Open access peer-reviewed chapter

Your Vital Signs as Your Password?

Written By

Hind Alrubaish and Nazar Saqib

Submitted: 04 January 2022 Reviewed: 03 April 2022 Published: 07 May 2022

DOI: 10.5772/intechopen.104783

From the Edited Volume

Recent Advances in Biometrics

Edited by Muhammad Sarfraz

Chapter metrics overview

95 Chapter Downloads

View Full Metrics


Cognitive biometrics (vital signs) indicate the individual’s authentication using his/her mental and emotional status specifically, electrocardiogram (ECG) and electroencephalogram (EEG). The motivation behind cognitive biometrics is their uniqueness, their absolute universality in each living individual, and their resistance toward spoofing and replaying attacks in addition to their indication of life. This chapter investigates the ability to use the vital sign as unimodal authentication in its status by surveying the recent techniques, their requirements and limitation, and whether it is ready to be used in the real market or not. Our observations state—that the vital signs can be considered as a PASSWORD due to their uniqueness, but it needs more improvements to be deployed to the market.


  • electrocardiogram
  • ECG
  • electroencephalogram
  • EEG
  • electrooculography
  • EOG
  • blood flow
  • vital sign
  • authentication
  • recognition
  • biometrics

1. Introduction

Our mobiles, laptops, houses, and cars, rely on identification and authentication procedures to protect ourselves, data, and assets. Different methods are existing for this purpose which differ in their way and security level. These methods were ranging from traditional techniques where the user must “know” or “have” such as passwords, keys, or cards, to biometric techniques that define the user himself. Scientists tried in the last two decades to focus on biometric techniques to avoid problems associated with traditional ones, such as loss, theft, forgery, or coping. Biometric techniques defined the individual’s characteristics and required his/her physical presence to access the system without the need to carry or memorize anything. Unlike the traditional techniques, biometrics cannot be shared with anyone.

To identify any feature as a biometric, the following requirements should exist; Universality where each person should have this feature, Distinctiveness where the feature should uniquely identify each person, Collectability where the feature can be measured quantitatively, Performance where the feature can be measured in term of its accuracy, time, error rate ... etc., Acceptability where the user can accept to use the feature as an authentication technique, Circumvention showing how easy the user will bypass the system [1].

Many human features achieved these requirements and are labeled as biometric techniques where it can be categorized into; behavioral, physiological, and cognitive. Behavioral biometrics deal with functional features, such as voice, gait, signature, and keystroke. Physiological biometrics deal with anatomical features, such as fingerprint, face, iris, and ear shape. Cognitive biometrics use a biological signal generated from the heart, brain, or automatic nervous system which is an indicator of the individual’s mental and emotional states, such as electrocardiogram (ECG) and electroencephalogram (EEG).

Cognitive biometrics outweigh behavioral and physiological biometrics as it cannot be acquired, falsified, manipulated, or copied by external attackers [2] another advantage it can be utilized as a liveness detector.

This chapter reviews the state-of-the-art of human vital signs (cognitive biometrics) as biometric authentication. It will involve the recently discovered techniques, their description, limitation, and applications. This chapter is organized as follows: Section two investigates the electrocardiogram (ECG), while section three investigates electroencephalogram (EEG). Section four describes electrooculography as an authentication technique. Section five cites the blood flow as a patent to be used as a biometric. While section six discusses the ability of the vital signs to be used as unimodal authentication. Finally, section seven concludes this chapter.


2. (Heart-Beat Print) using electrocardiogram (ECG)

Electrocardiogram (ECG) is a recording of the electrical activity produced by the heart by placing electrodes on the body’s skin to obtain the signals originating from the heart muscle. Any ECG consists of three components; P waves represent atria contractions (left and right), QRS reflect ventricular contractions (left and right) and appeared as a series of three waves, and T wave represents the electrical activity produced by the ventricular when it charging for the next contraction (repolarization), each ECG signal has six peaks and valleys [3, 4, 5, 6]. Individual’s ECG varies from one person to another based on the physiological, anatomical, and geometrical conditions, in addition to the position and size of the heart, also age and sex play a role in its uniqueness. Therefore, it can be used as an authentication technique [4].

Every living person can produce ECG therefore, the universality requirement is satisfied. Moreover, it is a proof of life which means that the ECG is more universal than any other physiological and behavioral biometrics. The extracted features vary for each person where the distinctiveness requirement has been achieved. These features can be measured quantitively using a standard available system which proves its collectability requirement. Although these systems are already in use for the patient within the medical field but not widely accepted in daily use. Finally, circumvention is achieved as we can measure how much easy the intruder will bypass the ECG authentication system. This is more difficult than the other biometric features as the ECG cannot be falsified or manipulated and require a living individual to authenticate his identity. As a result, the ECG can be considered a biometric authentication.

Any ECG-based authentication system comprises the following steps: (1) Acquisition: Electrodes placed on the body’s skin to capture the signals. (2) Quality Assessment: The system preprocesses the captured data to eliminate the noise and appropriately represent the signal. (3) Feature Extraction: The system extracted and normalized the features in two approaches; Fiducial Approach: The system detects, process, and classify the three waves P, QRS, and T based on their peaks, boundaries, and intervals between them. Non-Fiducial Approach: The system applies time or frequency analysis to obtain statistical features [7]. (4) Finally, Decision: The system classifies the extracted features to make the authentication decision [5, 8].

Numerous studies deliberate how the ECG is effective as a biometric, the following studies illustrate different approaches and algorithms.

In ref. [9], the authors proposed an identification technique based on ECG and musical features. After pre-processing ECG recordings, they transform them into audio wave files, split them into segments, and extract five musical dimensions to be faded into the classifier. They used MIT-BIH Normal Sinus Rhythm dataset. The proposed technique achieved 96.6% accuracy.

In ref. [10], the authors proposed EDITH, a deep learning-based framework for ECG Biometric Authentication systems. They demonstrate that Siamese architecture can be used over typical distance metrics to improve performance. They evaluated EDITH in four datasets using a single heartbeat. Their accuracy reached (96–99.75%) which can be enhanced using multiple heartbeats. The proposed framework reduced the Equal Error Rate to 1.29%.

In ref. [11], authors proposed two Model CNN and RestNet-Attention using ECG Signals where the signals are authenticated using an end-to-end structure without any handcrafting preprocessing, feature extraction, and classification which reduced the computational complexity. The proposed algorithm achieved 98.59 and 99.72% accuracy using PTB and CYBHi datasets.

To address the individuality issue of ECG over a larger population, authors in ref. [12] the present non-fiducial approach of ECG authentication and identification. They used autocorrelation and a combination of three transformation techniques DCT, DFT, and WHT to extract the features. Then the performance of these techniques has been evaluated on two-dimensionality reduction techniques—PCA and LDA. The best accuracy results achieved using DFT and LDA in QT Database (100%).

In ref. [13], the authors proposed a Dynamic Time Wrapping (DTW) algorithm to provide identification and authentication to the authorized people using ECG signals in Wireless Medical Devices (WMD). They used DTW to measure the correlation between different ECG records. They used Physionet dataset that contains 20 subjects of all ages with 310 records including abnormal ECGs, and a long period interval between ECG recordings to increase the reliability. They achieved a 99.9% accuracy rate.

In ref. [14], the authors proposed an algorithm to authenticate users with their doctors remotely using ECG signals. The algorithm consists of two parts; a registration process where the Discrete Wavelet Transform (DWT) extracts the features to be stored. The second part is the authentication process where the features will be matched with existing templates using the Sum of Squared Differences (SSD). They utilized the ECG IDDB Physionet dataset, and one lead has been used to fit in IoT devices, the algorithm uses non-Fiducial features, and achieved 91% accuracy.

In ref. [15], the authors develop an authentication algorithm using Linear Discrimination Analysis (LDA) to classify 16 subjects taken from the Physionet dataset based on their ECG signals (each one has 75–150 heartbeats); they extracted eight fiducial features from the ECG where they achieved 92.69% accuracy rate. The algorithm is scalable to large databases.

In ref. [16], the authors introduced authentication technology to record ECG signals of 55 voluntary subjects before and after insensitive exercise for five minutes using two positions; rest and sitting. LDA was used for feature extraction and classification. The best accuracy achieved within five minutes of recording is 96.11%.

In ref. [17], the authors proposed a framework for authentication using ECG where they used a Neural Network (NN) as a classifier. The test was not successful considering the small size of the dataset.

In ref. [18], the authors apply four nonlinear methods to extract fiducial features for the ECG authentication system; Generalized Hurst Exponent (GHE), Detrended Fluctuation Analysis (DFA), Higuchi's Fractal Dimension (HFD), and Rescaled Range Analysis (RSA). A record of 18 subjects from the MIT-BIH Normal Sinus Rhythm Database fed into SVM as a classifier that achieved a 99.06% accuracy rate. The results showed that GHE has the optimal index to authenticate the subjects.

In ref. [19], the authors propose the use of long short-term memory (LSTM)-based Recurrent Neural Networks (RNN) to use ECG as an authentication solution where there is no feature extraction. The method has been applied to ECG-ID and MIT-BIH Arrhythmia (MITDB) datasets. They achieved a 100% accuracy rate. As the number of subjects increases, the equal error rate drops.

In ref. [20], the authors proposed a method using phase-space reconstruction (PSR) of a single lead of ECG. They used a time delay technique to reconstruct the ECG's signal into phase space to find the best identifiable time-delay value. Twenty-one geometric features have been extracted in different situations: rest, during exercises, listening to music, and watching a movie. The procedure was conducted on 31 subjects and the accuracy rate was 97.7% when the delay is 8 ms.

In ref. [21], the authors proposed an identification method by extracting five fiducial points using Empirical Mode Decomposition (EMD). Hidden Markov Model (HMM) has been used as a classifier with the Bakis model on 44 subjects from the MIT-BIH Arrhythmia database. The method achieved a 98.52% accuracy rate.

In ref. [22], the authors proposed a mobile authentication algorithm based on ECG where the user will need to touch only two electrodes (lead I) of the mobile device to be authenticated. The experiments were conducted on ten subjects in addition to 37 records from the Physionet dataset. The algorithm uses a hierarchal scheme that reduces the acquisition time to 4s.

The following table summarizes the previous studies to use ECG as biometric authentication (Table 1).

Reference #Publication YearPurposeMethodDatabase# of Subjects# of RecordsApproachAccuracy
[9]2022IdentificationDeep Learning (Transform ECG records into sound wave files characterized with musical features for human identification)MIT-BIH18non-fiducial96.6 %
[10]2021AuthenticationEDITH, a deep learning-based frameworkECG-ID, MIT-BIH Arrhythmia – PTB Diagnostic ECG Database – MIT-BIH NSRDB90-47-290-1896.247%-98.170%-99.702%-99.500% (closed environment)
[11]2020Authenticationtwo end-to-end deep neural networks (CNN and ResNet)PTB and CYBHi290 - 6598.85 and 99.27%
[12]2019Identification & AuthenticationAutocorrelation (AC) with DCT -DFT-WHT Then Then PCA & LDAMIT-BIH arrhythmia & QT database48-39non-fiducialDFT & LDA (99.98% (99.83%) for QT DB
[13]2018AuthenticationDTWPhysionet ECG-ID20310 ECG99.9%
[14]2017Authentication for Remote patient in IoTTemplate Matching SSDPhysionet - IDDB dataset90N/ANon-Fiducial91%
[15]2017AuthenticationLDAPhysionet165 or more for each subjectFiducial92.69%
[16]2017Authentication with the ECG data recorded after the harsh exerciseLDAUniversity of Toronto Database (UofTDB)55N/AFiducialThe subject recognition accuracy was 59.64%, which is too low to utilize, after one minute the accuracy was higher than 90% and it increased up to 96.22% within 5 minutes, which is plausible to use in authentication circumstances
[17]2017AuthenticationRFPhysikalisch-Technische Bundesanstalt (PTB) Diagnostic ECG Database290549-88.45%
[18]2017AuthenticationSVMMIT-BIH Normal Sinus Rhythm Database18N/AFiducial99.06
[19]2017AuthenticationLSTM-based RNNECG-ID &
MIT-BIH Arrhythmia (MITDB)
310No extraction100%
[20]2017AuthenticationSVMVoluntarily subjects13Fiducial97.7%
[21]2016AuthenticationHidden Markov model (HMM) classifier with Bakis modelMIT-BIH Arrhythmia (MITDB)44Fiducial98.52%
[22]2016Mobile AuthenticationVoluntary Subjects10Fiducial

Table 1.

A comparison of the latest studies in ECG.

Moreover, different scientists propose various utilization of the ECG besides authentication. In ref. [23], researchers at Binghamton University developed a robust and reusable authentication and data encryption means to protect the patients’ health records using their heartbeat (ECG) where the cost, time, storage, and complexity will be much more effective than using traditional encryption solutions. In ref. [24], the authors use ECG steganography to secure patient's confidential information. Another use is generating a secret key for data encryption and enhanced security in personal wearable devices using a patient’s ECG [25]. In ref. [26], the authors proposed software for remote interaction between the cardiovascular disease patients and the health provider to monitor their ECG, blood pressure, and heart rate.

As a summary of the previous studies, we can observe that there is some limitation that may lessen the ECG’s effectiveness as a biometric which needs further studies to be addressed. (1) The performance of ECG depends on how (P, T, QRS) are detected accurately. (2) Heart Rate Variability: Many factors can affect the ECG morphology which can be classified into short-term and long-term factors. In the short term where physical activity, mental status, drinking caffeine … etc. can affect the ECG, while the long-term factors are the change in the lifestyle such as using the medication, or heart diseases [4]. (3) The size of tested subjects does not exceed 300 which indicates ECG has not proven its ability within a large population to be deployed to the market as an authentication technique; more studies need to be done to confirm its scalability. (4) Also, there is no one study has studied the issue in the case of the heart transplant and whether it will affect the ECG authentication process or not. (5) Similarly, in the case of the twins, whether there is any matching that can breach the confidentiality of the authentication process?


3. Brain prints using electroencephalogram (EEG)

Electroencephalogram (EEG) signals are the representation of the brain activity in the neurons either in the baseline task (relaxed) situation or in response to a functional status such as sleeping, solving a mathematical problem, reading some text, or having some diseases. These activities generated signals captured by placing electrodes on the scalp. There are five different waves in each EEG; Alpha wave appears during relaxation. Theta waves appear in the quite focus, short-memory tasks, and memory retrieval. Beta waves appear in a normal working rhythm; such as increased alertness, and anxious thinking. Delta wave happened during deep sleep. Gamma waves represent active information processing [27, 28]. Unlike other biometric techniques, the user can change the password by changing the mental task itself. EEG cannot be copied since it represents the real status of the brain.

As the ECG, every living person can produce EEC therefore, the universality requirement is satisfied also, it is aliveness detection. Each EEG has a different pattern in terms of its wave shape where the distinctiveness requirement has been achieved. These features can be measured quantitively using portable devices which proves its collectability requirement. The Acceptance of EEG may it will be a quite little difficult among the users, to raise the level of acceptance of EEG among the users the following may be done—(1) the typical EEG device consists of a number of electrodes that may be needed to be minimized into three or four [29]. (2) The use of dry electrodes instead of wet ones. Finally, the circumvention of EEG cannot be occurring as the spoofing in EEG is not possible. In addition to that, any intruder will not be able to generate a real EEG and impersonate the real user.

For each EEG-based authentication system, the following steps must occur; (1) Acquisition: EEG is captured using electrodes placed over the scalp where the subject is exposed to a specific task. Each electrode collects a wave for a specific region within the brain where all the waves will be combined into one. (2) Quality Assessment: The system preprocesses the captured signals to eliminate the noise and represent the signal in an appropriate way. (3) Feature Extraction: The system extracts and normalized the features. (4) Finally, Decision: The system classifies the extracted features to make the authentication decision [5, 8].

Numerous studies deliberate how the EEG is effective as a biometric, the following studies illustrate different approaches and algorithms.

In ref. [30], the authors proposed MusicID, a behavioral biometric framework for smart headset-enabled IoT environments. MusicID is induced by the user’s brain’s response to two forms of music: Common English songs and an individual’s favorite song. Their analysis showed that Alpha and Beta waves have more predictive capabilities. The framework achieved 98% for user identification and 97% for user verification.

In ref. [31], the authors designed electroencephalogram authentication access control for the smart car. The accuracy results achieved 87.3%

In ref. [32], the authors proposed an ECG authentication system using neurological responses to music. They used Alpha and Beta waves collected from seven electrodes. KNN is used to classify the data. They achieved 76.4%–92.3% accuracy results.

In ref. [33], the authors proposed a method to denoise the ECG signals based on the multi-objective Flower Pollination Algorithm and Wavelet Transform to extract the features. The test was conducted using an EEG motor movement/imagery dataset.

In ref. [34], the authors used power spectral density analysis to analyze EEG signals which fed into KNN to classify the EEG. The achieved accuracy was 89.21%.

In ref. [35], the authors proposed a pragmatic authentication system using EEG. They collected EEG of 29 subjects using a single dry electrode via a cheap Neurosky Mindwave headset and ten subjects using 14 electrodes via Emotive. The achieved accuracy for the first group was 80% while the second group achieved 92.88%.

In ref. [36], the authors studied how the differences in the emotional states affect the classification performance. The results showed that there is better performance when the subjects have the same emotional status.

In ref. [37], the authors proposed a biometric system using an in-ear EEG sensor where there is no need for skilled assistance or preparation. The results showed equivalent results to the on-scalp recording.

In ref. [38], the authors proposed an authentication framework using self or non-self-face images which were applied using Rapid Serial Visual Presentation (RSVP).

In ref. [39], the authors proposed an identification framework to identify users while they are listening to four genres of music.

In terms of the band type's performance, authors in ref. [40] present a superior performance of power spectral density features of gamma band during the rest state over the delta, theta, alpha, and beta of EEG signals.

In ref. [41] investigate the most effective frequency bands for authentication purposes using EEG signals at the rest status via Neural Networks (NN) as a classifier. The results show that beta has the best performance while delta gave the worst performance.

Another study [42] found that extracted feature from the gamma band in the left-posterior quarter of the brain has more reliable and stable information regardless of the emotional status. They classify the signals using five features and SVM as a classifier.

The following table summarizes the previous studies to use EEG as biometric authentication (Table 2).

Reference #Publication YearPurposeTechniquesDatabase# of ElectrodesTask# of SubjectsAccuracy %Band Type
[30]2021Authentication for IoTRandom Forest classifiersReal Users4 electrodesListening to Music2098% Accuracy for user identification and 97% accuracy for user verificationAlpha, Beta, Theta, Delta, Gamma, and raw EEG
[31]2020Authentication access control to smart carFisher distance analysis methodReal Users40-channel neuroscan amplifier was used to collect EEG signalsImagery Tasks1087.3%
[32]2019AuthenticationKNN7Listening to Music76.4% - 92.3%Alpha, Beta
[33]2018AuthenticationNNEEG motor movement/imagery64
Several motor/imagery tasks109
Combined theta, alpha, beta, and gamma
[35]2018AuthenticationSVM - RLR - LDAMindwaveSingle dry electrodes2980%
Emotiv Epoc+14 electrodes
[36]2018IdentificationLSVM - RSVM – KNN - MLP – (AdaBoost with DT)DEAP, MAHNOB-HCI, SEED32 (DEAP)
15 (SEED)
99.51 (KNN) in (DEAP)
95.89 (LSVM) in (MAHNOB-HCI)
94.75% (LSVM) in (SEED)
[37]2018AuthenticationCosine Distance, SVM, LDA,Two in-house datasetsIn-ear sensor with two electrodesResting State15, 595.7%Alpha
[39]2017AuthenticationHMM, SVMIn-house-Listening Music (devotional, electronic, classical and rock)6097.50 % (HMM) 93.83 % (SVM)Gamma, Beta, Alpha, Theta, Delta
[40]2017Authentication-PhysioNetRest State1090.001 (64 channels)
0.002 (19 channels)
(PSD) features of gamma band
[41]2017AuthenticationNNIn-houseEyes closed and solving some specific mathematical problem mentally3Beta (98.20% - 100%)
Delta (92.82%-95.67%)
[42]2017AuthenticationSVMDEAP1) mixture of emotional states; 2) the same specific emotional states; 3) different emotional states3288% - 99%Gamma

Table 2.

A comparison of the latest studies in EEG.

Moreover, the authors in ref. [43], presented a monitoring and safety platform consisting of automotive sensors to capture real-time information about the driver and the vehicle in addition to a wearable body sensor network to collect the driver's EEG and ECG. They investigate the effect of the driver’s behavior on road conditions. The experiment was conducted on five subjects via 16 dry electrodes using theta and beta bands. The results showed that these biometrics could be used detection of driver distortion.

From the previous studies and as well as the ECG, EEG has its limitations that need to address to raise the effectiveness of the EEG as a unimodal authentication system; (1) the acquisition process is quite difficult as the electrode cap needs a significant effort to place it above the head in specific places. Most of the used acquisition equipment was a medical cap, and it needs to be simplified. (2) Different factors may affect the EEG, such as stress and general arousal. Therefore, it may not authenticate the right person. (3) EEG acquisition has a low power signal which needs a controlled environment. (4) the size of tested subjects does not exceed 150 which indicates ECG has not proven its ability within a large population to be deployed to the market as an authentication technique; more studies need to be done to confirm its scalability. (5) similarly, to ECG, in the case of the twins, is there any matching that can breach the confidentiality of the authentication process?

For both ECG and EEG, we cannot guarantee that the user will generate the same signals under different factors such as mental status, age, etc. We may be able to eliminate this issue by registering the user in a periodic way under different situations [28].


4. Eye blinking waveform using electrooculography

Electrooculography (EOG) signals are the representation of generated signals due to eyeball or eyelid movements. These signals are generated once the eyeball rotates from its axis, and it is detectable by the electrodes placed around the eye. A positive deflection is generated in the signal when the eyeball rotates upwards or the eyelid closes and a negative deflection is generated when the eyeball rotated downwards or the eyelid opens [44].

These movements are captured by placing electrodes placed around the eye. There are five different waves in each EEG; the Alpha wave appears during relaxation. Theta waves appear in the quite focus, short-memory tasks, and memory retrieval. Beta waves appear in a normal working rhythm. Such as increased alertness, and anxious thinking. Delta wave happened during deep sleep. Gamma waves represent active information processing [27, 28]. Unlike other biometric techniques, the user can change the password by changing the mental task itself. EEG cannot be copied since it represents the real status of the brain.

In ref. [44], the authors adopt human recognition eye blinking where a preprocessing stage has been conducted to isolate EOG signals from EEG signals. They used time delineation as a discriminative feature. The experiment was done using the Neurosky Mindwave headset, which is used mainly for EEG signals, but the sensor arm can be used for this purpose.


5. Blood flow

A patent has been published in 2018 by SAMSUNG ELECTRONICS CO titled “Real Time Authentication Based on Blood Flow Parameters,” the patent declared that we could use the blood flow as an authentication technique using a wearable sensor. The sensor detects at least the first physiological biomarker of the blood and the first morphological characteristic of the blood to determine the individual’s uniqueness [45]. So far, no studies have explored and dealt with this patent.


6. Limitations

Despite the limitation of the vital signs as an authentication technique, there are promising features that can outweigh, and overcome the limitations. Vital signs characterize by their confidentiality and resistance to the spoofing attack as it is corresponding to emotional or mental status moreover, the users cannot authenticate themselves unwillingly as it will generate different signal statuses. Therefore, the Identity cannot be impersonated, copied, or captured from a distance. Also, it is impossible for an intruder to force the user to authenticate as it is subject to his mental status in some situations not under stress [28]. And most importantly, the vital sign is a liveness detector as it needs a live person recording. Unlike the face, finger, and eyes, the brain and heart have a rare chance to be injured.

However, it can be used as a multi-authentication system, a continuous authentication, or unimodal in specific cases until all the issues will be eliminated. Several domains can utilize the EEG and ECG signals in their current status. In the following we have proposed some applications to use ECG and EEG biometrics:

Anti-ATM Theft Model:

ECG sensors can be placed in the ATM to authenticate users using their ECG, which requires a previous registration of different user's emotional status (e.g., rest, horrified). The approach will be effective when the user is under attack from a burglar to withdraw an amount of money. The system will detect if the user is in an abnormal condition (horrified under coercion), and it will block the transaction.

Anti-Car Theft Model:

The proposed model will be based on ref. [43] where it can detect whether the driver is in a distraction mode or not in addition to that, it will prevent stealing the car or using it to commit a crime. The model can take advantage of either ECG or EEG as biometric authentication, ECG’s sensors can be placed on the steering wheel, while the EEG can be placed in front of the headrest and behind the driver’s head.

Top Secure Entities:

EEG and ECG can be used in sensitive and top secure entities, such as military and nuclear power reactors even in their status as they cannot be spoofed at all. A lair detector will be combined with the system and utilized the EEG and ECG to authenticate and verify the reason behind the access.

Continuous Authentication:

EEG and ECG can be used as a way for continuous authentication, such as the remote interaction in the online games to authenticate that the real user is who is claiming during the session game. The implementation of EEG and ECG within the online game environment can be accepted as the player wearing the headset and holding the control in his hands all the time.


7. Conclusion

This chapter surveyed the work done within the field of cognitive biometric authentication (vital signs) in terms of its limitation, requirement, advantages, and disadvantages specifically the ECG and EEG signals. Moreover, it investigated and raised some issues within the field that have not been studied yet and need to be addressed. Also, a recent patent on blood flow and electrooculography has been cited which can be considered a biometric authentication within the vital signs.

As an answer to our question, Can Your Vital Signs be Your Passwords? Yes, we can make sure that the heartbeat, brain waves, eye blinking, and blood flow act as a PASSWORD, but it cannot be used as a unimodal authentication approach in its current shape until their issues will be eliminated.


Conflict of interest

The authors declare no conflict of interest.


  1. 1. Dasgupta D, Roy A, Nag A. Advances in User Authentication. Springer; 2017
  2. 2. Shdefat AY, Il Joo M, Choi SH, Kim HC. Utilizing ECG waveform features as new biometric authentication method. International Journal of Electrical Computer Engineering. 2018;81(2):658-665
  3. 3. Electrocardiogram (ECG), 018. [Online]. Available from: [Accessed: 16 October 2018]
  4. 4. Odinaka I et al. ECG biometric recognition: A comparative analysis. IEEE Transactions on Information Forensics and Security. 2012;7(6):1812-1824
  5. 5. Safie SI, Soraghan JJ, Petropoulakis L. ECG biometric authentication using Pulse Active Width (PAW). In: 2011 IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications (BIOMS). 2011. pp. 1-6
  6. 6. Keshavamurthy TG, Eshwarappa MN. Review paper on denoising of ECG signal. In: Proceedings of the 2017 2nd IEEE International Conference on Electrical, Computer and Communication Technologies, ICECCT. 2017
  7. 7. Karimian N, Woodard DL, Forte D. On the vulnerability of ECG verification to online presentation attacks. In: 2017 IEEE International Joint Conference on Biometrics (IJCB). 2018. pp. 143-151
  8. 8. Ribeiro Pinto J, Cardoso JS, Lourenco A. Evolution, current challenges, and future possibilities in ECG Biometrics. IEEE Access. 2018;6:34746-34776
  9. 9. Camara C, Peris-Lopez P, Safkhani M, Bagheri N. ECGsound for human identification. Biomed Signal Processing Control. 2022;72:103335
  10. 10. Ibtehaz N et al. “EDITH: ECG biometrics aided by deep learning for reliable individual authentication,” IEEE Trans. Emerg. Top. Comput. Intell. 2021. pp. 1-27
  11. 11. Hammad M, Pławiak P, Wang K, Acharya UR. ResNet-Attention model for human authentication using ECG signals. Expert Systems. 2021;38(6):1-17
  12. 12. Srivastva R, Singh YN. ECG analysis for human recognition using non-fiducial methods. IET Biometrics. 2019;8(5):295-305
  13. 13. Rathore H, Al-Ali A, Mohamed A, Du X, Guizani M. DTW based Authentication for Wireless Medical Device Security. In: 2018 14th Int. Wirel. Commun. Mob. Comput. Conf. IWCMC. 2018. pp. 476-481
  14. 14. Rehman A, Saqib NA, Danial SM, Ahmed SH. ECG based authentication for remote patient monitoring in IoT by wavelets and template matching. In: Proc. IEEE Int. Conf. Softw. Eng. Serv. Sci. ICSESS. 2018. pp. 91-94
  15. 15. Ba-Hammam A, Alhulwah S, Altamimi M, Alshebeili S. Authentication using ECG signals. In: 2017 Int. Conf. Electr. Comput. Technol. Appl. ICECTA 2017. 2018. pp. 1-4
  16. 16. Sung D, Kim J, Koh M, Park K. ECG authentication in post-exercise situation. In: Proc. Annu. Int. Conf. IEEE Eng. Med. Biol. Soc. EMBS. 2017. pp. 446-449
  17. 17. Chamatidis I, Katsika A, Spathoulas G. Using deep learning neural networks for ECG based authentication. In: Proc. - Int. Carnahan Conf. Secur. Technol. 2017. pp. 1-6
  18. 18. Parastesh Karegar F, Fallah A, Rashidi S. ECG based human authentication with using Generalized Hurst Exponent. In: 2017 25th Iran. Conf. Electr. Eng. 2017. pp. 34-38
  19. 19. Salloum R, Kuo CCCJ. ECG-based biometrics using recurrent neural networks. In: 2017 ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing – Proceedings. 2017. pp. 2062-2066
  20. 20. Kim DH, Park JS, Kim IY, Kim SI, Lee, JS. Personal recognition using geometric features in the phase space of electrocardiogram. In: 2017 IEEE Life Sci. Conf. LSC. 2017. pp. 198-201
  21. 21. Rezgui D, Lachiri Z. Integrating EMD attributes for person identification from electrocardiographic signals. In: 2016 Conf. Adv. Technol. Signal Image Process, ATSIP. 2016. pp. 478-482
  22. 22. Arteaga-Falconi JS, Al Osman H, El Saddik A. ECG Authentication for Mobile Devices. IEEE Transactions on Instrumentation and Measurement. 2016;65(3):591-600
  23. 23. Huang P, Li B, Guo L, Jin Z, Chen Y. A robust and reusable ECG-based authentication and data encryption scheme for eHealth systems. In: 2016 IEEE Glob. Commun. Conf. GLOBECOM. 2016. pp. 1-6
  24. 24. Sivaranjani DNRB. Securing patient’s confidential information using ECG Steganography. In: 2017 2nd International Conference on Communication and Electronics Systems (ICCES). pp. 540-544
  25. 25. Yin S, Bae C, Kim SJ, Seo JS. Designing ECG-based physical unclonable function for security of wearable devices. In: Proc. Annu. Int. Conf. IEEE Eng. Med. Biol. Soc. EMBS. 2017. pp. 3509-3512
  26. 26. Iancu-Constantin R, Serbanati LD, Chera C, Gheorghe-Pop ID, Ertl B. An E-health approach for remote cardiac rehabilitation. In: Proc. - 2015 20th Int. Conf. Control Syst. Comput. Sci. CSCS. 2015. pp. 205-210
  27. 27. Khalifa W, Salem A, Roushdy M. A survey of EEG based user authentication schemes. In: 8th Int. Conf. INFOrmatics Syst, 14-16 May Bio-inspired Optim. Algorithms Their Appl. Track. 2012. pp. 55-60
  28. 28. Abbas SN, Abo-Zahhad M, Ahmed SM. State-of-the-art methods and future perspectives for personal recognition based on electroencephalogram signals. IET Biometrics. 2015;4(3):179-190
  29. 29. Revett K, Deravi F, Sirlantzis K. Biosignals for user authentication - Towards cognitive biometrics. In: 2010 Int. Conf. Emerg. Secur. Technol. ROBOSEC 2010 - Robot. Secur. LAB-RS 2010 - Learn. Adapt. Behav. Robot. Syst. 2010. pp. 71-76
  30. 30. Sooriyaarachchi J, Seneviratne S, Thilakarathna K, Zomaya AY. MusicID: A brainwave-based user authentication system for internet of things. IEEE Internet of Things Journal. 2021;8(10):8304-8313
  31. 31. Chen Y, Yin J. Design of electroencephalogram authentication access control to smart car. Healthcare Technology Letters. 2020;7(4):109-113
  32. 32. Cauthen JM, Gandre T, Espinoza MAM, Patel MJ, Husain MI. An authentication system using neurological responses to music. In: Proceedings - 2019 IEEE International Conference on Big Data. 2019. pp. 6001-6003
  33. 33. Abdi Z, Alyasseri A, Khader AT, Al-betar MA, Alomari OA. EEG-based person authentication using multi-objective flower pollination algorithm. In: IEEE Congress on Evolutionary Computation (CEC). 2018
  34. 34. Ong ZY, Ibrahim Z. Power spectral density analysis for human EEG- based biometric identification. In: Int. Conf. Comput. Approach Smart Syst. Des. Appl. 2018. pp. 1-6
  35. 35. Khalafallah A, Ibrahim A, Shehab B, Raslan H, Eltobgy O, Elbaroudy S. A pragmatic authentication system using electroencephalography signals. In: 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). 2018. pp. 901-905
  36. 36. Arnau-Gonzalez P, Arevalillo-Herraez M, Katsigiannis S, Ramzan N. On the influence of affect in EEG-based subject identification. IEEE Transactions on Affective Computing. 2018;3045:1-11
  37. 37. Nakamura T, Goverdovsky V, Mandic DP. In-ear EEG biometrics for feasible and readily collectable real-world person authentication. IEEE Transactions on Information Forensics and Security. 2018;13(3):648-661
  38. 38. Wu Q , Yan B, Zeng Y, Zhang C, Tong L. Anti-deception: Reliable EEG-based biometrics with real-time capability from the neural response of face rapid serial visual presentation. Biomedical Engineering Online. 2018;17(1):1-16
  39. 39. Kaur B, Singh D, Roy PP. A Novel framework of EEG-based user identification by analyzing music-listening behavior. Multimedia Tools and Applications. 2017;76(24):25581-25602
  40. 40. Thomas KP, Vinod AP. EEG-Based Biometric Authentication Using Gamma Band Power During Rest State. Circuits, Systems, and Signal Processing. 2018;37(1):277-289
  41. 41. Hasan M, Sohag HA, Ali E, Ahmad M. Estimation of the most effective rhythm for human identification using EEG signal. In: Proc. 9th Int. Conf. Electr. Comput. Eng. ICECE 2016. 2017. pp. 90-93
  42. 42. Vahid A, Arbabi E. Human identification with EEG signals in different emotional states. In: 2016 23rd Iran. Conf. Biomed. Eng. 2016 1st Int. Iran. Conf. Biomed. Eng. ICBME 2016. 2017. pp. 242-246
  43. 43. Dehzangi O, Williams C. Towards multi-modal wearable driver monitoring: Impact of road condition on driver distraction. In: 2015 IEEE 12th Int. Conf. Wearable Implant. Body Sens. Networks. 2015. pp. 1-6
  44. 44. Abo-Zahhad M, Ahmed SM, Abbas SN. A Novel Biometric Approach for Human Identification and Verification Using Eye Blinking Signal. IEEE Signal Processing Letters. Jul. 2015;22(7):876-880
  45. 45. Attarian U, Jain JU, Sadi SU, Mistry PU. Real time authentication based on blood flow parameters. 2018

Written By

Hind Alrubaish and Nazar Saqib

Submitted: 04 January 2022 Reviewed: 03 April 2022 Published: 07 May 2022