Medical biometrics R&D proving to also have wide-ranging security applications
Rapidly advancing mobile-device technologies and information-sharing platforms like “wearable devices,” are hurriedly being developed which can “capture a wide variety of health and lifestyle-related information, including geospatial and biometric data and patient-reported outcomes from individual volunteers” which can “transform our understanding of both normal human biology and disease states,” but also add new layers of security to individuals’ Personally Identifiable Information (PII) in the form of biometric health data used in clinical studies, trials, and records system management, according to the Department of Health and Human Services’ (HHS) National Institutes of Health’s (NIH) strategy for data science.
“One especially ripe opportunity for use in community-based research is the broader use of … biometric data” available from the variety of mobile and other information collection devices in development or already in use,” NIH stated – devices that can also be adapted for many other biometric security purposes, as well as the securing of biometric medical data access points.
For example, Rutgers Cancer Institute of New Jersey (CINJ) is continuing to develop a cancer center-managed shared biometric resource to provide statistical support for CINJ members in the areas of basic, clinical, and population research must also be biometrically secured because of the nature of personal and other confidential and proprietary data.
The biometrics shared resource of CINJ “is a specialized service facility that supports the cancer research efforts of our members,” CINJ said.
“Most Rutgers Cancer Institute members in the basic, clinical and population sciences require biostatistical expertise beyond that acquired within their field of scientific training. Biometrics ensures that the scientific rigor of cancer center studies is supported by outstanding, centralized and cost-effective biostatistical support,” CINJ stated.
The facility is supported primarily by a Cancer Center Support Grant from the National Cancer Institute, with additional support perhaps being provided by other sources, such as chargeback systems, institutional funding and/or other grants, CINJ said, noting, “The support from the CCSG allows the facility to provide benefits to cancer center members, such as ensured access to services or subsidies to user rates.”
According to CINJ, each biostatistician and data analyst has a personal biometrically secured and enabled Microsoft Windows-based desktop or laptop, the hardware structure of which is capable of processing and manipulating large data sets and performing computing-intensive data analyses and simulations. It is particularly cost-effective for performing large-scale data management and complex exploratory research in bioinformatics.”
“Our nation and the world stand at a unique moment of opportunity in biomedical research, and data science is an integral contributor. Understanding basic biological mechanisms through NIH-funded research depends upon vast amounts of data, and has propelled biomedicine into the sphere of ‘Big Data,’ along with other sectors of the national and global economies,” NIH explained. “Reflecting today’s highly integrated biomedical research landscape, NIH defines data science as the interdisciplinary field of inquiry in which quantitative and analytical approaches, processes, and systems are developed and used to extract knowledge and insights from increasingly large and/or complex sets of data” – complex, distributed data enterprises that contain vast amounts of PII biometric information that also requires biometrically-enabled security protocols.
Indeed, NIH stated, “The generation of most biomedical data is highly distributed and is accomplished mainly by individual scientists or relatively small groups of researchers. Moreover, data also exist in a wide variety of formats, which complicates the ability of researchers to find and use biomedical research data generated by others and creates the need for extensive data ‘cleaning,’” and state of the art biometric security — biometric security to protect personal biometric datasets.
As NIH pointed out, “Advances in storage, communications, and processing have led to new research methods and tools that were simply not possible just a decade ago,” but which now also require contemporaneous access control security. “Machine learning, deep learning, artificial intelligence, and virtual-reality technologies are examples of data-related innovations that may yield transformative changes for biomedical research over the coming decade. The ability to experiment with new ways to optimize technology-intensive research will inform decisions regarding future policies, approaches, and business practices, and will allow NIH to adopt more cost-effective ways to capture, access, sustain, and reuse high-value biomedical data resources in the future.”
“To this end,” NIH said “it must weave its existing data-science efforts into the larger data ecosystem and fully intends to take advantage of current and emerging data-management and technological expertise, computational platforms, and tools available from the commercial sector through a variety of innovative public-private partnerships.”
The recent NIH US National Library of Medicine paper, On the Feasibility of Low-Cost Wearable Sensors for Multi-Modal Biometric Verification, the authors’ concluded that “the feasibility of using low-cost wearable sensors to build a multi-modal biometric system to perform user verification,” for example, “showed … implementation of such systems in a realistic setting is feasible, but [that] several challenges must be considered,” such as having found that low-cost sensors worn continuously are “subject to movement-generated noise that can reduce the quality of the captured signal.” But, this “could be mitigated by a proper fit of the device that limits its movement. Second, signals like ECG, PPG, and GSR vary over time because of changes in the user state or ageing. To avoid false negatives under these circumstances, a biometric system should allow the addition of new samples over time to keep the biometric system under acceptable metrics.”
The authors’ noted that their studied biometric system doesn’t incorporate “protection against device theft, replay, or spoofing attacks [because] some systems like ECG there are methods to replay a previously captured signal.” But, they said, they believe a multi-modal system employing ECG, PPG, and GSR does “practically increase the complexity of such attacks.”
NIH noted with regard to its new strategy for driving data science that the Lynx Wearable Router is “a light-weight, rugged unit that supports a series of sensors (biometric, environmental, GPS); 3G/4G/LTE, Wi-Fi, Bluetooth, WWAN handheld radio, cellular connectivity; cameras, and more” which will enable wireless mobility, increased situational awareness, tracking, and analytics at the edge, with potential benefits applicable to a wide range of industries that include public safety, mining, utilities, energy and transportation.
Among the “wearable” biometric examples NIH has referred to includes Google’s Google Fit platform that collects biometric data from compatible devices.”
Then there’s the biometric “emotion sensing” band with heart rate monitor and GPS which employs a biometric band with a heart rate monitor and GPS to measure a wearer’s excitement level (biometric, atmospheric, and sociometric). Debuted at Wimbledon 2015, NIH said “results will be compared to sensors measuring noise, crowd movements, and social media,” which could have practicality for security and law enforcement purposes, officials familiar with the technology told Biometric Update. “In fact, a lot of what NIH is doing has far-flung applications for the whole spectrum of security, not just for medical applications.”
Another NIH paper published earlier this year, Biometrics: Accessibility Challenge or Opportunity? said, “ensuring that personal data is secure … is of great importance … security systems are reliable and easy to use for as wide a cross-section of the population as possible. Ideally any system must not be inaccessible to groups such as the elderly, people with disabilities, or those with little knowledge of technology.”
The paper’s abstract stated, “Biometric recognition is currently implemented in several authentication contexts, most recently in mobile devices where it is expected to complement or even replace traditional authentication modalities such as PIN (Personal Identification Number) or passwords. The assumed convenience characteristics of biometrics are transparency, reliability and ease-of-use, however, the question of whether biometric recognition is as intuitive and straightforward to use is open to debate. Can biometric systems make some tasks easier for people with accessibility concerns? To investigate this question, an accessibility evaluation of a mobile app [or it could one day be a biometrically-enabled wearable device] was conducted where test subjects withdraw money from a fictitious ATM scenario. The biometric authentication mechanisms used include face, voice, and fingerprint. Furthermore, we employed traditional modalities of PIN and pattern in order to check if biometric recognition is indeed a real improvement. The trial test subjects within this work were people with real-life accessibility concerns. A group of people without accessibility concerns also participated, providing a baseline performance.”
The experimental results were presented for performance, Human-Computer Interaction and accessibility, grouped according to category of accessibility concern. “Our results reveal links between individual modalities and user category establishing guidelines for future accessible biometric products,” the paper’s authors concluded.
“Given that mobile authentication methods are at a stage of entering implementational maturity, there is a great opportunity to inspire the deployment of new systems that have the desirable characteristics of universality, ease of use and high performance, with the potential to make daily tasks much easier for a wide population,” the paper said.
Continuing, the paper’s authors reported, “The experiment reported in this paper continues a mobile biometrics accessibility research line involving the collaboration of the Centre for the Recovery of Persons with Physical Disability of Madrid based in Madrid [which] offers a range of rehabilitation facilities for physical or mental disabilities. Previous experiments have evaluated the accessibility of mobile devices apps for authentication with handwritten signature and fingerprint recognition, the latter performed using external devices. The results of these works were utilized as guidelines for future developments and applied to this experiment. In this present work, some of the most common authentication modalities in mobile devices were utilized” and tested, including speaker recognition, face and fingerprint (using the integrated smartphone sensor).
The paper concluded, saying, “As a summary of observations and recommendations, we derive a series of best practices for future designers and developers in order to motivate better biometric systems in terms of accessibility and universality.”
Among the authors’ findings were:
• Speaker verification systems are highly appreciated as a non-intrusive modality. Nevertheless, the inclusion of an extra element to record the voice (a button) could lead to rejections. Increasing automation may result in better user acceptance;
• Other aspect to improve in speaker verification is the sentence to read. Many subjects have problems reading from screens (e.g. small letters, difficulties to read properly because hand tremor, etc.). One possible solution could be to repeat an audibly sentence previously played by the system;
• Introducing modalities which require high user interaction, may lead to confusion and rejections. In this case, several users disliked the use of the pattern;
• Authentication solutions may be adapted to each individual subject. Even though subgroups have been assessed in this work according to their characteristics, we found high variability among them, pointing out the requirement for more individualized solutions;
• The fewer interactions with the system, the better. Transparent solutions involve fewer possibilities of incorrect interactions and reduce usage time. However, this fact could negatively affect system performance;
• The Android fingerprint enrollment procedure shows a fingerprint on the screen, that many subjects confused with the real fingerprint sensor and touched it several times. This led to longer times in the enrollment process, which was already considerable.
Another NIH paper published last month found that, “electroencephalography (EEG)-based biometrics features unparalleled universality, distinctiveness and collectability, while minimizing the risk of circumvention. However, commercializing EEG-based person recognition poses a number of challenges,” noting that “the various systems proposed over the past few years with … shortcomings that have prevented wide-scale implementation, including issues pertaining to temporal stability, psychological and physiological changes, protocol design, equipment and performance evaluation.” Nevertheless, the authors’ stated they believe “further development of usable EEG-based recognition systems” will promote “rapid advancements in EEG instrumentation, on-device processing, and machine learning techniques [that] will lead to the emergence of commercialized person recognition systems in the near future.”
The authors’ explained that the majority of EEG biometric related research and development so far has “focused on understanding how the brain works, the identification of biomarkers, and the construction of brain-computer interfaces” in which “discriminative features are extracted from EEG signals and classified into various mental states, which are then associated with corresponding control commands for machines. Thus, extracted features should be universally shared within the user population to accommodate inter-subject variation. Conversely, EEG-based identification systems aim to differentiate among individuals performing the same requested task. In this case, any discrepancies in the extracted features tend to facilitate the recognition of individual identities.”
In their conclusion, the authors’ noted that, “A review of the literature confirms that EEG-based biometrics cannot be lost by users and are difficult to steal or forge, [and] thus EEG has considerable potential for use in person recognition systems.” But, they cautioned, “processing efficiency, recognition accuracy, and user-friendly designs must evolve before commercial EEG-based person recognition systems are viable.”
Meanwhile, the National Institute of General Medical Sciences (NIGMS) – also a component of HHS — issued its, Policy on Funding Biomedical Technology Research Resources Beyond Year 15, which was a “Notice … to clarify the policy for funding an NIGMS Biomedical Technology Research Resource (BTRR) beyond 15 years of support. For renewal support in Fiscal Year 2020 and beyond, NIGMS will not fund a BTRR competing renewal application past year 20.”
The purpose of the “technology development mission of a Biomedical Technology Research Resource should be characterized by a focus on genuine completion of the development cycle for each promising technology, in a timely manner, and a drive toward obsolescence of the BTRR through ubiquity of the developed technology within the scientific community,” the policy states, adding, “NIGMS expects that the funding lifetime of a BTRR will be no more than fifteen years. Only in very rare circumstances will NIGMS consider funding a BTRR competing renewal application in years 16 to 20.”
NIGMS explained that, “This funding opportunity announcement encourages grant applications for national Biomedical Technology Research Resources” for conducting research and development of new or improved technologies driven by the needs of basic, translational, and clinical researchers. The resources are charged to make their technologies available to the research community in a sustainable manner, to provide user training, and to disseminate the resource’s technologies and experimental results.” This could be useful to the biometric industry at large for all sorts of applications.
NIH is also supporting “the generation and analysis of substantial quantities of … numerous quantitative and qualitative datasets emanating from fundamental research using model clinical studies that include PII protected medical images, and observational and epidemiological studies that also includes data from individuals’ electronic health records and wearable devices, the research from which could be applicable, again, to the entire biometric community for a panoply of applications.
Broadening the utility, usability, and accessibility of specialized biometric tools seems to be the ultimate goal for HHS and NIH.
Indeed, NIH said, “Specialized [biometric] tools developed for one subfield of biomedical research might also be adopted for different purposes by researchers in other areas.”
“Finally, there is a critical need for better methods to mine the wealth of data available in electronic health records,” because they “present great opportunities for advancing medical research and improving human health—particularly in the area of precision medicine—but they also pose tremendous challenges,” like patient confidentiality and the level of access that’s granted to researchers, which must be obtained, recorded, obeyed, and enforced in accordance with HIPAA and NIST standards.
“Equally challenging,” HHS said, “is the fact that electronic health records are controlled by thousands of different hospitals and other organizations using dozens of different commercial computer platforms that do not always share a uniform language or data standards. Because of these challenges, NIH will support additional research to find better ways to allow clinical data to be used securely, ethically, and legally,” and “will also work with other federal and state agencies, private healthcare and insurance providers, and patient advocacy groups to find more efficient paths to realize the promise of electronic health records and other clinical data for medical research” while also, conversely, ensuring biometric access security to individuals’ PII/biometric data.