The human heartbeat is a rhythm unique to each individual and is based on the size and shape of the heart, the orientation of the valves, and other physiology. As such, it will only change in the event of a major complication such as a heart attack or other coronary episodes. Now, researchers at Birmingham State University in New York want to use them to develop a login technique for electronic patient health records and as a means to decrypt them when necessary.

Heartbeat data as a unique biometric login method

Zhanpeng Jin, co-author of a paper citing the use of electrocardiograms (ECGs) as a replacement or secondary authenticator for traditional encryption techniques, says that wearable devices will require significantly less battery-intensive techniques to process these types of requests.

“There have been so many mature encryption techniques available, but the problem is that those encryption techniques rely on some complicated arithmetic calculations and random key generations,” he says. “If you apply those kinds of encryptions on top of the mobile device, then you can burn the battery very quickly.”

One of the first commercial uses of ECG data for personal and enterprise users is the Nymi band, which launched in September 2016 and was previously available as a developer kit during the past two years. This is a multi-factor authentication wearable that takes a user’s unique heartbeat and converts it into a unique key that can be used to unlock many devices. With just a user’s heartbeat data, or in combination with Apple Touch ID, the device can deliver strong login security in the workplace over Bluetooth low energcy and NFC. The unique biometric information can then be used to login to mobile devices, laptops, desktops, cloud platforms and can even act as a smart card to open doors and elevators.

Using heartbeat as a persistent identity

One of the key concerns with ECG encryption is that it is sensitive and much more vulnerable to variations than other forms of biometric measurement. According to Dr. Jin, a person's electrical activity may change depending on mental states, physical activity, and even age. Ultimately, the shape of the heartbeat waves will determine what a signal looks like when being read by an ECG. However, the scanning process will only need to take place once and once the device has a someone’s ECG data, it will continually use the same encrypted file to authenticate things.

While ECG metrics are not as mature as fingerprint scanning technologies, some leaders in the fitness industry believe that the accuracy of heart data will improve and even surpass other biometric methods over the next few years. Andrew D’Souza, CEO of Nymi, says that ECG metrics are “already far above things like voice recognition” and enable a form of “persistent identity”. This means that a person only needs to put on the wearable device once, and it will remain authenticated for the duration of its battery life.

The industry is now well on its way to adopting iris scanners and fingerprint readers for a majority of PC login approvals, yet the use of the heartbeat as a replacement, or even secondary authenticator, for standard passwords may one day allow supported wearables to be used as replacements for car keys, door locks, credit cards and boarding passes.

In the future, the researchers envision a world where all patients will be outfitted with wearables that will continuously collect physiological data and sync information with doctors on a regular basis. Of course, adoption will depend on the willingness from all age groups, young and old, to consistently wear these devices in addition to their usual wallets, keys, smartphones and other accessories.