The system would work by constantly monitoring the user's behaviors to generate a trust score. Technologies that recognize things like keystroke patterns, speech patterns and faces would combine forces to passively authenticate users at the device level, all the time.
Google partnered with 33 research institutions, including Caltech, Virginia Tech, Carnegie Mellon University, Harvard University, Texas A&M University, MIT, the University of Illinois at Urbana-Champaign, and Stanford University. Through a 90-day research project, researchers found that biometric measures are less secure than four-digit PIN authentication when applied individually, but when run in parallel, they are more secure and could eliminate the need for anything but passive authentication.
"With only a software update, the hope is that we can provide this level of security to millions of Android devices," Dugan said.
Beyond simply bypassing a phone's lock screen, the trust score data could also be made available via the systemwide API, and apps could set varying trust thresholds for access. A game, for instance, might not require as high a level of trust as a banking app.
