News / Medicine

Your Heartbeat May Soon Become Your Password

Researchers have developed a way of turning the unique rhythms of your heart into a form of identification

Scientists say that your heartbeat can replace a password when accessing your electronic records. By using heart's electrical pattern as an encryption key, researchers from the Binghamton University of New York found a way to protect personal electronic health data by using patient' unique heartbeats. According to the study, "A Robust and Reusable ECG-based Authentication and Data Encryption Scheme for eHealth Systems" scientists use patient ECGs as keys to unlock and lock their files.

The research led by Zhanpeng Jin, the assistant professor in the Department of Electrical and Computer Engineering at the Thomas J. Watson School of Engineering and Applied Science at Binghamton University. Jin mainly works on the cognitive biometrics, wearable and mobile computing and security issues in smart health, neuromorphic computing systems, neural engineering, low-power sensing and electronics

Jin says "The cost and complexity of traditional encryption solutions prevent them being directly applied to telemedicine or mobile healthcare. Those systems are gradually replacing clinic-centered healthcare, and we wanted to find a unique solution to protect sensitive personal health data with something simple, available and cost-effective."

Measuring the heartbeat

Jin also points that the traditional security measures such as encryption or cryptography are way too expensive, computing-intensive, and time-consuming as well. Basically, by using a simple biosensor applied to the skin, it is possible to measure the electrical activity of the heart. The patient's heartbeat then becomes the password to access their electronic health records.

"The ECG signal is one of the most important and common physiological parameters collected and analyzed to understand a patient's health. While ECG signals are collected for clinical diagnosis and transmitted through networks to electronic health records, we strategically reused the ECG signals for the data encryption. Through this strategy, the security and privacy can be enhanced while minimum cost will be added."


As wearable health devices that monitor everything from blood pressure to respiratory rate become more popular, there's an increasing need to transmit health data electronically to doctor's offices, explains Zhanpeng Jin.

"During this process, the data transmission is vulnerable to cyber attacks or data breach, which may expose sensitive user's electronic health data," Jin says.

Since mobile health devices would have already collected a patient's electrocardiogram (ECG) - a measurement of the heart's electrical activity - the heartbeat data can simply be reused for security purposes. This has an advantage over many existing encryption techniques, Jin says, because it's far less computing-intensive and uses less energy, which is important when working with energy-limited devices like small wearable health monitors. Since the data has already been collected, it adds little extra cost to the process as well.

While the peaks and valleys on people's ECGs may look identical to the untrained eye, they're actually anything but. Though your heartbeat speeds up and slows down, your ECG has a signature, much like a fingerprint, based on the structure of the heart itself.

"The existing studies on ECGs have proved that the ECGs are quite unique by nature among different individuals," says Jin.

There's only one problem: these unique patterns are also changeable. A person's ECG can change with physical activity, mental states (like stress), age and other factors.

"We are still working on better algorithms to mitigate those influences and make the ECG-based encryption more robust and resistant to those variabilities,! Jin says.

These issues would need to be overcome in order for ECGs to become a common biometric identifier like irises or fingerprints. But, Jin says, the technology is ready to be used as a secondary form of authentication. Since, by nature, an ECG only comes from a person who is alive, it could be used in tandem with another form of identification to both authenticate a person's identity and prove that they're living. Gruesome as its sounds, the scenario of a plucked-out eyeball or a severed finger being used to trick security scanners is something biometrics researchers must consider. An ECG as a secondary form of ID would remove that issue.

Jin and his team hope their new technique can help secure vulnerable data. So one day soon, your heartbeat may join your fingerprints as yet another key in an ever-increasing number of locks.

ref.: foxnew, smithsonianmag

Articles featured in CES News are derived from a variety of news sources and are provided as a service by cesultra. These articles do not necessarily represent the opinions nor constitute the advice of cesultra.