To the ordinary ear, the “lub-dub lub-dub” of a heart pumping blood may sound common and nondescript. To physicians, though, they are a goldmine of information about a person’s health. Recent groundbreaking studies have also discovered the heartbeat to contain enough information to be used as an identifier. Researchers have determined that the waveforms of the heart’s pumping motions are unique to a person and can be used as a biometric modality. In fact, some experts now believe heartbeat biometrics could be a better identifier than other popular modalities like fingerprints.
It has to do with those specialized cells that fire electrical impulses which trigger the pumping motions of the heart. These bursts of electricity create a waveform that can be measured by an electrocardiogram (ECG or EKG). Five characteristics are considered — dynamics, rhythm, timbre, pitch, and tonality. These parameters combine to form a unique heartbeat signature for each person and can be used for identification that has shown an accuracy rate of 96.6 per cent in experiments.
According to researcher Carmen Cámara from Universidad Carlos III de Madrid, biometric identification based on cardiac recording has been proven to be effective. “The main novelty of our work is that we look at the ECG recording, which is a temporary signal, as if it were a sound wave. From there, we analyze this sound wave using the qualities that are commonly used to characterize music,” she added.
An incontrovertible advantage of heartbeat biometrics identification over other modalities is always its ready availability. While some modalities like fingerprint, face, voice, or gait biometrics may be precluded for some persons due to either injury or other reasons, the heartbeat is a bio-signal which every human being generates at all times.
An arms-race is on between digital ID systems and fraudsters. As biometrics AI gets smarter and smarter, fraudsters are experimenting with methods to game facial recognition systems such as wearing masks, wearing asymmetric makeup, tilting the head at a certain angle, using lasers to disable cameras, or wearing infra-red LED hats that confuse cameras, among others. Being an internal biometric modality, heartbeat biometrics is impervious to these attempts at circumvention.
Heartbeat biometrics is upping the security ante. Fingerprint systems leave residues that can be misused. Face recognition applications are packed with information that could pose harm if mishandled. On the other hand, being an internal biometric, heartbeat biometrics is much harder to spoof, steal or mimic. It doesn’t leave biometric data sitting out in the open. Also, an inherent noise in ECG recordings could prove irreplaceable for hackers.
Another edge of heartbeat biometrics over other modalities is its continuous authentication. While passwords and fingerprints are “one-and-done” methods, a heartbeat could effectively send out credentials every second providing nonstop authentication.
Also, the ECG is an inherently ‘live’ signal providing the ultimate presence detection, which means the person needs to be physically present for authentication to happen.
The miniaturization of ECG instruments has proven to be a boon for heartbeat biometrics. The Apple Watch, in fact, has successfully implemented ECG for years. It has patented an application where a pulse oximeter on the watch is used to determine the biometric signature of a user's heartbeat. The data is then used to ID users and unlock the watch in a manner much like TouchID or FaceID the iPhone. That many other companies are rolling out their own wearable implementations of ECG may signal that heartbeat biometrics will soon be ready for primetime.
Even with such a preponderance of advantages, however, it would be prudent to temper expectations as heartbeat biometrics is not without flaws, the most concerning of which is that it carries legal and ethical concerns that fingerprint doesn't. An ECG, for example, might contain sensitive information about a person's emotions and health. Such data falling into the wrong hands could result in discrimination - using an employee's heart condition as a pretext for termination. Clearly, guardrails need to be in place to safeguard privacy.
Heartbeat biometrics is also markedly slower than other modalities as it requires a full second to take a full beat – lagging behind the lightning quick fingerprint readers. Even such an infinitesimal delay could prove to be a fatal flaw in a world of instant-everything. Developers need to find ways to compensate for the delay so as not to be a deal-breaker with consumers used to speed.
Depending on how quickly issues are addressed, we should be seeing wider adoption of heartbeat biometric as a digital identity modality in the coming years, with its exciting potentials in healthcare, access control, law enforcement, retail, among other industries.