Cardiac Scan: Continuous Computer User Authentication

Background:

Continuous authentication improves upon one-pass validation by continuously verifying over the lifetime of a session that the system is operated by the same user as at initial login. It can prevent access by adversaries when the legitimate user is away or overwhelmed. Governments and private companies increasingly demand more secure authentication, because of credential compromises due to weak cryptographic mechanisms (hacking, password theft, etc.) and user carelessness.

Technology Overview:

University at Buffalo researchers have developed Cardiac Scan, a continuous authentication system based on geometric and non-volitional features of cardiac motion, which is unique to each user and is difficult (if not impossible) to counterfeit. Cardiac Scan features intrinsic liveness detection, unobtrusiveness, cost-effectiveness, and high usability. The prototype utilizes a remote, high resolution cardiac motion sensing system based on the smart DC coupled continuous-wave radar.  A pilot study with 78 subjects evaluated accuracy, authentication time, permanence, evaluation in complex conditions, and vulnerability. Specifically, Cardiac Scan achieves 98.61% balanced accuracy (BAC) and 4.42% equal error rate (EER) in a real-world setup.

Advantages:

 

• Continuous authentication
• Unobtrusive
• Cost effective

Applications:

Computer user authentication.

Intellectual Property Summary:

US Patent Application 16/572, 588 filed 9/16/2019

Stage of Development:

Prototype tested in 78 subject study.

Licensing Status:

Available for licensing.

Publication link:

Mobicom '17, Oct 16-20, 2017