Human body, smartphone passcode may forge better mHealth security

Image Credit: University of Washington

A human body passcode created via wireless data transmission using a smartphone fingerprint reader may provide stronger security for mHealth devices and wearables.

The system could potentially replace today’s password approach that uses data encryption, creating a new physical security layer impenetrable to outside attack, according to new research from the University of Washington’s Networks and Mobile Systems Lab.

The system can send a 256-bit key via the body to a wearable device from a fingerprint sensor in under 15 seconds, according to researchers, and the device can acknowledge key acceptance using Wi-Fi or Bluetooth over the smartphone. That eliminates the need for manually entered passwords.

“For instance, instead of manually typing in a secret serial number or password for wirelessly pairing medical devices such as glucose or blood pressure monitors with smartphones, a smartphone could directly transmit arbitrary secret keys through the human body,” the research says.

The potential for greater security on devices and mHealth data comes at a time when providers and patients are concerned about potential hacks on medical equipment. Earlier this month medical device maker Animas issued an alert to diabetic patients using its OneTouch Ping insulin pumps about potential hacking.

“Our focus here was trying to find a way we could reuse an existing device,” Vikram Iyer, one of the two lead authors, tells The Atlantic. “One of the main problems with adopting this kind of technology into a commercial application is that there’s already so much included in a phone. Any device manufacturer wouldn’t add another radio, because that would take up power, or space that they could use to make the battery a little bigger.”

Suggested Articles

Amazon's PillPack and Surescripts, owned by CVS Health and Express Scripts, are in a dispute over access to patient medication history data.

Healthcare software company Phreesia closed its first day of trading as a public company Thursday about 40% above its set price.

The announcement comes on the heels of the Trump administration's effort aimed at kidney care that includes expanding access to in-home dialysis.