Technology Today - Home
Raytheon is currently working on two innovative technologies — Location Aware Access Control and Persistent Log on — that will ensure user authentication in a secure computing environment. The technologies will be feasible for commercial use in hospitals, banks, retail and manufacturing, as well as military and civil markets — including command and control, weapons systems and border security.

The Scenario
A multinational task force is formed in response to emerging hostilities in the Horn of Africa. U.S. Marines are tasked with forming a tactical operations center (TOC) to provide coalition command and control systems for British, Japanese, and African Union commands. Yet classified U.S. information must still be processed in the same facility to facilitate time-critical information sharing.

Working within the same room, how can U.S. forces effectively prevent accidental leakage of sensitive data to allies? Tape off areas of the TOC and have non-U.S. persons stay on their side of the line? Turn computers and desks so that they cannot be seen by allied staff? Escort allies from the room when certain information is processed?

All are common and quite rational solutions for implementing physical control policies in this situation. However, if someone wanders out of his controlled area there is a very high risk of information being viewed or accessed by uncleared personnel during the transgression.

What if information systems were smart enough to prevent this form of leakage from occurring? As uncleared personnel approach an active terminal, several actions could occur. Screens could go black or display a screen saver. Keyboard input could be locked. Log-on capabilities could be locked out. Once the uncleared visitor leaves the physical or visual proximity of secured terminals, access could be returned to legitimate users.

The technologies to make this happen exist today within Raytheon. Location-aware access control can be achieved by correlating a user's physical location to that of the computers they log on to. Personnel can be identified through stand-off biometrics, and their movements can be tracked with a high degree of fidelity. Characterization of personnel interaction with physical assets can be achieved.

Through Raytheon's 2009 Innovation Challenge, two projects were identified that show the potential of enabling the technologies needed to build a system that addresses the problem.

Location Aware Access Control
The first project, Location Aware Access Control, originates from a system that was successfully deployed within Raytheon to consolidate all badges, identifications, passwords, and personal identification numbers to a single set of credentials. Through this system, customers can enter access controlled doors, log on to computers and access Single Sign-On (SSO) services, using a single smartcard and fingerprint for identification and authentication.

Persistent Log On
Imagine a facility where, instead of each user logging in to their host computer, everyone logs in to an enterprise system that "owns" all of the access points (displays, keyboards, doors, etc.) and dynamically tailors access in real time. This type of ubiquitous computing is called "context-aware pervasive computing."

To establish a strong initial level of authentication, personnel will log in using a combination of smart cards, passwords and biometrics as usual. As people move through the facility the system captures video, voice and other biometric data that is analyzed and fused into real-time tracks. Privacy is assured by carefully separating identification from localization within the system. This fusion process also produces a confidence factor that is considered along with other-user contexts to dynamically grant access to the system.

Over time, confidence in a user's identity will degrade as he commingles with other employees, works in open offices or cubicles, or moves through areas that lack video surveillance, such as restrooms. Periodic challenges are issued when confidence levels decrease below a defined threshold, and users must present their smartcard and biometrics at physical access control points or computer terminals.

Context-aware pervasive computing makes the user's experience indistinguishable from magic. The user's session hops from computer to computer as the user moves through the facility: automatically authorizing entry to controlled areas, automatically presenting appropriate access windows on local machines, and automatically removing sensitive data from the screen when unauthorized users approach. The unified approach also facilitates activation of emergency systems states during distress conditions, and from a cyberperspective, provides an invaluable source of forensic data on insider threats.

Shane Powell
Tim Smith