VR interface 'brain password' to unlock your phone

11 June 2018

Credit: Shutterstock

Researchers are working on a ‘brain password’ system that could let you unlock your phone with your brainwaves – or your reaction to a photo of a celebrity.

To overcome password fatigue, many smartphones include facial recognition, fingerprint scans, and other biometric systems; the issue, however, with such systems is that, if they are compromised, you cannot reset them.

“You can’t grow a new fingerprint or iris if that information is divulged,” says Wenyao Xu, assistant professor of computer science and engineering in the School of Engineering and Applied Sciences at the University at Buffalo.

“That’s why we’re developing a new type of password – one that measures your brainwaves in response to a series of pictures. Like a password, it’s easy to reset; and like a biometric, it’s easy to use.”

The ‘brain password’, which would require users to wear a headset, could have implications in banking, law enforcement, airport security, and other areas.

Unlocking your phone with your brain

“To the best of our knowledge, this is the first in-depth research study on a truly cancellable brain biometric system. We refer to this as ‘hard cancellation’, meaning that the original brain password can be reset without divulging the user’s identity,” says collaborator Zhanpeng Jin, associate professor of computer science and engineering at UB.

The researchers describe the work in a study that will be presented on 11th June at MobiSys 2018, a mobile computing conference that the Association for Computing Machinery will host in Germany.

Xu was motivated to create a cancellable biometric password after hackers stole the fingerprint files of 5.6 million workers from the US Office of Personal Management in 2015.

Perhaps the most accessible way to record brain activity is through electroencephalography, which uses electrodes to measure the brain’s unique patterns of electrical activity.

For their system, Xu and collaborators reconfigured a virtual reality headset, reducing the number of electrodes to six. Three record brain activity, two serve as grounds, and the last acts as a reference point. Typically, these headsets have 32 to 64 electrodes.

The electrodes that record the user’s brain activity measure three areas of the organ: the intraparietal sulcus (which controls declarative memory), the inferior parietal lobule (which processes face recognition), and the temporo parietal junction (which is required for one’s reading comprehension).

Credit: Shutterstock

Researchers chose specific image types to stimulate each brain region. They used animal pictures for the intraparietal sulcus because one’s memory of a certain animal can be highly individualised. For example, a person who suffered a spider bite will have a different reaction to someone who has not.

For the inferior parietal lobule, researchers relied on recognisable celebrities (such as Leonardo DiCaprio). For the temporo parietal junction, they used encouraging phrases such as “aspire to inspire”.

How does it work?

Users are shown the three images in rapid succession: 1.2 seconds. The process is repeated three additional times. By the end of the fourth time, after 4.8 seconds, the brain password is ready.

Researchers recruited 179 adults (93 men and 86 women) to test the brain password. Test subjects’ average age was 30. They collected data from three sessions, including one that occurred five months after the original test. The goal of the last test was to see how brain passwords functioned over time.

Overall, brain passwords were more than 95 percent effective. The performance dipped slightly, by 1 percent, on the last test.

While wearing a headset may not appeal to common internet users, Xu says that this may change over time, especially if the device becomes something more like Google Glass.

Plus, he says, companies with deep concerns about cybersecurity may be early adopters of the technology. As for privacy concerns, Xu says the system – even if hacked – would not divulge sensitive information.

“These passwords contain information gathered from only three channels in less than five seconds. Semantic memory attacks need much more time than that,” says Xu, who plans to continue his work on the system to make it more reliable and appealing to users.

The research was supported by the National Science Foundation and its Center for Identification Technology Research.


Contact Details and Archive...

Print this page | E-mail this page