WASHINGTON: Scientists, including those of Indian origin, have devised a way to send secure passwords through the human body using smartphone fingerprint sensors and laptop touchpads rather than over the air where they are vulnerable to hacking.
These ‘on-body’ transmissions offer a more secure way to transmit authenticating information between devices that touch parts of your body – such as a smart door lock or wearable medical device – and a phone or device that confirms your identity by asking you to type in a password.
Sending a password or secret code over airborne radio waves like WiFi or Bluetooth means anyone can eavesdrop, making those transmissions vulnerable to hackers who can attempt to break the encrypted code.
“Fingerprint sensors have so far been used as an input device. We have shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body,” said Shyam Gollakota, assistant professor at University of Washington (UW) in the US.
“If I want to open a door using an electronic smart lock, I can touch the doorknob and touch the fingerprint sensor on my phone and transmit my secret credentials through my body to open the door, without leaking that personal information over the air,” said Merhdad Hessar, a UW doctoral student.
The research team tested the technique on smartphone and other fingerprint sensors, as well as laptop trackpads and the capacitive touchpad.
In tests with 10 different subjects, they were able to generate usable on-body transmissions on people of different heights, weights and body types. The system also worked when subjects were in motion – including while they walked and moved their arms.
“We showed that it works in different postures like standing, sitting and sleeping. We can also get a strong signal throughout your body. The receivers can be anywhere – on your leg, chest, hands – and still work,” said Vikram Iyer, a UW electrical engineering doctoral student.
Normally, sensors use these signals to receive input about your finger. However, the engineers devised a way to use these signals as output that corresponds to data contained in a password or access code.
When entered on a smartphone, data that authenticates your identity can travel securely through your body to a receiver embedded in a device that needs to confirm who you are, researchers said.
Their process employs a sequence of finger scans to encode and transmit data. Performing a finger scan correlates to a 1-bit of digital data and not performing the scan correlates to a 0-bit.
The technology could also be useful for secure key transmissions to medical devices such as glucose monitors or insulin pumps, which seek to confirm someone’s identity before sending or sharing data.
The team achieved bit rates of 50 bits per second on laptop touchpads and 25 bits per second with fingerprint sensors – fast enough to send a simple password or numerical code through the body and to a receiver within seconds.