Electrocardiogram (ECG) Authentication
Biometric recognition is a buzz phrase in the mobile industry, and we are seeing applications emerging on a daily basis with new and innovative ways of trying to ‘guarantee’ secure access to your mobile application and back end systems.
We are all familiar with the first generation of biometric authentication systems such as the use of fingerprint, voice or your iris to unlock your phone and pay for goods, but are these biometric systems secure enough going forward in a world where we as consumers want confidence that our applications and data are secure?
Today you can find mobile applications which are attempting to use some of the ‘newer’ biometric recognition system such as the use of ‘Selfies’ but to date, they have all been proven to be crackable. Why – The data being used can be copied or spoofed.
So, what second generation of biometric systems are available that can help us guarantee we are identifying the user correctly? We need something that is unique to each person and that can’t be easily harvested, faked or copied (skimmed).
We each have something that gives us just that – Our heart!
As your heart beats, it produces an identification pattern, or electrocardiogram (ECG) that is unique to you, and its inside our body and therefore not open for external manipulation.
The distinctive patterns which are present in an ECG signal are the result of several factors of the hearts cardiac function. Variations such as the size and position of our heart, as well as the timing of the electrical pulses, are what creates this unique ECG signature.
Current research supports the use of ECG as a biometric to reliably distinguish people even as activity or stress levels increase.
Unlike other biometric recognition options, this ECG signal can be continuously reassessed until a confident match is received and as such, the system can be configured for high accuracy and continuous authentication.
Reality or Concept?
There are already ECG bands available from Nymi and Apple Watch ECG Bands from AliveCor are just awaiting medical approval.
Other technology providers such as B-Secur are looking to deliver a host of ECG technical solutions to allow their patented technology to be easily integrated into other products and systems which will allow ECG authentication to be used by the masses.
The BJSS Innovation Lab
BJSS is working with the market leaders for ECG Biometric authentication and is using our own Mobile Innovation Lab to further understand this technology. We have produced a set of working proof of concepts to prove that access to mobile applications and the associated back end services can be secured using the user’s ECG pattern.
ECG biometric authentication for mobile authentication is not just a glimpse into the future...
It’s here NOW!