Will Your Heartbeat Someday Unlock Your Phone?

With the evolution of new technology, comes the need for increased security and authentication. We’ve seen that already at Apple’s latest convention with the announcement of the new facial recognition software for the iPhone X. The new security feature allows users to unlock their phone by simply holding it up to their face to identify the user — but what if we could get even more precise?

That’s what Changzhi Li, a researcher from the department of electrical and computer engineering at Texas Tech, is trying to accomplish with his new method of continuous authentication via a cardiac password. The new method aims to utilize the waveform of the human heartbeat, something that can be continuously authenticated in a unique fashion for any user.

The genesis of the idea began with a computer that would send out a radio frequency wave toward the body to check the waveform of the user’s heartbeat. The original idea was that every user has a specific characteristic cardiac waveform, like a unique signature. If a computer could identify that signature, it would make it virtually impossible to duplicate the exact signature, providing one of the most secure authentication systems ever created.

The process would require an initial radio signal that gets sent out from the computer to record data, similar to an electrocardiogram (ECG). Once it recognizes the user’s heart waveform, the system could provide a continuous authentication process that would ensure the security of any sensitive or classified information on the device — and because the process offers continuous authorization — the system wouldn’t require any additional actions or information from the computer user.

Li says he wanted to create a system that wouldn’t require the user to cooperate with any specific actions. A system that doesn’t ask questions or require physical actions, like typing a password or holding your phone out in front of your face, would make continuous authentication possible. This way the user can just do whatever they need to do while the system continuously sends out a signal to check the cardiac waveform without ever letting the user know that a security authentication process is even in progress.

The key to the system is the development of a motion sensor technology that is more than 1,000 times weaker than the single power of a cell phone. Li says to think of it like a smart radar technology, only instead of detecting the speed of a passing car, it picks up how fast the heart is pumping and begins to monitor how that movement changes over time. The weaker signal strength is also an added measure of security as it requires the user to be closer to the computer. Otherwise, specific security protocols would lock the computer or device down until an accurate waveform reading can be measured.

Li says that as his group moves forward with development, they will have to begin to build in certain adaptations that can account for changes that occur to a user’s heart wave, such as heart disease or the addition of a pacemaker. Li says that although this kind of precise authentication system could be useful for cybersecurity, the technology could also be used in other areas, such as hands-free cell phone operation.

For now, Li and his group will continue to focus on the system as a means to protect privacy. He says that when it comes to the success of such a technology, they only have two questions to answer — can it really authenticate, and can it perform continuous authentication?

He said he hopes they’ll soon be able to answer yes to both.