Individuals can be authenticated either with something they know (username/password), something they have (smartcard) or something they are. The last category, better known as biometrics, comes in multiple flavors, which include fingerprints, faces, irises and typing tempos.

IDesia brings to the table yet another flavor – authentication via heartbeat. Their patented algorithms extract personally identifiable information from a standard ECG. Users simultaneously touch 2 button-sized sensors with each of their hands for about 5 seconds to authenticate.

Costs are low - the entire system is just a couple of conducting leads attached to a simple ASIC plus a bundle of software. Recent tests conducted by NPL on a sample of 104 test subjects resulted a 0.6% false reject rate and 3.5% false accept rate – significantly better than fingerprint sensors. And while no authentication system is impregnable, it’s a lot easier to chop off someone’s hand than to replicate their heartbeat.

IDesia is trying to execute licensing deals with hardware manufacturers of various stripes – laptops, mobile phones, watches and so forth. I’m skeptical that most users of laptops or mobile phones need biometric authentication – seems like overkill.

I wonder if their technology could enable value-added services in scenarios where heartbeats are already being measured. Lots of people monitor their heart rate while working out – what if they could easily upload that data into a secure store to monitor and analyze their progress? Increasing numbers of patients rely on home health monitoring services – would more people use such services if there was a simple way to enhance their security?

At the moment, IDesia’s technology is pretty raw and only available as a demo kit, so there is much work to be done before commercial launch. I believe their technology is promising, and wish them all the best in their endeavors.