September 26, 2017 -
A University of Buffalo-led research team has developed a contactless authentication system that can scan the dimensions of a user’s heart as an identifier to authenticate devices.
“Logging-in and logging-out are tedious,” said Wenyao Xu, assistant professor at the University of Buffalo’s department of computer science and engineering and the lead author of “Cardiac Scan: A Non-Contact and Continuous Heart-Based User Authentication System”, a paper to be presented next month at MobiCom.
Xu added that the system would be the first non-contact device to scan heart geometry.
The system uses a low-level Doppler radar to continuously scan a user’s heart’s shape and size, with the ability to authenticate people over distances of up to 98 feet.
The device is also considerably safer than Wi-Fi and other smartphone authentication systems, which emit harmful SAR (Specific Absorption Rate) radiation due to them using a 5 milliwatts reader. In comparison, the device emits less than 1 percent of radiation currently emitted by smartphones.
It takes about eight seconds to authenticate the user for the first time. For subsequent authentications, the device will continuously recognize the user’s heart so he or she will not need to remember or enter multiple passwords.
A device such as a computer will not unlock unless the authenticated user is directly in front of it. Once the user moves away the device will be locked again.
The device currently comprises of a large apparatus, however, the researchers are looking to miniaturize the system so that it will fit on the corners of keyboards and even on smartphones.
Xu said the system could have several applications ranging from unlocking individual devices to airport security, ensuring better privacy than current systems.
The system is far more secure than passwords or patterns, which can be easily leaked or compromised by an intruder.
The research paper states that the device will be more cost-effective than current systems.
However, the system is not without its issues. There are some potential privacy and security concerns in regards to a person being easily forced to authenticate the device by going near it, authentication over large distances resulting in the system mistakenly giving third-party individuals access to devices, and the system not recognizing the user due to heart disease.