Smart Gun Inspires Smart Mouse Authentification System

dcblogs writes Defense contractor Raytheon has received a patent for a mouse that has a biometric pressure grip. It believes the pressure grip, as a form of authentication, will be particularly hard to defeat because it works from a neurological pattern versus a physical pattern, such as a facial scan. "It's not just how much pressure you exert on the mouse itself, but it's also the x-y coordinates of your position," said Glenn Kaufman, a cybersecurity engineer. The approach was inspired by similar pressure grips used in smart guns.

Re:uhhh

[DaveM753]

Authentification?

It's a perfectly cromulentificated word.

Re:

[Nemyst]

The author's French and the spelling of that word in French is in fact "authentification". One of the many instances where French and English have confusingly similar words.

Interestingly though, this fits with each language's tradition regarding Latin roots: English will use them almost as is (authenticatus -> authenticate), whereas French will generally integrate the word into the language's grammar and syntax (the -ifier suffix means "make something become", hence "authentifier" means to make somethi

Re:

[gomiam]

Autentificación is the Spanish term, too.

Re:

[zAPPzAPP]

German too.

Seems like this is another one of those random english quirks as it's not even consistent. Why is there no 'Identication' for example?

Re:

[Barsteward]

i think english uses about 800 french words amongst the myriad words it takes from other languages . english is the original mash-up of languages, (perhaps the original open-source langauge?)

Re:

[FatdogHaiku]

Authentification?

It's a perfectly cromulentificated word.

Right! Embiggen your vocabulary already...

Re:

[Provocateur]

Everybody who watched The Town knows it's gotta be authenticious

Re:

[davester666]

it's not foreplay when you do it to yourself.

I hold my mouse differently as the day goes on.

[Maxo-Texas]

It hurts the palm of my hand to hold it the same way all the time.

Even beside that, testing it just now, my hand moves all over the thing and is in a different position each time I let go and put it back from typing.

I don't understand how this is practical. A facial or retinal scan seems more reliable, can use your existing generic camera so no need for a custom mouse.

Re:

[ArcadeMan]

Same for me, this would never work.

Re:

[binarstu]

Totally agree. Weren't there even some studies a while back suggesting that changing how you hold/use your mouse from time to time could help avoid repetitive stress injuries? I vaguely remember something like that, but don't quote me on it.

It hurts the palm of my hand to hold it the same way all the time.

Anyway, if this "improved" mouse ever becomes widespread, your face might be hurting, too, because you will probably be holding the palm of your hand there most of the time.

Re:

[mashume]

Yep. Repetitive Stress Injuries... now software enforced. Great step forward. But seriously, couldn't this open them up to all sorts of worker's comp cases?

Re:

[Behrooz Amoozad]

IKR, My left hand has been showing CTS for month now, they want my other hand too, those insensitive clods.

Re:

[PopeRatzo]

Call me crazy, but I'm hoping for biometric authentication by genitals, because how funny would it be to see everyone have to pull down their pants to log in to their computers?

Stop looking at me like that. Tell me you weren't thinking the same thing.

Re:

[ColdWetDog]

because how funny would it be to see everyone have to pull down their pants to log in to their computers?

I don't know where you work, but in my office this would be anything but 'funny'.

So... to break that security implementation...

[Opportunist]

...I have to bring my own mouse when breaking into the NSA headquarters?

But seriously. We are really talking about a device here that is eventually attached via USB, on an external plug to boot, to a computer. Erhmmmmm...

I guess it's time to dust off the presentation on how anything connected by USB isn't really a good idea if used as some kind of security device.

Re:

[war4peace]

It could connect through infrared or bluetooth or firewire or whatever connectivity you'd prefer. Nothing prevents a mouse from communicating through any imaginable protocol. Most mice use USB bus to work because it's convenient and ubiquitous, nothing more.

Re:

[itzly]

It could use a public key authentication.

Re:

[Opportunist]

While a nice idea in theory, I could see some problem with the practical implementation in a mouse. At the very least it would probably push the price level to a point where it becomes unfeasible to do it (rather than a different, at least equally secure but cheaper, solution).

I like the idea from a technical point of view, but it lacks economic viability.

Re:

[itzly]

I would expect that the price level is already pushed too far with the pressure sensors.

Re:Carpal Tunnel Syndrome

[Teresita]

Mouse authentication implies a GUI, which implies the most serious application that would request the verification is Facebook.

Whose grip

[Livius]

Okay, so it's a computer mouse that can *detect* a particular grip.

I was really wondering how researchers were able to get laboratory mice to grip guns. And why.

Re:

[jcfandino]

It's Pinky and the Thumb!

Re:

[PPH]

get laboratory mice to grip guns.

Hyper-intelligent pan-dimensional beings. So who is experimenting on whom?

Re:

[beelsebob]

So what you're saying is that "something you know" is the only valid authentication factor for you - something you have and something you are are both invalid? No two factor auth for you I guess.

Re:

[Bengie]

Something you know or unique patterns created by your brain.

Trivially defeated

[Anonymous Coward]

From the article: "The information needed for a retina scan, for instance, can be stolen from a doctor's office..."

And the information about how some VIP handles his mouse, can be stolen form either his mouse or the computer that gets biometric data from that mouse.

This is basically a password that cannot be changed. Just like fingerprints and retina scans. And all these things can be faked so easily. You don't bother with a false fingerprint or "a practiced mouse grip pattern". No, you replace the device (mouse or fingerprint reader) and fake the digital output from the authentication device. This is much easier.

A keylogger device steals keypresses - in the hope of finding a password. A similar logging device can log communication from a fancy mouse, or finger/retina scanners. After that, the signals can be faked with no need to actually grip a mouse or present a finger/eye.

And it won't matter if the mouse use some cryptographically safe protocol to communicate with the computer. When I plant my logging bug, I won't need to intercept mousecomputer communication. I intercept communication from the sensor system to the mouse electronics. That way, I get the "signature" before it is processed and possibly encrypted. Easy when you know electronics and programming - which enough people do. After that, the grip signature can be superimposed on my mouse movements when I abuse this tossers "safe computer". Possibly using remote control from a different location.

A hassle to set up, but only the first time. Similiar to how DeCSS took some work to pull off - but now it is everywhere. And it will be done for the first time when the incentive is there - such as a bank protecting their transaction computers with this. And then the hack goes on the black hat market . . .

Re:

[Bengie]

You're talking about replay attacks. I wonder if there is a way to mitigate these or if it's a fundamental issue with all forms of bio-metrics and untrusted inputs.

Re:

[Rich0]

This is basically a password that cannot be changed. Just like fingerprints and retina scans. And all these things can be faked so easily. You don't bother with a false fingerprint or "a practiced mouse grip pattern". No, you replace the device (mouse or fingerprint reader) and fake the digital output from the authentication device. This is much easier.

This is a fundamental weakness of biometrics, but that doesn't make biometrics useless. If the computer is in a supervised area swapping out a mouse isn't going to be trivial, especially if the correct mouse authenticates itself in some way.

When I see stuff like this I think "government installation designed to thwart ninja sneaking in the air ducts and changing into a uniform."

Re:

[Barsteward]

my thoughts as well. what is that patent office up to?

You can have my mouse

[jpellino]

when you pry it from my cold... Wait, what? Oh.

Given the raging success of "smart guns"...

[tlambert]

Given the raging success of "smart guns", this should be a slam dunk for the company to make billions!

Re:

[fche]

If you don't understand why "smart guns" are a threat to normal gun owners in certain states, you are not educated on the subject.

Where is the

[Anonymous Coward]

Smart Doorknob?

Great way to show the fail rate

[HungryMonkey]

I can see how an exercise like this can benefit those against smart guns. Put that exact technology in a device we use everyday, such as our mouse, and track how often it fails or becomes temperamental. So, you had to readjust your grip after every 50 uses, and it flat out stopped working after 1000? Would you want that to be in the hands of an officer trying to save your life?