Replacing Your Password with a Finger Swipe
The new device could transmit a user-specific ID through the skin.
Touching and finger-swiping are the dominant method of navigating on hundreds of millions of smartphones and tablet computers. The same touch might soon confirm your identity, too.
A new device dispatches a few bits of data, representing a password, from a special ring on your finger and sends the data as tiny voltage bursts through your skin for capture by the screen of the phone, so that your touch alone identifies you by the code from the ring.
Depending on the application, this could allow rapid switching between settings of people who share the same device, allow a game to distinguish between multiple players using the same screen, replace passwords, or provide an additional layer of protection atop passwords (see “Study Reveals a Confused View of Mobile Phone Privacy and Security”).
Currently a prototype at the Winlab of Rutgers University, the method “opens new directions in user interaction and authentication,” says Romit Roy Choudhury, a computer scientist at Duke University familiar with the research. “Imagine every electronic gadget knowing who you are and adapting to your preferences, or even offering you personalized information” simply by knowing your touch, he adds.
Project leader Marco Gruteser, a computer scientist at Winlab, says he hopes to commercialize it within two years. The benchtop device used in the research is clunky, but it will be easy to miniaturize, he says.
The ring, in addition to conveying the information through your skin, can work in other ways as well. It can be applied directly to a touch screen to convey password data faster, or to convey more data for a stronger password.
The technology consists of a battery-powered ring with flash memory that holds a code, and a signal generator that transmits the code as tiny voltage spikes. Touch screens-—already designed to detect voltage changes from fingers touching and moving across the screen—pick up those spikes, and software on the phone reads them as password-like data.
There are other ways for a device to confirm who a user is: biometric-based approaches represent one class. The appeal of the Winlab approach is that so many devices use swiping already, whereas few commercial devices have retina-readers or finger-scanners (Motorola’s Atrix, one exception, includes a fingerprint sensor). A device that would use a voiceprint (see “Securing Your Voice”) to identify its user, meanwhile, would require the owner to speak out loud.
A finger-swipe is not only discreet and specific, Gruteser says, it’s something people are already doing. “The key to figuring out who is using a device is to understand who is touching the screen, and that is what our technology can do,” he adds.
Of course, you now have to remember one more thing in the morning—to wear your ring (or whatever other form the token takes). And second, anybody who gets hold of your ring could use it to gain access to your device or settings until you reset the code your device is looking for.
At present, only a few bits of data per second can be transmitted quickly and accurately via such a ring. The equivalent of a pin code takes around two seconds for the ring to transmit, but Gruteser expects to speed that up by a factor of 10 by modifying touch-screen firmware in phones.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today