Law requires schools to make sure students can’t cheat
By Autumn C. Giusti, Contributing Editor, AVISIAN Publications
A new federal law is forcing colleges and universities to implement security measures to make sure students enrolled in online classes are who they say they are, and three and a half-year-old software company outside of Dallas is lobbying to be at the forefront of this emerging market.
Biometric Signature ID of Lewisville, Texas, has developed a patented software biometric that remotely authenticates the identities of students, enabling them to take computer-based exams at home or in testing centers.
There’s no required hardware or software to download. The only technical requirements are a mouse and an Internet connection. Using a mouse or stylus, students are asked to draw a series of letters or shapes and click on a sequence of everyday objects to gain access to the exam.
Last summer, BSI tested its technology at the University of Maryland’s University College (UMUC). With 196,000 online course enrollments, UMUC touts itself as the largest public university in the United States.
BSI’s technology is a departure from traditional biometric systems that rely on a physical characteristic of the individual. Physical biometrics can’t be changed, so if they are hacked it’s gone forever, according to Jeff Maynard, president and CEO ay BSI. “We don’t collect personal identification information,” he says. “We collect a behavior.”
Driving a new market
The federal Education Act of 2008 is driving schools to crack down on ID authenticity. It says that universities offering online programs need to put strict measures in place to make sure the students registered for those courses–and possibly receiving federal financial aid–are the same students getting credit for them.
However, the law warns that institutions can’t collect personal information such as PINs and passwords when authenticating a student. “If you collect all this information and then you have a data breach, you’ve just released all this information into the market,” Maynard says.
Authentication is still unfamiliar territory for institutions, and it’s left university administrators scratching their heads over how to comply with the law.
That’s where firms like BSI come in. “This is really a very large market sector that is moving–having to find new solutions beyond PINs and passwords,” Maynard says. The act is creating a new demand for biometrics on college campuses.
Maynard revealed the results of the UMUC pilot at the eLearning conference in Fort Worth, Texas in February. “We received business cards from institutions all over the country. Everyone’s looking for a solution that can be easy, low cost, highly scalable.”
University seeks out solution
When Maynard reached out to UMUC proposing the product, the school was already reviewing the market for authentication technology.
Within weeks, he was in Maryland presenting the technology to the university’s president, deans and administrators and Matthew Prineas, assistant to the provost, who helped organize the meetings. A pilot was scheduled for the 2009 summer session.
The university had conducted pilots with other forms of ID technology, but this one was different in that it wasn’t limited to a single class, Prineas says. About 160 students, who were scheduled to take their final exam at one of the university’s regional testing centers, received an e-mail invitation to participate. Of those 30 signed on.
The test was to be administered by a human proctor, and the students were from all different classes. Before the summer semester began, BSI set up a Web site customized for the pilot. Participants were asked to go online, enroll in the system and provide information specific to their personal behaviors to help build a profile, creating three layers of security to access the system.
To get them in the habit of remembering their logon information, students received e-mails asking them to verify their profile information several times at various points prior to the exam date.
The BioSigID system collected nearly 30 behaviors per student in the month before the exam date. The day of the exam, students were asked to come in 30 minutes ahead of time to authenticate their ID before testing began. Most were able to do so the within about one minute.
High marks with students
Some 93% of student participants rated the system as “extremely or very convenient,” and 97% recommended that BioSig-ID be used for student identity verification.
UMUC had a few concerns going into the pilot. One, they wanted to know whether the ID process would be onerous or take a long time. “It was quite successful in that regard,” Prineas says. “All of the students finished very quickly.”
Only one student was unable to verify her identity using BioSigID when she got to the exam, Prineas says, adding that the student was still allowed to take the exam. The problem turned out to be a case of user error, as opposed to a security breach.
“We found out that one student had pretty much ignored the e-mails during the semester asking her to go in and verify her ID,” Prineas says, nothing that this highlighted the fact that the more the technology is used, the more effective it is, Prineas says.
UMUC had originally talked about putting out a request for proposals for an electronic proctoring solution that would include monitoring students with a Web cam. Those plans are now on hold. “We’re reevaluating. That’s one of the results of the pilots we’ve done,” Prineas says.
Maynard says the cost of the system is competitive because the user doesn’t have to buy hardware. Other student authentication systems rely on Web cams, which can range anywhere from $22 to $150 per student for the hardware and related costs.
Tacking higher technology fees onto the tuition bill can be a sensitive issue for students, especially at a public university, Prineas says. “Fees that add on cost to education are a huge concern, and a huge concern for politicians as well,” he says.
Since UMUC is such a major player in online enrollment, Maynard says other institutions will be watching to see how authentication unfolds for the university. “Distance education is really looking for student identity and integrity solutions,” he says. “This is a solution that’s long overdue.”
The student must enroll in at least two of the three ways to gain access:
The BioSig-ID Online biometric involved moving the mouse to come up with a “signature”–a series of letters and shapes with significance to that person. BioSigID’s algorithms measured the unique biometric characteristics of each student based on the speed, direction, height, length, width and angle of the individual’s signature.
The second layer of identity proofing, Click-ID Online, involves image pattern recognition technology. For instance, an image of a kitchen with everyday household objects might appear on the screen. Students are asked to select three items in the kitchen they use in their daily routines. A student may choose a coffee cup, a faucet and a percolator to signify the order in which they make coffee in the morning. “That becomes their mnemonic pattern of recognition,” Maynard says.
The third security layer, called complex security questions, is available if an individual with disabilities needs this due to enrollment difficulties.