A Brooklyn-based artificial intelligence startup is working with the Department of Defense to replace the CAC card.
TWOSENSE.AI, an early-stage company that’s working to build better identity, credentialing and access management (ICAM) through “deep-learning based” AI, won a $2.42 million contract last October to work with the Defense Information Systems Agency on continuous multifactor authentication for the military. The startup announced the contract Thursday with few details about the specific work.
The contract, an other transaction agreement (OTA) awarded through DOD’s Rapid Innovation Fund, will focus on next-generation identity verification by authenticating users “by their behavior, such as how they walk, type, carry their device, or interact with the screen,” TWOSENSE.AI said in a release. OTAs come from a decades-old authority Congress recently expanded in the 2016 National Defense Authorization Act to allow agencies to prototype technologies with the potential to move them into scaled production, if successful, without going through the traditional contracting process.
“Both DISA and TWOSENSE.AI believe that continuous authentication is the cornerstone of securing identity. Behavior-based authentication is invisible to the user, therefore it can be used continuously without creating any extra work” said Dawud Gordon, CEO of TWOSENSE.AI.
TWOSENSE.AI’s technology uses machine learning to model unique user identities based on behavior, such “the way they walk, interact with their phone, commute to work, and how and where they spend their time.”
“Through the power of deep learning, algorithms are highly personalized, learning the personal characteristics that make each user unique on an individual level,” the company says. “The product leverages mobile and workstation behavioral biometrics, as well as proximity, to create invisible continuous multi-factor authentication for the workplace.”
The work will be done as part of DISA’s ongoing Assured Identity effort to replace CAC cards with continuous identity management through advanced biometrics. The DOD’s then-CIO Terry Halvorsen said in 2016 to great excitement in the community that the Pentagon had plans to eliminate the CAC for system logins. While that didn’t happen in the two-year timeframe, DISA continues to work on a multi-factor, biometric-based and continuous solution for identity verification.
Despite DISA’s efforts to move on from the CAC, DOD CIO Dana Deasy said recently that the military’s personal identity verification smart card isn’t going anywhere anytime soon. ”
The CAC card has “been a key component of the DOD security. Something you may have heard, that the CAC is going away,” Deasy said in September 2018. “Well, from my standpoint, the CAC will remain the department’s principle authenticator for the foreseeable future.”
The DOD, he said then, is in the midst of developing a new DOD-wide ICAM strategy that “will revolutionize how we create digital identities and any maintenance of associated attributes, including both people and non-person entities.”