Researchers develop authentication method using an individual’s heartbeat
Researchers at Binghamton University, State University of New York have developed a new authentication method to protect personal electronic health records using a patient’s unique heartbeat.
The findings, which were presented last month at The IEEE Global Communications Conference (GLOBECOM 2016) in Washington, D.C., describe a process in which an individual’s electrocardiograph (ECG) can be used as a password to lock and unlock files.
“The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare,” said Zhanpeng Jin, co-author of the research paper and assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. “Those systems are gradually replacing clinic-centered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available and cost-effective.”
In their paper “A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems”, the Binghamton researchers explain how ECG can provide a more cost-effective and faster alternative to traditional security measures like cryptography or encryption.
The researchers used a patient’s heartbeat as a password to successfully access their electronic health records.
“The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient’s’ health,” said Jin. “While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added.”
The identification method is based on previous work conducted by Jin using an individual’s unique brainwave patterns as an authentication method, combined with cyber-security work from Assistant Professor Linke Guo and Associate Professor Yu Chen.
Since an individual’s ECG readings can potentially change with age, illness or injury—or if the patient wants to change the authentication method of their records—researchers are developing ways to incorporate these factors.
The research paper was co-authored by Guo and Chen, along with PhD candidates Pei Huang and Borui Li.