I recently reported on the work of a team including Wenyao Xu, an assistant professor at the University of Buffalo, to use heart monitoring as a form of continuous authentication for computer users. Now, team member Changzhi Li, a researcher in the Department of Electrical and Computer Engineering at Texas Tech University, elaborates on what he calls the “cardiac password” project.
“Computer systems may require me to log-in information every certain number of minutes or may require some kind of biometrics where I have to use my fingerprints every few minutes or, if we exaggerate, every few seconds,” said Li. “But this is not convenient. So the usability is very low and also, itself, has some security threats inside. Even if it asks every minute or two minutes, someone could still come in and use the computer when the user temporarily leaves the computer.”
Texas Tech reports that Li and Xu’s collaborative project is backed by a $205,418 grant from the National Science Foundation to develop high-sensitivity detectors to determine the uniqueness of a person’s heartbeat waveform and, if feasible, to perfect the reliability, performance, accuracy, and security of this type of continuous authentication.
Li said the first year of the project will focus on the hardware side of the research, building high-sensitivity detectors. Subsequent efforts will focus on signal processing to increase the intelligence of the system.
The technology could eventually be used to facilitate hands-free cellphone use, allowing a driver, for example, to access a phone’s GPS without having to use a fingerprint scanner or type a password.
“What we’re hoping is after three years, we will know the feasibility and, if it is feasible, we will know the accuracy and reliability,” Li said. “After three years, perhaps, we will think about how to move further—for example, into commercialization. But I believe that will be after three years.”
Li concluded, “It really comes down to two questions—how can you really authenticate, and how can you perform continuous authentication?”