Computers

Forget face scans or fingerprints, your heart could be your new passcode

Forget face scans or fingerpri...
Moving on from fingerprints or facial scanning, a new security system identifies a user's unique heart geometry
Moving on from fingerprints or facial scanning, a new security system identifies a user's unique heart geometry
View 1 Image
Moving on from fingerprints or facial scanning, a new security system identifies a user's unique heart geometry
1/1
Moving on from fingerprints or facial scanning, a new security system identifies a user's unique heart geometry

The recent launch of the iPhone X andits new facial recognition unlocking technology has thrust biometricsecurity back into the popular discourse. A team at the University ofBuffalo has now developed a new biometric tool that analyzes the dimensions of your heart to unlock your phoneor log you in to your computer.

The old-fashioned password is quicklylooking like an ancient relic of the 20th century.Biometric security seems to be the way of the future, withfingerprints, retina scans and facial recognition only the beginning. Practically every conceivable unique biological signature is currently beinginvestigated as a potential form of security.

From a body odor-based ID system, tovein scanning and "brain-prints", your body is full of uniquebiometric markers that can be harnessed as a personalized passcode. In 2014 a company called Nymi developed a novel, heart-based, biometric system that identifies a person's electrocardiogram signal using abracelet that can track cardiac rhythms.

Now researchers at the University ofBuffalo have taken heart biometrics one step further and developed asystem that uses a low-level Doppler radar to identify the unique shape andsize of a person's heart.

"No two people with identical heartshave ever been found," says Wenyao Xu, lead author of the newstudy, who added that people's hearts do not change shape unless they suffer from serious heart disease

The system takes eight seconds torecord the unique geometry and rhythm of a person's heart and then itcan continuously monitor the person's presence, allowing forcontinuous authentication without any kind of recurring body contact.

The ability of the system to unobtrusively re-authenticate the usermakes the system a little more secure than a regular static, single log-inauthentication process. One-time validation systems can easilybe compromised, but a system that is continuously authenticating itsuser is much harder to crack.

The team claims the radar system usesvery little power and poses no health risks as it has a signalstrength much lower than regular Wi-Fi.

"We are living in a Wi-Fi surroundingenvironment every day and the new system is as safe as those Wi-Fidevices," says Xu. "The read is about 5 milliwatts, even lessthan 1 percent of the radiation from our smartphones."

Across a pilot study with 78 subjects,the cardiac scan system achieved an balanced accuracy rate of 98.61 percentand an equal error rate of 4.42 percent.

The team states that furtherdevelopment of the technology will involve a miniaturization of thesystem to enable it to be installed into computer keyboards orsmartphones. The current system also allows for monitoring of anindividual up to a distance of 30 meters (98 ft), which the researcherssuggest could have uses in airport identification scenarios.

The team is presenting the research in next month atMobiCom, a mobile computing conference in Utah.

Source: University of Buffalo

5 comments
Daishi
Passwords are not an ancient relic. We are just currently doing them wrong (see XKCD password comic). Simply saying "enter a sentence into the password box" would lead us to being much better off than today. Next biometrics are only suitable for verification of physical presence, they are not suitable as a remote login method. Your heart may be unique from the next person but the details of your heart are saved into digital data and sent over the wire and stored in an organization's database so you need only intercept that transmissions or steal that database and all things that used your heart signature as a login method are now openly accessible by the thief that stole the recorded digital data. As a remote login method passwords are not going away. All the companies that still require user passwords look like "Buffalo1!" need to start being fined and the people standing in the way of change need to be politely asked to step aside with flat earthers, climate deniers, and other people standing on the wrong side of the science.
Bricorn
So, you're having a heart attack, your heart changes shape during it, but you can't call an ambulance. No thanks.
piperTom
It's great to have (yet) another way to do identification. But the future is not in finding a "best" way, but in combining several good ways. The error rate noted here is too high. But if your phone can do heart geometry, odor, iris pattern, and vein pattern, then the combined error rate falls below .0003%. Also, if some medical problem or plain aging causes change, the combination allows the system to catch up. As for remote login, regular typed passwords are still obsolete: high security systems already require another device -- either your smart phone or a dedicated security device. The device then transmits a secure, one-time response -- nothing to remember.
Bob Flint
All this effort to secure a phone...if your so dependent on this device, then they have already won. Yes I have a smart phone, it's a very useful tool, but obviously so may people will trust their financial, medical, & very personal information to this...I don't even feel I need a password because nothing that important goes on the device that will fail you. Be smart with your "smartphone", keep it dumb So fingerprints, facial recognition, retinal scans, odor & vein detection, now also scanning your heart, why not body fluid detection and have them see all your personal information plus the legal & illegal drugs you maybe taking...
Scottsdale Bob
This won't work for my Boss, because he doesn't possess this organ.