Local inventors win cybersecurity patent
Published September 29, 2016 in Fauquier Now
By Lawrence Emerson
Bethann and John Rome and Tom Ketcham of Warrenton-based Intensity Analytics Corp. received their patent on Aug. 30, three years after they applied.
Working in an office atop Prickly Pear Mountain near Warrenton, the veteran technologist invokes a guitar hero to explain his company’s new patent for cybersecurity software.
“You can give someone Eric Clapton’s sheet music, but nobody else can play exactly like Eric Clapton,” said John Rome, CEO of Intensity Analytics Corp.
Mr. Rome, his wife Bethann and their business partner Tom Ketcham on Aug. 30 received a patent for “behavioral authentication security software.”
Essentially, their system develops a unique profile for each person, based on his or her typing rhythm and intensity at a computer keyboard. It takes 10 to 30 keyboard sessions to develop a statistically-accurate profile, which Mr. Rome described as a “cloud of effort.”
To demonstrate, he gave a visitor his computer password.
The guest failed to gain access, despite repeatedly typing the password perfectly.
Seconds later, at the same keyboard with the same password, Mr. Rome logged in on his first try.
It seems simple. But, the Romes and Mr. Ketcham began working on the system in 2008 and applied for the patent three years ago.
“It started with the observation that I type differently than John,” Mr. Ketcham recalled. “Then, we figured out how to (add the layer of user authentication) without installing it on the device . . . using the web. That was an a-ha moment.”
But, it took 500,000 lines of code, risk, determination, more than $1 million and extensive testing at George Mason University to complete the system, “based on multidimensional, geospatial algorithms, which compose standard, add-in software,” Mr. Rome said.
The trio of inventors had worked together as leaders of Imaging Acceptance Corp. in Warrenton. The Romes founded IAC in 1990 to digitize important documents, including litigation records, and to share them securely — later via the internet.
Headquartered in the former Blue Ridge Hardware building on Warrenton’s Main Street, the company eventually grew to 1,000 employees, most of them working part-time in an around-the-clock operation. IAC developed proprietary systems to scan customers’ credit card and utility bills and make the information available for online payment.
The company had machines that could slice open 100,000 envelopes a day, scan the bills and send the information customers securely. Clients included Capital One and paymybills.com.
IAC digitized up to a million pages a day.
“We always thought of security as an element of quality,” said Mrs. Rome, a trained opera singer who developed a passion for process design.
“If we had one breach, we were out of business,” Mr. Rome added.
But, IAC’s leaders knew that paper would die — or at least its use for billing and creating archives would decline dramatically. They sold the company in 2003.
The Romes and Mr. Ketcham continued to work together, consulting for a range of clients around the nation.
But, to pursue their passion for creativity, they had to focus, said Mr. Rome, 72. So, they stopped consulting and traveling eight years ago. He and his wife, 62, mortgaged their home and got to work. They solicited venture capital — much of it coming recently from his Class of 1969 University of Minnesota Law School colleagues — to capitalize Investment Analytics with $5 million.
Their work day often stretches past midnight.
“After working together more than a quarter of century, John and I have a symbiotic relationship,” said Mr. Ketcham, 46. “The way it works has evolved for years . . . .
“You never know; then, there’s a moment when the light bulb turns on. John and I usually end up talking to one another until 1 to 3 a.m.”
He, his family and the Romes also worship together as active members of the Warrenton Presbyterian Church.
“It’s always a challenge to build the business,” added Mr. Ketcham, who lives near Amissville in Culpeper County. “In addition to the long (software) development hours, we have sales meetings and partnership meetings.”
But, their first patent gives the trio great hope.
They have five more inventions in the development pipeline, according to Mr. Rome.
“We have cracked the authentication code to prevent access by intruders,” he said of the patent. “Current security solutions in the market are incomplete, as evidenced by constant breaches, resulting in substantial economic losses and legal risk to enterprises and government agencies.”
The concept of using keyboard dynamics to identify users “has been around for nearly 20 years,” said T. Charles Clancy, director of Virginia Tech’s Hume Center for National Security and Technology in Arlington.
Mr. Rome agreed with Dr. Clancy on the history.
But, the patented system goes beyond “hang/dwell/flight time subtractions,” Mr. Rome explained.
“Nobody had ever measured effort to come up with the ‘effort cloud’,” he said.
“It looks like a ball,” Mrs. Rome added.
“Except there are more than three dimensions,” her husband said.
He suggested the new system will “devalue stolen credentials” and provide an easy-to-use, additional level of security.
It doesn’t work on phones or other devices without keyboards and won’t solve every cybersecurity threat, Mr. Rome admitted. But, he asserted it greatly advances system defense and provides another tool to identify hackers.
Dr. Clancy said he couldn’t provide a detailed assessment “without a thorough review of the patent claims.”
But, he added: “Creating and remembering secure passwords is tough. According to a recent study conducted by Carnegie Mellon University, the average person’s password is not nearly as secure as they think it is.
“Biometric techniques, such as keystroke dynamics, are a great way of increasing password security,” Dr. Clancy said. “But like any biometric, the viability really comes down to how well it is integrated into the user experience. If it’s not seamless, people won’t use it.”
The Intensity Analytics principals contend their system meets that test for seamlessness.
They have retained a mergers and acquisitions firm to shop their invention. The system has application for existing security software providers, financial services, government and defense agencies, healthcare, e-commerce, online education, legal services and other disciplines, according to Mr. Rome.
“We expect this technology to have an outsized impact on how organizations protect themselves and their customers,” he said.