How do you know a D.J. is who he claims to be? This is a question that John Heaven thought long and hard about three years ago, as he was developing a new online music distribution system.
His company, Musicrypt, was trying to create a better way for record companies to get their music into the hands of the reviewers, radio stations, and company executives. Traditionally this had been done by mailing thousands of CDs and press kits, and Heaven knew that online distribution would be faster and less expensive.
But how could Musicrypt ensure that the tunes could be played only by authorized listeners?
That's when some little-known research work, begun by Allied intelligence services in World War II, saved the day.
During the War, the allies discovered a way to track German telegraph operators by identifying their particular style of typing code, something known as "the fist of the sender." Forty years later, researchers SRI International, a nonprofit research institute spun out of Stanford University, applied this work to the keyboard and found that people could also be identified by the rhythm of their typing.
This technology eventually landed in the hands of BioPassword, based in Issaquah, Washington. After taking about nine samples of an 8- to 16-keystroke password, the company's software is able to identify the "fist" of the typist.
Musicrypt looked at pretty much every authentication technology on the market, including retina scanners and fingerprint readers. But Heaven eventually went with BioPassword's software because it could be used from any computer, without extra hardware.
This gave it an advantage over technologies like fingerprint readers, Heaven said. "If you wanted to listen to a track at a music conference, you'd have to carry your fingerprint reader and hope that you could hook it up at the Internet cafe," he said.
Today, about half of all new music releases in Canada are distributed to radio stations via Muiscrypt, and last year the company began moving into the U.S. market. The technology, which Heaven says is "98.5 percent accurate," is used by about 3,000 users in Canada, and 1,000 in the U.S., he said.
Earlier this week, BioPassword released a version of its product designed to work with Web-based applications. Called BioPassword Internet Edition, the product ships with a software development kit that includes much of the work that BioPassword developers did to help Musicrypt's product get off the ground, according to BioPassword Chief Technology Officer Greg Wood, a former chief security officer at Microsoft.
While Wood would like to see his software embraced by Web sites looking to offer their users stronger authentication, BioPassword still has work to do. A number of companies have tried, and failed, to commercialize the SRI International technology in the past (it was once owned by NetNanny) and BioPassword is competing with more established vendors.
The company still has to prove itself as a credible alternative to prospective customers, said Andrew Jaquith, senior analyst with Yankee Group Research. "That's the challenge, getting it taken as seriously as some of these other multifactor authentication schemes."