Biometric systems could use the unique patterns from a person's ECG reading for biometric sign-ons.
This is according to a study (PDF) emitted this month by a trans-Atlantic pair of brains at UC Berkeley in the US and the University of Edinburgh in Scotland, who reckon electrocardiogram results are easy enough to measure, and vary enough from person to person that a reliable authentication system could be built from consumer hardware.
"While existing research has focused on common modalities, such as fingerprints, face recognition, and iris scans, insufficient work has been done to explore novel biometrics," said Berkeley's Nikita Samarin and Edinburgh's Donald Sannella.
"Past research has demonstrated that ECG is sufficiently unique to each individual and could be used for user authentication."
To test whether an off-the-shelf authentication scheme would be viable, the researchers had to figure out just how well a small consumer ECG could both read and distinguish ECG patterns from person to person and from reading to reading. They enlisted a group of 49 volunteers to use a mobile ECG reader (specifically, this one) in two different sittings four months apart.
Using the datasets, the team then analysed the wave patterns from person to person and between the two settings. What they found was that the ECG readings could match the person with an error rate of about 2.4 per cent over short durations of time (roughly the same range as fingerprint readers), but found that over longer periods between readings, the error rate goes up to around 9 per cent.
Bionym bracelet promises to replace passwords with ECG biometricsREAD MORE
Still, the study concludes that an ECG authentication would be feasible and reliable enough to work in things like smartphone cases or steering wheels as another way to authenticate the owner of the device, albeit with many of the same concerns and technical hurdles present in other bioauthentication methods.
"The introduction of low-cost sensors allows system designers to embed them into existing access control systems," the duo concluded.
"Nevertheless, more research needs to be done on extracting features from ECG signals obtained from consumer-grade monitors, preventing spoofing attacks and guaranteeing that ECG-based biometric systems are socially accepted by the general public."
The paper, A Key to Your Heart: Biometric Authentication Based on ECG Signals, is due to be presented during the "Who Are You?! Adventures in Authentication" workshop at the Symposium on Usable Privacy and Security in Silicon Valley in August. ®