32 comments

[ 2.9 ms ] story [ 83.3 ms ] thread
The assignee name and "address" is spelled wrong on the page.

Also it would be incredibly awesome to have seamless passwords. Just pick up and go. But of course, I imagine there'd be times when it wouldn't be able give accurate consistent measurements? It seems like a rather delicate operation, i.e prone to problems.

Maybe it would work perfectly - until you were panicky and the adrenaline affected your heart rhythm. Like during that sales demo, or when calling 911.
Does adrenaline really affect rhythm, or does it simply make your heart beat with the same rhythm, faster? I thought any change in heart rhythm was considered an arrhythmia.
I suspect arrhythmias are commoner than you think. A large proportion of us will suffer from one at some point in our lives.

Failure scenario: you're having a mild heart attack, but you can't call an ambulance because your phone doesn't recognize you!

(If this biometric is routinely used as a password-substitute, what are the odds that by the time you really need it, you've forgotten the password you used when you set up your account?)

Yes, a workaround for emergency services is feasible, but your average first half attack has a duration measured in hours, comes with a variety of symptoms the victim is unfamiliar with, and many folks' first response is to try to self-diagnose or ask someone about it, rather than to instantly realize "OMFG, I'm having a heart attack, ER now". Way to go if they're locked out of all the possible online sources of information that might tell them what's going on!

(And I really don't think Apple will be wanting to jump through the medical device certification hoops for OSX and the iPhone, given what the regulatory regime is like ...)

Easy enough: require that any computer using biometrics (of any kind, not just this one) also have the guest account enabled.
Now we're into patching design errors by applying work-arounds.

That always ends well.

Android phones already have an “emergency call only” option on the unlock screen. Now, a phone that self-diagnoses an emergency is heading into interesting territory…
I don't know - but I'm not really 100% sure Apple knows, either.
Absurd. Cardiac 'patterns' change over time, and altered with heart disease/dysfunction. Bio-medical based authentication must rely on non-changing biological characteristics.

<sarcasm>Gotta hand it to them for covering the bases, though.</sarcasm>

Ideally, passwords should change over time as well. If the change is continuous rather than abrupt, it can be picked up on, and the password steadily changed with the pattern (you'd be let in with an 98% match, which would then overwrite the previous pattern. A 95% match would ask for secondary identification first). Then, if someone tries to use a previous recording of your heartbeat to unlock your computer, it won't work!
I have to agree, it's absolutely ridiculous.

Using cardiac patterns for login are also prone to "denial of service attacks". Because if I scare someone, suddenly they will be unable to access their phone.

Regardless, just reading through this patent, I find it difficult/impossible to believe that there isn't prior art for this.

I was thinking today about a mouse that could detect heart rate, in the same manner as a cardio machine detects it. I don't know why you would want to use it as a password, however it could be useful in biofeedback.
How similar is this to the alleged Nintendo vitality sensor?
I've done a lot of work with heartbeat signatures, and this is a promising idea. Each person has a certain set of easily identifiable characteristics to their heartbeat, such as notches, and creating something like an FFT to create a signature could potentially be a great method of identifying a user.
Are any of these identifiable characteristics really that invariable? What if someone starts exercising a lot, or loses 200 pounds, or starts taking medication that affects the heart/blood pressure, etc..?

I imagine being locked out of your account and trying to diagnostic your heart must be a pain...

As with fingerprints, your password is always the primary authentication method. The fingerprint / heartbeat authentication support is there as an alternative; to be "cool", take longer than typing your password, and make it easier for intruders to access your device.
On the plus side, it'd be like a regular heart exam. If you can't access your account, you might have a bigger problem.
why would it be better than say fingerprints ? Is it the fact that fingerprints, or retinal scan cannot be cheaply integrated into a mobile phone... while this can be?
No, it's because an evil person will cut off your finger in order to gain access. He can't rip out your beating heart and all the sanguine system so this is a much better biometric from a personal safety viewpoint.
or you can use a synthetic copy of an eyeball or finger.

for online or remote authentication all bio-metric identifiers are as bad as each other. you can simply "play back" a stolen signiture. if a human is present to observe then maybe it's a little harder. nevertheless, your signiture is effectively worthless if it does get stolen - and when it is you cannot change it.

I'm strongly of the opinion that bio-metric id is a disastrous concept. As well as the issue of having signitures stolen, such systems will evitably result in further erosion of privacy. Plus of course, with possibly the exception of your DNA, you change over time, meaning that, I beleive, such systems can never be that reliable.

So if I came back from a long running am I still able to unlock my heartbeak signature protected device?
Sorry for the late reply, but yes. The amplitude and frequency of the signal would still be different (your heart is beating harder and faster), but the characteristics would still be the same.
Can I just have support to draw a pattern on the homescreen for authentication? This is pretty ridiculous.
There's a big problem with all bio-metric identification. If your signature is stolen, you're stuffed. Unlike a pin or password you can't change it.
Will work fine till when you are having a heart attack and need to find the address of the nearest hospital.
Pretty innovative I think. I imagine it wouldn't replace a password (unless it was super reliable) but just be like a shortcut for the owner. Would it detect your pulse through just your hand as you hold it normally? That's be great.
Is it easier to "steal" and use someone's hearbeat remotely than their fingerprint?