “confidence level” via the use of proprietary machine learning algorithms to figure out if it’s really you or someone else using a given device. Best of all, each user always has direct control over which implicit factors are used, and they can even purge the data on command. This is the first time ever that users will have full control and management over their biometric/behavioral data derived from connected sensors.
Our system is highly accurate. By utilizing just four available sensors, our system already achieves five nines (99.999%) of accuracy, which is far more secure and convenient than the status quo of login credentials used today. We can also achieve high accuracy even after a small amount of data. For example, our gait detection algorithms can identify a user after collecting four seconds of walking data.
The graphs below show one example of how you can distinguish between individuals with passive sensor data. These two graphs show accelerometer and gyroscope data from two users while they are sitting down. These two users have been paired to have the same height, weight, and BMI. As you can see, there are clear differences in how the two users sit down, as indicated by the grouping of dots.
There are, of course, cases where the data is noisy or missing, or changes to the underlying physical process (for example, when someone sits on a different chair, or is injured or sore from exercise). This is why this is only one of over 100 factors that we use to authenticate you.