biometric verification by pulse

edited October 2015 in Everything else
So I know that a lot of people use their NFC/RFID tags to unlock doors. But I had an idea about using your pulse and body temp instead.

I should start off by saying that I am working on an armband that reads my biotherm, pulse, and whatever other sensors I can find. This armband send all of the data to my phone for logging and records. But I thought to my self why not send that data over to a server and read it from your lock. Then you go to unlock your dour it reads your biometrics and sees if its a match for the data your phone is sending. This can be done over 2 second or so to make sure its not being spoofed. If the data matches it unlocks or does whatever task you want to do.

I want to know what everyone thinks of this. Do you think their is a enough variation in a pulse temp combo to keep things safe? is this easily spoof-able? What does everyone think would make this a better idea? what are the flaws? 

Comments

  • Temp and heartbeat seem like unreliable security biometrics. I don't know that a heartbeat is unique and if some tiny detail can be detected from one person to the next would you be able to make a device capable of reliably reading it? Accounting for temperature differences seems like another enormously difficult hurdle. If it's a chill day but you're wearing a coat your core might be warn while your arms may be cold so where you measure will make a difference and it still comes down to the idea that your temperature isn't a unique number, far from it, we're all about the same temperature.

    At a surface level these are the problems I see. Were these problems you had already figured out?
  • I was talking with someone about this a while back. You have to account for other factors in a situation like this. Not just temperature, but stress levels, food and liquid intake, the amount of sleep you've gotten. What if it takes a read from your phone and then you get an upsetting phonecall and then walk to your door? Does your door just not unlock? If it's broad enough to deal with that range, then anyone can use it with a little controlled breathing and a sweater.
  • I would think that variations from moment to moment make this too unreliable.

    You could POSSIBLY use EEG fingerprinting but that's even more difficult to make work.
  • I'm agreeing with everyone else in that pulse and temperature are not unique enough as a method of authentication. What would be interesting is if you simplified your idea; when you scan your RFID, the system looks to make sure YOU are present by looking for your armband (assuming its BT capable). I think this would be considered passive two-factor authentication.

    It would be feasible to spoof if the attacker knew how the system authenticated, but security could be strengthened if there was a challenge-response authentication between the armband and entry system.
  • Then all you would need to do is have the armband tho, right?  I mean, would this be any different from say, needing to have two keys to open a door, instead of one? If I take your keychain, I just take all the keys...

  • All I was saying was that biometrics from an armband by itself isn't a reliable method of authenticating, but could supplement an existing RFID system. Its not different then needing two hi-tech keys, BUT stealing a key chain isn't a valid metaphor for bypassing the 2FA.

    I was actually thinking of similar using an array of reed switches and an RFID reader into what is essentially a finite-state machine. When the reed switches are activated in a particular sequence by a (bio)magnet, the RFID reader is enabled. 
  • I vaguely remember a system like this. It uses ir to see through your skin and the vasculatur underneath. It then combined that with your pulse and finger print to identify you. But that's a vague memory. So it could well exists. Just gotta dig
  • @_mz_o__ Sounds like using a keypad to activate a reader to unlock a door. Except the keypad is replaced by reed switches. But your controller doesn't know that nor does it need to. That could even be done with off-the-shelf components. Cool.
Sign In or Register to comment.