Forget fingerprint computer identification or retinal scanning. A University at Buffalo-led team has developed a computer security system using the dimensions of your heart as your identifier.

The system uses low-level Doppler radar to measure your heart, and then continually monitors your heart to make sure no one else has stepped in to run your computer.

The technology is described in a paper that the inventors will present at next month's 23rd Annual International Conference on Mobile Computing and Communication (MobiCom) in Utah. The system is a safe and potentially more effective alternative to passwords and other biometric identifiers, they say. It may eventually be used for smartphones and at airport screening barricades.

"We would like to use it for every computer because everyone needs privacy," said Wenyao Xu, PhD, the study's lead author, and an assistant professor in the Department of Computer Science and Engineering in UB's School of Engineering and Applied Sciences.

"Logging-in and logging-out are tedious," he said.

The signal strength of the system's radar "is much less than Wi-Fi," and therefore does not pose any health threat, Xu said.

advertisement

"We are living in a Wi-Fi surrounding environment every day, and the new system is as safe as those Wi-Fi devices," he said. "The reader is about 5 milliwatts, even less than 1 percent of the radiation from our smartphones."

The system needs about 8 seconds to scan a heart the first time, and thereafter the monitor can continuously recognize that heart.

The system, which was three years in the making, uses the geometry of the heart, its shape and size, and how it moves to make an identification. "No two people with identical hearts have ever been found," Xu said. And people's hearts do not change shape, unless they suffer from serious heart disease, he said.

Heart-based biometrics systems have been used for almost a decade, primarily with electrodes measuring electrocardiogram signals, "but no one has done a non-contact remote device to characterize our hearts' geometry traits for identification," he said.

The new system has several advantages over current biometric tools, like fingerprints and retinal scans, Xu said. First, it is a passive, non-contact device, so users are not bothered with authenticating themselves whenever they log-in. And second, it monitors users constantly. This means the computer will not operate if a different person is in front of it. Therefore, people do not have to remember to log-off when away from their computers.

Xu plans to miniaturize the system and have it installed onto the corners of computer keyboards. The system could also be used for user identification on cell phones. For airport identification, a device could monitor a person up to 30 meters away.

Xu and collaborators will present the paper -- "Cardiac Scan: A Non-contact and Continuous Heart-based User Authentication System" -- at MobiCom, which is billed as the flagship conference in mobile computing. Organized by the Association for Computing Machinery, the conferernce will be held from Oct. 16-20 in Snowbird, Utah.

Additional authors are, from the UB Department of Computer Science and Engineering, Feng Lin, PhD (now an assistant professor at the University of Colorado Denver); Chen Song, a PhD student; Yan Zhuang, a master's student; and Kui Ren, PhD, SUNY Empire Innovation Professor; and from Texas Tech University, Changzhi Li, PhD.