The Scalability of Keystroke Biometrics in Access Control and Identity Management Systems

Recent legislation requires that institutions of higher learning to take steps to ensure that the student of record enrolled in the course is the one taking the tests on line, accessing the information systems, and receiving academic credit for the course. We suggest that keystroke biometric systems can play a role in access control for purposes of identity management systems in conjunction with other security and privacy methods. Further, we suggest that some of the current limitations in deploying keystroke biometric systems might be negated by this inclusion. In this paper we discuss the limitations of deploying keystroke biometric system applications in real world situations such as on-line course tests and tracking of keystrokes used in user names and passwords. We propose some possible solutions to these problems both within the keystroke biometric feature extraction and classification process, and in viewing keystroke biometrics as a tool in a broader context of a system component. Finally we discuss how Bayesian statistical analysis may help in accurately determining student identity in a multilevel keystroke biometric access control system. Introduction With the ever increasing offering of on-line courses and degrees, it is becoming necessary to verify that students taking courses, completing on-line exams, and submitting written text papers are the actual students enrolled in the course. The problem of accurate identification of students accessing their resources (including online assessment) has not traditionally been a priority for many higher education institutions. User names and Passwords, inherently vulnerable to misuse have been singularly relied upon as the definitive verification of student identity. However, recent legislative requirements are significantly raising the threshold on what will be required in the broader context of Identity Management at institutions of higher learning with distance learning programs[1]. The Higher Education Opportunity Act requires that the institutions of higher learning establish processes that ensure that the student that registers for a course or program must be the same individual that participates in, completes the course or program, and accepts the credits. [1. Institutions will be required to improve upon the current minimum authentication (user name and password )by adopting identification technologies as they become more ubiquitous.