Bionym, a tech start-up founded by two U of T graduates, has created a piece of software that uses the unique heartbeat of humans for IT security. Instead of unreliable and hackable passwords, the software, called HeartID, uses a person’s heartbeat to authenticate their identity and protect access to important information.

Founded by Dr. Foteini Agrafioti and Dr. Karl Martin, Bionym specializes in developing biometric software — technology that measures and analyzes human biological data. HeartID is more convenient than existing biometric identification techniques; instead of swiping fingerprints on a scanner or positioning irises in front of cameras, a cardiac signal requires a simple touch. Cardiac signals are also highly secure and their accuracy is rated at greater than 99 per cent. “HeartID is currently the only commercially available biometric authentication solution that uses the cardiac signal,” says Agrafioti.

To use the system, an individual holds a mouse-like controller with built-in sensors, and their unique cardiac rhythm is recognized by the connected computer. Authorized users with a recognized cardiac rhythm are immediately allowed access and logged in. As a further security measure, HeartID uses continuous monitoring, immediately logging off any user without an authenticated cardiac rhythm.

Passwords have become increasingly controversial and are no longer considered a secure method of protection. Re-used passwords and usernames are common, and are a source of failure.  “In the past decade, there have been concentrated efforts by researchers around the world to design the next generation of biometrics which would be not only unique for every person but also difficult to steal or attack,” Agrafioti says. “HeartID is the natural evolution of biometric systems because it addresses well known security concerns with fingerprint, iris, or face biometrics.”

Bionym is looking to usher in a new era where electronic devices will rely on a high level of personalization for enabling automatic access to secure systems and data. New systems will need to depend on an individual’s behaviour — where we go, how we act, and so on.

Dr. Foteini Agrafioti

It all comes down to combining security and convenience. From a security standpoint, the cardiac signal, being protected inside the body, is very difficult to circumvent or to steal or “skim” without a person’s knowledge. On the other hand, fingerprints can easily be lifted, and an ear print or facial image can be captured at a distance using a camera. But where cardiac biometrics really shine is in their potential to be completely seamless when integrated into handheld devices. By embedding sensors into devices in an ergonomic fashion, a person can be seamlessly and continuously authenticated during normal device usage, without having to take any special action. Fingerprints require an intentional swipe or touch of the finger, and facial and iris recognition require careful positioning relative to a camera.

Dr. Karl Martin

HeartID is all about making user authentication completely convenient and seamless. By enabling devices and systems to recognize the user without them having to do anything beyond touching an integrated sensor, we not only offer security that people will actually use (keeping data and accounts safe), we also offer new functionality, such as automatic personalization. Additionally, since HeartID can be integrated into mobile devices (e.g., smart phones and tablets), we’re positioning HeartID as being the ubiquitous user authentication solution for the future.