7.5x more accurate than fingerprint at 20% the cost.
How Does it Work?
We all know that each person has a unique fingerprint ridge pattern and that the pattern can be used by capacitive sensors which create an image from those ridges. In turn specific characteristics unique to you are stored as a template to recognize you in future. Common applications include the fingerprint sensor on many phones, as well as building access control, door locks, and other products.
It turns out that your fingerprint ridge pattern is not the only unique thing about you. You heart is grown from tens of thousands of tiny muscle packets that grow with unique dimensions and orientations relative to one another. Additionally, there are signals that control the actuation of those muscles. It turns out that both the signals for actuation and the actuation itself creates a small electrical signal and that the resulting signal contains all of that information combined together with more unique information about you than even a fingerprint can offer. Its important to note that this is not ECG based security or heart rate based security. Neither your common filtered ECG that you might receive from your doctor nor heart rate contains enough unique information to be used reliability for security. Rather its CMS or Cardiac Muscle Signal based identification and security.
But with the signals from CMS and clever use of wavelet based processing we can create a 3D image that we can use to identify you in a very similar way to the fingerprint image. We call the resulting system CardiacLock. In this case, however, since we have so much more unique information as well as evidence that you are alive, we are 7.5% more accurate than the capacitive fingerprint sensor. But the benefit does not stop there. A capacitive fingerprint sensor can be fooled by a ridge pattern that mimicks your fingerprint and will also work if your finger is not attached to your body. This means another method has to be coupled with the fingerprint sensor to ensure that these sort of things are not happening. Therefore fingerprint sensors are often not just fingerprint sensors at all but a bunch of different sensors. CardiacLock on the other hand is more difficult to spoof since the system has numerous human signals that must be simultaneously present – including respiration muscle and other muscle information, that will be unique to the time and heart activity at the time that the image is taken and are very difficult to spoof.
What are the advantages of CardiacLock?
CardiacLock brings numerous advantages: i) its 7.5x more accurate than capacitive fingerprint*; ii) it works even when your hand is wet; iii) it is 1/5 the cost of a fingerprint sensor; iv) it can be utilized for continuous authentication; v) it is not form factor limited.
What Kind of Sensors do I Require?
The only real requirement for the sensors in a CardiacLock system is that there be electrodes across the heart. That means that you can extract the information by touching small metal electrodes (8x8mm) with a finger from each hand, or a palm and a finger, or a cheek and a hand, or two feet, or with electrodes on the back or on the chest. Additionally these sensors can be very inexpensive and added to common objects. Some conductive film on a memory stick, capacitive copper cloth in a car seat, an ITO contact on a cell phone for a cheek and a film on the cell phone case, the handle of a door and metal pad, or the metal on a stainless steel appliance. The use of capacitive sensors is especially interesting because they can be hidden behind the plastic or leather of common objects. For example Linear Dimensions has hidden the system behind the leather of a car seat while still extracting the required information through an undershirt, shirt and sweater.
How do Capacitive Fingerprint and CardiacLock compare?
In the image above the wavelet analysis used to produce the identification is shown. Analysis suggests that the false non match rate or rate at which you will not match when you should have matched is 3% for fingerprint and 0.4% for CardiacLock. This is an improvement of 7.5x. At the same time the false match rate, or acceptance of a match when one should not accept is 0.1% for both systems.
Due to the low cost of CardiacLock and its flexibility, CardiacLock is popular in many identification applications in addition to security applications. An identification application is different to a security application in that we are simply trying to separate users rather than offer security. For example an identification application might be to store car seat locations against the identified user, or wash cycle details against an identified user. CardiacLock used for security requires significant additional encryption overhead and hardware compared to an identification application.
Compared to a fingerprint sensor seamlessness is a big difference. No one is going to want to touch a fingerprint sensor to choose their car seat location, or their washer load information, however, since CardiacLock allows the sensors to be hidden under the leather of the car seat or in the case of a washer for the user to just open to lid of washer while one hand is on the washer frame, we can offer seamless identification with no user intervention. This also reduces the burden for the manufacturer to build an rugged area that will not break when confronted with hard fingerprint presses.
How do I Incorporate CardiacLock Into My Product?
CardiacLock is a hardware/algorithm combination provided on a semi-custom basis to qualified customers. A small module is provided including Linear’s proprietary interface circuity, memory, sensor terminals and an ARM processor for analysis including a secure core. Linear’s customizes the algorithms for your application as part of its CardiacLock service. An example module is shown below. The memory and ARM processor may also be common to the customers application to save space.
Is Cardiac Based Security Less Secure than Fingerprint
We can’t speak for others, however, Linear’s patented CardiacLock technology is more secure than capacitive fingerprint*.
We often hear that the fingerprint vendors claim that Cardiac based security is flawed because anyone can “record” a waveform with two sensors and simply play it back. Ironically, a capacitive fingerprint sensor is the vulnerable technology. It can be and has been shown to be easily spoofed with a physical device mimicking a fingerprint ridge pattern.
A common comment from fingerprint sensor makers is that “all signals below the sensor are encrypted.” Interestingly this is an admission that the sensor itself and the connections thereto are not secure. Fingerprint sensors generally need other factors to increase the level of authentication to be fully secure.
CardiacLock is different for the following reasons:
1. CardiacLock is not a “recording.” It is a wavelet-in-the-loop based interrogation with stimulation signals as well as encrypted template. As such a recording would not be capable of dealing with the interrogative inquiries.
2. We add a unique security stamp. We use physiological based seeds which generate the equivalent of a public/private key encryption scheme. The source of the public seed is a randomized non-repeating interrogation which could not be determined from a recording.
3. MFA. We look at multiple factors from tissue impedance, EMG, respiration, and information resident in the environment which have correlations which must match and allow us to make sure the user is a real person.
4. Recording is unique. In addition to the interrogation, our wavelet-in-the-loop technology looks at specific information that is not known to the recorder. It is very difficult to record “everything”. By necessity the wavelet-in-the-loop information image would be effected by the chosen filters for the recorder.