Heart Geometry: A New Continuous Biometric Authentication Method

Scenarios for continuous authentication: (a) An authenticated user is present, the system remains unlocked. (b) The authenticated user is leaving; the system is automatically blocked. (c) An intruder appears, the system remains blocked. Green screen corresponds to the unlocked system, red - locked.



Recently, public and private companies have been in demand for more advanced computer information protection and user authentication systems. In particular, interest in continuous authentication systems has grown, when a computer constantly checks the authenticity of the person sitting in front of it. Systems of this type are much more effective than the traditional one-or two-factor protection, because they do not allow an attacker to use a computer after the user has logged in there.



Existing continuous authentication systems have certain limitations. Some of them require the user to permanently confirm their identity. For example, you need to put your finger on the scanner or look at the eye at certain intervals to scan a finger or retina or enter a password every few tens of minutes. Of course, this to some extent solves the problem of continuous authentication, but not completely, and also very uncomfortable.



There are other suggestions for continuous authentication: for example, constantly monitor keyboard patterns, mouse movements and other behavioral characteristics, and monitor faces in front of the monitor. Each of these methods has certain disadvantages. For example, the face recognition system in Windows 10 is easy to fool .



From the point of view of biometric authentication, checking by heart is unique in its own way. Unlike the finger, the heart is much more difficult to separate from the victim's body; there is no possibility of such an easy forgery as with face recognition. It is difficult to hide from the system, and it is difficult for an attacker to recognize the characteristics of the carrier. In the end, every living person has a working heart, unlike the same fingers, and it is unique for every person. Therefore, it is even a bit strange that so far no biometric authentication systems have been created for the heart (if you do not take into account the ECG). Now there is one: it was developed at the University of Buffalo (USA). They are going to submit a scientific article at the 23rd Annual International Conference on Mobile Computing and Communication (MobiCom), which will be held on October 16-20, 2017 in Utah, and now the article is published in the public domain ( mirror ).





Heart structure and dynamics



Someone may have doubts about the security of the system, which continuously irradiates the heart and reads the result of the scan. The developers say that there is nothing to fear in the world of ubiquitous WiFi radiation, here the radiation power is much lower: only 5 mW, that is, less than 1% of the radiation from our smartphones.



At the first scan, the scanner takes about 8 seconds to collect all the characteristics, and later it monitors in a continuous mode - and immediately reacts to a change of heart in front of the scanner.





The scheme of the Doppler radar sensor, which is used when scanning, with adaptive power setting and beam adjustment



The development of technology took three years, and in general it is quite a complex and technological device. The recognition takes into account the geometry of the heart: its shape and size, as well as the dynamics of work, that is, heart rate. Human recognition by cardiogram is a decade-old technology, but nobody has yet figured out the shape and size of the heart for authentication. This is the first technology of this kind.



"There are no two people with the same heart in the world yet," said Wenyao Xu, lead author of the research, PhD (PhD) and assistant professor at the Department of Computer Science and Engineering at the School of Engineering and Applied Sciences of the University Buffalo He draws attention to the fact that the shape of a heart in an adult person never changes unless it is affected by some rare serious heart disease.





Experimental setup





Scanner



Now Xu is working on miniaturizing the device so that the scanner can be installed in the corner of a computer keyboard or in a smartphone.



In the future, states may consider creating a database of the prints of the hearts of all citizens - it will allow to accurately identify the identity of any person from a distance. Information can be recorded in the passport along with the rest of the biometric data. The Doppler scanner works by heart from a distance of 30 meters: very convenient for airports, checkpoints and similar checkpoints.