Need a New Password? It Might Just Be Your Brain
When it comes to high-tech passwords, there are fingerprint scanners for computers and facial recognition programs for closed-circuit cameras, and retinal scans are a mainstay of the movies.
Now researchers are looking beyond those technologies to using brain scans and heartbeats to identify people in ways that can’t be faked.
“There will come a time when a lot of current input devices won’t be necessary,” said Ken Revette, a professor of computer science at the British University in Egypt. Revette recently founded the Journal of Cognitive Biometrics to feature research in the developing field of high-tech identification systems.
If people are going to have “Minority Report” computers, then something beyond a keyboard for a password will be needed.
For example, one could use reactions to an image as a password. Navin Cota of the Mind Research Network in New Mexico and Ramaswami Palaniappan of the University of Wolverhampton in the U.K. are working on using signals in the brain that mark attention.
In their experiment they asked subjects to count the number of times a letter appears on a screen. Each time a subject found the letter, their brains flashed a certain signal to the electroencephalogram. This signal, which is a change in the electrical potential measured by the EEG, is the same whenever someone is looking for a certain stimulus.
Cota said this means it’s possible to build a two-level password system using images. Imagine, he said, choosing two pictures, one of a landmark, say Big Ben, and the other of a relative, one’s mother, for instance.
To authenticate, one would choose the picture of Big Ben presented out of a set. Then one would see another set of pictures, showing Mom.
The reaction of the brain when looking at the correct picture is different from someone who doesn’t know which one they are looking for. The change in the electric potential of the brain will only happen in both cases for the “right” person.
The system is secure because only the person who chooses the images knows which ones they picked, and even if someone were to get it right randomly, the reactions in the brain would look wrong.
Cota noted that the big challenge is picking up the signal without requiring a cap — EEGs require contact with the scalp. But if that problem can be solved then it could be used in conjunction with other methods, even ordinary passwords.
Another area is using heartbeats. A person’s heartbeat generally looks similar between one beat and the next. But there is a small difference: on an electrocardiogram (or EKG) there are two “humps” on a heartbeat. The first on the graph looks tall and thin, and the second is shorter and some distance away.
That distance seems to be different with each individual and doesn’t change, said John Irvine, an engineer at Draper Laboratory in Cambridge, Mass., who co-authored the study. That means even if ones heartbeat is elevated, the shape of the heartbeat looks the same.
So far, he and his co-author, Steve Israel, principal scientist at Integrity Applications, have only looked at about 200 people. So it isn’t clear yet that it would hold up over millions, but it does look promising.
The big challenge in this method is picking up the signal from any distance away. A good measure of heartbeats is usually taken with a sensor in contact with a patient’s chest — a stethoscope, for example, or electrocardiogram. But an acceptable signal could be picked up from a palm reader or even a fingerprint scanner, as long as it gets a pulse.
“That’s really an engineering problem,” Irvine said, “Though it’s a really challenging one.”
Revett noted that there is a lot of work with typing rhythms as well. “We challenge a subject with up to 50 visual stimuli,” he said. “At the same time we gather typing rhythms.”
Those rhythms reveal who is typing, and are exceedingly difficult to spoof because they differ in subtle ways between people.
And it isn’t all just for passwords. Irvine said if individual heartbeats can identify people, then emergency workers could call up medical records even when a patient is unconscious.
Meanwhile, Revett said there are applications for the EEG reading in gaming. A gaming system keyed into a person’s heartbeat could monitor and respond to a quickening — or slowing in their pulse.